package org.mitre.openid.connect.assertion;

import com.google.common.base.Strings;
import com.nimbusds.jwt.JWT;
import com.nimbusds.jwt.JWTParser;
import java.io.IOException;
import java.text.ParseException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;

/* loaded from: input_file:WEB-INF/classes/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.class */
public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentialsTokenEndpointFilter {
    public JwtBearerClientAssertionTokenEndpointFilter() {
    }

    public JwtBearerClientAssertionTokenEndpointFilter(String str) {
        super(str);
    }

    @Override // org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter, org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        httpServletRequest.getParameter("client_assertion_type");
        String parameter = httpServletRequest.getParameter("client_assertion");
        try {
            JWT parse = JWTParser.parse(parameter);
            return getAuthenticationManager().authenticate(new JwtBearerAssertionAuthenticationToken(parse.getJWTClaimsSet().getSubject(), parse));
        } catch (ParseException e) {
            throw new BadCredentialsException("Invalid JWT credential: " + parameter);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter, org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("client_assertion_type");
        String parameter2 = httpServletRequest.getParameter("client_assertion");
        if (Strings.isNullOrEmpty(parameter) || Strings.isNullOrEmpty(parameter2) || !parameter.equals("urn:ietf:params:oauth:client-assertion-type:jwt-bearer")) {
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        return "".equals(httpServletRequest.getContextPath()) ? requestURI.endsWith(getFilterProcessesUrl()) : requestURI.endsWith(httpServletRequest.getContextPath() + getFilterProcessesUrl());
    }
}
