package org.eclipse.hono.adapter.http;

import io.jsonwebtoken.MalformedJwtException;
import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.AuthenticationProvider;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.impl.HTTPAuthorizationHandler;
import java.util.Objects;
import org.eclipse.hono.adapter.HttpContext;
import org.eclipse.hono.adapter.auth.device.DeviceCredentialsAuthProvider;
import org.eclipse.hono.adapter.auth.device.ExecutionContextAuthHandler;
import org.eclipse.hono.adapter.auth.device.PreCredentialsValidationHandler;
import org.eclipse.hono.adapter.auth.device.jwt.CredentialsParser;
import org.eclipse.hono.adapter.auth.device.jwt.DefaultJwsValidator;
import org.eclipse.hono.adapter.auth.device.jwt.JwtCredentials;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.client.ServiceInvocationException;

/* loaded from: input_file:org/eclipse/hono/adapter/http/JwtAuthHandler.class */
public final class JwtAuthHandler extends HTTPAuthorizationHandler<AuthenticationProvider> implements CredentialsParser {
    private final PreCredentialsValidationHandler<HttpContext> preCredentialsValidationHandler;

    public JwtAuthHandler(DeviceCredentialsAuthProvider<JwtCredentials> deviceCredentialsAuthProvider, String str) {
        this(deviceCredentialsAuthProvider, str, null);
    }

    public JwtAuthHandler(DeviceCredentialsAuthProvider<JwtCredentials> deviceCredentialsAuthProvider, String str, PreCredentialsValidationHandler<HttpContext> preCredentialsValidationHandler) {
        super(deviceCredentialsAuthProvider, HTTPAuthorizationHandler.Type.BEARER, str);
        this.preCredentialsValidationHandler = preCredentialsValidationHandler;
    }

    public void authenticate(RoutingContext routingContext, Handler<AsyncResult<User>> handler) {
        parseAuthorization(routingContext, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            String str = (String) asyncResult.result();
            try {
                JsonObject jwtClaims = DefaultJwsValidator.getJwtClaims(str);
                JsonObject parseCredentialsFromClaims = Objects.equals(jwtClaims.getString("aud"), "hono-adapter") ? parseCredentialsFromClaims(jwtClaims) : parseCredentialsFromString(routingContext.request().uri());
                parseCredentialsFromClaims.put("password", str);
                final JsonObject jsonObject = parseCredentialsFromClaims;
                Future authenticateDevice = new ExecutionContextAuthHandler<HttpContext>(this.authProvider, this.preCredentialsValidationHandler) { // from class: org.eclipse.hono.adapter.http.JwtAuthHandler.1
                    public Future<JsonObject> parseCredentials(HttpContext httpContext) {
                        return Future.succeededFuture(jsonObject);
                    }
                }.authenticateDevice(HttpContext.from(routingContext));
                Class<User> cls = User.class;
                Objects.requireNonNull(User.class);
                authenticateDevice.map((v1) -> {
                    return r1.cast(v1);
                }).onComplete(handler);
            } catch (ServiceInvocationException e) {
                handler.handle(Future.failedFuture(new HttpException(400, e)));
            } catch (MalformedJwtException e2) {
                handler.handle(Future.failedFuture(new HttpException(400, "Malformed token")));
            }
        });
    }

    protected void processException(RoutingContext routingContext, Throwable th) {
        if (routingContext.response().ended()) {
            return;
        }
        AuthHandlerTools.processException(routingContext, th, null);
    }

    public JsonObject parseCredentialsFromString(String str) {
        Objects.requireNonNull(str);
        String[] split = str.split("/");
        if (split.length < 4) {
            throw new ClientErrorException(401, "URI must contain tenant and device ID");
        }
        String str2 = split[2];
        String str3 = split[3];
        return new JsonObject().put("tenant-id", str2).put("auth-id", str3).put("iss", str3);
    }
}
