package com.sap.cloud.security.token;

import com.sap.cloud.security.config.Service;
import com.sap.cloud.security.xsuaa.Assertions;
import com.sap.cloud.security.xsuaa.jwt.DecodedJwt;
import java.security.Principal;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/token/XsuaaToken.class */
public class XsuaaToken extends AbstractToken implements AccessToken {
    static final String UNIQUE_USER_NAME_FORMAT = "user/%s/%s";
    static final String UNIQUE_CLIENT_NAME_FORMAT = "client/%s";
    private static final Logger LOGGER = LoggerFactory.getLogger(XsuaaToken.class);
    private ScopeConverter scopeConverter;

    /* renamed from: com.sap.cloud.security.token.XsuaaToken$1, reason: invalid class name */
    /* loaded from: input_file:com/sap/cloud/security/token/XsuaaToken$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sap$cloud$security$token$GrantType = new int[GrantType.values().length];

        static {
            try {
                $SwitchMap$com$sap$cloud$security$token$GrantType[GrantType.CLIENT_CREDENTIALS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$sap$cloud$security$token$GrantType[GrantType.CLIENT_X509.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public XsuaaToken(@Nonnull DecodedJwt decodedJwt) {
        super(decodedJwt);
    }

    public XsuaaToken(@Nonnull String str) {
        super(str);
    }

    static String getUniquePrincipalName(String str, String str2) {
        if (isNullOrEmpty(str)) {
            LOGGER.warn("origin claim not set in JWT. Cannot create unique user name. Returning null.");
            return null;
        }
        if (isNullOrEmpty(str2)) {
            LOGGER.warn("user_name claim not set in JWT. Cannot create unique user name. Returning null.");
            return null;
        }
        if (!str.contains("/")) {
            return String.format(UNIQUE_USER_NAME_FORMAT, str, str2);
        }
        LOGGER.warn("Illegal '/' character detected in origin claim of JWT. Cannot create unique user name. Returning null.");
        return null;
    }

    private static boolean isNullOrEmpty(String str) {
        return str == null || str.isEmpty();
    }

    public XsuaaToken withScopeConverter(@Nullable ScopeConverter scopeConverter) {
        this.scopeConverter = scopeConverter;
        return this;
    }

    public Set<String> getScopes() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.addAll(getClaimAsStringList("scope"));
        return linkedHashSet;
    }

    public Principal getPrincipal() {
        String uniquePrincipalName;
        switch (AnonymousClass1.$SwitchMap$com$sap$cloud$security$token$GrantType[getGrantType().ordinal()]) {
            case 1:
            case 2:
                uniquePrincipalName = String.format(UNIQUE_CLIENT_NAME_FORMAT, getClientId());
                break;
            default:
                uniquePrincipalName = getUniquePrincipalName(getClaimAsString("origin"), getClaimAsString("user_name"));
                break;
        }
        return createPrincipalByName(uniquePrincipalName);
    }

    public Service getService() {
        return Service.XSUAA;
    }

    public boolean hasScope(String str) {
        return getScopes().contains(str);
    }

    public boolean hasLocalScope(@Nonnull String str) {
        Assertions.assertNotNull(this.scopeConverter, "hasLocalScope() method requires a scopeConverter, which must not be null");
        return this.scopeConverter.convert(getScopes()).contains(str);
    }

    public GrantType getGrantType() {
        return GrantType.from(getClaimAsString("grant_type"));
    }

    @Nullable
    public String getSubdomain() {
        return getAttributeFromClaimAsString("ext_attr", "zdn");
    }

    public String getSubaccountId() {
        return (String) Optional.ofNullable(getAttributeFromClaimAsString("ext_attr", "subaccountid")).orElse(getClaimAsString("zid"));
    }

    @Override // com.sap.cloud.security.token.AbstractToken
    public String getZoneId() {
        return Objects.nonNull(super.getZoneId()) ? super.getZoneId() : getClaimAsString("zid");
    }

    public String getClientId() {
        try {
            return super.getClientId();
        } catch (InvalidTokenException e) {
            if (!hasClaim("cid") || getClaimAsString("cid").trim().isEmpty()) {
                LOGGER.error("Couldn't get client id. Invalid authorized party or audience claims.");
                throw new InvalidTokenException("Couldn't get client id. Invalid authorized party or audience claims.");
            }
            LOGGER.warn("Usage of 'cid' claim is deprecated and should be replaced by 'azp' or 'aud' claims");
            return getClaimAsString("cid");
        }
    }
}
