package com.linkedin.venice.authentication.jwt;

import com.linkedin.venice.authentication.AuthenticationService;
import com.linkedin.venice.authentication.jwt.AuthenticationProviderToken;
import com.linkedin.venice.authorization.Principal;
import com.linkedin.venice.offsets.OffsetRecord;
import com.linkedin.venice.utils.VeniceProperties;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/linkedin/venice/authentication/jwt/TokenAuthenticationService.class */
public class TokenAuthenticationService implements AuthenticationService {
    private static final Logger log = LogManager.getLogger(TokenAuthenticationService.class);
    private static final String HTTP_HEADER_VALUE_PREFIX = "Bearer ";
    private AuthenticationProviderToken authenticationProvider;

    @Override // com.linkedin.venice.authentication.AuthenticationService
    public void initialise(VeniceProperties veniceProperties) throws Exception {
        this.authenticationProvider = new AuthenticationProviderToken(new TokenProperties(veniceProperties.getString("authentication.jwt.secretKey", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.publicKey", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.authClaim", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.publicAlg", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.audienceClaim", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.audience", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY), veniceProperties.getString("authentication.jwt.jwksHostsAllowlist", OffsetRecord.NON_AA_REPLICATION_UPSTREAM_OFFSET_MAP_KEY)));
    }

    @Override // com.linkedin.venice.authentication.AuthenticationService, java.io.Closeable, java.lang.AutoCloseable
    public void close() {
    }

    @Override // com.linkedin.venice.authentication.AuthenticationService
    public Principal getPrincipalFromHttpRequest(AuthenticationService.HttpRequestAccessor httpRequestAccessor) {
        String header = httpRequestAccessor.getHeader("Authorization");
        if (header == null || header.length() <= HTTP_HEADER_VALUE_PREFIX.length()) {
            log.info("No Authorization header found in request: {}", httpRequestAccessor);
            return null;
        }
        String substring = header.substring(HTTP_HEADER_VALUE_PREFIX.length());
        if (log.isDebugEnabled()) {
            log.debug("Authenticating user with token: {}", substring);
        }
        try {
            String authenticate = this.authenticationProvider.authenticate(substring);
            if (log.isDebugEnabled()) {
                log.debug("Authenticated user: {} with role: {}", substring, authenticate);
            }
            return new Principal(authenticate);
        } catch (AuthenticationProviderToken.AuthenticationException e) {
            log.error("Cannot authenticatate user with token: {}", substring, e);
            return null;
        }
    }
}
