package com.atlassian.usercontext.impl;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.CannotRetrieveKeyException;
import com.atlassian.asap.api.exception.InvalidTokenException;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.core.validator.JwtValidator;
import com.atlassian.asap.core.validator.JwtValidatorImpl;
import com.atlassian.usercontext.api.UserContext;
import com.atlassian.usercontext.api.UserContextTokenValidator;
import com.google.common.collect.ImmutableSet;
import java.security.PublicKey;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/usercontext/impl/UserContextTokenValidatorImpl.class */
public class UserContextTokenValidatorImpl implements UserContextTokenValidator {
    private static final Logger LOG = LoggerFactory.getLogger(UserContextTokenValidatorImpl.class);
    private static final Set<String> AUTHORIZED_USER_CONTEXT_ISSUERS = ImmutableSet.of("micros/edge-authenticator");
    private static final String USER_CONTEXT_AUDIENCE = "atlassian-internal";
    private final JwtValidator jwtValidator;

    private UserContextTokenValidatorImpl(JwtValidator jwtValidator) {
        this.jwtValidator = (JwtValidator) Objects.requireNonNull(jwtValidator);
    }

    public static UserContextTokenValidatorImpl create(KeyProvider<PublicKey> keyProvider) {
        return new UserContextTokenValidatorImpl(JwtValidatorImpl.createDefault(new AuthenticationContext(USER_CONTEXT_AUDIENCE, keyProvider)));
    }

    @Override // com.atlassian.usercontext.api.UserContextTokenValidator
    public Optional<UserContext> validate(String str) {
        try {
            Jwt readAndValidate = this.jwtValidator.readAndValidate(str);
            String issuer = readAndValidate.getClaims().getIssuer();
            if (AUTHORIZED_USER_CONTEXT_ISSUERS.contains(issuer)) {
                return Optional.of(new UserContextImpl(readAndValidate, str));
            }
            LOG.warn("Unauthorized user context issuer: {}", issuer);
            return Optional.empty();
        } catch (InvalidTokenException | CannotRetrieveKeyException e) {
            LOG.warn("Unable to validate user context token due to: {}", e.getMessage(), e);
            return Optional.empty();
        }
    }
}
