package org.ameba.oauth2;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.TextCodec;
import java.io.IOException;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/ameba-lib-3.0.jar:org/ameba/oauth2/DefaultTokenExtractor.class */
public class DefaultTokenExtractor implements TokenExtractor {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultTokenExtractor.class);
    private final IssuerWhiteList<Issuer> whiteList;
    private final List<TokenParser> parsers;

    public DefaultTokenExtractor(IssuerWhiteList issuerWhiteList, List<TokenParser> list) {
        this.whiteList = issuerWhiteList;
        this.parsers = list;
    }

    @Override // org.ameba.oauth2.TokenExtractor
    public ExtractionResult canExtract(String str) {
        return str.split("\\.").length == 3 ? new ExtractionResult() : new ExtractionResult("Not a valid JWT");
    }

    @Override // org.ameba.oauth2.TokenExtractor
    public ExtractionResult extract(String str) {
        String[] split = str.split("\\.");
        if (split.length < 2) {
            throw new InvalidTokenException("Token is not a JWT");
        }
        try {
            Issuer issuer = this.whiteList.getIssuer(((Claims) Jwts.parser().setAllowedClockSkewSeconds(2592000L).parse(split[0] + "." + split[1] + ".").getBody()).getIssuer());
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Issuer accepted [{}]", issuer.getIssuerId());
            }
            try {
                JsonNode jsonNode = (JsonNode) new ObjectMapper().readValue(TextCodec.BASE64URL.decodeToString(str), JsonNode.class);
                return jsonNode.has("alg") ? new ExtractionResult((Jwt<?, ?>) this.parsers.stream().filter(tokenParser -> {
                    return jsonNode.get("alg").asText().equals(tokenParser.supportAlgorithm());
                }).findFirst().orElseThrow(() -> {
                    return new InvalidTokenException(String.format("Algorithm [%s] not supported", jsonNode.get("alg")));
                }).parse(str, issuer)) : new ExtractionResult("No alg claim defined in JWT header");
            } catch (IOException e) {
                LOGGER.error(e.getMessage(), (Throwable) e);
                throw new InvalidTokenException("Token cannot be parsed into JSON");
            }
        } catch (Exception e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new InvalidTokenException("Token cannot be parsed");
        }
    }
}
