package com.appiancorp.oauth.inbound.token;

import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.oauth.inbound.SuiteConfigurationAdapter;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.oauth2.sdk.token.BearerAccessToken;
import java.text.ParseException;
import java.util.List;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/token/ResourceServerTokenServiceImpl.class */
public class ResourceServerTokenServiceImpl implements ResourceServerTokenService {
    private static final Logger LOG = LoggerFactory.getLogger(ResourceServerTokenServiceImpl.class);
    private final SuiteConfigurationAdapter suiteConfiguration;
    private final FeatureToggleClient featureToggleClient;

    public ResourceServerTokenServiceImpl(SuiteConfigurationAdapter suiteConfigurationAdapter, FeatureToggleClient featureToggleClient) {
        this.suiteConfiguration = suiteConfigurationAdapter;
        this.featureToggleClient = featureToggleClient;
    }

    public Optional<String> getQualifiedAccessToken(HttpServletRequest httpServletRequest) {
        try {
            String value = BearerAccessToken.parse(httpServletRequest.getHeader("Authorization")).getValue();
            SignedJWT parse = SignedJWT.parse(value);
            String issuer = parse.getJWTClaimsSet().getIssuer();
            if (!isIssuerValid(issuer)) {
                LOG.debug("Issuer was not set or was not an expected value, parsed issuer: {}", issuer);
                return Optional.empty();
            }
            List audience = parse.getJWTClaimsSet().getAudience();
            if (audience != null && !audience.isEmpty()) {
                return Optional.of(value);
            }
            LOG.debug("Audience was not set");
            return Optional.empty();
        } catch (ParseException e) {
            LOG.debug("Access token is not a valid SignedJWT.", e);
            return Optional.empty();
        } catch (com.nimbusds.oauth2.sdk.ParseException e2) {
            LOG.debug("Unable to parse web api request for access token.", e2);
            return Optional.empty();
        }
    }

    private boolean isIssuerValid(String str) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        return str.equals(this.suiteConfiguration.getBaseUri()) || this.featureToggleClient.isFeatureEnabled("ae.integration-services.third-party-oauth-inbound");
    }
}
