package com.sap.cloud.security.xsuaa.token;

import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import net.minidev.json.JSONArray;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.util.Assert;

/* loaded from: input_file:com/sap/cloud/security/xsuaa/token/XsuaaToken.class */
public class XsuaaToken extends Jwt implements Token {
    static final String GRANTTYPE_SAML2BEARER = "urn:ietf:params:oauth:grant-type:saml2-bearer";
    static final String UNIQUE_USER_NAME_FORMAT = "user/%s/%s";
    static final String UNIQUE_CLIENT_NAME_FORMAT = "client/%s";
    static final String CLAIM_SERVICEINSTANCEID = "serviceinstanceid";
    static final String CLAIM_ADDITIONAL_AZ_ATTR = "az_attr";
    static final String CLAIM_EXTERNAL_ATTR = "ext_attr";
    static final String CLAIM_EXTERNAL_CONTEXT = "ext_ctx";
    private static final long serialVersionUID = -836947635254353927L;
    private static final Logger logger = LoggerFactory.getLogger(XsuaaToken.class);
    private Collection<GrantedAuthority> authorities;

    /* JADX INFO: Access modifiers changed from: protected */
    public XsuaaToken(Jwt jwt) {
        super(jwt.getTokenValue(), jwt.getIssuedAt(), jwt.getExpiresAt(), jwt.getHeaders(), jwt.getClaims());
        this.authorities = Collections.emptyList();
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return this.authorities;
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public Date getExpirationDate() {
        if (getExpiresAt() != null) {
            return Date.from(getExpiresAt());
        }
        return null;
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public Instant getExpiration() {
        return getExpiresAt();
    }

    public String getPassword() {
        return null;
    }

    public String getUsername() {
        return (Token.GRANTTYPE_CLIENTCREDENTIAL.equals(getGrantType()) || "client_x509".equalsIgnoreCase(getGrantType())) ? String.format(UNIQUE_CLIENT_NAME_FORMAT, getClientId()) : getUniquePrincipalName(getOrigin(), getLogonName());
    }

    public boolean isAccountNonExpired() {
        return !new JwtTimestampValidator().validate(this).hasErrors();
    }

    public boolean isAccountNonLocked() {
        return true;
    }

    public boolean isCredentialsNonExpired() {
        return new JwtTimestampValidator().validate(this).hasErrors();
    }

    public boolean isEnabled() {
        return false;
    }

    @Nullable
    public static String getUniquePrincipalName(String str, String str2) {
        if (str == null) {
            logger.warn("Origin claim not set in JWT. Cannot create unique user name. Returning null.");
            return null;
        }
        if (str2 == null) {
            logger.warn("User login name claim not set in JWT. Cannot create unique user name. Returning null.");
            return null;
        }
        if (!str.contains("/")) {
            return String.format(UNIQUE_USER_NAME_FORMAT, str, str2);
        }
        logger.warn("Illegal '/' character detected in origin claim of JWT. Cannot create unique user name. Returing null.");
        return null;
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getLogonName() {
        return getClaimAsString(TokenClaims.CLAIM_USER_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getClientId() {
        return getClaimAsString(TokenClaims.CLAIM_CLIENT_ID);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getGivenName() {
        String stringAttributeFromClaim = getStringAttributeFromClaim(TokenClaims.CLAIM_GIVEN_NAME, CLAIM_EXTERNAL_ATTR);
        return stringAttributeFromClaim != null ? stringAttributeFromClaim : getClaimAsString(TokenClaims.CLAIM_GIVEN_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String getFamilyName() {
        String stringAttributeFromClaim = getStringAttributeFromClaim(TokenClaims.CLAIM_FAMILY_NAME, CLAIM_EXTERNAL_ATTR);
        return stringAttributeFromClaim != null ? stringAttributeFromClaim : getClaimAsString(TokenClaims.CLAIM_FAMILY_NAME);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getEmail() {
        return getClaimAsString(TokenClaims.CLAIM_EMAIL);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getOrigin() {
        return getClaimAsString(TokenClaims.CLAIM_ORIGIN);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getGrantType() {
        return getClaimAsString(TokenClaims.CLAIM_GRANT_TYPE);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getSubaccountId() {
        return getClaimAsString(TokenClaims.CLAIM_ZONE_ID);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getSubdomain() {
        return getStringAttributeFromClaim(TokenClaims.CLAIM_ZDN, CLAIM_EXTERNAL_ATTR);
    }

    public String toString() {
        return getUsername();
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    @Nullable
    public String[] getXSUserAttribute(String str) {
        String[] stringListAttributeFromClaim = getStringListAttributeFromClaim(str, CLAIM_EXTERNAL_CONTEXT);
        return stringListAttributeFromClaim != null ? stringListAttributeFromClaim : getStringListAttributeFromClaim(str, TokenClaims.CLAIM_XS_USER_ATTRIBUTES);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getAdditionalAuthAttribute(String str) {
        return getStringAttributeFromClaim(str, CLAIM_ADDITIONAL_AZ_ATTR);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getCloneServiceInstanceId() {
        return getStringAttributeFromClaim(CLAIM_SERVICEINSTANCEID, CLAIM_EXTERNAL_ATTR);
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public String getAppToken() {
        return getTokenValue();
    }

    @Override // com.sap.cloud.security.xsuaa.token.Token
    public Collection<String> getScopes() {
        List claimAsStringList = getClaimAsStringList(TokenClaims.CLAIM_SCOPES);
        return claimAsStringList != null ? claimAsStringList : Collections.emptyList();
    }

    public boolean hasClaim(String str) {
        return containsClaim(str).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setAuthorities(Collection<GrantedAuthority> collection) {
        Assert.notNull(collection, "authorities are required");
        this.authorities = collection;
    }

    private String getStringAttributeFromClaim(String str, String str2) {
        Map claimAsMap = getClaimAsMap(str2);
        if (claimAsMap == null) {
            return null;
        }
        return (String) claimAsMap.get(str);
    }

    private String[] getStringListAttributeFromClaim(String str, String str2) {
        String[] strArr = null;
        Map claimAsMap = getClaimAsMap(str2);
        if (claimAsMap == null) {
            logger.debug("Claim '{}' not found. Returning null.", str2);
            return null;
        }
        JSONArray jSONArray = (JSONArray) claimAsMap.get(str);
        if (jSONArray != null) {
            strArr = new String[jSONArray.size()];
            for (int i = 0; i < jSONArray.size(); i++) {
                strArr[i] = (String) jSONArray.get(i);
            }
        }
        if (strArr != null) {
            return strArr;
        }
        logger.debug("Attribute '{}' in claim '{}' not found. Returning null.", str, str2);
        return strArr;
    }
}
