package io.pravega.segmentstore.server.host.delegationtoken;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.pravega.auth.AuthHandler;
import io.pravega.segmentstore.server.host.stat.AutoScalerConfig;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/pravega/segmentstore/server/host/delegationtoken/TokenVerifierImpl.class */
public class TokenVerifierImpl implements DelegationTokenVerifier {

    @SuppressFBWarnings(justification = "generated code")
    private static final Logger log = LoggerFactory.getLogger(TokenVerifierImpl.class);
    private final AutoScalerConfig config;

    public TokenVerifierImpl(AutoScalerConfig autoScalerConfig) {
        this.config = autoScalerConfig;
    }

    @Override // io.pravega.segmentstore.server.host.delegationtoken.DelegationTokenVerifier
    public boolean verifyToken(String str, String str2, AuthHandler.Permissions permissions) {
        if (!this.config.isAuthEnabled()) {
            return true;
        }
        try {
            Jws parseClaimsJws = Jwts.parser().setSigningKey(this.config.getTokenSigningKey().getBytes()).parseClaimsJws(str2);
            Optional findFirst = ((Claims) parseClaimsJws.getBody()).entrySet().stream().filter(entry -> {
                return validateEntry(entry, str) && permissions.compareTo(AuthHandler.Permissions.valueOf(entry.getValue().toString())) <= 0;
            }).findFirst();
            if (findFirst.isPresent()) {
                log.debug("Found a matching claim {} for resource {}", findFirst, str);
                return true;
            }
            log.debug("Could not find a matching claim {} for resource {} in claims {}", new Object[]{permissions, str, parseClaimsJws});
            return false;
        } catch (JwtException e) {
            log.warn("Claim verification failed for resource {} because {}", str, e);
            return false;
        }
    }

    private boolean validateEntry(Map.Entry<String, Object> entry, String str) {
        return (entry.getKey().endsWith("/") && str.startsWith(entry.getKey())) || str.startsWith(new StringBuilder().append(entry.getKey()).append("/").toString()) || entry.getKey().equals("*");
    }
}
