package io.polyglotted.spring.cognito;

import com.amazonaws.services.cognitoidp.AWSCognitoIdentityProvider;
import com.amazonaws.services.cognitoidp.model.AttributeType;
import com.amazonaws.services.cognitoidp.model.GetUserRequest;
import com.amazonaws.services.cognitoidp.model.GetUserResult;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.polyglotted.common.model.MapResult;
import io.polyglotted.common.model.Subject;
import io.polyglotted.common.util.BaseSerializer;
import io.polyglotted.common.util.CollUtil;
import io.polyglotted.common.util.MapRetriever;
import io.polyglotted.spring.cognito.AbstractCognito;
import io.polyglotted.spring.cognito.CognitoAuthFilter;
import io.polyglotted.spring.security.DefaultAuthToken;
import java.util.List;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/polyglotted/spring/cognito/CognitoProcessor.class */
public class CognitoProcessor extends AbstractCognito {
    private static final Logger log = LoggerFactory.getLogger(CognitoProcessor.class);

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    public CognitoProcessor(AbstractCognito.CognitoConfig cognitoConfig, AWSCognitoIdentityProvider aWSCognitoIdentityProvider) {
        super(cognitoConfig, aWSCognitoIdentityProvider);
        this.objectMapper = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultAuthToken authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Bearer")) {
            log.trace("No Bearer token found in HTTP Authorization header");
            return null;
        }
        String substring = header.substring(7);
        List<String> fetchRoles = fetchRoles(substring);
        return new DefaultAuthToken(getUser(substring).roles(fetchRoles).build(), substring, authorities(fetchRoles));
    }

    private Subject.Builder getUser(String str) {
        GetUserResult user = this.cognitoClient.getUser(new GetUserRequest().withAccessToken(str));
        MapResult simpleResult = MapResult.simpleResult();
        for (AttributeType attributeType : user.getUserAttributes()) {
            simpleResult.put(attributeType.getName().toLowerCase(Locale.ENGLISH), attributeType.getValue());
        }
        return Subject.subjectBuilder().username((String) simpleResult.removeVal("sub")).email(simpleResult.optStr("email")).fullName(simpleResult.optStr("name")).metadata(simpleResult);
    }

    private List<String> fetchRoles(String str) {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            throw new CognitoAuthFilter.NotCognitoException("invalid token parts");
        }
        return rolesFrom(BaseSerializer.deserialize(this.objectMapper, Base64.decodeBase64(split[1])));
    }

    private static List<String> rolesFrom(MapResult mapResult) {
        return CollUtil.transformList(MapRetriever.listVal(mapResult, "cognito:groups"), CognitoProcessor::groupToRole);
    }

    private static String groupToRole(String str) {
        return str.startsWith("ABACI_") ? str.substring(6) : str;
    }

    private static List<GrantedAuthority> authorities(List<String> list) {
        return CollUtil.transformList(list, str -> {
            return new SimpleGrantedAuthority("ROLE_" + str.toUpperCase());
        });
    }
}
