package com.amazonaws.serverless.proxy.internal.jaxrs;

import com.amazonaws.serverless.proxy.internal.LambdaContainerHandler;
import com.amazonaws.serverless.proxy.internal.SecurityUtils;
import com.amazonaws.serverless.proxy.model.HttpApiV2ProxyRequest;
import com.amazonaws.services.lambda.runtime.Context;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/amazonaws/serverless/proxy/internal/jaxrs/AwsHttpApiV2SecurityContext.class */
public class AwsHttpApiV2SecurityContext implements SecurityContext {
    public static final String AUTH_SCHEME_JWT = "JWT";
    private static Logger log = LoggerFactory.getLogger(AwsHttpApiV2SecurityContext.class);
    private Context lambdaContext;
    private HttpApiV2ProxyRequest event;

    public AwsHttpApiV2SecurityContext(Context context, HttpApiV2ProxyRequest httpApiV2ProxyRequest) {
        this.lambdaContext = context;
        this.event = httpApiV2ProxyRequest;
    }

    public Principal getUserPrincipal() {
        if (getAuthenticationScheme() == null || !this.event.getHeaders().containsKey("Authorization")) {
            return null;
        }
        String str = this.event.getHeaders().get("Authorization");
        if (str.startsWith("Bearer ")) {
            str = str.replace("Bearer ", "");
        }
        String[] split = str.split("\\.");
        if (split.length != 3) {
            log.warn("Could not parse JWT token for requestId: " + SecurityUtils.crlf(this.event.getRequestContext().getRequestId()));
            return null;
        }
        try {
            JsonNode readTree = LambdaContainerHandler.getObjectMapper().readTree(new String(Base64.getMimeDecoder().decode(split[1]), StandardCharsets.UTF_8));
            if (readTree.isObject() || !readTree.has("sub")) {
                String asText = readTree.get("sub").asText();
                return () -> {
                    return asText;
                };
            }
            log.debug("Could not find \"sub\" field in JWT body for requestId: " + SecurityUtils.crlf(this.event.getRequestContext().getRequestId()));
            return null;
        } catch (JsonProcessingException e) {
            log.error("Error while attempting to parse JWT body for requestId: " + SecurityUtils.crlf(this.event.getRequestContext().getRequestId()), e);
            return null;
        }
    }

    public boolean isUserInRole(String str) {
        if (getAuthenticationScheme() == null) {
            return false;
        }
        return this.event.getRequestContext().getAuthorizer().getJwtAuthorizer().getScopes().contains(str) || this.event.getRequestContext().getAuthorizer().getJwtAuthorizer().getClaims().containsKey(str);
    }

    public boolean isSecure() {
        return getAuthenticationScheme() != null;
    }

    public String getAuthenticationScheme() {
        if (this.event.getRequestContext().getAuthorizer() != null && this.event.getRequestContext().getAuthorizer().isJwt()) {
            return AUTH_SCHEME_JWT;
        }
        return null;
    }
}
