package org.apache.tomee.microprofile.jwt;

import java.io.IOException;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.concurrent.Callable;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.ExceptionMapper;
import javax.ws.rs.ext.Provider;
import org.apache.tomee.microprofile.jwt.config.JWTAuthContextInfo;
import org.apache.tomee.microprofile.jwt.principal.JWTCallerPrincipalFactory;
import org.eclipse.microprofile.jwt.JsonWebToken;

@WebFilter(asyncSupported = true, urlPatterns = {"/*"})
/* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter.class */
public class MPJWTFilter implements Filter {

    @Inject
    private Instance<JWTAuthContextInfo> authContextInfo;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$BadAuthorizationPrefixException.class */
    public static class BadAuthorizationPrefixException extends MPJWTException {
        private String authorizationHeader;

        public BadAuthorizationPrefixException(String str) {
            this.authorizationHeader = str;
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException
        public int getStatus() {
            return 401;
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException, java.lang.Throwable
        public String getMessage() {
            return "Authorization header does not use the Bearer prefix. Can't validate header " + this.authorizationHeader;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$InvalidTokenException.class */
    public static class InvalidTokenException extends MPJWTException {
        private final String token;

        public InvalidTokenException(String str, Throwable th) {
            super(th);
            this.token = str;
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException
        public int getStatus() {
            return 401;
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException, java.lang.Throwable
        public String getMessage() {
            return "Invalid or not parsable JWT " + this.token;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$MPJWTException.class */
    public static abstract class MPJWTException extends RuntimeException {
        public MPJWTException() {
        }

        public MPJWTException(Throwable th) {
            super(th);
        }

        public abstract int getStatus();

        @Override // java.lang.Throwable
        public abstract String getMessage();
    }

    @Provider
    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$MPJWTExceptionMapper.class */
    public static class MPJWTExceptionMapper implements ExceptionMapper<MPJWTException> {
        public Response toResponse(MPJWTException mPJWTException) {
            return Response.status(mPJWTException.getStatus()).entity(mPJWTException.getMessage()).build();
        }
    }

    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$MPJWTServletRequestWrapper.class */
    public static class MPJWTServletRequestWrapper extends HttpServletRequestWrapper {
        private final Function<HttpServletRequest, JsonWebToken> tokenFunction;
        private final HttpServletRequest request;

        public MPJWTServletRequestWrapper(final HttpServletRequest httpServletRequest, JWTAuthContextInfo jWTAuthContextInfo) {
            super(httpServletRequest);
            this.request = httpServletRequest;
            this.tokenFunction = MPJWTFilter.token(httpServletRequest, jWTAuthContextInfo);
            httpServletRequest.setAttribute(JsonWebToken.class.getName(), this.tokenFunction);
            httpServletRequest.setAttribute("javax.security.auth.subject.callable", new Callable<Subject>() { // from class: org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTServletRequestWrapper.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public Subject call() throws Exception {
                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                    JsonWebToken jsonWebToken = (JsonWebToken) MPJWTServletRequestWrapper.this.tokenFunction.apply(httpServletRequest);
                    linkedHashSet.add(jsonWebToken);
                    linkedHashSet.addAll((Collection) jsonWebToken.getGroups().stream().map(new Function<String, Principal>() { // from class: org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTServletRequestWrapper.1.1
                        @Override // java.util.function.Function
                        public Principal apply(final String str) {
                            return new Principal() { // from class: org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTServletRequestWrapper.1.1.1
                                @Override // java.security.Principal
                                public String getName() {
                                    return str;
                                }
                            };
                        }
                    }).collect(Collectors.toList()));
                    return new Subject(true, linkedHashSet, Collections.emptySet(), Collections.emptySet());
                }
            });
        }

        public Principal getUserPrincipal() {
            return this.tokenFunction.apply(this.request);
        }

        public boolean isUserInRole(String str) {
            return this.tokenFunction.apply(this.request).getGroups().contains(str);
        }

        public String getAuthType() {
            return "MP-JWT";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tomee/microprofile/jwt/MPJWTFilter$MissingAuthorizationHeaderException.class */
    public static class MissingAuthorizationHeaderException extends MPJWTException {
        private MissingAuthorizationHeaderException() {
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException
        public int getStatus() {
            return 401;
        }

        @Override // org.apache.tomee.microprofile.jwt.MPJWTFilter.MPJWTException, java.lang.Throwable
        public String getMessage() {
            return "No authorization header provided. Can't validate the JWT.";
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.authContextInfo.isUnsatisfied()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            filterChain.doFilter(new MPJWTServletRequestWrapper((HttpServletRequest) servletRequest, (JWTAuthContextInfo) this.authContextInfo.get()), servletResponse);
        } catch (Exception e) {
            if (MPJWTException.class.isInstance(e)) {
                MPJWTException mPJWTException = (MPJWTException) MPJWTException.class.cast(e);
                ((HttpServletResponse) HttpServletResponse.class.cast(servletResponse)).sendError(mPJWTException.getStatus(), mPJWTException.getMessage());
            } else {
                if (!MPJWTException.class.isInstance(e.getCause())) {
                    throw e;
                }
                MPJWTException mPJWTException2 = (MPJWTException) MPJWTException.class.cast(e.getCause());
                ((HttpServletResponse) HttpServletResponse.class.cast(servletResponse)).sendError(mPJWTException2.getStatus(), mPJWTException2.getMessage());
            }
        }
    }

    public void destroy() {
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Function<HttpServletRequest, JsonWebToken> token(final HttpServletRequest httpServletRequest, final JWTAuthContextInfo jWTAuthContextInfo) {
        return new Function<HttpServletRequest, JsonWebToken>() { // from class: org.apache.tomee.microprofile.jwt.MPJWTFilter.1
            private JsonWebToken jsonWebToken;

            @Override // java.util.function.Function
            public JsonWebToken apply(HttpServletRequest httpServletRequest2) {
                if (this.jsonWebToken != null) {
                    return this.jsonWebToken;
                }
                String header = httpServletRequest.getHeader("Authorization");
                if (header == null || header.isEmpty()) {
                    throw new MissingAuthorizationHeaderException();
                }
                if (!header.toLowerCase(Locale.ENGLISH).startsWith("bearer ")) {
                    throw new BadAuthorizationPrefixException(header);
                }
                String substring = header.substring("bearer ".length());
                try {
                    this.jsonWebToken = MPJWTFilter.validate(substring, jWTAuthContextInfo);
                    return this.jsonWebToken;
                } catch (ParseException e) {
                    throw new InvalidTokenException(substring, e);
                }
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JsonWebToken validate(String str, JWTAuthContextInfo jWTAuthContextInfo) throws ParseException {
        return JWTCallerPrincipalFactory.instance().parse(str, jWTAuthContextInfo);
    }
}
