package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.IOException;
import java.util.logging.Logger;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.common.security.SimpleSecurityContext;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.JoseConstants;
import org.apache.cxf.rs.security.jose.JoseException;
import org.apache.cxf.rs.security.jose.JoseUtils;
import org.apache.cxf.rs.security.jose.jwt.AbstractJoseJwtConsumer;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.security.SecurityContext;

@Priority(1000)
@PreMatching
/* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends AbstractJoseJwtConsumer implements ContainerRequestFilter {
    protected static final Logger LOG = LogUtils.getL7dLogger(JwtAuthenticationFilter.class);
    private boolean jweOnly;

    /* loaded from: input_file:org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationFilter$JwtPrincipal.class */
    public static class JwtPrincipal extends SimplePrincipal {
        private JwtToken jwt;

        public JwtPrincipal(JwtToken jwtToken) {
            super(jwtToken.getClaims().getSubject());
            this.jwt = jwtToken;
        }

        public JwtToken getJwt() {
            return this.jwt;
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        String[] split = headerString == null ? null : headerString.split(" ");
        if (split == null || !JoseConstants.TYPE_JWT.equals(split[0]) || split.length != 2) {
            throw new JoseException("JWT scheme is expected");
        }
        JwtToken jwtToken = super.getJwtToken(split[1], this.jweOnly);
        JoseUtils.setMessageContextProperty(jwtToken.getHeaders());
        JAXRSUtils.getCurrentMessage().put(SecurityContext.class, new SimpleSecurityContext(new JwtPrincipal(jwtToken)));
    }

    public void setJweOnly(boolean z) {
        this.jweOnly = z;
    }
}
