package com.stormpath.sdk.impl.oauth;

import com.stormpath.sdk.account.Account;
import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.ds.DataStore;
import com.stormpath.sdk.impl.resource.AbstractResource;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.oauth.AccessToken;
import com.stormpath.sdk.oauth.OAuthBearerRequestAuthentication;
import com.stormpath.sdk.oauth.OAuthBearerRequestAuthenticationResult;
import com.stormpath.sdk.oauth.OAuthBearerRequestAuthenticator;
import com.stormpath.sdk.oauth.OAuthRequestAuthentication;
import com.stormpath.sdk.resource.ResourceException;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import java.util.HashMap;

/* loaded from: input_file:com/stormpath/sdk/impl/oauth/DefaultOAuthBearerRequestAuthenticator.class */
public class DefaultOAuthBearerRequestAuthenticator extends AbstractOAuthRequestAuthenticator implements OAuthBearerRequestAuthenticator {
    protected static final String APPLICATION_PATH = "/applications/";
    protected static final String OAUTH_TOKEN_PATH = "/authTokens/";
    protected static final String ACCESS_TOKEN_PATH = "/accessTokens/";
    protected Boolean isLocalValidation;

    public DefaultOAuthBearerRequestAuthenticator(Application application, DataStore dataStore) {
        super(application, dataStore);
        this.isLocalValidation = false;
    }

    public OAuthBearerRequestAuthenticator withLocalValidation() {
        this.isLocalValidation = Boolean.TRUE;
        return this;
    }

    /* renamed from: authenticate, reason: merged with bridge method [inline-methods] */
    public OAuthBearerRequestAuthenticationResult m223authenticate(OAuthRequestAuthentication oAuthRequestAuthentication) {
        Assert.notNull(this.application, "application cannot be null or empty");
        Assert.isInstanceOf(OAuthBearerRequestAuthentication.class, oAuthRequestAuthentication, "authenticationRequest must be an instance of JwtAuthenticationRequest.");
        OAuthBearerRequestAuthentication oAuthBearerRequestAuthentication = (OAuthBearerRequestAuthentication) oAuthRequestAuthentication;
        if (!this.isLocalValidation.booleanValue()) {
            try {
                return new DefaultOAuthBearerRequestAuthenticationResultBuilder(this.dataStore.getResource(this.application.getHref() + OAUTH_TOKEN_PATH + oAuthBearerRequestAuthentication.getJwt(), AccessToken.class)).build();
            } catch (Exception e) {
                throw new JwtException("JWT failed validation; it cannot be trusted.");
            } catch (ResourceException e2) {
                throw e2;
            }
        }
        try {
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.dataStore.getApiKey().getSecret().getBytes("UTF-8")).parseClaimsJws(oAuthBearerRequestAuthentication.getJwt()).getBody();
            Assert.isTrue(claims.getIssuer().equals(this.application.getHref()));
            HashMap hashMap = new HashMap();
            Account resource = this.dataStore.getResource(claims.getSubject(), Account.class);
            String replace = this.application.getHref().replace(APPLICATION_PATH, ACCESS_TOKEN_PATH);
            hashMap.put(AbstractResource.HREF_PROP_NAME, replace.substring(0, replace.lastIndexOf("/") + 1) + claims.getId());
            hashMap.put("account", resource);
            hashMap.put("application", this.application);
            hashMap.put("jwt", oAuthBearerRequestAuthentication.getJwt());
            hashMap.put("tenant", this.application.getTenant());
            return new DefaultOAuthBearerRequestAuthenticationResultBuilder(new DefaultAccessToken(this.dataStore, hashMap)).build();
        } catch (Exception e3) {
            throw new JwtException("JWT failed validation; it cannot be trusted.");
        }
    }
}
