package com.sigpwned.dropwizard.jose.jwt;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jwt.SignedJWT;
import com.sigpwned.dropwizard.jose.jwt.factory.DefaultJWTFactory;
import com.sigpwned.dropwizard.jose.jwt.util.KeyStores;
import io.dropwizard.auth.AuthDynamicFeature;
import io.dropwizard.auth.Authenticator;
import io.dropwizard.auth.Authorizer;
import io.dropwizard.core.ConfiguredBundle;
import io.dropwizard.core.setup.Bootstrap;
import io.dropwizard.core.setup.Environment;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.Principal;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import org.glassfish.hk2.utilities.binding.AbstractBinder;

/* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/JWTBundle.class */
public class JWTBundle<P extends Principal> implements ConfiguredBundle<JWTBundleConfiguration> {
    private final Authenticator<SignedJWT, P> authenticator;
    private final Authorizer<P> authorizer;
    static final String WELL_KNOWN_JWKS_FILTER_NAME = "WellKnownJwks";

    /* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/JWTBundle$Builder.class */
    public static class Builder<P extends Principal> {
        private Authenticator<SignedJWT, P> authenticator;
        private Authorizer<P> authorizer;

        public Builder<P> setAuthenticator(Authenticator<SignedJWT, P> authenticator) {
            this.authenticator = authenticator;
            return this;
        }

        public Builder<P> setAuthorizer(Authorizer<P> authorizer) {
            this.authorizer = authorizer;
            return this;
        }

        public JWTBundle<P> buildJWTBundle() {
            return new JWTBundle<>(this.authenticator, this.authorizer);
        }
    }

    public static <P extends Principal> Builder<P> builder() {
        return new Builder<>();
    }

    public JWTBundle(Authenticator<SignedJWT, P> authenticator, Authorizer<P> authorizer) {
        this.authorizer = authorizer;
        this.authenticator = authenticator;
    }

    @Override // io.dropwizard.core.ConfiguredBundle
    public void initialize(Bootstrap<?> bootstrap) {
    }

    @Override // io.dropwizard.core.ConfiguredBundle
    public void run(JWTBundleConfiguration jWTBundleConfiguration, Environment environment) throws Exception {
        final JWTFactory newJWTFactory = newJWTFactory(jWTBundleConfiguration.getJWTConfiguration());
        environment.jersey().register(new AbstractBinder() { // from class: com.sigpwned.dropwizard.jose.jwt.JWTBundle.1
            @Override // org.glassfish.hk2.utilities.binding.AbstractBinder
            protected void configure() {
                bind((AnonymousClass1) newJWTFactory).to(JWTFactory.class);
            }
        });
        environment.jersey().register(new AuthDynamicFeature(JWTAuthFilter.builder().setIssuer(newJWTFactory.getIssuer()).setRealm(newJWTFactory.getIssuer()).setJWKs(newJWTFactory.getJwks()).setSigningAlgorithm(newJWTFactory.getSigningAlgorithm()).setAuthenticator((Authenticator) this.authenticator).setAuthorizer((Authorizer) this.authorizer).buildAuthFilter()));
        environment.servlets().addFilter(WELL_KNOWN_JWKS_FILTER_NAME, new WellKnownJWKSetHttpFilter(newJWTFactory.getJwks())).addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/*");
    }

    JWTFactory newJWTFactory(JWTConfiguration jWTConfiguration) throws IOException {
        try {
            return new DefaultJWTFactory(JWKSet.load(loadKeyStore(jWTConfiguration), null), jWTConfiguration.getIssuer(), jWTConfiguration.getTokenLifetime());
        } catch (KeyStoreException e) {
            throw new IOException("Failed to load keys from store", e);
        }
    }

    KeyStore loadKeyStore(JWTConfiguration jWTConfiguration) throws IOException {
        return KeyStores.loadKeyStore(jWTConfiguration.getKeyStoreType(), jWTConfiguration.getKeyStorePath(), jWTConfiguration.getKeyStorePassword(), jWTConfiguration.getKeyStoreProvider());
    }
}
