package com.ibm.ws.security.jwt.utils;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.websphere.security.jwt.JwtBuilder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.jwt.config.JwtConfig;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import javax.security.auth.Subject;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/jwt/utils/TokenBuilder.class */
public class TokenBuilder {
    private static TraceComponent tc = Tr.register(TokenBuilder.class, "JWTBUILDER", "com.ibm.ws.security.jwt.internal.resources.JWTMessages");
    protected static final String USER_CLAIM = "upn";
    protected static final String GROUP_CLAIM = "groups";
    protected static final String CCK_CLAIM = "sid";
    protected static final String APR_CLAIM = "apr";
    protected static final String REALM_CLAIM = "realm";
    private static final String GROUP_PREFIX = "group:";
    static final long serialVersionUID = -2997773681041647843L;

    public String createTokenString(JwtConfig jwtConfig) {
        return createTokenString(jwtConfig.getId());
    }

    public String createTokenString(String str) {
        try {
            return createTokenString(str, WSSubject.getRunAsSubject(), null, null);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwt.utils.TokenBuilder", "82", this, new Object[]{str});
            return null;
        }
    }

    @Trivial
    private boolean isValidList(List<String> list) {
        return list != null && list.size() > 0;
    }

    public String getUserName(Subject subject) {
        try {
            WSCredential wSCredential = getWSCredential(subject);
            if (wSCredential == null) {
                wSCredential = getPrivateWSCredential(subject);
            }
            if (wSCredential != null) {
                return wSCredential.getSecurityName();
            }
            return null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwt.utils.TokenBuilder", "108", this, new Object[]{subject});
            return null;
        }
    }

    private WSCredential getPrivateWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPrivateCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }

    private ArrayList<String> getGroups(Subject subject) {
        int indexOf;
        try {
            WSCredential wSCredential = getWSCredential(subject);
            if (wSCredential == null) {
                wSCredential = getPrivateWSCredential(subject);
            }
            if (wSCredential == null) {
                return null;
            }
            ArrayList groupIds = wSCredential.getGroupIds();
            ArrayList<String> arrayList = new ArrayList<>();
            ListIterator listIterator = groupIds.listIterator();
            while (listIterator.hasNext()) {
                String str = (String) listIterator.next();
                if (str != null && str.startsWith(GROUP_PREFIX) && (indexOf = str.indexOf("/")) > 0) {
                    str = str.substring(indexOf + 1);
                }
                arrayList.add(str);
            }
            return arrayList;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwt.utils.TokenBuilder", "150", this, new Object[]{subject});
            return null;
        }
    }

    private WSCredential getWSCredential(Subject subject) {
        WSCredential wSCredential = null;
        Iterator it = subject.getPublicCredentials(WSCredential.class).iterator();
        if (it.hasNext()) {
            wSCredential = (WSCredential) it.next();
        }
        return wSCredential;
    }

    public String createTokenString(String str, Subject subject, String str2, String str3) throws Exception {
        try {
            JwtBuilder create = JwtBuilder.create(str);
            String userName = getUserName(subject);
            create.subject(userName);
            create.claim(USER_CLAIM, userName);
            String realm = getRealm(subject);
            if (realm != null) {
                create.claim(REALM_CLAIM, realm);
            }
            ArrayList<String> groups = getGroups(subject);
            if (isValidList(groups)) {
                create.claim(GROUP_CLAIM, groups);
            }
            if (str2 != null) {
                create.claim(CCK_CLAIM, str2);
            }
            if (str3 != null) {
                create.claim(APR_CLAIM, str3);
            }
            return create.buildJwt().compact();
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwt.utils.TokenBuilder", "197", this, new Object[]{str, subject, str2, str3});
            throw e;
        }
    }

    private String getRealm(Subject subject) {
        try {
            WSCredential wSCredential = getWSCredential(subject);
            if (wSCredential == null) {
                wSCredential = getPrivateWSCredential(subject);
            }
            if (wSCredential != null) {
                return wSCredential.getRealmName();
            }
            return null;
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.jwt.utils.TokenBuilder", "210", this, new Object[]{subject});
            return null;
        }
    }
}
