package io.avaje.oauth2.helidon.jwtfilter;

import io.avaje.oauth2.core.data.AccessToken;
import io.avaje.oauth2.core.jwt.JwtVerifier;
import io.helidon.common.context.Context;
import io.helidon.http.HeaderNames;
import io.helidon.http.UnauthorizedException;
import io.helidon.webserver.http.FilterChain;
import io.helidon.webserver.http.RoutingRequest;
import io.helidon.webserver.http.RoutingResponse;
import java.security.Principal;
import java.util.List;

/* loaded from: input_file:io/avaje/oauth2/helidon/jwtfilter/AuthFilter.class */
final class AuthFilter implements JwtAuthFilter {
    private static final String BEARER_ = "Bearer ";
    private static final int BEARER_LENGTH = BEARER_.length();
    private final JwtVerifier verifier;
    private final String[] allowedPaths;

    /* loaded from: input_file:io/avaje/oauth2/helidon/jwtfilter/AuthFilter$TokenPrincipal.class */
    private static final class TokenPrincipal implements Principal {
        private final String name;

        TokenPrincipal(String str) {
            this.name = str;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.name;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthFilter(JwtVerifier jwtVerifier, List<String> list) {
        this.verifier = jwtVerifier;
        this.allowedPaths = (String[]) list.toArray(new String[0]);
    }

    public void filter(FilterChain filterChain, RoutingRequest routingRequest, RoutingResponse routingResponse) {
        String str = (String) routingRequest.headers().first(HeaderNames.AUTHORIZATION).orElse("");
        if (str.startsWith(BEARER_)) {
            AccessToken verifyAccessToken = this.verifier.verifyAccessToken(str.substring(BEARER_LENGTH));
            Context context = routingRequest.context();
            context.register("security.principal", new TokenPrincipal(verifyAccessToken.clientId()));
            context.register("security.roles", verifyAccessToken.scope());
            filterChain.proceed();
            return;
        }
        String path = routingRequest.path().path();
        for (String str2 : this.allowedPaths) {
            if (path.startsWith(str2)) {
                filterChain.proceed();
                return;
            }
        }
        throw new UnauthorizedException("Unauthorized");
    }
}
