package com.amazonaws.serverless.proxy.internal.jaxrs;

import com.amazonaws.serverless.proxy.internal.model.AwsProxyRequest;
import com.amazonaws.services.lambda.runtime.Context;
import java.security.Principal;
import javax.ws.rs.core.SecurityContext;

/* loaded from: input_file:com/amazonaws/serverless/proxy/internal/jaxrs/AwsProxySecurityContext.class */
public class AwsProxySecurityContext implements SecurityContext {
    private static final String AUTH_SCHEME_CUSTOM = "CUSTOM_AUTHORIZER";
    private static final String AUTH_SCHEME_COGNITO_POOL = "COGNITO_USER_POOL";
    private static final String AUTH_SCHEME_AWS_IAM = "AWS_IAM";
    protected Context lambdaContext;
    protected AwsProxyRequest event;

    public AwsProxySecurityContext(Context context, AwsProxyRequest awsProxyRequest) {
        this.lambdaContext = context;
        this.event = awsProxyRequest;
    }

    public Principal getUserPrincipal() {
        return () -> {
            if (getAuthenticationScheme() == null) {
                return null;
            }
            if (getAuthenticationScheme().equals(AUTH_SCHEME_CUSTOM)) {
                return this.event.getRequestContext().getAuthorizer().getPrincipalId();
            }
            if (getAuthenticationScheme().equals(AUTH_SCHEME_AWS_IAM)) {
                return this.event.getRequestContext().getIdentity().getUserArn();
            }
            if (getAuthenticationScheme().equals(AUTH_SCHEME_COGNITO_POOL)) {
                return this.event.getRequestContext().getAuthorizer().getClaims().getSubject();
            }
            return null;
        };
    }

    public boolean isUserInRole(String str) {
        return str.equals(this.event.getRequestContext().getIdentity().getUserArn());
    }

    public boolean isSecure() {
        return getAuthenticationScheme() != null;
    }

    public String getAuthenticationScheme() {
        if (this.event.getRequestContext().getAuthorizer() != null && this.event.getRequestContext().getAuthorizer().getClaims() != null && this.event.getRequestContext().getAuthorizer().getClaims().getSubject() != null) {
            return AUTH_SCHEME_COGNITO_POOL;
        }
        if (this.event.getRequestContext().getAuthorizer() != null) {
            return AUTH_SCHEME_CUSTOM;
        }
        if (this.event.getRequestContext().getIdentity().getAccessKey() != null) {
            return AUTH_SCHEME_AWS_IAM;
        }
        return null;
    }
}
