package com.sap.cloud.security.xsuaa.token.authentication;

import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import com.sap.cloud.security.xsuaa.XsuaaServiceConfiguration;
import com.sap.cloud.security.xsuaa.token.TokenClaims;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/token/authentication/ReactiveXsuaaJwtDecoder.class */
public class ReactiveXsuaaJwtDecoder implements ReactiveJwtDecoder {
    Cache<String, ReactiveJwtDecoder> cache;
    private List<OAuth2TokenValidator<Jwt>> tokenValidators = new ArrayList();
    private Collection<PostValidationAction> postValidationActions;
    private TokenInfoExtractor tokenInfoExtractor;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ReactiveXsuaaJwtDecoder(final XsuaaServiceConfiguration xsuaaServiceConfiguration, int i, int i2, OAuth2TokenValidator<Jwt> oAuth2TokenValidator, Collection<PostValidationAction> collection) {
        this.cache = Caffeine.newBuilder().expireAfterWrite(i, TimeUnit.SECONDS).maximumSize(i2).build();
        this.tokenInfoExtractor = new TokenInfoExtractor() { // from class: com.sap.cloud.security.xsuaa.token.authentication.ReactiveXsuaaJwtDecoder.1
            @Override // com.sap.cloud.security.xsuaa.token.authentication.TokenInfoExtractor
            public String getJku(JWT jwt) {
                return (String) jwt.getHeader().toJSONObject().getOrDefault(TokenClaims.CLAIM_JKU, (Object) null);
            }

            @Override // com.sap.cloud.security.xsuaa.token.authentication.TokenInfoExtractor
            public String getKid(JWT jwt) {
                return (String) jwt.getHeader().toJSONObject().getOrDefault(TokenClaims.CLAIM_KID, (Object) null);
            }

            @Override // com.sap.cloud.security.xsuaa.token.authentication.TokenInfoExtractor
            public String getUaaDomain(JWT jwt) {
                return xsuaaServiceConfiguration.getUaaDomain();
            }
        };
        this.tokenValidators.addAll(Arrays.asList(oAuth2TokenValidator));
        this.postValidationActions = collection != null ? collection : Collections.EMPTY_LIST;
    }

    public Mono<Jwt> decode(String str) throws JwtException {
        return Mono.just(str).map(str2 -> {
            try {
                return JWTParser.parse(str2);
            } catch (ParseException e) {
                throw new JwtException("Error initializing JWT decoder:" + e.getMessage());
            }
        }).map(jwt -> {
            return (ReactiveJwtDecoder) this.cache.get(this.tokenInfoExtractor.getJku(jwt) + this.tokenInfoExtractor.getKid(jwt), str3 -> {
                return getDecoder(this.tokenInfoExtractor.getJku(jwt));
            });
        }).flatMap(reactiveJwtDecoder -> {
            return reactiveJwtDecoder.decode(str);
        }).doOnSuccess(jwt2 -> {
            this.postValidationActions.forEach(postValidationAction -> {
                postValidationAction.perform(jwt2);
            });
        });
    }

    private ReactiveJwtDecoder getDecoder(String str) {
        NimbusReactiveJwtDecoder nimbusReactiveJwtDecoder = new NimbusReactiveJwtDecoder(str);
        nimbusReactiveJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(this.tokenValidators));
        return nimbusReactiveJwtDecoder;
    }
}
