package org.mockserver.authentication.jwt;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import io.netty.handler.codec.http.HttpHeaderNames;
import java.io.File;
import java.net.URL;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.mockserver.authentication.AuthenticationException;
import org.mockserver.authentication.AuthenticationHandler;
import org.mockserver.file.FilePath;
import org.mockserver.log.model.LogEntry;
import org.mockserver.logging.MockServerLogger;
import org.mockserver.model.HttpRequest;
import org.mockserver.url.URLParser;
import org.slf4j.event.Level;

/* loaded from: input_file:BOOT-INF/lib/mockserver-core-5.14.0.jar:org/mockserver/authentication/jwt/JWTAuthenticationHandler.class */
public class JWTAuthenticationHandler implements AuthenticationHandler {
    private final MockServerLogger mockServerLogger;
    private Throwable jwtValidatorInitialisationException;
    private JWTValidator jwtValidator;

    public JWTAuthenticationHandler(MockServerLogger mockServerLogger, String str) {
        this.mockServerLogger = mockServerLogger;
        try {
            if (URLParser.isFullUrl(str)) {
                this.jwtValidator = new JWTValidator(new RemoteJWKSet(new URL(str)));
            } else {
                this.jwtValidator = new JWTValidator(new ImmutableJWKSet(JWKSet.load(new File(FilePath.absolutePathFromClassPathOrPath(str)))));
            }
        } catch (Throwable th) {
            mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setMessageFormat("exception building JWT validator for:{}").setArguments(str).setThrowable(th));
            this.jwtValidatorInitialisationException = th;
        }
    }

    public JWTAuthenticationHandler withExpectedAudience(String str) {
        this.jwtValidator.withExpectedAudience(str);
        return this;
    }

    public JWTAuthenticationHandler withMatchingClaims(Map<String, String> map) {
        this.jwtValidator.withMatchingClaims(map);
        return this;
    }

    public JWTAuthenticationHandler withRequiredClaims(Set<String> set) {
        this.jwtValidator.withRequiredClaims(set);
        return this;
    }

    @Override // org.mockserver.authentication.AuthenticationHandler
    public boolean controlPlaneRequestAuthenticated(HttpRequest httpRequest) {
        if (this.jwtValidator == null) {
            this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setHttpRequest(httpRequest).setMessageFormat("JWT control plane request failed authentication because JWT validator is not initialised:{}").setArguments(httpRequest).setThrowable(this.jwtValidatorInitialisationException));
            return false;
        }
        List<String> header = httpRequest.getHeader(HttpHeaderNames.AUTHORIZATION.toString());
        if (header.isEmpty()) {
            logAuthorisationFailure(httpRequest, "no authorization header found");
        }
        for (String str : header) {
            int indexOf = str.indexOf(32);
            if (indexOf <= 0) {
                logAuthorisationFailure(httpRequest, "authorization header is invalid format");
            } else {
                String substring = str.substring(0, indexOf);
                if (StringUtils.isBlank(substring)) {
                    logAuthorisationFailure(httpRequest, "authorization type must be specified for authorization header");
                } else {
                    if ("Bearer".equalsIgnoreCase(substring)) {
                        this.jwtValidator.validate(str.substring(indexOf + 1));
                        return true;
                    }
                    logAuthorisationFailure(httpRequest, "only \"Bearer\" supported for authorization header");
                }
            }
        }
        return false;
    }

    private void logAuthorisationFailure(HttpRequest httpRequest, String str) {
        this.mockServerLogger.logEvent(new LogEntry().setLogLevel(Level.ERROR).setHttpRequest(httpRequest).setMessageFormat("JWT control plane request failed:{}for request:{}").setArguments(str, httpRequest));
        throw new AuthenticationException(str);
    }
}
