package io.vertx.ext.web.handler.impl;

import io.vertx.core.AsyncResult;
import io.vertx.core.Future;
import io.vertx.core.Handler;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.auth.User;
import io.vertx.ext.auth.authentication.TokenCredentials;
import io.vertx.ext.auth.jwt.JWTAuth;
import io.vertx.ext.web.RoutingContext;
import io.vertx.ext.web.handler.AuthenticationHandler;
import io.vertx.ext.web.handler.HttpException;
import io.vertx.ext.web.handler.JWTAuthHandler;
import io.vertx.ext.web.handler.impl.HTTPAuthorizationHandler;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:BOOT-INF/lib/vertx-web-4.1.5.jar:io/vertx/ext/web/handler/impl/JWTAuthHandlerImpl.class */
public class JWTAuthHandlerImpl extends HTTPAuthorizationHandler<JWTAuth> implements JWTAuthHandler, ScopedAuthentication<JWTAuthHandler> {
    private final List<String> scopes;
    private final String delimiter;

    public JWTAuthHandlerImpl(JWTAuth jWTAuth, String str) {
        super(jWTAuth, HTTPAuthorizationHandler.Type.BEARER, str);
        this.scopes = new ArrayList();
        this.delimiter = " ";
    }

    private JWTAuthHandlerImpl(JWTAuthHandlerImpl jWTAuthHandlerImpl, List<String> list, String str) {
        super(jWTAuthHandlerImpl.authProvider, HTTPAuthorizationHandler.Type.BEARER, jWTAuthHandlerImpl.realm);
        this.scopes = list;
        this.delimiter = str;
    }

    @Override // io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public void authenticate(RoutingContext routingContext, Handler<AsyncResult<User>> handler) {
        parseAuthorization(routingContext, asyncResult -> {
            if (asyncResult.failed()) {
                handler.handle(Future.failedFuture(asyncResult.cause()));
                return;
            }
            String str = (String) asyncResult.result();
            int i = 0;
            for (int i2 = 0; i2 < str.length(); i2++) {
                char charAt = str.charAt(i2);
                if (charAt == '.') {
                    i++;
                    if (i == 3) {
                        handler.handle(Future.failedFuture(new HttpException(400, "Too many segments in token")));
                        return;
                    }
                } else if (!Character.isLetterOrDigit(charAt) && charAt != '-' && charAt != '_') {
                    handler.handle(Future.failedFuture(new HttpException(400, "Invalid character in token: " + ((int) charAt))));
                    return;
                }
            }
            this.authProvider.authenticate(new TokenCredentials(str), asyncResult -> {
                if (asyncResult.failed()) {
                    handler.handle(Future.failedFuture(new HttpException(401, asyncResult.cause())));
                } else {
                    handler.handle(asyncResult);
                }
            });
        });
    }

    @Override // io.vertx.ext.web.handler.impl.ScopedAuthentication
    public JWTAuthHandler withScope(String str) {
        ArrayList arrayList = new ArrayList(this.scopes);
        arrayList.add(str);
        return new JWTAuthHandlerImpl(this, arrayList, this.delimiter);
    }

    @Override // io.vertx.ext.web.handler.JWTAuthHandler, io.vertx.ext.web.handler.impl.ScopedAuthentication
    public JWTAuthHandler withScopes(List<String> list) {
        return new JWTAuthHandlerImpl(this, list, this.delimiter);
    }

    @Override // io.vertx.ext.web.handler.JWTAuthHandler
    public JWTAuthHandler scopeDelimiter(String str) {
        return new JWTAuthHandlerImpl(this, this.scopes, str);
    }

    @Override // io.vertx.ext.web.handler.impl.AuthenticationHandlerInternal
    public void postAuthentication(RoutingContext routingContext) {
        if (this.scopes.size() > 0) {
            JsonObject jsonObject = (JsonObject) routingContext.user().get("accessToken");
            if (jsonObject == null) {
                routingContext.fail(403, new IllegalStateException("Invalid JWT: null"));
                return;
            }
            if (jsonObject.getValue("scope") == null) {
                routingContext.fail(403, new IllegalStateException("Invalid JWT: scope claim is required"));
                return;
            }
            List list = jsonObject.getValue("scope") instanceof String ? (List) Stream.of((Object[]) jsonObject.getString("scope").split(this.delimiter)).collect(Collectors.toList()) : jsonObject.getJsonArray("scope").getList();
            if (list != null) {
                Iterator<String> it = this.scopes.iterator();
                while (it.hasNext()) {
                    if (!list.contains(it.next())) {
                        routingContext.fail(403, new IllegalStateException("JWT scopes != handler scopes"));
                        return;
                    }
                }
            }
        }
        routingContext.next();
    }

    @Override // io.vertx.ext.web.handler.impl.ScopedAuthentication
    public /* bridge */ /* synthetic */ AuthenticationHandler withScopes(List list) {
        return withScopes((List<String>) list);
    }
}
