package com.adobe.granite.auth.ims.impl.request;

import com.adobe.granite.auth.ims.impl.IMSConstants;
import com.adobe.granite.auth.ims.request.ImsRequestTokenProvider;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.oltu.oauth2.jwt.JWT;
import org.apache.oltu.oauth2.jwt.io.JWTReader;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ImsRequestTokenProvider.class})
/* loaded from: input_file:com/adobe/granite/auth/ims/impl/request/ImsRequestTokenProviderImpl.class */
public class ImsRequestTokenProviderImpl implements ImsRequestTokenProvider {
    private static final Logger log = LoggerFactory.getLogger(ImsRequestTokenProviderImpl.class);
    public static final String PN_REQUEST_TOKEN = "com.adobe.granite.auth.ims.internal.request.REQUEST_TOKEN";
    public static final String PN_EXCHANGED_TOKEN = "com.adobe.granite.auth.ims.internal.request.EXCHANGED_TOKEN";

    @Override // com.adobe.granite.auth.ims.request.ImsRequestTokenProvider
    @NotNull
    public Optional<String> getRequestToken(@NotNull HttpServletRequest httpServletRequest) {
        Optional<String> map = Optional.ofNullable(httpServletRequest.getAttribute(PN_REQUEST_TOKEN)).map((v0) -> {
            return v0.toString();
        });
        return map.isPresent() ? map : Optional.empty();
    }

    @Override // com.adobe.granite.auth.ims.request.ImsRequestTokenProvider
    @NotNull
    public Optional<String> getExchangedToken(HttpServletRequest httpServletRequest) {
        Optional<String> map = Optional.ofNullable(httpServletRequest.getAttribute(PN_EXCHANGED_TOKEN)).map((v0) -> {
            return v0.toString();
        });
        return map.isPresent() ? map : Optional.empty();
    }

    @Override // com.adobe.granite.auth.ims.request.ImsRequestTokenProvider
    @NotNull
    public boolean isExternalOrg(@NotNull HttpServletRequest httpServletRequest) {
        Optional<String> requestToken = getRequestToken(httpServletRequest);
        Optional<String> exchangedToken = getExchangedToken(httpServletRequest);
        if (requestToken.isPresent() && exchangedToken.isPresent()) {
            return checkExternalOrg(requestToken.get(), exchangedToken.get());
        }
        return false;
    }

    private boolean checkExternalOrg(@NotNull String str, @NotNull String str2) {
        return !Objects.equals(getUserId(str), getUserId(str2));
    }

    @Nullable
    private String getUserId(@NotNull String str) {
        try {
            return (String) ((JWT) new JWTReader().read(str)).getClaimsSet().getCustomField(IMSConstants.JSON_USER_ID, String.class);
        } catch (Exception e) {
            log.warn("getUserId: Failed to read user id");
            return null;
        }
    }
}
