package org.eclipse.ditto.services.gateway.security.authentication.jwt;

import io.jsonwebtoken.Jwts;
import java.security.Key;
import java.text.MessageFormat;
import java.util.concurrent.CompletableFuture;
import javax.annotation.concurrent.ThreadSafe;
import org.eclipse.ditto.model.base.common.BinaryValidationResult;
import org.eclipse.ditto.model.jwt.JsonWebToken;
import org.eclipse.ditto.services.utils.jwt.JjwtDeserializer;
import org.eclipse.ditto.signals.commands.base.exceptions.GatewayAuthenticationFailedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:org/eclipse/ditto/services/gateway/security/authentication/jwt/DefaultJwtValidator.class */
public final class DefaultJwtValidator implements JwtValidator {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultJwtValidator.class);
    private final PublicKeyProvider publicKeyProvider;

    private DefaultJwtValidator(PublicKeyProvider publicKeyProvider) {
        this.publicKeyProvider = publicKeyProvider;
    }

    public static JwtValidator of(PublicKeyProvider publicKeyProvider) {
        return new DefaultJwtValidator(publicKeyProvider);
    }

    @Override // org.eclipse.ditto.services.gateway.security.authentication.jwt.JwtValidator
    public CompletableFuture<BinaryValidationResult> validate(JsonWebToken jsonWebToken) {
        String issuer = jsonWebToken.getIssuer();
        String keyId = jsonWebToken.getKeyId();
        return this.publicKeyProvider.getPublicKey(issuer, keyId).thenApply(optional -> {
            return (BinaryValidationResult) optional.map(publicKey -> {
                return tryToValidateWithPublicKey(jsonWebToken, publicKey);
            }).orElseGet(() -> {
                return BinaryValidationResult.invalid(GatewayAuthenticationFailedException.newBuilder(MessageFormat.format("Public Key of issuer <{0}> with key ID <{1}> not found!", issuer, keyId)).build());
            });
        });
    }

    private BinaryValidationResult tryToValidateWithPublicKey(JsonWebToken jsonWebToken, Key key) {
        try {
            return validateWithPublicKey(jsonWebToken, key);
        } catch (Exception e) {
            LOGGER.info("Failed to parse JWT!", (Throwable) e);
            return BinaryValidationResult.invalid(e);
        }
    }

    private BinaryValidationResult validateWithPublicKey(JsonWebToken jsonWebToken, Key key) {
        Jwts.parser().deserializeJsonWith(JjwtDeserializer.getInstance()).setSigningKey(key).parse(jsonWebToken.getToken());
        return BinaryValidationResult.valid();
    }
}
