package com.sigpwned.dropwizard.jose.jwt;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTClaimNames;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.JWTParser;
import com.nimbusds.jwt.SignedJWT;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTProcessor;
import io.dropwizard.auth.AuthFilter;
import io.dropwizard.auth.Authenticator;
import io.dropwizard.auth.Authorizer;
import io.dropwizard.auth.UnauthorizedHandler;
import java.io.IOException;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.ws.rs.container.ContainerRequestContext;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/JWTAuthFilter.class */
public class JWTAuthFilter<P extends Principal> extends AuthFilter<SignedJWT, P> {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) JWTAuthFilter.class);
    public static final String DEFAULT_QUERY_PARAMETER_NAME = "token";
    public static final String DEFAULT_COOKIE_PARAMETER_NAME = "token";
    public static final String DEFAULT_PREFIX = "Bearer";
    private final String queryParameterName;
    private final String cookieParameterName;
    private final JWTProcessor<SecurityContext> processor;

    /* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/JWTAuthFilter$Authorization.class */
    private static class Authorization {
        private final String method;
        private final String credentials;

        public static Authorization fromString(String str) {
            int indexOf = str.indexOf(32);
            if (indexOf == -1) {
                throw new IllegalArgumentException("no method");
            }
            return of(str.substring(0, indexOf).strip(), str.substring(indexOf + 1, str.length()).strip());
        }

        public static Authorization of(String str, String str2) {
            return new Authorization(str, str2);
        }

        public Authorization(String str, String str2) {
            this.method = str;
            this.credentials = str2;
        }

        public String getMethod() {
            return this.method;
        }

        public String getCredentials() {
            return this.credentials;
        }

        public String toString() {
            return getMethod() + StringUtils.SPACE + getCredentials();
        }
    }

    /* loaded from: input_file:com/sigpwned/dropwizard/jose/jwt/JWTAuthFilter$Builder.class */
    public static class Builder<P extends Principal> extends AuthFilter.AuthFilterBuilder<SignedJWT, P, JWTAuthFilter<P>> {
        private String issuer;
        private JWSAlgorithm signingAlgorithm;
        private JWKSource<SecurityContext> jwkSource;
        private String queryParameterName;
        private String cookieParameterName;

        private Builder() {
            setPrefix(JWTAuthFilter.DEFAULT_PREFIX);
            this.queryParameterName = "token";
            this.cookieParameterName = "token";
        }

        public Builder<P> setIssuer(String str) {
            this.issuer = str;
            return this;
        }

        public Builder<P> setSigningAlgorithm(JWSAlgorithm jWSAlgorithm) {
            this.signingAlgorithm = jWSAlgorithm;
            return this;
        }

        public Builder<P> setJWKSource(JWKSource<SecurityContext> jWKSource) {
            this.jwkSource = jWKSource;
            return this;
        }

        public Builder<P> setJWKs(JWKSet jWKSet) {
            return setJWKSource(new ImmutableJWKSet(jWKSet));
        }

        public Builder<P> setQueryParameterName(String str) {
            this.queryParameterName = str;
            return this;
        }

        public Builder<P> setCookieParameterName(String str) {
            this.cookieParameterName = str;
            return this;
        }

        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public Builder<P> setRealm(String str) {
            return (Builder) super.setRealm(str);
        }

        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public Builder<P> setPrefix(String str) {
            return (Builder) super.setPrefix(str);
        }

        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public Builder<P> setAuthorizer(Authorizer<P> authorizer) {
            return (Builder) super.setAuthorizer((Authorizer) authorizer);
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public Builder<P> setAuthenticator(Authenticator<SignedJWT, P> authenticator) {
            return (Builder) super.setAuthenticator((Authenticator) authenticator);
        }

        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public Builder<P> setUnauthorizedHandler(UnauthorizedHandler unauthorizedHandler) {
            return (Builder) super.setUnauthorizedHandler(unauthorizedHandler);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // io.dropwizard.auth.AuthFilter.AuthFilterBuilder
        public JWTAuthFilter<P> newInstance() {
            Objects.requireNonNull(this.issuer, "issuer is not set");
            Objects.requireNonNull(this.signingAlgorithm, "signingAlgorithm is not set");
            Objects.requireNonNull(this.jwkSource, "jwkSource is not set");
            return new JWTAuthFilter<>(this.issuer, this.signingAlgorithm, this.jwkSource, this.queryParameterName, this.cookieParameterName);
        }
    }

    public static <P extends Principal> Builder<P> builder() {
        return new Builder<>();
    }

    public JWTAuthFilter(String str, JWSAlgorithm jWSAlgorithm, JWKSet jWKSet) {
        this(str, jWSAlgorithm, new ImmutableJWKSet(jWKSet));
    }

    public JWTAuthFilter(String str, JWSAlgorithm jWSAlgorithm, JWKSource<SecurityContext> jWKSource) {
        this(str, jWSAlgorithm, jWKSource, "token", "token");
    }

    public JWTAuthFilter(String str, JWSAlgorithm jWSAlgorithm, JWKSource<SecurityContext> jWKSource, String str2, String str3) {
        if (str == null) {
            throw new NullPointerException();
        }
        if (jWSAlgorithm == null) {
            throw new NullPointerException();
        }
        if (jWKSource == null) {
            throw new NullPointerException();
        }
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWETypeVerifier(DefaultJOSEObjectTypeVerifier.JWT);
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(jWSAlgorithm, jWKSource));
        defaultJWTProcessor.setJWTClaimsSetVerifier(new DefaultJWTClaimsVerifier(new JWTClaimsSet.Builder().issuer(str).build(), Set.of(JWTClaimNames.ISSUED_AT, JWTClaimNames.EXPIRATION_TIME, JWTClaimNames.JWT_ID)));
        this.processor = defaultJWTProcessor;
        this.queryParameterName = str2;
        this.cookieParameterName = str3;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String str = (String) Optional.ofNullable(containerRequestContext.getUriInfo().getQueryParameters().getFirst(this.queryParameterName)).orElse(null);
        if (str == null && this.cookieParameterName != null) {
            str = (String) Optional.ofNullable(containerRequestContext.getCookies().get(this.cookieParameterName)).map((v0) -> {
                return v0.getValue();
            }).orElse(null);
        }
        if (str == null) {
            try {
                str = (String) Optional.ofNullable(containerRequestContext.getHeaderString("Authorization")).map(Authorization::fromString).filter(authorization -> {
                    return authorization.getMethod().equalsIgnoreCase(this.prefix);
                }).map((v0) -> {
                    return v0.getCredentials();
                }).orElse(null);
            } catch (IllegalArgumentException e) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Failed to parse authorization", (Throwable) e);
                }
                str = null;
            }
        }
        SignedJWT signedJWT = null;
        if (str != null) {
            try {
                JWT parse = JWTParser.parse(str);
                if (parse instanceof SignedJWT) {
                    signedJWT = (SignedJWT) parse;
                    this.processor.process(signedJWT, (SignedJWT) null);
                    signedJWT.getJWTClaimsSet();
                }
            } catch (Exception e2) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Failed to process JWT claims", (Throwable) e2);
                }
                signedJWT = null;
            }
        }
        if (!authenticate(containerRequestContext, signedJWT, "BASIC")) {
            throw this.unauthorizedHandler.buildException(this.prefix, this.realm);
        }
    }
}
