package org.jfrog.access.client.token;

import java.security.cert.Certificate;
import java.util.Objects;
import javax.annotation.Nonnull;
import org.jfrog.access.client.AccessAuthToken;
import org.jfrog.access.client.AccessClientBaseImpl;
import org.jfrog.access.client.AccessClientBootstrap;
import org.jfrog.access.client.AccessClientContext;
import org.jfrog.access.client.AccessClientException;
import org.jfrog.access.client.AccessClientHttpException;
import org.jfrog.access.client.http.AccessHttpClient;
import org.jfrog.access.client.model.MessageModel;
import org.jfrog.access.client.token.verifier.TokenVerificationManager;
import org.jfrog.access.common.ServiceId;
import org.jfrog.access.token.JwtAccessToken;
import org.jfrog.access.token.JwtAccessTokenImpl;

/* loaded from: input_file:org/jfrog/access/client/token/TokenClientImpl.class */
public class TokenClientImpl extends AccessClientBaseImpl<TokenClient> implements TokenClient {
    private final TokenVerificationManager tokenVerifier;

    public TokenClientImpl(AccessHttpClient accessHttpClient, AccessClientContext accessClientContext) {
        super(accessHttpClient, accessClientContext);
        this.tokenVerifier = new TokenVerificationManager(accessClientContext.tokenVerifyResultCache());
    }

    @Nonnull
    public TokenResponse create(@Nonnull TokenRequest tokenRequest) {
        return accessHttpClient().createToken(tokenRequest);
    }

    @Nonnull
    public TokenResponse refresh(@Nonnull String str, @Nonnull TokenRequest tokenRequest) {
        return accessHttpClient().refreshToken(str, tokenRequest);
    }

    public void revoke(@Nonnull String str) {
        MessageModel revokeToken = accessHttpClient().revokeToken(str);
        String code = revokeToken.getCode();
        boolean z = -1;
        switch (code.hashCode()) {
            case 2524:
                if (code.equals("OK")) {
                    z = false;
                    break;
                }
                break;
            case 1023286998:
                if (code.equals("NOT_FOUND")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return;
            case true:
                throw new AccessClientHttpException(404, revokeToken.getMessage());
            default:
                throw new AccessClientException("Unexpected revoke token response message: " + revokeToken);
        }
    }

    public boolean revokeById(@Nonnull String str) {
        return accessHttpClient().revokeTokenById(str);
    }

    public TokenVerifyResult verify(@Nonnull String str) {
        return this.tokenVerifier.verify(str, new TokenVerifyContextImpl((ServiceId) Objects.requireNonNull(context().serviceId(), "service ID is required for token verification"), ((Certificate) Objects.requireNonNull(context().getRootCertificate(), "root certificate is required for token verification")).getPublicKey(), this::tokenExists));
    }

    private boolean tokenExists(@Nonnull JwtAccessToken jwtAccessToken) {
        return exists(jwtAccessToken.getTokenId());
    }

    public boolean exists(@Nonnull String str) {
        return accessHttpClient().tokenExists(str);
    }

    @Nonnull
    public JwtAccessToken parse(@Nonnull String str) throws IllegalArgumentException {
        TokenVerifyResult tokenVerifyResult = (TokenVerifyResult) context().tokenVerifyResultCache().getIfPresent(str);
        if (tokenVerifyResult == null) {
            return JwtAccessTokenImpl.parseTokenValue(str);
        }
        JwtAccessToken accessToken = tokenVerifyResult.getAccessToken();
        if (accessToken != null) {
            return accessToken;
        }
        throw new IllegalArgumentException("Failed to parse token.");
    }

    @Nonnull
    public TokenResponse createServiceAdminToken(@Nonnull ServiceId serviceId) {
        return accessHttpClient().createToken(TokenRequest.scopes(serviceId + ":admin", new String[0]).nonRefreshable().subject(serviceId.getFormattedName()).expiresIn(Long.valueOf(AccessClientBootstrap.SERVICE_ADMIN_TOKEN_EXPIRY)).build());
    }

    public boolean verifyAdminToken(@Nonnull String str) {
        try {
            accessHttpClient().useAuth(new AccessAuthToken(str)).ping();
            return true;
        } catch (AccessClientHttpException e) {
            if (e.getStatusCode() == 401 || e.getStatusCode() == 403) {
                return false;
            }
            throw e;
        }
    }

    @Nonnull
    public TokensInfoResponse getTokensInfo() {
        return accessHttpClient().getTokensInfo();
    }
}
