package org.marvelution.jji.synctoken;

import com.atlassian.connect.spring.internal.jwt.CanonicalHttpRequest;
import com.atlassian.connect.spring.internal.jwt.HttpRequestCanonicalizer;
import com.atlassian.connect.spring.internal.jwt.JwtExpiredException;
import com.atlassian.connect.spring.internal.jwt.JwtParseException;
import com.atlassian.connect.spring.internal.jwt.JwtParser;
import com.atlassian.connect.spring.internal.jwt.JwtVerificationException;
import com.atlassian.connect.spring.internal.jwt.SymmetricJwtReader;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jwt.JWTClaimsSet;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import org.marvelution.jji.synctoken.exceptions.InvalidSyncTokenException;
import org.marvelution.jji.synctoken.exceptions.SyncTokenExpiredException;
import org.marvelution.jji.synctoken.exceptions.SyncTokenRequiredException;
import org.marvelution.jji.synctoken.exceptions.UnknownSyncTokenIssuerException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Named
/* loaded from: input_file:WEB-INF/lib/sync-token-1.45-springless.jar:org/marvelution/jji/synctoken/SyncTokenAuthenticator.class */
public class SyncTokenAuthenticator {
    public static final String SYNC_TOKEN_HEADER_NAME = "X-JJI-Sync-Token";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SyncTokenAuthenticator.class);
    private final SharedSecretProvider sharedSecretProvider;

    /* loaded from: input_file:WEB-INF/lib/sync-token-1.45-springless.jar:org/marvelution/jji/synctoken/SyncTokenAuthenticator$SharedSecretProvider.class */
    public interface SharedSecretProvider {
        Optional<String> getSharedSecretForIssuer(String str);
    }

    @Inject
    public SyncTokenAuthenticator(SharedSecretProvider sharedSecretProvider) {
        this.sharedSecretProvider = sharedSecretProvider;
    }

    public JWTClaimsSet authenticate(HttpServletRequest httpServletRequest) {
        String str = (String) Optional.ofNullable(httpServletRequest.getHeader(SYNC_TOKEN_HEADER_NAME)).orElseThrow(SyncTokenRequiredException::new);
        SimpleCanonicalHttpRequest simpleCanonicalHttpRequest = new SimpleCanonicalHttpRequest(httpServletRequest);
        LOGGER.debug("Authenticating request {}", simpleCanonicalHttpRequest);
        return authenticate(str, simpleCanonicalHttpRequest);
    }

    public JWTClaimsSet authenticate(String str, CanonicalHttpRequest canonicalHttpRequest) {
        try {
            return authenticate(str, HttpRequestCanonicalizer.computeCanonicalRequestHash(canonicalHttpRequest));
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            throw new AssertionError(e);
        }
    }

    public JWTClaimsSet authenticate(String str) {
        return authenticate(str, (String) null);
    }

    private JWTClaimsSet authenticate(String str, String str2) {
        try {
            JWTClaimsSet parse = new JwtParser().parse(str);
            return new SymmetricJwtReader(new MACVerifier(this.sharedSecretProvider.getSharedSecretForIssuer(parse.getIssuer()).orElseThrow(() -> {
                return new UnknownSyncTokenIssuerException(parse);
            }))).readAndVerify(str, str2);
        } catch (JwtExpiredException e) {
            LOGGER.error(e.getMessage());
            throw new SyncTokenExpiredException(e.getMessage(), e);
        } catch (JwtParseException | JwtVerificationException | JOSEException e2) {
            LOGGER.error(e2.getMessage());
            throw new InvalidSyncTokenException(e2.getMessage(), e2);
        }
    }
}
