package no.nav.security.token.support.core.validation;

import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import no.nav.security.token.support.core.configuration.IssuerConfiguration;
import no.nav.security.token.support.core.configuration.MultiIssuerConfiguration;
import no.nav.security.token.support.core.http.HttpRequest;
import no.nav.security.token.support.core.jwt.JwtToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/security/token/support/core/validation/JwtTokenRetriever.class */
public class JwtTokenRetriever {
    private static final Logger LOG = LoggerFactory.getLogger(JwtTokenRetriever.class);
    private static final String BEARER = "Bearer";

    private JwtTokenRetriever() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<JwtToken> retrieveUnvalidatedTokens(MultiIssuerConfiguration multiIssuerConfiguration, HttpRequest httpRequest) {
        return Stream.concat(getTokensFromHeader(multiIssuerConfiguration, httpRequest).stream(), getTokensFromCookies(multiIssuerConfiguration, httpRequest).stream()).toList();
    }

    private static List<JwtToken> getTokensFromHeader(MultiIssuerConfiguration multiIssuerConfiguration, HttpRequest httpRequest) {
        Optional<IssuerConfiguration> findFirst;
        try {
            LOG.debug("Checking authorization header for tokens");
            findFirst = multiIssuerConfiguration.getIssuers().values().stream().filter(issuerConfiguration -> {
                return httpRequest.getHeader(issuerConfiguration.getHeaderName()) != null;
            }).findFirst();
        } catch (Exception e) {
            LOG.warn("Received exception when attempting to extract and parse token from Authorization header", e);
        }
        if (findFirst.isPresent()) {
            return extractBearerTokens(httpRequest.getHeader(findFirst.get().getHeaderName()).split(",")).stream().map(JwtToken::new).filter(jwtToken -> {
                return multiIssuerConfiguration.getIssuer(jwtToken.getIssuer()).isPresent();
            }).toList();
        }
        LOG.debug("No tokens found in authorization header");
        return List.of();
    }

    private static List<JwtToken> getTokensFromCookies(MultiIssuerConfiguration multiIssuerConfiguration, HttpRequest httpRequest) {
        try {
            return (httpRequest.getCookies() != null ? Arrays.asList(httpRequest.getCookies()) : List.of()).stream().filter(nameValue -> {
                return containsCookieName(multiIssuerConfiguration, nameValue.getName());
            }).map(nameValue2 -> {
                return new JwtToken(nameValue2.getValue());
            }).toList();
        } catch (Exception e) {
            LOG.warn("received exception when attempting to extract and parse token from cookie", e);
            return List.of();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean containsCookieName(MultiIssuerConfiguration multiIssuerConfiguration, String str) {
        return multiIssuerConfiguration.getIssuers().values().stream().anyMatch(issuerConfiguration -> {
            return str.equalsIgnoreCase(issuerConfiguration.getCookieName());
        });
    }

    private static List<String> extractBearerTokens(String... strArr) {
        return Arrays.stream(strArr).map(str -> {
            return str.split(" ");
        }).filter(strArr2 -> {
            return strArr2.length == 2;
        }).filter(strArr3 -> {
            return strArr3[0].trim().equalsIgnoreCase(BEARER);
        }).map(strArr4 -> {
            return strArr4[1].trim();
        }).toList();
    }
}
