package io.corbel.iam.service;

import com.google.gson.JsonObject;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.lib.token.reader.TokenReader;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import net.oauth.jsontoken.JsonTokenParser;

/* loaded from: input_file:io/corbel/iam/service/DefaultUpgradeTokenService.class */
public class DefaultUpgradeTokenService implements UpgradeTokenService {
    private final JsonTokenParser jsonTokenParser;
    private final ScopeService scopeService;

    public DefaultUpgradeTokenService(JsonTokenParser jsonTokenParser, ScopeService scopeService) {
        this.jsonTokenParser = jsonTokenParser;
        this.scopeService = scopeService;
    }

    @Override // io.corbel.iam.service.UpgradeTokenService
    public void upgradeToken(String str, TokenReader tokenReader) throws UnauthorizedException {
        try {
            JsonObject payloadAsJsonObject = this.jsonTokenParser.verifyAndDeserialize(str).getPayloadAsJsonObject();
            String[] strArr = new String[0];
            if (payloadAsJsonObject.has("scope") && payloadAsJsonObject.get("scope").isJsonPrimitive()) {
                String asString = payloadAsJsonObject.get("scope").getAsString();
                if (!asString.isEmpty()) {
                    strArr = asString.split(" ");
                }
            }
            publishScopes(new HashSet(Arrays.asList(strArr)), tokenReader);
        } catch (IllegalStateException | SignatureException e) {
            throw new UnauthorizedException(e.getMessage());
        }
    }

    private void publishScopes(Set<String> set, TokenReader tokenReader) {
        this.scopeService.addAuthorizationRules(tokenReader.getToken(), this.scopeService.fillScopes(this.scopeService.expandScopes(set), tokenReader.getInfo().getUserId(), tokenReader.getInfo().getClientId(), tokenReader.getInfo().getDomainId()));
    }
}
