package be.atbash.runtime.security.jwt.jaxrs;

import be.atbash.ee.security.octopus.jwt.InvalidJWTException;
import be.atbash.ee.security.octopus.nimbus.jose.JOSEException;
import be.atbash.runtime.security.jwt.JWTAuthContextInfoProvider;
import be.atbash.runtime.security.jwt.inject.PrincipalProducer;
import be.atbash.runtime.security.jwt.module.LogTracingHelper;
import be.atbash.runtime.security.jwt.principal.JWTCallerPrincipal;
import be.atbash.runtime.security.jwt.principal.JWTCallerPrincipalFactory;
import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.ws.rs.InternalServerErrorException;
import jakarta.ws.rs.NotAuthorizedException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.PreMatching;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.security.Principal;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PreMatching
@Provider
@Priority(1000)
/* loaded from: input_file:be/atbash/runtime/security/jwt/jaxrs/JWTAuthenticationFilter.class */
public class JWTAuthenticationFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthenticationFilter.class);

    @Inject
    private JWTAuthContextInfoProvider authContextInfoProvider;

    @Inject
    private JWTCallerPrincipalFactory jwtParser;

    @Inject
    private PrincipalProducer producer;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        LogTracingHelper logTracingHelper = LogTracingHelper.getInstance();
        logTracingHelper.startTracing(containerRequestContext);
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        Principal userPrincipal = securityContext.getUserPrincipal();
        logTracingHelper.logTraceMessage("Received request on %s", () -> {
            return new Object[]{containerRequestContext.getUriInfo().getRequestUri().toString()};
        });
        if (userPrincipal instanceof JsonWebToken) {
            return;
        }
        String bearerToken = new BearerTokenExtractor(containerRequestContext, this.authContextInfoProvider.getContextInfo()).getBearerToken();
        logTracingHelper.logTraceMessage("Bearer token '%s'", bearerToken);
        if (bearerToken != null) {
            try {
                JWTCallerPrincipal parse = this.jwtParser.parse(bearerToken, this.authContextInfoProvider.getContextInfo());
                this.producer.setJsonWebToken(parse);
                logTracingHelper.logTraceMessage("The Token was accepted and has name = '%s' and roles = '%s'", () -> {
                    return new Object[]{parse.getName(), parse.getGroups()};
                });
                containerRequestContext.setSecurityContext(new JWTSecurityContext(securityContext, parse));
            } catch (InvalidJWTException | IllegalArgumentException | JOSEException e) {
                throw new NotAuthorizedException(e, "Bearer", new Object[0]);
            } catch (Exception e2) {
                LOGGER.error(e2.getMessage(), e2);
                throw new InternalServerErrorException(e2);
            }
        }
    }
}
