package org.sonatype.nexus.security;

import com.auth0.jwt.interfaces.DecodedJWT;
import com.google.common.base.Preconditions;
import java.util.Arrays;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.session.mgt.SimpleSession;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.web.filter.mgt.FilterChainResolver;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.support.WebDelegatingSubject;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.common.text.Strings2;
import org.sonatype.nexus.security.jwt.JwtVerificationException;

@Singleton
/* loaded from: input_file:org/sonatype/nexus/security/JwtSecurityFilter.class */
public class JwtSecurityFilter extends SecurityFilter {
    private final JwtHelper jwtHelper;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JwtSecurityFilter.class);

    @Inject
    public JwtSecurityFilter(WebSecurityManager webSecurityManager, FilterChainResolver filterChainResolver, JwtHelper jwtHelper) {
        super(webSecurityManager, filterChainResolver);
        this.jwtHelper = (JwtHelper) Preconditions.checkNotNull(jwtHelper);
    }

    protected WebSubject createSubject(ServletRequest servletRequest, ServletResponse servletResponse) {
        Cookie[] cookies = ((HttpServletRequest) servletRequest).getCookies();
        if (cookies != null) {
            Optional findFirst = Arrays.stream(cookies).filter(cookie -> {
                return cookie.getName().equals(JwtHelper.JWT_COOKIE_NAME);
            }).findFirst();
            if (findFirst.isPresent()) {
                Cookie cookie2 = (Cookie) findFirst.get();
                SimpleSession simpleSession = new SimpleSession(servletRequest.getRemoteHost());
                String value = cookie2.getValue();
                if (!Strings2.isEmpty(value)) {
                    try {
                        DecodedJWT verifyJwt = this.jwtHelper.verifyJwt(value);
                        SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection(verifyJwt.getClaim("user").asString(), verifyJwt.getClaim(JwtHelper.REALM).asString());
                        simpleSession.setTimeout(TimeUnit.SECONDS.toMillis(this.jwtHelper.getExpirySeconds()));
                        simpleSession.setAttribute(JwtHelper.JWT_COOKIE_NAME, value);
                        return new WebDelegatingSubject(simplePrincipalCollection, true, servletRequest.getRemoteHost(), simpleSession, true, servletRequest, servletResponse, getSecurityManager());
                    } catch (JwtVerificationException e) {
                        log.debug("Expire and reset the JWT cookie due to the error: {}", e.getMessage());
                        cookie2.setValue("");
                        cookie2.setMaxAge(0);
                        WebUtils.toHttp(servletResponse).addCookie(cookie2);
                        return super.createSubject(servletRequest, servletResponse);
                    }
                }
            }
        }
        return super.createSubject(servletRequest, servletResponse);
    }
}
