package com.solutionappliance.support.jwt;

import com.solutionappliance.core.data.int8.ByteArray;
import com.solutionappliance.core.data.int8.codec.TextCodec;
import com.solutionappliance.core.entity.Entity;
import com.solutionappliance.core.lang.Level;
import com.solutionappliance.core.lang.MultiPartName;
import com.solutionappliance.core.system.ActorContext;
import com.solutionappliance.core.text.json.JsonReader;
import com.solutionappliance.core.text.writer.TextPrinter;
import com.solutionappliance.core.text.writer.format.Indent;
import com.solutionappliance.support.http.client.HttpClientException;
import com.solutionappliance.support.http.client.HttpClientRequest;
import com.solutionappliance.support.http.client.java.JavaHttpClientResponse;
import com.solutionappliance.support.http.client.java.JavaHttpClientResponseFactory;
import java.io.IOException;
import java.net.URL;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/solutionappliance/support/jwt/JwtPayload.class */
public class JwtPayload extends JwtPayloadWrapper {
    final Map<MultiPartName, Object> extra;
    private transient OpenIdProviderMetadata providerMetadata;

    public JwtPayload(ActorContext actorContext) {
        super(actorContext);
        this.extra = Collections.emptyMap();
    }

    JwtPayload(ActorContext actorContext, Entity entity) {
        super(actorContext, entity);
        this.extra = Collections.emptyMap();
    }

    public JwtPayload(ActorContext actorContext, ByteArray byteArray) {
        super(actorContext);
        this.extra = new HashMap();
        JsonReader jsonReader = new JsonReader((String) byteArray.read(TextCodec.utf8));
        try {
            toTextEntity().readText(actorContext, jsonReader, this.extra);
            jsonReader.close();
        } catch (Throwable th) {
            try {
                jsonReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // com.solutionappliance.core.entity.EntityWrapper, com.solutionappliance.core.text.writer.spi.TextPrintable
    public void print(ActorContext actorContext, TextPrinter textPrinter, Level level) {
        super.print(actorContext, textPrinter, level);
        if (level.lessThanOrEqualTo(Level.LOG)) {
            textPrinter.startFormat(Indent.format);
            OpenIdProviderMetadata openIdProviderMetadata = this.providerMetadata;
            if (openIdProviderMetadata != null) {
                openIdProviderMetadata.print(actorContext, textPrinter, level);
            }
            for (Map.Entry<MultiPartName, Object> entry : this.extra.entrySet()) {
                textPrinter.printKeyValueLine(entry.getKey(), entry.getValue());
            }
            textPrinter.endFormat();
        }
    }

    public void loadProviderInformation() throws JwtVerificationException {
        if (this.providerMetadata == null) {
            providerMetadata().keyMap();
        }
    }

    public OpenIdProviderMetadata tryGetProviderMetadata() {
        return this.providerMetadata;
    }

    public OpenIdProviderMetadata providerMetadata() throws JwtVerificationException {
        OpenIdProviderMetadata openIdProviderMetadata = this.providerMetadata;
        if (openIdProviderMetadata != null) {
            return openIdProviderMetadata;
        }
        OpenIdProviderMetadata openIdProviderMetadata2 = new OpenIdProviderMetadata(this.ctx);
        try {
            JavaHttpClientResponse javaHttpClientResponse = (JavaHttpClientResponse) new HttpClientRequest(new URL(getIssuer())).addPath(".well-known", "openid-configuration").submit(this.ctx, new JavaHttpClientResponseFactory());
            javaHttpClientResponse.assertSuccess();
            JsonReader jsonReader = new JsonReader(javaHttpClientResponse.readResponse());
            try {
                openIdProviderMetadata2.toTextEntity().readText(this.ctx, jsonReader, openIdProviderMetadata2.extra);
                jsonReader.close();
                this.providerMetadata = openIdProviderMetadata2;
                return openIdProviderMetadata2;
            } catch (Throwable th) {
                try {
                    jsonReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (HttpClientException e) {
            throw new JwtVerificationException(new MultiPartName("safeature", "jwt", "provider", "failure"), "Cannot load key information from provider", e);
        } catch (IOException e2) {
            throw new JwtVerificationException(new MultiPartName("safeature", "jwt", "provider", "failure"), "Cannot load key information from provider", e2);
        }
    }

    public void assertValid(Instant instant) throws JwtVerificationException {
        JwtTime tryGetIssuedAt = tryGetIssuedAt();
        if (tryGetIssuedAt != null && tryGetIssuedAt.isAfter(instant)) {
            throw new JwtVerificationException(new MultiPartName("safeature", "jwt", "payload", "tooEarly"), "The JWT authentication token is not yet valid ($[issuedAt] >= $[now]").add("issuedAt", tryGetIssuedAt).add("now", instant);
        }
        JwtTime tryGetNotBefore = tryGetNotBefore();
        if (tryGetNotBefore != null && tryGetNotBefore.isAfter(instant)) {
            throw new JwtVerificationException(new MultiPartName("safeature", "jwt", "payload", "tooEarly"), "The JWT authentication token is not yet valid ($[notBefore] >= $[now]").add("notBefore", tryGetNotBefore).add("now", instant);
        }
        JwtTime tryGetExpirationTime = tryGetExpirationTime();
        if (tryGetExpirationTime != null && tryGetExpirationTime.isBefore(instant)) {
            throw new JwtVerificationException(new MultiPartName("safeature", "jwt", "payload", "expired"), "The JWT authentication token has expired ($[expiration] < $[now]").add("expiration", tryGetExpirationTime).add("now", instant);
        }
    }
}
