package com.sap.cloud.security.xsuaa.token;

import com.sap.xsa.security.container.XSTokenRequest;
import com.sap.xsa.security.container.XSUserInfoException;
import java.net.URISyntaxException;
import java.util.Collection;
import java.util.Map;
import net.minidev.json.JSONArray;
import net.minidev.json.JSONObject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.lang.Nullable;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.core.ClaimAccessor;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.util.Assert;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/token/TokenImpl.class */
public class TokenImpl implements Token {
    static final String GRANTTYPE_SAML2BEARER = "urn:ietf:params:oauth:grant-type:saml2-bearer";
    static final String UNIQUE_USER_NAME_FORMAT = "user/%s/%s";
    static final String UNIQUE_CLIENT_NAME_FORMAT = "client/%s";
    static final String CLAIM_USER_NAME = "user_name";
    static final String CLAIM_GIVEN_NAME = "given_name";
    static final String CLAIM_FAMILY_NAME = "family_name";
    static final String CLAIM_EMAIL = "email";
    static final String CLAIM_CLIENT_ID = "cid";
    static final String CLAIM_ORIGIN = "origin";
    static final String CLAIM_GRANT_TYPE = "grant_type";
    static final String CLAIM_ZDN = "zdn";
    static final String CLAIM_AUDIENCE = "aud";
    static final String CLAIM_ZONE_ID = "zid";
    static final String CLAIM_SERVICEINSTANCEID = "serviceinstanceid";
    static final String CLAIM_ADDITIONAL_AZ_ATTR = "az_attr";
    static final String CLAIM_EXTERNAL_ATTR = "ext_attr";
    static final String CLAIM_EXTERNAL_CONTEXT = "ext_ctx";
    private final Log logger = LogFactory.getLog(getClass());
    private String xsappname;
    private Jwt jwt;
    private RestTemplate restTemplate;

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenImpl(Jwt jwt, String str) {
        this.xsappname = null;
        this.xsappname = str;
        this.jwt = jwt;
    }

    public Collection<? extends GrantedAuthority> getAuthorities() {
        return new TokenAuthenticationConverter(this.xsappname).extractAuthorities(this.jwt);
    }

    public String getPassword() {
        return null;
    }

    public String getUsername() {
        return "client_credentials".equals(getGrantType()) ? String.format(UNIQUE_CLIENT_NAME_FORMAT, getClientId()) : getUniquePrincipalName(getOrigin(), getLogonName());
    }

    public boolean isAccountNonExpired() {
        return !new JwtTimestampValidator().validate(this.jwt).hasErrors();
    }

    public boolean isAccountNonLocked() {
        return true;
    }

    public boolean isCredentialsNonExpired() {
        return new JwtTimestampValidator().validate(this.jwt).hasErrors();
    }

    public boolean isEnabled() {
        return false;
    }

    public static String getUniquePrincipalName(String str, String str2) {
        Assert.notNull(str, "Origin required");
        Assert.notNull(str2, "LogonName required");
        Assert.doesNotContain(str, "/", "origin must not contain '/' characters");
        return String.format(UNIQUE_USER_NAME_FORMAT, str, str2);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getLogonName() {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getLogonName");
        return this.jwt.getClaimAsString(CLAIM_USER_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getClientId() {
        return this.jwt.getClaimAsString(CLAIM_CLIENT_ID);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getGivenName() {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getGivenName");
        String externalAttribute = getExternalAttribute(CLAIM_GIVEN_NAME);
        return externalAttribute != null ? externalAttribute : this.jwt.getClaimAsString(CLAIM_GIVEN_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getFamilyName() {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getFamilyName");
        String externalAttribute = getExternalAttribute(CLAIM_FAMILY_NAME);
        return externalAttribute != null ? externalAttribute : this.jwt.getClaimAsString(CLAIM_FAMILY_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getEmail() {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getEmail");
        return this.jwt.getClaimAsString(CLAIM_EMAIL);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getOrigin() {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getOrigin");
        return this.jwt.getClaimAsString(CLAIM_ORIGIN);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getGrantType() {
        return this.jwt.getClaimAsString(CLAIM_GRANT_TYPE);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getSubaccountId() {
        return this.jwt.getClaimAsString(CLAIM_ZONE_ID);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getSubdomain() {
        return getExternalAttribute(CLAIM_ZDN);
    }

    public String toString() {
        return getUsername();
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String[] getXSUserAttribute(String str) {
        raiseMethodUnsupportedWhenClientCredentialGrantType("getAttribute");
        return getMultiValueAttributeFromExtClaim(str, "xs.user.attributes");
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getAdditionalAuthAttribute(String str) {
        return getAttributeFromClaim(str, CLAIM_ADDITIONAL_AZ_ATTR);
    }

    @Nullable
    private String[] getMultiValueAttributeFromExtClaim(String str, String str2) {
        String[] strArr = null;
        if (hasClaim("ext_ctx")) {
            JSONArray jSONArray = (JSONArray) ((JSONObject) this.jwt.getClaimAsMap("ext_ctx").get(str2)).get(str);
            int size = jSONArray != null ? jSONArray.size() : 0;
            strArr = new String[size];
            for (int i = 0; i < size; i++) {
                strArr[i] = (String) jSONArray.get(i);
            }
        } else if (hasClaim(str2)) {
            return getMultiValueAttributeFromClaim(str, str2);
        }
        return strArr;
    }

    private String[] getMultiValueAttributeFromClaim(String str, String str2) {
        String[] strArr = new String[0];
        Map claimAsMap = this.jwt.getClaimAsMap(str2);
        Assert.state(claimAsMap != null, "Invalid value of " + str2);
        JSONArray jSONArray = (JSONArray) claimAsMap.get(str);
        if (jSONArray != null) {
            int size = jSONArray.size();
            strArr = new String[size];
            for (int i = 0; i < size; i++) {
                strArr[i] = (String) jSONArray.get(i);
            }
        }
        return strArr;
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getCloneServiceInstanceId() {
        return getExternalAttribute(CLAIM_SERVICEINSTANCEID);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getAppToken() {
        return this.jwt.getTokenValue();
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String requestToken(XSTokenRequest xSTokenRequest) throws URISyntaxException {
        Assert.notNull(xSTokenRequest, "tokenRequest argument is required");
        Assert.isTrue(xSTokenRequest.isValid(), "tokenRequest is not valid");
        try {
            return new XsuaaTokenExchanger(this.restTemplate, this).requestToken(xSTokenRequest);
        } catch (XSUserInfoException e) {
            this.logger.error("Error occured during token request", e);
            return null;
        }
    }

    public boolean hasClaim(String str) {
        return this.jwt.containsClaim(str).booleanValue();
    }

    public void setRestTemplate(RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ClaimAccessor getClaimAccessor() {
        return this.jwt;
    }

    private void raiseMethodUnsupportedWhenClientCredentialGrantType(String str) {
        Assert.state(getGrantType() != "client_credentials", String.format("Method %s() is not supported for grant type GRANTTYPE_CLIENTCREDENTIAL", str));
    }

    private String getExternalAttribute(String str) {
        return getAttributeFromClaim(str, CLAIM_EXTERNAL_ATTR);
    }

    private String getAttributeFromClaim(String str, String str2) {
        Map claimAsMap = this.jwt.getClaimAsMap(str2);
        if (claimAsMap == null) {
            return null;
        }
        return (String) claimAsMap.get(str);
    }
}
