package io.micronaut.security.endpoints.introspection;

import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.annotation.Nullable;
import io.micronaut.http.HttpRequest;
import io.micronaut.security.authentication.Authentication;
import io.micronaut.security.token.config.TokenConfiguration;
import io.micronaut.security.token.validator.RefreshTokenValidator;
import io.micronaut.security.token.validator.TokenValidator;
import io.reactivex.Flowable;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import javax.inject.Singleton;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/micronaut/security/endpoints/introspection/DefaultIntrospectionProcessor.class */
public class DefaultIntrospectionProcessor implements IntrospectionProcessor {
    public static final String USERNAME = "username";
    protected final Collection<TokenValidator> tokenValidators;
    protected final TokenConfiguration tokenConfiguration;
    protected final RefreshTokenValidator refreshTokenValidator;
    public static final String SCOPE = "scope";
    public static final String CLIENT_ID = "client_id";
    public static final String TOKEN_TYPE = "token_type";
    public static final String EXP = "exp";
    public static final String ISSUED_AT = "iat";
    public static final String SUBJECT = "sub";
    public static final String NOT_BEFORE = "nbf";
    public static final String AUDIENCE = "aud";
    public static final String ISSUER = "iss";
    public static final String JWT_ID = "jti";
    public static final List<String> FIELDS_ATTRIBUTE_NAMES = Arrays.asList(SCOPE, "username", CLIENT_ID, TOKEN_TYPE, EXP, ISSUED_AT, SUBJECT, NOT_BEFORE, AUDIENCE, ISSUER, JWT_ID);
    protected static final Logger LOG = LoggerFactory.getLogger(DefaultIntrospectionProcessor.class);

    public DefaultIntrospectionProcessor(Collection<TokenValidator> collection, TokenConfiguration tokenConfiguration, @Nullable RefreshTokenValidator refreshTokenValidator) {
        this.tokenValidators = collection;
        this.tokenConfiguration = tokenConfiguration;
        this.refreshTokenValidator = refreshTokenValidator;
    }

    @Override // io.micronaut.security.endpoints.introspection.IntrospectionProcessor
    @NonNull
    public Publisher<IntrospectionResponse> introspect(@NonNull IntrospectionRequest introspectionRequest, @NonNull HttpRequest<?> httpRequest) {
        String token = introspectionRequest.getToken();
        return Flowable.fromIterable(this.tokenValidators).flatMap(tokenValidator -> {
            return tokenValidator.validateToken(token, httpRequest);
        }).firstElement().map(authentication -> {
            return createIntrospectionResponse(authentication, httpRequest);
        }).defaultIfEmpty(new IntrospectionResponse(this.refreshTokenValidator != null && this.refreshTokenValidator.validate(token).isPresent())).toFlowable();
    }

    @Override // io.micronaut.security.endpoints.introspection.IntrospectionProcessor
    @NonNull
    public Publisher<IntrospectionResponse> introspect(@NonNull Authentication authentication, @NonNull HttpRequest<?> httpRequest) {
        return Flowable.just(createIntrospectionResponse(authentication, httpRequest));
    }

    @NonNull
    public IntrospectionResponse createIntrospectionResponse(@NonNull Authentication authentication, @NonNull HttpRequest<?> httpRequest) {
        IntrospectionResponse introspectionResponse = new IntrospectionResponse(true);
        List<String> populateFields = populateFields(authentication, introspectionResponse);
        HashMap hashMap = new HashMap();
        for (String str : authentication.getAttributes().keySet()) {
            if (!populateFields.contains(str)) {
                hashMap.put(str, authentication.getAttributes().get(str));
            }
        }
        introspectionResponse.setExtensions(hashMap);
        if (introspectionResponse.getUsername() == null) {
            introspectionResponse.setUsername(authentication.getName());
        }
        return introspectionResponse;
    }

    @NonNull
    protected List<String> populateFields(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        populateScope(authentication, introspectionResponse);
        populateUsername(authentication, introspectionResponse);
        populateClientId(authentication, introspectionResponse);
        populateTokenType(authentication, introspectionResponse);
        populateExpiration(authentication, introspectionResponse);
        populateIssuedAt(authentication, introspectionResponse);
        populateSub(authentication, introspectionResponse);
        populateNotBefore(authentication, introspectionResponse);
        populateAud(authentication, introspectionResponse);
        populateIssuer(authentication, introspectionResponse);
        populateJwtId(authentication, introspectionResponse);
        return FIELDS_ATTRIBUTE_NAMES;
    }

    protected void populateScope(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(SCOPE)) {
            introspectionResponse.setScope(authentication.getAttributes().get(SCOPE).toString());
        }
    }

    protected void populateTokenType(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(TOKEN_TYPE)) {
            introspectionResponse.setTokenType(authentication.getAttributes().get(TOKEN_TYPE).toString());
        }
    }

    protected void populateClientId(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(CLIENT_ID)) {
            introspectionResponse.setClientId(authentication.getAttributes().get(CLIENT_ID).toString());
        }
    }

    protected void populateAud(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(AUDIENCE)) {
            introspectionResponse.setAud(authentication.getAttributes().get(AUDIENCE).toString());
        }
    }

    protected void populateSub(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(SUBJECT)) {
            introspectionResponse.setSub(authentication.getAttributes().get(SUBJECT).toString());
        }
    }

    protected void populateIssuer(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(ISSUER)) {
            introspectionResponse.setIss(authentication.getAttributes().get(ISSUER).toString());
        }
    }

    protected void populateJwtId(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey(JWT_ID)) {
            introspectionResponse.setJti(authentication.getAttributes().get(JWT_ID).toString());
        }
    }

    protected void populateUsername(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        if (authentication.getAttributes().containsKey("username")) {
            introspectionResponse.setUsername(authentication.getAttributes().get("username").toString());
        }
    }

    protected void populateExpiration(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        Optional<Long> secondsSinceEpochOfAttribute = secondsSinceEpochOfAttribute(EXP, authentication);
        introspectionResponse.getClass();
        secondsSinceEpochOfAttribute.ifPresent(introspectionResponse::setExp);
    }

    protected Optional<Long> secondsSinceEpochOfAttribute(@NonNull String str, @NonNull Authentication authentication) {
        if (authentication.getAttributes().containsKey(str)) {
            Object obj = authentication.getAttributes().get(str);
            if (obj instanceof Long) {
                return Optional.of((Long) obj);
            }
            if (obj instanceof Date) {
                return Optional.of(Long.valueOf(toSecondsSinceEpoch((Date) obj)));
            }
            try {
                return Optional.of(Long.valueOf(obj.toString()));
            } catch (NumberFormatException e) {
                if (LOG.isWarnEnabled()) {
                    LOG.warn("cannot convert attribute {} with value {} to Integer", str, obj.toString());
                }
            }
        }
        return Optional.empty();
    }

    protected void populateNotBefore(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        Optional<Long> secondsSinceEpochOfAttribute = secondsSinceEpochOfAttribute(NOT_BEFORE, authentication);
        introspectionResponse.getClass();
        secondsSinceEpochOfAttribute.ifPresent(introspectionResponse::setNbf);
    }

    protected void populateIssuedAt(@NonNull Authentication authentication, @NonNull IntrospectionResponse introspectionResponse) {
        Optional<Long> secondsSinceEpochOfAttribute = secondsSinceEpochOfAttribute(ISSUED_AT, authentication);
        introspectionResponse.getClass();
        secondsSinceEpochOfAttribute.ifPresent(introspectionResponse::setIat);
    }

    public static long toSecondsSinceEpoch(Date date) {
        return date.getTime() / 1000;
    }
}
