package org.apache.james.webadmin.authentication;

import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import org.apache.james.jwt.JwtTokenVerifier;
import spark.Request;
import spark.Response;
import spark.Spark;

/* loaded from: input_file:org/apache/james/webadmin/authentication/JwtFilter.class */
public class JwtFilter implements AuthenticationFilter {
    public static final String AUTHORIZATION_HEADER_PREFIX = "Bearer ";
    public static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    public static final String OPTIONS = "OPTIONS";
    private final JwtTokenVerifier jwtTokenVerifier;

    @Inject
    public JwtFilter(@Named("webadmin") JwtTokenVerifier.Factory factory) {
        this.jwtTokenVerifier = factory.create();
    }

    public void handle(Request request, Response response) throws Exception {
        if (request.requestMethod().equals(OPTIONS)) {
            return;
        }
        Optional<String> map = Optional.ofNullable(request.headers(AUTHORIZATION_HEADER_NAME)).filter(str -> {
            return str.startsWith(AUTHORIZATION_HEADER_PREFIX);
        }).map(str2 -> {
            return str2.substring(AUTHORIZATION_HEADER_PREFIX.length());
        });
        checkHeaderPresent(map);
        checkValidSignature(map);
        checkIsAdmin(map);
        request.attribute(AuthenticationFilter.LOGIN, this.jwtTokenVerifier.extractLogin(map.get()));
    }

    private void checkHeaderPresent(Optional<String> optional) {
        if (optional.isPresent()) {
            return;
        }
        Spark.halt(401, "No Bearer header.");
    }

    private void checkValidSignature(Optional<String> optional) {
        if (this.jwtTokenVerifier.verify(optional.get())) {
            return;
        }
        Spark.halt(401, "Invalid Bearer header.");
    }

    private void checkIsAdmin(Optional<String> optional) {
        if (this.jwtTokenVerifier.hasAttribute("admin", true, optional.get())) {
            return;
        }
        Spark.halt(401, "Non authorized user.");
    }
}
