package no.nav.brukerdialog.security.oidc;

import java.util.Base64;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import no.nav.brukerdialog.security.SecurityLevel;
import no.nav.common.auth.SsoToken;
import no.nav.json.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/brukerdialog/security/oidc/OidcTokenUtils.class */
public class OidcTokenUtils {
    private static final Logger log = LoggerFactory.getLogger(OidcTokenUtils.class);
    public static final String SECURITY_LEVEL_ATTRIBUTE = "acr";

    public static String getOpenamClientFromToken(String str) {
        return (String) Optional.ofNullable(getTokenAzp(str)).orElse(getTokenAud(str));
    }

    public static String getTokenAud(String str) {
        return (String) getFieldFromToken(str, "aud", obj -> {
            if (obj instanceof String) {
                return (String) obj;
            }
            if (!(obj instanceof List)) {
                return null;
            }
            List list = (List) obj;
            if (list.isEmpty()) {
                return null;
            }
            return (String) list.get(0);
        });
    }

    public static String getTokenAzp(String str) {
        return getStringFieldFromToken(str, "azp");
    }

    public static String getTokenSub(String str) {
        return getStringFieldFromToken(str, "sub");
    }

    public static SecurityLevel getOidcSecurityLevel(String str) {
        return levelFromAcr(getStringFieldFromToken(str, SECURITY_LEVEL_ATTRIBUTE));
    }

    public static SecurityLevel getOidcSecurityLevel(SsoToken ssoToken) {
        return ssoToken.getType() != SsoToken.Type.OIDC ? SecurityLevel.Ukjent : (SecurityLevel) Optional.ofNullable(ssoToken.getAttributes()).map(map -> {
            return map.get(SECURITY_LEVEL_ATTRIBUTE);
        }).map(obj -> {
            if (obj instanceof String) {
                return (String) obj;
            }
            return null;
        }).map(OidcTokenUtils::levelFromAcr).orElse(SecurityLevel.Ukjent);
    }

    private static SecurityLevel levelFromAcr(String str) {
        if (str == null) {
            return SecurityLevel.Ukjent;
        }
        boolean z = -1;
        switch (str.hashCode()) {
            case -2022260403:
                if (str.equals("Level1")) {
                    z = false;
                    break;
                }
                break;
            case -2022260402:
                if (str.equals("Level2")) {
                    z = true;
                    break;
                }
                break;
            case -2022260401:
                if (str.equals("Level3")) {
                    z = 2;
                    break;
                }
                break;
            case -2022260400:
                if (str.equals("Level4")) {
                    z = 3;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return SecurityLevel.Level1;
            case true:
                return SecurityLevel.Level2;
            case true:
                return SecurityLevel.Level3;
            case true:
                return SecurityLevel.Level4;
            default:
                return SecurityLevel.Ukjent;
        }
    }

    public static String getStringFieldFromToken(String str, String str2) {
        Class<String> cls = String.class;
        String.class.getClass();
        return (String) getFieldFromToken(str, str2, cls::cast);
    }

    private static <T> T getFieldFromToken(String str, String str2, Function<Object, T> function) {
        try {
            return function.apply(((Map) JsonUtils.fromJson(new String(Base64.getUrlDecoder().decode(str.split("\\.")[1])), Map.class)).get(str2));
        } catch (Exception e) {
            log.warn("Kunne ikke hente {} fra token", str2);
            return null;
        }
    }
}
