package org.sonatype.nexus.security;

import com.google.common.base.Preconditions;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import org.sonatype.nexus.common.text.Strings2;
import org.sonatype.nexus.security.jwt.JwtVerificationException;

@Singleton
@Named
/* loaded from: input_file:org/sonatype/nexus/security/JwtFilter.class */
public class JwtFilter extends AdviceFilter {
    public static final String NAME = "nx-jwt";
    private final JwtHelper jwtHelper;
    private final List<JwtRefreshExemption> jwtExemptPaths;

    @Inject
    public JwtFilter(JwtHelper jwtHelper, List<JwtRefreshExemption> list) {
        this.jwtHelper = (JwtHelper) Preconditions.checkNotNull(jwtHelper);
        this.jwtExemptPaths = list;
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null || isExemptRequest(httpServletRequest)) {
            return true;
        }
        Optional findFirst = Arrays.stream(cookies).filter(cookie -> {
            return cookie.getName().equals(JwtHelper.JWT_COOKIE_NAME);
        }).findFirst();
        if (!findFirst.isPresent()) {
            return true;
        }
        Cookie cookie2 = (Cookie) findFirst.get();
        String value = cookie2.getValue();
        if (Strings2.isEmpty(value)) {
            return true;
        }
        try {
            WebUtils.toHttp(servletResponse).addCookie(this.jwtHelper.verifyAndRefreshJwtCookie(value, servletRequest.isSecure()));
            return true;
        } catch (JwtVerificationException unused) {
            cookie2.setValue("");
            cookie2.setMaxAge(0);
            WebUtils.toHttp(servletResponse).addCookie(cookie2);
            return false;
        }
    }

    private boolean isExemptRequest(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        Stream<R> map = this.jwtExemptPaths.stream().map((v0) -> {
            return v0.getPath();
        });
        servletPath.getClass();
        return map.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }
}
