package pl.edu.icm.unity.oauth.rp.retrieval;

import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.AbstractPhaseInterceptor;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.authn.AbstractCredentialRetrieval;
import pl.edu.icm.unity.engine.api.authn.AuthenticationResult;
import pl.edu.icm.unity.engine.api.authn.LocalAuthenticationResult;
import pl.edu.icm.unity.exceptions.InternalException;
import pl.edu.icm.unity.oauth.as.token.OAuthTokenEndpoint;
import pl.edu.icm.unity.oauth.rp.AccessTokenExchange;
import pl.edu.icm.unity.rest.authn.CXFAuthentication;

/* loaded from: input_file:pl/edu/icm/unity/oauth/rp/retrieval/BearerRetrievalBase.class */
public abstract class BearerRetrievalBase extends AbstractCredentialRetrieval<AccessTokenExchange> implements CXFAuthentication {
    private static final Logger log = Log.getLogger("unity.server.rest", BearerRetrievalBase.class);

    public BearerRetrievalBase(String str) {
        super(str);
    }

    public String getSerializedConfiguration() throws InternalException {
        return OAuthTokenEndpoint.PATH;
    }

    public void setSerializedConfiguration(String str) throws InternalException {
    }

    /* renamed from: getInterceptor, reason: merged with bridge method [inline-methods] */
    public AbstractPhaseInterceptor<Message> m95getInterceptor() {
        return null;
    }

    public AuthenticationResult getAuthenticationResult(Properties properties) {
        BearerAccessToken tokenCredential = getTokenCredential(log);
        if (tokenCredential == null) {
            log.trace("No HTTP Bearer access token header was found");
            return LocalAuthenticationResult.failed(new AuthenticationResult.ResolvableError("BearerRetrievalBase.tokenNotFound", new Object[0]), AuthenticationResult.DenyReason.undefinedCredential);
        }
        log.trace("HTTP Bearer access token header found");
        try {
            return ((AccessTokenExchange) this.credentialExchange).checkToken(tokenCredential);
        } catch (Exception e) {
            log.debug("HTTP Bearer access token is invalid or its processing failed", e);
            return LocalAuthenticationResult.failed(e);
        }
    }

    protected BearerAccessToken getTokenCredential(Logger logger) {
        HttpServletRequest httpServletRequest;
        String header;
        Message currentMessage = PhaseInterceptorChain.getCurrentMessage();
        if (currentMessage == null || (httpServletRequest = (HttpServletRequest) currentMessage.get("HTTP.REQUEST")) == null || (header = httpServletRequest.getHeader("Authorization")) == null) {
            return null;
        }
        try {
            return BearerAccessToken.parse(header);
        } catch (ParseException e) {
            logger.debug("Received HTTP authorization header, but it is not a valid Bearer access token: " + e);
            return null;
        }
    }
}
