package org.apache.james.jmap;

import com.google.common.annotations.VisibleForTesting;
import java.util.Objects;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.james.jmap.exceptions.MailboxSessionCreationException;
import org.apache.james.jmap.exceptions.NoValidAuthHeaderException;
import org.apache.james.jmap.utils.HeadersAuthenticationExtractor;
import org.apache.james.jwt.JwtTokenVerifier;
import org.apache.james.mailbox.MailboxManager;
import org.apache.james.mailbox.MailboxSession;
import org.apache.james.mailbox.exception.MailboxException;

/* loaded from: input_file:org/apache/james/jmap/JWTAuthenticationStrategy.class */
public class JWTAuthenticationStrategy implements AuthenticationStrategy {

    @VisibleForTesting
    static final String AUTHORIZATION_HEADER_PREFIX = "Bearer ";
    private final JwtTokenVerifier tokenManager;
    private final MailboxManager mailboxManager;
    private final HeadersAuthenticationExtractor authenticationExtractor;

    @Inject
    @VisibleForTesting
    JWTAuthenticationStrategy(JwtTokenVerifier jwtTokenVerifier, MailboxManager mailboxManager, HeadersAuthenticationExtractor headersAuthenticationExtractor) {
        this.tokenManager = jwtTokenVerifier;
        this.mailboxManager = mailboxManager;
        this.authenticationExtractor = headersAuthenticationExtractor;
    }

    @Override // org.apache.james.jmap.AuthenticationStrategy
    public MailboxSession createMailboxSession(HttpServletRequest httpServletRequest) throws MailboxSessionCreationException, NoValidAuthHeaderException {
        Stream<String> extractTokensFromAuthHeaders = extractTokensFromAuthHeaders(this.authenticationExtractor.authHeaders(httpServletRequest));
        JwtTokenVerifier jwtTokenVerifier = this.tokenManager;
        Objects.requireNonNull(jwtTokenVerifier);
        Stream<String> filter = extractTokensFromAuthHeaders.filter(jwtTokenVerifier::verify);
        JwtTokenVerifier jwtTokenVerifier2 = this.tokenManager;
        Objects.requireNonNull(jwtTokenVerifier2);
        return (MailboxSession) filter.map(jwtTokenVerifier2::extractLogin).map(str -> {
            try {
                return this.mailboxManager.createSystemSession(str);
            } catch (MailboxException e) {
                throw new MailboxSessionCreationException(e);
            }
        }).findFirst().orElseThrow(NoValidAuthHeaderException::new);
    }

    private Stream<String> extractTokensFromAuthHeaders(Stream<String> stream) {
        return stream.filter(str -> {
            return str.startsWith(AUTHORIZATION_HEADER_PREFIX);
        }).map(str2 -> {
            return str2.substring(AUTHORIZATION_HEADER_PREFIX.length());
        });
    }
}
