package no.nav.security.token.support.core.validation;

import java.util.AbstractMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import no.nav.security.token.support.core.configuration.IssuerConfiguration;
import no.nav.security.token.support.core.configuration.MultiIssuerConfiguration;
import no.nav.security.token.support.core.context.TokenValidationContext;
import no.nav.security.token.support.core.exceptions.IssuerConfigurationException;
import no.nav.security.token.support.core.exceptions.JwtTokenValidatorException;
import no.nav.security.token.support.core.http.HttpRequest;
import no.nav.security.token.support.core.jwt.JwtToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/security/token/support/core/validation/JwtTokenValidationHandler.class */
public class JwtTokenValidationHandler {
    private static final Logger LOG = LoggerFactory.getLogger(JwtTokenValidationHandler.class);
    private final MultiIssuerConfiguration config;

    public JwtTokenValidationHandler(MultiIssuerConfiguration multiIssuerConfiguration) {
        this.config = multiIssuerConfiguration;
    }

    public TokenValidationContext getValidatedTokens(HttpRequest httpRequest) {
        List<JwtToken> retrieveUnvalidatedTokens = JwtTokenRetriever.retrieveUnvalidatedTokens(this.config, httpRequest);
        Map map = (Map) retrieveUnvalidatedTokens.stream().map(this::validate).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).collect(Collectors.toConcurrentMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        LOG.debug("Found {} tokens on request, number of validated tokens is {}", Integer.valueOf(retrieveUnvalidatedTokens.size()), Integer.valueOf(map.size()));
        if (map.isEmpty() && !retrieveUnvalidatedTokens.isEmpty()) {
            LOG.debug("Found {} unvalidated token(s) with issuer(s) {} on request, is this a configuration error?", Integer.valueOf(retrieveUnvalidatedTokens.size()), retrieveUnvalidatedTokens.stream().map((v0) -> {
                return v0.getIssuer();
            }).toList());
        }
        return new TokenValidationContext(map);
    }

    private Optional<Map.Entry<String, JwtToken>> validate(JwtToken jwtToken) {
        try {
            LOG.debug("Check if token with issuer={} is present in config", jwtToken.getIssuer());
            if (!this.config.getIssuer(jwtToken.getIssuer()).isPresent()) {
                LOG.debug("Token is from an unknown issuer={}, skipping validation.", jwtToken.getIssuer());
                return Optional.empty();
            }
            String name = issuerConfiguration(jwtToken.getIssuer()).getName();
            LOG.debug("Found token from trusted issuer={} with shortName={} in request", jwtToken.getIssuer(), name);
            long currentTimeMillis = System.currentTimeMillis();
            tokenValidator(jwtToken).assertValidToken(jwtToken.getTokenAsString());
            LOG.debug("Validated token from issuer[{}] in {} ms", jwtToken.getIssuer(), Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            return Optional.of(entry(name, jwtToken));
        } catch (JwtTokenValidatorException e) {
            LOG.info("Found invalid token for issuer [{}, expires at {}], message:{} ", new Object[]{jwtToken.getIssuer(), e.getExpiryDate(), e.getMessage()});
            return Optional.empty();
        }
    }

    private JwtTokenValidator tokenValidator(JwtToken jwtToken) {
        return issuerConfiguration(jwtToken.getIssuer()).getTokenValidator();
    }

    private IssuerConfiguration issuerConfiguration(String str) {
        return this.config.getIssuer(str).orElseThrow(() -> {
            return new IssuerConfigurationException(String.format("Could not find IssuerConfiguration for issuer=%s", str));
        });
    }

    private static <T, U> Map.Entry<T, U> entry(T t, U u) {
        return new AbstractMap.SimpleImmutableEntry(t, u);
    }
}
