package org.eclipse.ditto.gateway.service.security.authentication.jwt;

import java.util.Optional;
import org.apache.pekko.http.javadsl.server.RequestContext;
import org.eclipse.ditto.base.model.exceptions.DittoRuntimeException;
import org.eclipse.ditto.base.model.headers.DittoHeaders;
import org.eclipse.ditto.gateway.api.GatewayAuthenticationFailedException;
import org.eclipse.ditto.gateway.service.security.utils.HttpUtils;
import org.eclipse.ditto.jwt.model.ImmutableJsonWebToken;
import org.eclipse.ditto.jwt.model.JsonWebToken;

/* loaded from: input_file:org/eclipse/ditto/gateway/service/security/authentication/jwt/WebSocketJwtExtractor.class */
final class WebSocketJwtExtractor implements JwtExtractor {
    private static final String ACCESS_TOKEN_PARAM = "access_token";
    private static final WebSocketJwtExtractor INSTANCE = new WebSocketJwtExtractor();
    private final JwtExtractor defaultExtractor = DefaultJwtExtractor.getInstance();

    private WebSocketJwtExtractor() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JwtExtractor getInstance() {
        return INSTANCE;
    }

    @Override // java.util.function.BiFunction
    public Optional<JsonWebToken> apply(RequestContext requestContext, DittoHeaders dittoHeaders) {
        Optional<JsonWebToken> apply = this.defaultExtractor.apply(requestContext, dittoHeaders);
        Optional<JsonWebToken> extractJwtFromParameter = extractJwtFromParameter(requestContext);
        if (apply.isPresent() && extractJwtFromParameter.isPresent()) {
            throw buildMultipleJwtException(dittoHeaders);
        }
        return apply.or(() -> {
            return extractJwtFromParameter;
        });
    }

    private Optional<JsonWebToken> extractJwtFromParameter(RequestContext requestContext) {
        return requestContext.getRequest().getUri().query().get(ACCESS_TOKEN_PARAM).map(ImmutableJsonWebToken::fromToken);
    }

    @Override // org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtExtractor
    public boolean isApplicable(RequestContext requestContext) {
        return this.defaultExtractor.isApplicable(requestContext) || HttpUtils.containsQueryParameter(requestContext, ACCESS_TOKEN_PARAM);
    }

    @Override // org.eclipse.ditto.gateway.service.security.authentication.jwt.JwtExtractor
    public String getErrorDescription() {
        return "Please provide a valid JWT in the 'Authorization' header prefixed with 'Bearer ' or as query parameter 'access_token'.";
    }

    private DittoRuntimeException buildMultipleJwtException(DittoHeaders dittoHeaders) {
        return GatewayAuthenticationFailedException.newBuilder("Multiple JWTs provided.").description("A JWT was provided both as a header and as query parameter. Only a single JWT is expected.").dittoHeaders(dittoHeaders).build();
    }
}
