package io.confluent.kafka.clients.plugins.auth.jwt;

import io.confluent.security.util.JwtUtils;
import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.security.oauthbearer.OAuthBearerToken;
import org.jose4j.jwt.JwtClaims;
import org.jose4j.jwt.MalformedClaimException;
import org.jose4j.jwt.consumer.InvalidJwtException;
import org.jose4j.jwt.consumer.JwtConsumerBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafka/clients/plugins/auth/jwt/UnverifiedJwtBearerToken.class */
public class UnverifiedJwtBearerToken implements OAuthBearerToken {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final String value;
    private final JwtClaims jwtClaims;
    private final String principalName;
    private final Set<String> scope;
    private final long lifetimeMs;
    private final Long startTimeMs;

    public UnverifiedJwtBearerToken(String str) {
        try {
            this.jwtClaims = new JwtConsumerBuilder().setSkipAllValidators().setSkipAllDefaultValidators().setDisableRequireSignature().setSkipSignatureVerification().build().processToClaims(str);
            this.value = str;
            this.principalName = this.jwtClaims.getSubject();
            this.scope = Collections.unmodifiableSet(new HashSet(this.jwtClaims.getStringListClaimValue("scope")));
            this.lifetimeMs = this.jwtClaims.getExpirationTime().getValueInMillis();
            this.startTimeMs = Long.valueOf(this.jwtClaims.getIssuedAt().getValueInMillis());
        } catch (MalformedClaimException | InvalidJwtException e) {
            throw new ConfigException("Failed to construct JwtBearerToken " + JwtUtils.errorMessage(e));
        }
    }

    @Override // org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    public String value() {
        return this.value;
    }

    @Override // org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    public Set<String> scope() {
        return this.scope;
    }

    @Override // org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    public long lifetimeMs() {
        return this.lifetimeMs;
    }

    @Override // org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    public String principalName() {
        return this.principalName;
    }

    @Override // org.apache.kafka.common.security.oauthbearer.OAuthBearerToken
    public Long startTimeMs() {
        return this.startTimeMs;
    }

    public <T> Optional<T> claim(String str, Class<T> cls) {
        try {
            return Optional.of(this.jwtClaims.getClaimValue(str, cls));
        } catch (MalformedClaimException e) {
            this.log.error("Failed to retrieve claim " + str, (Throwable) e);
            return Optional.empty();
        }
    }
}
