package co.cask.cdap.security.auth;

import co.cask.cdap.common.io.Codec;
import com.google.common.util.concurrent.AbstractIdleService;
import com.google.inject.Inject;
import java.io.IOException;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:co/cask/cdap/security/auth/AccessTokenValidator.class */
public class AccessTokenValidator extends AbstractIdleService implements TokenValidator {
    private static final Logger LOG = LoggerFactory.getLogger(AccessTokenValidator.class);
    private final TokenManager tokenManager;
    private final Codec<AccessToken> accessTokenCodec;

    @Inject
    public AccessTokenValidator(TokenManager tokenManager, Codec<AccessToken> codec) {
        this.tokenManager = tokenManager;
        this.accessTokenCodec = codec;
    }

    protected void startUp() throws Exception {
        this.tokenManager.startAndWait();
    }

    protected void shutDown() throws Exception {
        this.tokenManager.stopAndWait();
    }

    @Override // co.cask.cdap.security.auth.TokenValidator
    public TokenState validate(String str) {
        TokenState tokenState = TokenState.VALID;
        if (str == null) {
            LOG.debug("Token is missing");
            return TokenState.MISSING;
        }
        try {
            this.tokenManager.validateSecret((AccessToken) this.accessTokenCodec.decode(Base64.decodeBase64(str)));
        } catch (InvalidTokenException e) {
            tokenState = e.getReason();
            LOG.debug("{} {}", tokenState, e);
        } catch (IOException e2) {
            tokenState = TokenState.INVALID;
            LOG.debug("Unknown Schema version for Access Token. {}", e2);
        }
        return tokenState;
    }
}
