package org.apache.nifi.registry.security.authentication;

import jakarta.servlet.http.HttpServletRequest;
import org.apache.nifi.registry.security.authentication.IdentityProviderUsage;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/registry/security/authentication/BearerAuthIdentityProvider.class */
public abstract class BearerAuthIdentityProvider implements IdentityProvider {
    public static final String AUTHORIZATION = "Authorization";
    public static final String BEARER = "Bearer ";
    private static final Logger logger = LoggerFactory.getLogger(BearerAuthIdentityProvider.class);
    private static final IdentityProviderUsage usage = new IdentityProviderUsage() { // from class: org.apache.nifi.registry.security.authentication.BearerAuthIdentityProvider.1
        @Override // org.apache.nifi.registry.security.authentication.IdentityProviderUsage
        public String getText() {
            return "The user credentials must be passed in standard HTTP Bearer Authorization format. That is: 'Authorization: Bearer <token>', where <token> is a value that will be validated by this identity provider.";
        }

        @Override // org.apache.nifi.registry.security.authentication.IdentityProviderUsage
        public IdentityProviderUsage.AuthType getAuthType() {
            return IdentityProviderUsage.AuthType.BEARER;
        }
    };

    @Override // org.apache.nifi.registry.security.authentication.IdentityProvider
    public IdentityProviderUsage getUsageInstructions() {
        return usage;
    }

    @Override // org.apache.nifi.registry.security.authentication.IdentityProvider
    public AuthenticationRequest extractCredentials(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            logger.debug("Cannot extract user credentials from null servletRequest");
            return null;
        }
        if (!httpServletRequest.isSecure()) {
            return null;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith(BEARER)) {
            return new AuthenticationRequest(null, header.substring(BEARER.length()).trim(), null);
        }
        logger.debug("HTTP Bearer Auth credentials not present. Not attempting to extract credentials for authentication.");
        return null;
    }
}
