package org.elasticsearch.xpack.security.authc.jwt;

import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.ParseException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.TreeSet;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/jwt/JwtAuthenticationToken.class */
public class JwtAuthenticationToken implements AuthenticationToken {
    private SignedJWT signedJWT;
    private final String principal = buildTokenPrincipal();
    private final byte[] userCredentialsHash;

    @Nullable
    private final SecureString clientAuthenticationSharedSecret;
    static final /* synthetic */ boolean $assertionsDisabled;

    public static JwtAuthenticationToken tryParseJwt(SecureString secureString, @Nullable SecureString secureString2) {
        SignedJWT parseSignedJWT = JwtUtil.parseSignedJWT(secureString);
        if (parseSignedJWT == null) {
            return null;
        }
        return new JwtAuthenticationToken(parseSignedJWT, JwtUtil.sha256(secureString), secureString2);
    }

    public JwtAuthenticationToken(SignedJWT signedJWT, byte[] bArr, @Nullable SecureString secureString) {
        this.signedJWT = (SignedJWT) Objects.requireNonNull(signedJWT);
        this.userCredentialsHash = (byte[]) Objects.requireNonNull(bArr);
        if (secureString != null && secureString.isEmpty()) {
            throw new IllegalArgumentException("Client shared secret must be non-empty");
        }
        this.clientAuthenticationSharedSecret = secureString;
    }

    public String principal() {
        return this.principal;
    }

    /* renamed from: credentials, reason: merged with bridge method [inline-methods] */
    public SecureString m83credentials() {
        return null;
    }

    public SignedJWT getSignedJWT() {
        return this.signedJWT;
    }

    public JWTClaimsSet getJWTClaimsSet() {
        try {
            return this.signedJWT.getJWTClaimsSet();
        } catch (ParseException e) {
            if ($assertionsDisabled) {
                throw new IllegalStateException(e);
            }
            throw new AssertionError("The JWT claims set should have already been successfully parsed before building the JWT authentication token");
        }
    }

    public byte[] getUserCredentialsHash() {
        return this.userCredentialsHash;
    }

    public SecureString getClientAuthenticationSharedSecret() {
        return this.clientAuthenticationSharedSecret;
    }

    public void clearCredentials() {
        this.signedJWT = null;
        Arrays.fill(this.userCredentialsHash, (byte) 0);
        if (this.clientAuthenticationSharedSecret != null) {
            this.clientAuthenticationSharedSecret.close();
        }
    }

    public String toString() {
        return JwtAuthenticationToken.class.getSimpleName() + "=" + this.principal;
    }

    private String buildTokenPrincipal() {
        JWTClaimsSet jWTClaimsSet = getJWTClaimsSet();
        StringBuilder sb = new StringBuilder();
        Iterator it = new TreeSet(jWTClaimsSet.getClaims().keySet()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            Object claim = jWTClaimsSet.getClaim(str);
            if (claim != null) {
                if (claim instanceof String) {
                    if (!sb.isEmpty()) {
                        sb.append(' ');
                    }
                    sb.append('\'').append(str).append(':').append((String) claim).append('\'');
                } else if (claim instanceof List) {
                    List list = (List) claim;
                    if (!list.isEmpty()) {
                        Iterator it2 = list.iterator();
                        while (true) {
                            if (it2.hasNext()) {
                                if (!(it2.next() instanceof String)) {
                                    break;
                                }
                            } else {
                                if (!sb.isEmpty()) {
                                    sb.append(' ');
                                }
                                sb.append('\'').append(str).append(':');
                                for (int i = 0; i < list.size(); i++) {
                                    if (i > 0) {
                                        sb.append(',');
                                    }
                                    sb.append((String) list.get(i));
                                }
                                sb.append('\'');
                            }
                        }
                    }
                }
            }
        }
        return sb.isEmpty() ? "<unrecognized JWT token>" : sb.toString();
    }

    static {
        $assertionsDisabled = !JwtAuthenticationToken.class.desiredAssertionStatus();
    }
}
