package net.leanix.dropkit.oauth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Optional;
import com.google.inject.Inject;
import com.sun.jersey.api.client.Client;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.UniformInterfaceException;
import com.sun.jersey.core.util.Base64;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import java.io.IOException;
import org.slf4j.Logger;

/* loaded from: input_file:net/leanix/dropkit/oauth/OAuth2Authenticator.class */
public class OAuth2Authenticator implements Authenticator<String, AuthenticatedUser> {
    private static final String BEARER = "bearer";
    private final String tokenVerificationUrl;
    private final String authorizationValue;
    private final Logger logger;
    private final Client client = Client.create();
    private static final ObjectMapper mapper = new ObjectMapper();

    @Inject
    public OAuth2Authenticator(OAuth2ClientConfig oAuth2ClientConfig, Logger logger) {
        System.setProperty("jsse.enableSNIExtension", "false");
        this.tokenVerificationUrl = oAuth2ClientConfig.getVerificationUrl();
        this.authorizationValue = "Basic ".concat(new String(Base64.encode(oAuth2ClientConfig.getClientId().concat(":").concat(oAuth2ClientConfig.getClientSecret()).getBytes())));
        this.logger = logger;
    }

    public Optional<AuthenticatedUser> authenticate(String str) throws AuthenticationException {
        return Optional.fromNullable(verify(str));
    }

    private boolean isValidResponse(VerifyTokenResponse verifyTokenResponse) {
        return (verifyTokenResponse == null || verifyTokenResponse.getPrincipal() == null || verifyTokenResponse.getError() != null) ? false : true;
    }

    private AuthenticatedUser verify(String str) throws AuthenticationException {
        try {
            this.logger.debug("Verifying access token " + str + " against " + this.tokenVerificationUrl);
            VerifyTokenResponse verifyTokenResponse = (VerifyTokenResponse) mapper.readValue((String) this.client.resource(String.format(this.tokenVerificationUrl.concat("?access_token=%s"), str)).header("Authorization", this.authorizationValue).accept(new String[]{"application/json"}).get(String.class), VerifyTokenResponse.class);
            if (isValidResponse(verifyTokenResponse)) {
                return verifyTokenResponse.getPrincipal();
            }
            return null;
        } catch (IOException e) {
            this.logger.error("Unable to parse verification response for token " + str + ": " + e.getMessage(), e);
            throw new AuthenticationException("Unable to parse verification response: " + e.getMessage(), e);
        } catch (UniformInterfaceException e2) {
            if (e2.getResponse().getStatus() == ClientResponse.Status.GONE.getStatusCode()) {
                this.logger.warn("Access token {} is not valid any more: {}", str, e2.getMessage());
                return null;
            }
            this.logger.error("Unable to verify token " + str + ": " + e2.getMessage(), e2);
            throw new AuthenticationException("Access token verification failed: " + e2.getMessage(), e2);
        } catch (Throwable th) {
            this.logger.error("Unable to verify token " + str + ", unknown reason: " + th.getMessage(), th);
            throw new AuthenticationException("Unable to perform authentication, unknown reason.", th);
        }
    }

    static {
        mapper.disableDefaultTyping();
    }
}
