package com.nimbusds.openid.connect.provider.spi.tokens;

import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.oauth2.sdk.auth.X509CertificateConfirmation;
import com.nimbusds.oauth2.sdk.id.Actor;
import com.nimbusds.oauth2.sdk.id.Audience;
import com.nimbusds.oauth2.sdk.id.Issuer;
import com.nimbusds.oauth2.sdk.id.JWTID;
import com.nimbusds.oauth2.sdk.id.Subject;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import net.jcip.annotations.ThreadSafe;
import net.minidev.json.JSONObject;

@ThreadSafe
/* loaded from: input_file:com/nimbusds/openid/connect/provider/spi/tokens/BaseSelfContainedAccessTokenClaimsCodec.class */
public abstract class BaseSelfContainedAccessTokenClaimsCodec implements SelfContainedAccessTokenClaimsCodec {
    public static final Set<String> SUPPORTED_CLAIM_NAMES = Collections.unmodifiableSet(new HashSet(Arrays.asList("sub", "act", "exp", "iat", "iss", "aud", "jti", "cnf")));

    @Override // com.nimbusds.openid.connect.provider.spi.tokens.SelfContainedAccessTokenClaimsCodec
    public JWTClaimsSet encode(AccessTokenAuthorization accessTokenAuthorization, TokenEncoderContext tokenEncoderContext) {
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        if (accessTokenAuthorization.getSubject() != null) {
            builder.subject(accessTokenAuthorization.getSubject().getValue());
        }
        if (accessTokenAuthorization.getActor() != null) {
            builder.claim("act", accessTokenAuthorization.getActor().toJSONObject());
        }
        if (accessTokenAuthorization.getExpirationTime() != null) {
            builder.expirationTime(Date.from(accessTokenAuthorization.getExpirationTime()));
        }
        if (accessTokenAuthorization.getIssueTime() != null) {
            builder.issueTime(Date.from(accessTokenAuthorization.getIssueTime()));
        }
        if (accessTokenAuthorization.getIssuer() != null) {
            builder.issuer(accessTokenAuthorization.getIssuer().getValue());
        }
        if (accessTokenAuthorization.getAudienceList() != null) {
            builder.audience(Audience.toStringList(accessTokenAuthorization.getAudienceList()));
        }
        if (accessTokenAuthorization.getJWTID() != null) {
            builder.jwtID(accessTokenAuthorization.getJWTID().getValue());
        }
        if (accessTokenAuthorization.getClientCertificateConfirmation() != null) {
            Map.Entry jWTClaim = accessTokenAuthorization.getClientCertificateConfirmation().toJWTClaim();
            builder.claim((String) jWTClaim.getKey(), jWTClaim.getValue());
        }
        return builder.build();
    }

    @Override // com.nimbusds.openid.connect.provider.spi.tokens.SelfContainedAccessTokenClaimsCodec
    public JWTDetails advancedEncode(final AccessTokenAuthorization accessTokenAuthorization, final TokenEncoderContext tokenEncoderContext) {
        return new JWTDetails() { // from class: com.nimbusds.openid.connect.provider.spi.tokens.BaseSelfContainedAccessTokenClaimsCodec.1
            @Override // com.nimbusds.openid.connect.provider.spi.tokens.JWTDetails
            public JOSEObjectType getType() {
                return null;
            }

            @Override // com.nimbusds.openid.connect.provider.spi.tokens.JWTDetails
            public JWTClaimsSet getJWTClaimsSet() {
                return BaseSelfContainedAccessTokenClaimsCodec.this.encode(accessTokenAuthorization, tokenEncoderContext);
            }
        };
    }

    @Override // com.nimbusds.openid.connect.provider.spi.tokens.SelfContainedAccessTokenClaimsCodec
    public AccessTokenAuthorization decode(JWTClaimsSet jWTClaimsSet, TokenCodecContext tokenCodecContext) throws TokenDecodeException {
        MutableAccessTokenAuthorization mutableAccessTokenAuthorization = new MutableAccessTokenAuthorization();
        String subject = jWTClaimsSet.getSubject();
        if (subject != null) {
            mutableAccessTokenAuthorization.withSubject(new Subject(subject));
        }
        try {
            JSONObject jSONObjectClaim = jWTClaimsSet.getJSONObjectClaim("act");
            if (jSONObjectClaim != null) {
                mutableAccessTokenAuthorization.withActor(Actor.parse(jSONObjectClaim));
            }
            Date expirationTime = jWTClaimsSet.getExpirationTime();
            if (expirationTime != null) {
                mutableAccessTokenAuthorization.withExpirationTime(expirationTime.toInstant());
            }
            Date issueTime = jWTClaimsSet.getIssueTime();
            if (issueTime != null) {
                mutableAccessTokenAuthorization.withIssueTime(issueTime.toInstant());
            }
            String issuer = jWTClaimsSet.getIssuer();
            if (issuer != null) {
                mutableAccessTokenAuthorization.withIssuer(new Issuer(issuer));
            }
            List audience = jWTClaimsSet.getAudience();
            if (audience != null && !audience.isEmpty()) {
                mutableAccessTokenAuthorization.withAudienceList(Audience.create(audience));
            }
            String jwtid = jWTClaimsSet.getJWTID();
            if (jwtid != null) {
                mutableAccessTokenAuthorization.withJWTID(new JWTID(jwtid));
            }
            mutableAccessTokenAuthorization.withClientCertificateConfirmation(X509CertificateConfirmation.parse(jWTClaimsSet));
            return mutableAccessTokenAuthorization;
        } catch (Exception e) {
            throw new TokenDecodeException("Couldn't parse actor: " + e.getMessage(), e);
        }
    }

    @Override // com.nimbusds.openid.connect.provider.spi.tokens.SelfContainedAccessTokenClaimsCodec
    public AccessTokenAuthorization advancedDecode(JWTDetails jWTDetails, TokenCodecContext tokenCodecContext) throws TokenDecodeException {
        return decode(jWTDetails.getJWTClaimsSet(), tokenCodecContext);
    }
}
