package io.corbel.iam.service;

import com.google.common.collect.Sets;
import com.google.gson.JsonObject;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.iam.model.Scope;
import io.corbel.iam.model.UserToken;
import io.corbel.iam.repository.UserTokenRepository;
import io.corbel.lib.token.reader.TokenReader;
import java.security.SignatureException;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import net.oauth.jsontoken.JsonTokenParser;

/* loaded from: input_file:io/corbel/iam/service/DefaultUpgradeTokenService.class */
public class DefaultUpgradeTokenService implements UpgradeTokenService {
    private static final String SCOPE = "scope";
    private final JsonTokenParser jsonTokenParser;
    private final ScopeService scopeService;
    private final UserTokenRepository userTokenRepository;

    public DefaultUpgradeTokenService(JsonTokenParser jsonTokenParser, ScopeService scopeService, UserTokenRepository userTokenRepository) {
        this.jsonTokenParser = jsonTokenParser;
        this.scopeService = scopeService;
        this.userTokenRepository = userTokenRepository;
    }

    @Override // io.corbel.iam.service.UpgradeTokenService
    public void upgradeToken(String str, TokenReader tokenReader, Set<String> set) throws UnauthorizedException {
        try {
            Set<Scope> upgradedScopes = getUpgradedScopes(new HashSet(set), tokenReader);
            publishScopes(upgradedScopes, tokenReader);
            saveUserToken(tokenReader.getToken(), upgradedScopes);
        } catch (IllegalStateException e) {
            throw new UnauthorizedException(e.getMessage());
        }
    }

    @Override // io.corbel.iam.service.UpgradeTokenService
    public Set<String> getScopesFromTokenToUpgrade(String str) throws UnauthorizedException {
        try {
            JsonObject payloadAsJsonObject = this.jsonTokenParser.verifyAndDeserialize(str).getPayloadAsJsonObject();
            HashSet hashSet = new HashSet();
            if (payloadAsJsonObject.has(SCOPE) && payloadAsJsonObject.get(SCOPE).isJsonPrimitive()) {
                String asString = payloadAsJsonObject.get(SCOPE).getAsString();
                if (!asString.isEmpty()) {
                    hashSet = Sets.newHashSet(asString.split(" "));
                }
            }
            return hashSet;
        } catch (SignatureException e) {
            throw new UnauthorizedException(e.getMessage());
        }
    }

    private void saveUserToken(String str, Set<Scope> set) {
        UserToken findByToken = this.userTokenRepository.findByToken(str);
        findByToken.getScopes().addAll((Set) set.stream().map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
        this.userTokenRepository.save(findByToken);
    }

    private void publishScopes(Set<Scope> set, TokenReader tokenReader) {
        this.scopeService.addAuthorizationRules(tokenReader.getToken(), set);
    }

    private Set<Scope> getUpgradedScopes(Set<String> set, TokenReader tokenReader) {
        return this.scopeService.fillScopes(this.scopeService.expandScopes(set), tokenReader.getInfo().getUserId(), tokenReader.getInfo().getClientId(), tokenReader.getInfo().getDomainId());
    }
}
