package org.apache.geronimo.microprofile.impl.jwtauth.servlet;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.geronimo.microprofile.impl.jwtauth.JwtException;
import org.apache.geronimo.microprofile.impl.jwtauth.jwt.JwtParser;
import org.eclipse.microprofile.jwt.JsonWebToken;

/* loaded from: input_file:org/apache/geronimo/microprofile/impl/jwtauth/servlet/JwtRequest.class */
public class JwtRequest extends HttpServletRequestWrapper {
    private final HttpServletRequest delegate;
    private final Supplier<JsonWebToken> tokenExtractor;
    private volatile JsonWebToken token;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JwtRequest(JwtParser jwtParser, String str, String str2, HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.delegate = httpServletRequest;
        this.tokenExtractor = () -> {
            if (this.token != null) {
                return this.token;
            }
            synchronized (this) {
                if (this.token != null) {
                    return this.token;
                }
                String header = this.delegate.getHeader(str);
                if (header == null || header.isEmpty()) {
                    throw new JwtException("No " + str + " header", 401);
                }
                if (!header.toLowerCase(Locale.ROOT).startsWith(str2)) {
                    throw new JwtException("No prefix " + str2 + " in header " + str, 401);
                }
                this.token = jwtParser.parse(header.substring(str2.length()));
                setAttribute(JsonWebToken.class.getName(), this.token);
                return this.token;
            }
        };
        setAttribute(JwtRequest.class.getName(), this);
        setAttribute(JsonWebToken.class.getName() + ".supplier", this.tokenExtractor);
        setAttribute(Principal.class.getName() + ".supplier", this.tokenExtractor);
        setAttribute("javax.security.auth.subject.callable", () -> {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            JsonWebToken jsonWebToken = this.tokenExtractor.get();
            linkedHashSet.add(jsonWebToken);
            linkedHashSet.addAll((Collection) jsonWebToken.getGroups().stream().map(str3 -> {
                return () -> {
                    return str3;
                };
            }).collect(Collectors.toList()));
            return new Subject(true, linkedHashSet, Collections.emptySet(), Collections.emptySet());
        });
    }

    public JsonWebToken getToken() {
        return this.tokenExtractor.get();
    }

    public Principal getUserPrincipal() {
        return this.tokenExtractor.get();
    }

    public boolean isUserInRole(String str) {
        return this.tokenExtractor.get().getGroups().contains(str);
    }

    public String getAuthType() {
        return "MP-JWT";
    }
}
