package com.atlassian.jwt.core.http.auth;

import com.atlassian.jwt.CanonicalHttpRequest;
import com.atlassian.jwt.Jwt;
import com.atlassian.jwt.core.http.JwtRequestExtractor;
import com.atlassian.jwt.core.reader.JwtClaimVerifiersBuilder;
import com.atlassian.jwt.exception.JwtIssuerLacksSharedSecretException;
import com.atlassian.jwt.exception.JwtParseException;
import com.atlassian.jwt.exception.JwtUnknownIssuerException;
import com.atlassian.jwt.exception.JwtUserRejectedException;
import com.atlassian.jwt.exception.JwtVerificationException;
import com.atlassian.jwt.httpclient.CanonicalRequestUtil;
import com.atlassian.jwt.reader.JwtClaimVerifier;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jwt/core/http/auth/AbstractJwtAuthenticator.class */
public abstract class AbstractJwtAuthenticator<REQ, RES, S> implements JwtAuthenticator<REQ, RES, S> {
    private static final String BAD_CREDENTIALS_MESSAGE = "Your presented credentials do not provide access to this resource.";
    private static final Logger log = LoggerFactory.getLogger(AbstractJwtAuthenticator.class);
    private final JwtRequestExtractor<REQ> jwtExtractor;
    private final AuthenticationResultHandler<RES, S> authenticationResultHandler;

    public AbstractJwtAuthenticator(JwtRequestExtractor<REQ> jwtRequestExtractor, AuthenticationResultHandler<RES, S> authenticationResultHandler) {
        this.jwtExtractor = (JwtRequestExtractor) checkNotNull(jwtRequestExtractor);
        this.authenticationResultHandler = (AuthenticationResultHandler) checkNotNull(authenticationResultHandler);
    }

    protected static <T> T checkNotNull(T t) {
        if (t == null) {
            throw new NullPointerException();
        }
        return t;
    }

    @Override // com.atlassian.jwt.core.http.auth.JwtAuthenticator
    public S authenticate(REQ req, RES res) {
        try {
            String extractJwt = this.jwtExtractor.extractJwt(req);
            if (null == extractJwt) {
                throw new IllegalArgumentException("Cannot authenticate a request without a JWT token");
            }
            Jwt verifyJwt = verifyJwt(extractJwt, (String) req);
            tagRequest(req, verifyJwt);
            return this.authenticationResultHandler.success("Authentication successful!", null, verifyJwt);
        } catch (JwtIssuerLacksSharedSecretException e) {
            return this.authenticationResultHandler.createAndSendUnauthorisedFailure(e, res, BAD_CREDENTIALS_MESSAGE);
        } catch (JwtParseException e2) {
            return this.authenticationResultHandler.createAndSendBadRequestError(e2, res, getBriefMessageFromException(e2));
        } catch (IOException e3) {
            return createAndSendInternalError(e3, res);
        } catch (IllegalArgumentException e4) {
            return createAndSendInternalError(e4, res);
        } catch (NoSuchAlgorithmException e5) {
            return createAndSendInternalError(e5, res);
        } catch (JwtUnknownIssuerException e6) {
            return this.authenticationResultHandler.createAndSendUnauthorisedFailure(e6, res, BAD_CREDENTIALS_MESSAGE);
        } catch (JwtVerificationException e7) {
            return this.authenticationResultHandler.createAndSendUnauthorisedFailure(e7, res, getBriefMessageFromException(e7));
        } catch (JwtUserRejectedException e8) {
            return this.authenticationResultHandler.createAndSendUnauthorisedFailure(e8, res, BAD_CREDENTIALS_MESSAGE);
        } catch (Exception e9) {
            return this.authenticationResultHandler.createAndSendForbiddenError(e9, res);
        }
    }

    protected abstract Jwt verifyJwt(String str, Map<String, ? extends JwtClaimVerifier> map) throws JwtParseException, JwtVerificationException, JwtIssuerLacksSharedSecretException, JwtUnknownIssuerException, IOException, NoSuchAlgorithmException;

    protected abstract void tagRequest(REQ req, Jwt jwt) throws JwtUserRejectedException;

    private static String getBriefMessageFromException(Exception exc) {
        return exc.getLocalizedMessage() + (null == exc.getCause() ? "" : " (caused by " + exc.getCause().getLocalizedMessage() + ")");
    }

    private Jwt verifyJwt(String str, REQ req) throws JwtParseException, JwtVerificationException, JwtIssuerLacksSharedSecretException, JwtUnknownIssuerException, IOException, NoSuchAlgorithmException {
        CanonicalHttpRequest canonicalHttpRequest = this.jwtExtractor.getCanonicalHttpRequest(req);
        log.debug("Canonical request is: " + CanonicalRequestUtil.toVerboseString(canonicalHttpRequest));
        return verifyJwt(str, JwtClaimVerifiersBuilder.build(canonicalHttpRequest));
    }

    private S createAndSendInternalError(Exception exc, RES res) {
        return this.authenticationResultHandler.createAndSendInternalError(exc, res, "An internal error occurred. Please check the host product's logs.");
    }
}
