package org.eclipse.ditto.gateway.service.security.authentication.jwt;

import io.jsonwebtoken.JwtParser;
import java.text.MessageFormat;
import java.util.concurrent.CompletableFuture;
import javax.annotation.concurrent.ThreadSafe;
import org.eclipse.ditto.base.model.common.BinaryValidationResult;
import org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException;
import org.eclipse.ditto.jwt.model.JsonWebToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/eclipse/ditto/gateway/service/security/authentication/jwt/DefaultJwtValidator.class */
public final class DefaultJwtValidator implements JwtValidator {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultJwtValidator.class);
    private final PublicKeyProvider publicKeyProvider;

    private DefaultJwtValidator(PublicKeyProvider publicKeyProvider) {
        this.publicKeyProvider = publicKeyProvider;
    }

    public static JwtValidator of(PublicKeyProvider publicKeyProvider) {
        return new DefaultJwtValidator(publicKeyProvider);
    }

    @Override // org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtValidator
    public CompletableFuture<BinaryValidationResult> validate(JsonWebToken jsonWebToken) {
        String issuer = jsonWebToken.getIssuer();
        String keyId = jsonWebToken.getKeyId();
        return this.publicKeyProvider.getPublicKeyWithParser(issuer, keyId).thenApply(optional -> {
            return (BinaryValidationResult) optional.map(publicKeyWithParser -> {
                return tryToValidateWithJwtParser(jsonWebToken, publicKeyWithParser.getJwtParser());
            }).orElseGet(() -> {
                return BinaryValidationResult.invalid(GatewayAuthenticationFailedException.newBuilder(MessageFormat.format("Public Key of issuer <{0}> with key ID <{1}> not found!", issuer, keyId)).build());
            });
        });
    }

    private BinaryValidationResult tryToValidateWithJwtParser(JsonWebToken jsonWebToken, JwtParser jwtParser) {
        try {
            return validateWithJwtParser(jsonWebToken, jwtParser);
        } catch (Exception e) {
            LOGGER.info("Failed to parse/validate JWT due to <{}> with message: <{}>", e.getClass().getSimpleName(), e.getMessage());
            return BinaryValidationResult.invalid(e);
        }
    }

    private BinaryValidationResult validateWithJwtParser(JsonWebToken jsonWebToken, JwtParser jwtParser) {
        jwtParser.parseClaimsJws(jsonWebToken.getToken());
        return BinaryValidationResult.valid();
    }
}
