package com.ibm.ws.security.oidc.client;

import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.ws.security.oidc.util.MessageHelper;
import com.ibm.ws.security.oidc.util.OidcUtil;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: input_file:com/ibm/ws/security/oidc/client/IntrospectedAccessToken.class */
public class IntrospectedAccessToken {
    private static final TraceComponent tc = Tr.register(IntrospectedAccessToken.class, MessageHelper._TR_GROUP, MessageHelper._MSG_FILE);
    private String accessToken;
    private String subject;
    private long expiresIn;
    private long issuedAt;
    private String scope;
    private String audience;
    private String realmName;
    private String uniqueSecurityName;
    private String user;
    private ArrayList<String> groupIds;

    @Deprecated
    public IntrospectedAccessToken(String str, JsonObject jsonObject) throws RelyingPartyException {
        this(str, jsonObject, null);
    }

    public IntrospectedAccessToken(String str, JsonObject jsonObject, RelyingPartyConfig relyingPartyConfig) throws RelyingPartyException {
        this.accessToken = null;
        this.subject = null;
        this.expiresIn = 0L;
        this.issuedAt = 0L;
        this.scope = null;
        this.audience = null;
        this.realmName = null;
        this.uniqueSecurityName = null;
        this.user = null;
        this.groupIds = new ArrayList<>();
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "IntrospectedAccessToken(aToken[" + str + "], jobj[" + OidcUtil.getObjState(jsonObject) + "], rpConfig[" + OidcUtil.getObjState(relyingPartyConfig) + "])");
        }
        if (relyingPartyConfig == null || str == null || jsonObject == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "One or more of the parameters passed to this method is null");
            }
            throw new RelyingPartyException("one or more parameters passed to this method is null");
        }
        this.accessToken = str;
        this.subject = RelyingPartyUtils.getJsonValue(jsonObject, "sub").getAsString();
        this.expiresIn = RelyingPartyUtils.getJsonValue(jsonObject, "exp").getAsLong() * 1000;
        this.issuedAt = RelyingPartyUtils.getJsonValue(jsonObject, "iat").getAsLong() * 1000;
        this.scope = RelyingPartyUtils.getJsonValue(jsonObject, "scope").getAsString();
        this.realmName = RelyingPartyUtils.getJsonValue(jsonObject, relyingPartyConfig.getRealmIdentifier()).getAsString();
        if (this.realmName == null) {
            this.realmName = RelyingPartyUtils.getJsonValue(jsonObject, "iss").getAsString();
        }
        this.user = RelyingPartyUtils.getJsonValue(jsonObject, relyingPartyConfig.getUserIdentifier()).getAsString();
        this.uniqueSecurityName = RelyingPartyUtils.getJsonValue(jsonObject, relyingPartyConfig.getUniqueUserIdentifier()).getAsString();
        if (this.uniqueSecurityName == null) {
            this.uniqueSecurityName = this.user;
        }
        JsonElement jsonElement = jsonObject.get(relyingPartyConfig.getGroupIdentifier());
        if (jsonElement != null) {
            setGroupIds(jsonElement.getAsJsonArray());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "IntrospectedAccessToken");
        }
    }

    private void setGroupIds(JsonArray jsonArray) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setGroupIds(groups[" + OidcUtil.getObjState(jsonArray) + "])");
        }
        Iterator<JsonElement> it = jsonArray.iterator();
        while (it.hasNext()) {
            String stringBuffer = new StringBuffer("group:").append(this.realmName).append("/").append(it.next().getAsString()).toString();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Group IDs group: " + stringBuffer);
            }
            this.groupIds.add(stringBuffer);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setGroupIds");
        }
    }

    public String getAccessToken() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getAccessToken returns [" + this.accessToken + "])");
        }
        return this.accessToken;
    }

    @Deprecated
    public String getSubject() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSubject returns [" + this.subject + "])");
        }
        return this.subject;
    }

    public String getUser() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getUser returns [" + this.user + "])");
        }
        return this.user;
    }

    public String getScope() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getScope returns [" + this.scope + "])");
        }
        return this.scope;
    }

    public String getAudience() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getAudience returns [" + this.audience + "])");
        }
        return this.audience;
    }

    public String getRealmName() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getRealmName returns [" + this.realmName + "])");
        }
        return this.realmName;
    }

    public String getUniqueSecurityName() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getUniqueSecurityName returns [" + this.uniqueSecurityName + "])");
        }
        return this.uniqueSecurityName;
    }

    public long getExpiresIn() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getExpiresIn returns [" + this.expiresIn + "])");
        }
        return this.expiresIn;
    }

    public long getIssuedAt() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getIssuedAt returns [" + this.issuedAt + "])");
        }
        return this.issuedAt;
    }

    public ArrayList<String> getGroupIds() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getGroupIds returns [" + this.groupIds + "])");
        }
        return this.groupIds;
    }
}
