package io.polyglotted.esjwt.realm;

import io.polyglotted.esjwt.impl.JsonWebToken;
import io.polyglotted.esjwt.impl.JwtValidator;
import io.polyglotted.esjwt.impl.JwtVerifier;
import java.io.IOException;
import java.time.Clock;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.core.security.authc.AuthenticationResult;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.authc.Realm;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.user.User;

/* loaded from: input_file:io/polyglotted/esjwt/realm/JwtRealm.class */
public class JwtRealm extends Realm {
    public static final String TYPE = "esjwt";
    private final String jwksUrl;
    private final String groupsField;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtRealm(RealmConfig realmConfig) {
        super(TYPE, realmConfig);
        this.jwksUrl = realmConfig.settings().get("jwksUrl");
        this.groupsField = realmConfig.settings().get("groupsField", "cognito:groups");
        this.logger.info("loaded x-pack-plugin [esjwt]");
    }

    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof BearerToken;
    }

    public AuthenticationToken token(ThreadContext threadContext) {
        String header = threadContext.getHeader("Authorization");
        if (header == null || !header.startsWith("Bearer ")) {
            return null;
        }
        return BearerToken.bearerToken(header.substring(7));
    }

    public void authenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult> actionListener) {
        try {
            JsonWebToken parseJwt = JsonWebToken.parseJwt(authenticationToken.credentials().toString());
            if (this.jwksUrl != null) {
                JwtVerifier.verifyRs256(this.jwksUrl, parseJwt);
            }
            actionListener.onResponse(AuthenticationResult.success(JwtValidator.validateJwt(Clock.systemUTC(), parseJwt, this.groupsField)));
        } catch (JwtValidator.ValidityException | JwtVerifier.VerificationException e) {
            actionListener.onResponse(AuthenticationResult.unsuccessful("failed to validate", e));
        } catch (IOException e2) {
            actionListener.onFailure(e2);
        }
    }

    public void lookupUser(String str, ActionListener<User> actionListener) {
    }
}
