package com.palantir.tokens.auth;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.palantir.logsafe.Arg;
import com.palantir.logsafe.Preconditions;
import com.palantir.logsafe.SafeArg;
import com.palantir.logsafe.exceptions.SafeIllegalArgumentException;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.util.Base64;
import java.util.Optional;
import java.util.UUID;
import org.immutables.value.Value;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Value.Immutable
/* loaded from: input_file:com/palantir/tokens/auth/UnverifiedJsonWebToken.class */
public abstract class UnverifiedJsonWebToken {
    private static final ObjectReader READER = new ObjectMapper().configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false).readerFor(JwtPayload.class);
    private static final Logger log = LoggerFactory.getLogger(UnverifiedJsonWebToken.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/palantir/tokens/auth/UnverifiedJsonWebToken$JwtPayload.class */
    public static final class JwtPayload {

        @JsonProperty("sub")
        private byte[] sub;

        @JsonProperty("sid")
        private byte[] sid;

        @JsonProperty("jti")
        private byte[] jti;

        private JwtPayload() {
        }
    }

    @Value.Parameter
    public abstract String getUnverifiedUserId();

    @Value.Parameter
    public abstract Optional<String> getUnverifiedSessionId();

    @Value.Parameter
    public abstract Optional<String> getUnverifiedTokenId();

    public static Optional<UnverifiedJsonWebToken> tryParse(String str) {
        if (countCharacter(str, '.') == 2) {
            try {
                return Optional.of(of(AuthHeader.valueOf(str).getBearerToken()));
            } catch (Throwable th) {
                log.debug("Unable to process auth header.", th);
            }
        }
        return Optional.empty();
    }

    private static int countCharacter(String str, char c) {
        int i = 0;
        for (int i2 = 0; i2 < str.length(); i2++) {
            if (str.charAt(i2) == c) {
                i++;
            }
        }
        return i;
    }

    public static UnverifiedJsonWebToken of(BearerToken bearerToken) {
        String[] split = bearerToken.getToken().split("\\.", -1);
        if (split.length != 3) {
            throw new SafeIllegalArgumentException("Invalid JWT: expected 3 segments", new Arg[]{SafeArg.of("segmentsCount", Integer.valueOf(split.length))});
        }
        JwtPayload extractPayload = extractPayload(split[1]);
        return ImmutableUnverifiedJsonWebToken.of(decodeUuidBytes(extractPayload.sub), Optional.ofNullable(extractPayload.sid).map(UnverifiedJsonWebToken::decodeUuidBytes), Optional.ofNullable(extractPayload.jti).map(UnverifiedJsonWebToken::decodeUuidBytes));
    }

    private static JwtPayload extractPayload(String str) {
        try {
            return (JwtPayload) READER.readValue(Base64.getUrlDecoder().decode(str));
        } catch (IOException | IllegalArgumentException e) {
            throw new SafeIllegalArgumentException("Invalid JWT: cannot parse payload", e, new Arg[0]);
        }
    }

    private static String decodeUuidBytes(byte[] bArr) {
        Preconditions.checkArgument(bArr.length == 16, "Invalid JWT: cannot decode UUID, require 16 bytes", SafeArg.of("bytesLength", Integer.valueOf(bArr.length)));
        ByteBuffer wrap = ByteBuffer.wrap(bArr);
        return UuidStringConverter.toString(new UUID(wrap.getLong(), wrap.getLong()));
    }
}
