package org.hyperledger.besu.ethereum.api.jsonrpc.authentication;

import com.google.common.annotations.VisibleForTesting;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.hyperledger.besu.ethereum.api.jsonrpc.internal.methods.JsonRpcMethod;

/* loaded from: input_file:org/hyperledger/besu/ethereum/api/jsonrpc/authentication/AuthenticationUtils.class */
public class AuthenticationUtils {
    private static final Logger LOG = LogManager.getLogger();

    @VisibleForTesting
    public static boolean isPermitted(Optional<AuthenticationService> optional, Optional<User> optional2, JsonRpcMethod jsonRpcMethod) {
        AtomicBoolean atomicBoolean = new AtomicBoolean();
        if (!optional.isPresent()) {
            atomicBoolean.set(true);
        } else if (optional2.isPresent()) {
            User user = optional2.get();
            for (String str : jsonRpcMethod.getPermissions()) {
                user.isAuthorized(str, asyncResult -> {
                    if (((Boolean) asyncResult.result()).booleanValue()) {
                        LOG.trace("user {} authorized : {} via permission {}", user, jsonRpcMethod.getName(), str);
                        atomicBoolean.set(true);
                    }
                });
            }
        }
        if (!atomicBoolean.get()) {
            LOG.trace("user NOT authorized : {}", jsonRpcMethod.getName());
        }
        return atomicBoolean.get();
    }

    public static void getUser(Optional<AuthenticationService> optional, String str, Handler<Optional<User>> handler) {
        try {
            if (optional.isEmpty()) {
                handler.handle(Optional.empty());
            } else {
                optional.get().getJwtAuthProvider().authenticate(new JsonObject().put("jwt", str), asyncResult -> {
                    if (!asyncResult.succeeded()) {
                        LOG.debug("Invalid JWT token", asyncResult.cause());
                        handler.handle(Optional.empty());
                    } else {
                        Optional ofNullable = Optional.ofNullable((User) asyncResult.result());
                        validateExpiryExists(ofNullable);
                        handler.handle(ofNullable);
                    }
                });
            }
        } catch (Exception e) {
            handler.handle(Optional.empty());
        }
    }

    private static void validateExpiryExists(Optional<User> optional) {
        if (!((Boolean) optional.map((v0) -> {
            return v0.principal();
        }).map(jsonObject -> {
            return Boolean.valueOf(jsonObject.containsKey("exp"));
        }).orElse(false)).booleanValue()) {
            throw new IllegalStateException("Invalid JWT doesn't have expiry");
        }
    }

    public static String getJwtTokenFromAuthorizationHeaderValue(String str) {
        if (str == null || !str.startsWith("Bearer ")) {
            return null;
        }
        return str.substring("Bearer ".length());
    }
}
