package net.leanix.dropkit.oauth.jwks;

import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Singleton;
import net.leanix.dropkit.oauth.models.User;
import net.leanix.dropkit.oauth.token.OAuth2TokenConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:net/leanix/dropkit/oauth/jwks/OAuth2AuthenticatorJWKS.class */
public class OAuth2AuthenticatorJWKS<U extends User> implements Authenticator<String, U> {
    private static final Logger LOG = LoggerFactory.getLogger(OAuth2AuthenticatorJWKS.class);
    private final OAuth2TokenParserJWKS<U> parser;

    @Inject
    public OAuth2AuthenticatorJWKS(OAuth2TokenConfig oAuth2TokenConfig, Class<U> cls) {
        try {
            this.parser = new OAuth2TokenParserJWKS<>(oAuth2TokenConfig, cls);
        } catch (Exception e) {
            throw new RuntimeException("internal error", e);
        }
    }

    public Optional<U> authenticate(String str) throws AuthenticationException {
        if (str == null) {
            LOG.warn("No token provided");
            return Optional.empty();
        }
        try {
            return Optional.ofNullable(this.parser.parse(str).getPrincipal());
        } catch (JwtException e) {
            LOG.warn("Unable to verify token: ", e);
            return Optional.empty();
        } catch (ExpiredJwtException e2) {
            LOG.warn("Token expired");
            return Optional.empty();
        } catch (Throwable th) {
            throw new AuthenticationException("Unable to authenticate token", th);
        }
    }
}
