package swim.auth;

import swim.api.auth.AbstractAuthenticator;
import swim.api.auth.Credentials;
import swim.api.auth.Identity;
import swim.api.policy.PolicyDirective;
import swim.collections.FingerTrieSeq;
import swim.security.JsonWebSignature;
import swim.security.OpenIdToken;
import swim.security.PublicKeyDef;
import swim.structure.Value;
import swim.uri.Uri;

/* loaded from: input_file:swim/auth/OpenIdAuthenticator.class */
public class OpenIdAuthenticator extends AbstractAuthenticator {
    protected final FingerTrieSeq<String> issuers;
    protected final FingerTrieSeq<String> audiences;
    protected final FingerTrieSeq<PublicKeyDef> publicKeyDefs;

    public OpenIdAuthenticator(FingerTrieSeq<String> fingerTrieSeq, FingerTrieSeq<String> fingerTrieSeq2, FingerTrieSeq<PublicKeyDef> fingerTrieSeq3) {
        this.issuers = fingerTrieSeq;
        this.audiences = fingerTrieSeq2;
        this.publicKeyDefs = fingerTrieSeq3;
    }

    public OpenIdAuthenticator(OpenIdAuthenticatorDef openIdAuthenticatorDef) {
        this(openIdAuthenticatorDef.issuers, openIdAuthenticatorDef.audiences, openIdAuthenticatorDef.publicKeyDefs);
    }

    public final FingerTrieSeq<String> issuers() {
        return this.issuers;
    }

    public final FingerTrieSeq<String> audiences() {
        return this.audiences;
    }

    public final FingerTrieSeq<PublicKeyDef> publicKeyDefs() {
        return this.publicKeyDefs;
    }

    public PolicyDirective<Identity> authenticate(Credentials credentials) {
        JsonWebSignature parse;
        String stringValue = credentials.claims().get("idToken").stringValue((String) null);
        if (stringValue == null) {
            stringValue = credentials.claims().get("openIdToken").stringValue((String) null);
        }
        if (stringValue == null || (parse = JsonWebSignature.parse(stringValue)) == null) {
            return null;
        }
        return authenticate(credentials.requestUri(), credentials.fromUri(), parse);
    }

    public PolicyDirective<Identity> authenticate(Uri uri, Uri uri2, JsonWebSignature jsonWebSignature) {
        Value payload = jsonWebSignature.payload();
        if (!payload.isDefined()) {
            return null;
        }
        OpenIdToken openIdToken = new OpenIdToken(payload);
        int size = this.publicKeyDefs.size();
        for (int i = 0; i < size; i++) {
            if (jsonWebSignature.verifySignature(((PublicKeyDef) this.publicKeyDefs.get(i)).publicKey())) {
                return PolicyDirective.allow(new Authenticated(uri, uri2, openIdToken.toValue()));
            }
        }
        return null;
    }
}
