package no.nav.security.mock.oauth2.userinfo;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.id.Issuer;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import mu.KLogger;
import mu.KotlinLogging;
import no.nav.security.mock.oauth2.OAuth2Exception;
import no.nav.security.mock.oauth2.extensions.HttpUrlExtensionsKt;
import no.nav.security.mock.oauth2.extensions.NimbusExtensionsKt;
import no.nav.security.mock.oauth2.extensions.OAuth2Endpoints;
import no.nav.security.mock.oauth2.http.OAuth2HttpRequest;
import no.nav.security.mock.oauth2.http.OAuth2HttpResponse;
import no.nav.security.mock.oauth2.http.OAuth2HttpResponseKt;
import no.nav.security.mock.oauth2.http.Route;
import no.nav.security.mock.oauth2.token.OAuth2TokenProvider;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import org.jetbrains.annotations.NotNull;

/* compiled from: UserInfo.kt */
@Metadata(mv = {1, 6, 0}, k = 2, xi = 48, d1 = {"��0\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\u001a\u0010\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u0005H\u0002\u001a\f\u0010\u0006\u001a\u00020\u0005*\u00020\u0007H\u0002\u001a\u0014\u0010\b\u001a\u00020\t*\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH��\u001a\u0014\u0010\f\u001a\u00020\r*\u00020\u000e2\u0006\u0010\n\u001a\u00020\u000bH\u0002\"\u000e\u0010��\u001a\u00020\u0001X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000f"}, d2 = {"log", "Lmu/KLogger;", "invalidToken", "Lno/nav/security/mock/oauth2/OAuth2Exception;", "msg", "", "bearerToken", "Lokhttp3/Headers;", "userInfo", "Lno/nav/security/mock/oauth2/http/Route$Builder;", "tokenProvider", "Lno/nav/security/mock/oauth2/token/OAuth2TokenProvider;", "verifyBearerToken", "Lcom/nimbusds/jwt/JWTClaimsSet;", "Lno/nav/security/mock/oauth2/http/OAuth2HttpRequest;", "mock-oauth2-server"})
/* loaded from: input_file:no/nav/security/mock/oauth2/userinfo/UserInfoKt.class */
public final class UserInfoKt {

    @NotNull
    private static final KLogger log = KotlinLogging.INSTANCE.logger(new Function0<Unit>() { // from class: no.nav.security.mock.oauth2.userinfo.UserInfoKt$log$1
        public final void invoke() {
        }

        /* renamed from: invoke, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m66invoke() {
            invoke();
            return Unit.INSTANCE;
        }
    });

    @NotNull
    public static final Route.Builder userInfo(@NotNull Route.Builder builder, @NotNull final OAuth2TokenProvider oAuth2TokenProvider) {
        Intrinsics.checkNotNullParameter(builder, "<this>");
        Intrinsics.checkNotNullParameter(oAuth2TokenProvider, "tokenProvider");
        return builder.get(new String[]{OAuth2Endpoints.USER_INFO}, new Function1<OAuth2HttpRequest, OAuth2HttpResponse>() { // from class: no.nav.security.mock.oauth2.userinfo.UserInfoKt$userInfo$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }

            @NotNull
            public final OAuth2HttpResponse invoke(@NotNull OAuth2HttpRequest oAuth2HttpRequest) {
                KLogger kLogger;
                JWTClaimsSet verifyBearerToken;
                Intrinsics.checkNotNullParameter(oAuth2HttpRequest, "it");
                kLogger = UserInfoKt.log;
                kLogger.debug("received request to userinfo endpoint, returning claims from token");
                verifyBearerToken = UserInfoKt.verifyBearerToken(oAuth2HttpRequest, OAuth2TokenProvider.this);
                Map claims = verifyBearerToken.getClaims();
                Intrinsics.checkNotNullExpressionValue(claims, "claims");
                return OAuth2HttpResponseKt.json(claims);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final JWTClaimsSet verifyBearerToken(OAuth2HttpRequest oAuth2HttpRequest, OAuth2TokenProvider oAuth2TokenProvider) {
        String bearerToken = bearerToken(oAuth2HttpRequest.getHeaders());
        HttpUrl issuerUrl = HttpUrlExtensionsKt.toIssuerUrl(oAuth2HttpRequest.getUrl());
        JWKSet publicJwkSet = oAuth2TokenProvider.publicJwkSet(HttpUrlExtensionsKt.issuerId(issuerUrl));
        try {
            SignedJWT parse = SignedJWT.parse(bearerToken);
            Intrinsics.checkNotNullExpressionValue(parse, "parse(tokenString)");
            return NimbusExtensionsKt.verifySignatureAndIssuer$default(parse, new Issuer(issuerUrl.toString()), publicJwkSet, null, 4, null);
        } catch (Exception e) {
            String message = e.getMessage();
            if (message == null) {
                message = "could not verify bearer token";
            }
            throw invalidToken(message);
        }
    }

    private static final String bearerToken(Headers headers) {
        String str;
        String str2 = headers.get("Authorization");
        if (str2 == null) {
            str = null;
        } else {
            List split$default = StringsKt.split$default(str2, new String[]{"Bearer "}, false, 0, 6, (Object) null);
            if (split$default == null) {
                str = null;
            } else {
                List list = split$default.size() == 2 ? split$default : null;
                str = list == null ? null : (String) CollectionsKt.last(list);
            }
        }
        String str3 = str;
        if (str3 == null) {
            throw invalidToken("missing bearer token");
        }
        return str3;
    }

    private static final OAuth2Exception invalidToken(String str) {
        return new OAuth2Exception(new ErrorObject("invalid_token", str, 401), str);
    }
}
