package com.sap.cloud.sdk.cloudplatform.security.principal;

import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.sap.cloud.sdk.cloudplatform.security.AuthTokenAccessor;
import com.sap.cloud.sdk.cloudplatform.security.principal.exception.PrincipalAccessException;
import io.vavr.CheckedFunction1;
import io.vavr.control.Try;
import java.lang.invoke.SerializedLambda;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nonnull;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor.class */
class OAuth2AuthTokenPrincipalExtractor implements PrincipalExtractor {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OAuth2AuthTokenPrincipalExtractor.class);
    private static final String JWT_CLIENT_ID_CLAIM = "client_id";
    private static final String JWT_USER_NAME_CLAIM = "user_name";
    private static final String JWT_GRANT_TYPE_CLAIM = "grant_type";
    private final Map<String, CheckedFunction1<DecodedJWT, String>> grantTypeToPrincipalIdExtractor = new HashMap();

    /* JADX INFO: Access modifiers changed from: package-private */
    public OAuth2AuthTokenPrincipalExtractor() {
        this.grantTypeToPrincipalIdExtractor.put("password", decodedJWT -> {
            return decodedJWT.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("client_credentials", decodedJWT2 -> {
            return decodedJWT2.getClaim(JWT_CLIENT_ID_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("authorization_code", decodedJWT3 -> {
            return decodedJWT3.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("user_token", decodedJWT4 -> {
            return decodedJWT4.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("urn:ietf:params:oauth:grant-type:saml2-bearer", decodedJWT5 -> {
            return decodedJWT5.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
        this.grantTypeToPrincipalIdExtractor.put("urn:ietf:params:oauth:grant-type:jwt-bearer", decodedJWT6 -> {
            return decodedJWT6.getClaim(JWT_USER_NAME_CLAIM).asString();
        });
    }

    void setIdExtractorFunction(@Nonnull String str, @Nonnull CheckedFunction1<DecodedJWT, String> checkedFunction1) {
        CheckedFunction1<DecodedJWT, String> put = this.grantTypeToPrincipalIdExtractor.put(str, checkedFunction1);
        if (log.isDebugEnabled()) {
            if (put != null) {
                log.debug("Replaced the logic for grant type '" + str + "' with a new one.");
            } else {
                log.debug("Added initial logic for grant type '" + str + "'.");
            }
        }
    }

    @Nonnull
    private Try<String> getPrincipalId(@Nonnull DecodedJWT decodedJWT) {
        return Try.of(() -> {
            Claim claim = decodedJWT.getClaim(JWT_GRANT_TYPE_CLAIM);
            if (claim.isMissing() || claim.isNull()) {
                throw new PrincipalAccessException("The current JWT does not contain any grant type.");
            }
            if (log.isDebugEnabled()) {
                if (this.grantTypeToPrincipalIdExtractor.isEmpty()) {
                    log.debug("There is no logic registered for any grant type, so no principal will get extracted from the JWT.");
                } else {
                    log.debug("To extract a principal from JWT the following grant types will get handled: {}", this.grantTypeToPrincipalIdExtractor.keySet());
                }
            }
            String asString = claim.asString();
            CheckedFunction1<DecodedJWT, String> checkedFunction1 = this.grantTypeToPrincipalIdExtractor.get(asString);
            if (checkedFunction1 == null) {
                throw new PrincipalAccessException("There is no reader registered for grant type '" + asString + "'.");
            }
            try {
                String str = (String) checkedFunction1.apply(decodedJWT);
                if (str == null) {
                    throw new PrincipalAccessException("The principalId for grant type " + asString + " must not be null.");
                }
                log.debug("Extracted principal '{}' from the current JWT.", str);
                return str;
            } catch (Throwable th) {
                throw new PrincipalAccessException("Could not read id for grant type " + asString + " from JWT.", th);
            }
        });
    }

    @Override // com.sap.cloud.sdk.cloudplatform.security.principal.PrincipalExtractor
    @Nonnull
    public Try<Principal> tryGetCurrentPrincipal() {
        Try map = AuthTokenAccessor.tryGetCurrentToken().map((v0) -> {
            return v0.getJwt();
        });
        if (map.isFailure()) {
            return Try.failure(map.getCause());
        }
        Try<String> principalId = getPrincipalId((DecodedJWT) map.get());
        return principalId.isFailure() ? Try.failure(principalId.getCause()) : Try.of(() -> {
            return new DefaultPrincipal((String) principalId.get());
        });
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1773944194:
                if (implMethodName.equals("lambda$getPrincipalId$c8b7f4af$1")) {
                    z = 7;
                    break;
                }
                break;
            case -1486749135:
                if (implMethodName.equals("lambda$tryGetCurrentPrincipal$179f8c6e$1")) {
                    z = false;
                    break;
                }
                break;
            case -1285911026:
                if (implMethodName.equals("lambda$new$da6d194a$1")) {
                    z = true;
                    break;
                }
                break;
            case -1285911025:
                if (implMethodName.equals("lambda$new$da6d194a$2")) {
                    z = 2;
                    break;
                }
                break;
            case -1285911024:
                if (implMethodName.equals("lambda$new$da6d194a$3")) {
                    z = 5;
                    break;
                }
                break;
            case -1285911023:
                if (implMethodName.equals("lambda$new$da6d194a$4")) {
                    z = 6;
                    break;
                }
                break;
            case -1285911022:
                if (implMethodName.equals("lambda$new$da6d194a$5")) {
                    z = 3;
                    break;
                }
                break;
            case -1285911021:
                if (implMethodName.equals("lambda$new$da6d194a$6")) {
                    z = 4;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lio/vavr/control/Try;)Lcom/sap/cloud/sdk/cloudplatform/security/principal/Principal;")) {
                    Try r0 = (Try) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return new DefaultPrincipal((String) r0.get());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT -> {
                        return decodedJWT.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT2 -> {
                        return decodedJWT2.getClaim(JWT_CLIENT_ID_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT5 -> {
                        return decodedJWT5.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT6 -> {
                        return decodedJWT6.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT3 -> {
                        return decodedJWT3.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction1") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    return decodedJWT4 -> {
                        return decodedJWT4.getClaim(JWT_USER_NAME_CLAIM).asString();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/security/principal/OAuth2AuthTokenPrincipalExtractor") && serializedLambda.getImplMethodSignature().equals("(Lcom/auth0/jwt/interfaces/DecodedJWT;)Ljava/lang/String;")) {
                    OAuth2AuthTokenPrincipalExtractor oAuth2AuthTokenPrincipalExtractor = (OAuth2AuthTokenPrincipalExtractor) serializedLambda.getCapturedArg(0);
                    DecodedJWT decodedJWT7 = (DecodedJWT) serializedLambda.getCapturedArg(1);
                    return () -> {
                        Claim claim = decodedJWT7.getClaim(JWT_GRANT_TYPE_CLAIM);
                        if (claim.isMissing() || claim.isNull()) {
                            throw new PrincipalAccessException("The current JWT does not contain any grant type.");
                        }
                        if (log.isDebugEnabled()) {
                            if (this.grantTypeToPrincipalIdExtractor.isEmpty()) {
                                log.debug("There is no logic registered for any grant type, so no principal will get extracted from the JWT.");
                            } else {
                                log.debug("To extract a principal from JWT the following grant types will get handled: {}", this.grantTypeToPrincipalIdExtractor.keySet());
                            }
                        }
                        String asString = claim.asString();
                        CheckedFunction1<DecodedJWT, String> checkedFunction1 = this.grantTypeToPrincipalIdExtractor.get(asString);
                        if (checkedFunction1 == null) {
                            throw new PrincipalAccessException("There is no reader registered for grant type '" + asString + "'.");
                        }
                        try {
                            String str = (String) checkedFunction1.apply(decodedJWT7);
                            if (str == null) {
                                throw new PrincipalAccessException("The principalId for grant type " + asString + " must not be null.");
                            }
                            log.debug("Extracted principal '{}' from the current JWT.", str);
                            return str;
                        } catch (Throwable th) {
                            throw new PrincipalAccessException("Could not read id for grant type " + asString + " from JWT.", th);
                        }
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
