package swim.linker;

import swim.api.auth.Authenticated;
import swim.api.auth.Credentials;
import swim.api.auth.Identity;
import swim.api.policy.PolicyDirective;
import swim.codec.Debug;
import swim.codec.Format;
import swim.codec.Output;
import swim.collections.FingerTrieSeq;
import swim.security.JsonWebSignature;
import swim.security.OpenIdToken;
import swim.security.PublicKeyDef;
import swim.structure.Form;
import swim.structure.Kind;
import swim.structure.Value;
import swim.uri.Uri;
import swim.util.Murmur3;

/* loaded from: input_file:swim/linker/OpenIdAuthDef.class */
public final class OpenIdAuthDef extends AuthDef implements Debug {
    final FingerTrieSeq<String> issuers;
    final FingerTrieSeq<String> audiences;
    final FingerTrieSeq<PublicKeyDef> publicKeyDefs;
    private static int hashSeed;
    private static Form<OpenIdAuthDef> form;

    public OpenIdAuthDef(FingerTrieSeq<String> fingerTrieSeq, FingerTrieSeq<String> fingerTrieSeq2, FingerTrieSeq<PublicKeyDef> fingerTrieSeq3) {
        this.issuers = fingerTrieSeq;
        this.audiences = fingerTrieSeq2;
        this.publicKeyDefs = fingerTrieSeq3;
    }

    public FingerTrieSeq<String> issuers() {
        return this.issuers;
    }

    public FingerTrieSeq<String> audiences() {
        return this.audiences;
    }

    public FingerTrieSeq<PublicKeyDef> publicKeyDefs() {
        return this.publicKeyDefs;
    }

    public PolicyDirective<Identity> authenticate(Uri uri, Uri uri2, JsonWebSignature jsonWebSignature) {
        Value payload = jsonWebSignature.payload();
        if (!payload.isDefined()) {
            return null;
        }
        OpenIdToken openIdToken = new OpenIdToken(payload);
        int size = this.publicKeyDefs.size();
        for (int i = 0; i < size; i++) {
            if (jsonWebSignature.verifySignature(((PublicKeyDef) this.publicKeyDefs.get(i)).publicKey())) {
                return PolicyDirective.allow(new Authenticated(uri, uri2, openIdToken.toValue()));
            }
        }
        return null;
    }

    @Override // swim.linker.AuthDef
    public PolicyDirective<Identity> authenticate(Credentials credentials) {
        JsonWebSignature parse;
        String stringValue = credentials.claims().get("idToken").stringValue((String) null);
        if (stringValue == null) {
            stringValue = credentials.claims().get("openIdToken").stringValue((String) null);
        }
        if (stringValue == null || (parse = JsonWebSignature.parse(stringValue)) == null) {
            return null;
        }
        return authenticate(credentials.requestUri(), credentials.fromUri(), parse);
    }

    @Override // swim.linker.AuthDef
    public Value toValue() {
        return form().mold(this).toValue();
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (!(obj instanceof OpenIdAuthDef)) {
            return false;
        }
        OpenIdAuthDef openIdAuthDef = (OpenIdAuthDef) obj;
        return this.issuers.equals(openIdAuthDef.issuers) && this.audiences.equals(openIdAuthDef.audiences) && this.publicKeyDefs.equals(openIdAuthDef.publicKeyDefs);
    }

    public int hashCode() {
        if (hashSeed == 0) {
            hashSeed = Murmur3.seed(OpenIdAuthDef.class);
        }
        return Murmur3.mash(Murmur3.mix(Murmur3.mix(Murmur3.mix(hashSeed, this.issuers.hashCode()), this.audiences.hashCode()), this.publicKeyDefs.hashCode()));
    }

    public void debug(Output<?> output) {
        output.write("new").write(32).write("OpenIdAuthDef").write(40).debug(this.issuers).write(", ").debug(this.audiences).write(", ").debug(this.publicKeyDefs).write(41);
    }

    public String toString() {
        return Format.debug(this);
    }

    @Kind
    public static Form<OpenIdAuthDef> form() {
        if (form == null) {
            form = new OpenIdAuthForm();
        }
        return form;
    }
}
