package org.entur.jwt.spring.camel;

import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
import org.entur.jwt.jwk.JwksException;
import org.entur.jwt.jwk.JwksServiceException;
import org.entur.jwt.spring.filter.JwtAuthenticationServiceUnavailableException;
import org.entur.jwt.spring.filter.JwtAuthenticationToken;
import org.entur.jwt.spring.filter.JwtAuthorityMapper;
import org.entur.jwt.verifier.JwtClaimExtractor;
import org.entur.jwt.verifier.JwtException;
import org.entur.jwt.verifier.JwtServiceException;
import org.entur.jwt.verifier.JwtVerifier;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:org/entur/jwt/spring/camel/DefaultJwtAuthenticationProcessor.class */
public class DefaultJwtAuthenticationProcessor implements JwtAuthenticationProcessor {
    private static Authentication anonymous = new AnonymousAuthenticationToken("anonymous", "anonymous", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));
    public static final String AUTHORIZATION = "Authorization";
    private final JwtVerifier verifier;
    private final JwtAuthorityMapper authorityMapper;
    private final JwtClaimExtractor extractor;

    public <T> DefaultJwtAuthenticationProcessor(JwtVerifier<T> jwtVerifier, JwtAuthorityMapper<T> jwtAuthorityMapper, JwtClaimExtractor<T> jwtClaimExtractor) {
        this.verifier = jwtVerifier;
        this.authorityMapper = jwtAuthorityMapper;
        this.extractor = jwtClaimExtractor;
    }

    @Override // org.entur.jwt.spring.camel.JwtAuthenticationProcessor
    public void process(Exchange exchange) {
        Authentication authentication;
        Message in = exchange.getIn();
        if (in.getHeader("CamelAuthentication") == null) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) in.getBody(HttpServletRequest.class);
            if (httpServletRequest != null) {
                String header = httpServletRequest.getHeader(AUTHORIZATION);
                if (header != null) {
                    try {
                        Object verify = this.verifier.verify(header);
                        if (verify == null) {
                            throw new BadCredentialsException("Unknown issuer");
                        }
                        authentication = new JwtAuthenticationToken(this.extractor.getClaims(verify), header, this.authorityMapper.getGrantedAuthorities(verify));
                    } catch (JwtException | JwksException e) {
                        throw new BadCredentialsException("Problem verifying token", e);
                    } catch (JwksServiceException | JwtServiceException e2) {
                        throw new JwtAuthenticationServiceUnavailableException("Unable to process token", e2);
                    }
                } else {
                    authentication = anonymous;
                }
            } else {
                authentication = anonymous;
            }
            Subject subject = new Subject();
            subject.getPrincipals().add(authentication);
            in.setHeader("CamelAuthentication", subject);
        }
    }
}
