package fi.evolver.basics.spring.auth.alb.verify;

import com.auth0.jwt.JWT;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.auth0.jwt.interfaces.JWTVerifier;
import fi.evolver.utils.collection.ExpiringMap;
import fi.evolver.utils.string.StringUtils;
import java.net.http.HttpClient;
import java.security.NoSuchAlgorithmException;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;

/* loaded from: input_file:fi/evolver/basics/spring/auth/alb/verify/AbstractTokenVerifier.class */
public abstract class AbstractTokenVerifier implements JWTVerifier {
    protected static final Logger LOG = LoggerFactory.getLogger(AbstractTokenVerifier.class);
    protected final ExpiringMap<String, com.auth0.jwt.JWTVerifier> verifierCache;
    protected final HttpClient client;
    private final ExecutorService executor;

    protected AbstractTokenVerifier(long j) throws NoSuchAlgorithmException {
        this.executor = Executors.newSingleThreadExecutor();
        this.verifierCache = new ExpiringMap<>(j);
        this.client = HttpClient.newHttpClient();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractTokenVerifier() throws NoSuchAlgorithmException {
        this(604800000L);
    }

    public void destroy() {
        if (this.executor.isShutdown()) {
            return;
        }
        this.executor.shutdown();
    }

    public CompletableFuture<DecodedJWT> verifyAsync(String str) {
        return CompletableFuture.supplyAsync(() -> {
            return verify(str);
        }, this.executor);
    }

    public CompletableFuture<DecodedJWT> verifyAsync(DecodedJWT decodedJWT) {
        return CompletableFuture.supplyAsync(() -> {
            return verify(decodedJWT);
        }, this.executor);
    }

    public DecodedJWT verify(String str) throws InternalAuthenticationServiceException, BadCredentialsException {
        return verify(JWT.decode(str));
    }

    public DecodedJWT verify(DecodedJWT decodedJWT) throws InternalAuthenticationServiceException, BadCredentialsException {
        checkTokenFields(decodedJWT);
        String asString = decodedJWT.getHeaderClaim("kid").asString();
        if (StringUtils.isNullOrEmpty(asString)) {
            badCredentials("Missing key id");
        }
        com.auth0.jwt.JWTVerifier verifier = getVerifier(asString);
        if (verifier == null) {
            throw new InternalAuthenticationServiceException("Could not get JWTVerifier");
        }
        try {
            return verifier.verify(decodedJWT);
        } catch (JWTVerificationException e) {
            badCredentials("Token is not valid: %s".formatted(e.getMessage()));
            return null;
        }
    }

    protected void checkTokenFields(DecodedJWT decodedJWT) throws BadCredentialsException {
    }

    protected abstract com.auth0.jwt.JWTVerifier loadVerifier(String str);

    /* JADX INFO: Access modifiers changed from: protected */
    public static void badCredentials(String str) throws BadCredentialsException {
        LOG.warn(str);
        throw new BadCredentialsException(str);
    }

    private com.auth0.jwt.JWTVerifier getVerifier(String str) {
        return (com.auth0.jwt.JWTVerifier) this.verifierCache.getOrLoad(str, () -> {
            return loadVerifier(str);
        });
    }
}
