package net.leanix.dropkit.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.core.util.Base64;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import java.io.IOException;
import net.leanix.dropkit.BusinessLogicException;
import org.slf4j.Logger;

/* loaded from: input_file:net/leanix/dropkit/oauth/OAuth2Authenticator.class */
public class OAuth2Authenticator implements Authenticator<String, AuthenticatedUser> {
    private static final String BEARER = "bearer";
    public static final String VERIFY_TOKEN_RESPONSE = "VERIFY_TOKEN_RESPONSE";
    private final String tokenVerificationUrl;
    private final String authorizationValue;
    private final Logger logger;
    private final Client client = Client.create();
    private static final ObjectMapper mapper = new ObjectMapper();

    @Inject
    public OAuth2Authenticator(OAuth2ClientConfig oAuth2ClientConfig, Logger logger) {
        System.setProperty("jsse.enableSNIExtension", "false");
        this.tokenVerificationUrl = oAuth2ClientConfig.getVerificationUrl();
        this.authorizationValue = "Basic ".concat(new String(Base64.encode(oAuth2ClientConfig.getClientId().concat(":").concat(oAuth2ClientConfig.getClientSecret()).getBytes())));
        this.logger = logger;
    }

    public Optional<AuthenticatedUser> authenticate(String str) throws AuthenticationException {
        try {
            return Optional.fromNullable(verify(str).getPrincipal());
        } catch (BusinessLogicException | AuthenticationException | IOException e) {
            this.logger.error(e.getMessage());
            return Optional.fromNullable((Object) null);
        }
    }

    private boolean isValidResponse(VerifyTokenResponse verifyTokenResponse) {
        return (verifyTokenResponse == null || verifyTokenResponse.getPrincipal() == null || verifyTokenResponse.getError() != null) ? false : true;
    }

    public VerifyTokenResponse verify(String str) throws BusinessLogicException, AuthenticationException, IOException {
        try {
            this.logger.debug("Verifying access token " + str + " against " + this.tokenVerificationUrl);
            VerifyTokenResponse verifyTokenResponse = (VerifyTokenResponse) mapper.readValue((String) this.client.resource(String.format(this.tokenVerificationUrl.concat("?access_token=%s"), str)).header("Authorization", this.authorizationValue).accept(new String[]{"application/json"}).get(String.class), VerifyTokenResponse.class);
            if (!isValidResponse(verifyTokenResponse)) {
                return null;
            }
            this.logger.debug("Access token verfication response " + str + ": " + verifyTokenResponse.toString());
            return verifyTokenResponse;
        } catch (UniformInterfaceException e) {
            throw new AuthenticationException("Access token verification failed: " + e.getMessage(), e);
        }
    }

    static {
        mapper.disableDefaultTyping();
    }
}
