package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Principal;
import javax.annotation.Priority;
import javax.security.auth.x500.X500Principal;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
import org.apache.cxf.rs.security.jose.jws.PublicKeyJwsSignatureVerifier;
import org.apache.cxf.security.SecurityContext;

@Priority(1002)
@PreMatching
/* loaded from: input_file:lib/cxf-rt-rs-security-jose-jaxrs-3.1.13.jar:org/apache/cxf/rs/security/jose/jaxrs/JwsContainerRequestFilter.class */
public class JwsContainerRequestFilter extends AbstractJwsReaderProvider implements ContainerRequestFilter {
    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        SecurityContext configureSecurityContext;
        if ("GET".equals(containerRequestContext.getMethod())) {
            return;
        }
        JwsCompactConsumer jwsCompactConsumer = new JwsCompactConsumer(IOUtils.readStringFromStream(containerRequestContext.getEntityStream()));
        JwsSignatureVerifier initializedSigVerifier = getInitializedSigVerifier(jwsCompactConsumer.getJwsHeaders());
        if (!jwsCompactConsumer.verifySignatureWith(initializedSigVerifier)) {
            containerRequestContext.abortWith(JAXRSUtils.toResponse(400));
            return;
        }
        JoseUtils.validateRequestContextProperty(jwsCompactConsumer.getJwsHeaders());
        byte[] decodedJwsPayloadBytes = jwsCompactConsumer.getDecodedJwsPayloadBytes();
        containerRequestContext.setEntityStream(new ByteArrayInputStream(decodedJwsPayloadBytes));
        containerRequestContext.getHeaders().putSingle("Content-Length", Integer.toString(decodedJwsPayloadBytes.length));
        String checkContentType = JoseUtils.checkContentType(jwsCompactConsumer.getJwsHeaders().getContentType(), getDefaultMediaType());
        if (checkContentType != null) {
            containerRequestContext.getHeaders().putSingle("Content-Type", checkContentType);
        }
        if (super.isValidateHttpHeaders()) {
            super.validateHttpHeadersIfNeeded(containerRequestContext.getHeaders(), jwsCompactConsumer.getJwsHeaders());
        }
        Principal userPrincipal = containerRequestContext.getSecurityContext().getUserPrincipal();
        if ((userPrincipal == null || userPrincipal.getName() == null) && (configureSecurityContext = configureSecurityContext(initializedSigVerifier)) != null) {
            JAXRSUtils.getCurrentMessage().put((Class<Class>) SecurityContext.class, (Class) configureSecurityContext);
        }
    }

    protected SecurityContext configureSecurityContext(JwsSignatureVerifier jwsSignatureVerifier) {
        if (!(jwsSignatureVerifier instanceof PublicKeyJwsSignatureVerifier) || ((PublicKeyJwsSignatureVerifier) jwsSignatureVerifier).getX509Certificate() == null) {
            return null;
        }
        final X500Principal subjectX500Principal = ((PublicKeyJwsSignatureVerifier) jwsSignatureVerifier).getX509Certificate().getSubjectX500Principal();
        return new SecurityContext() { // from class: org.apache.cxf.rs.security.jose.jaxrs.JwsContainerRequestFilter.1
            @Override // org.apache.cxf.security.SecurityContext
            public Principal getUserPrincipal() {
                return subjectX500Principal;
            }

            @Override // org.apache.cxf.security.SecurityContext
            public boolean isUserInRole(String str) {
                return false;
            }
        };
    }
}
