package io.cassandrareaper.resources.auth;

import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.lang.Strings;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/cassandrareaper/resources/auth/ShiroJwtVerifyingFilter.class */
public final class ShiroJwtVerifyingFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ShiroJwtVerifyingFilter.class);

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        if (null != getSubject(servletRequest, servletResponse).getPrincipal() && (getSubject(servletRequest, servletResponse).isRemembered() || getSubject(servletRequest, servletResponse).isAuthenticated())) {
            return true;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Authorization");
        if (null == header || !header.startsWith("Bearer ")) {
            return false;
        }
        try {
            header = header.substring(header.indexOf(32) + 1);
            return Strings.hasText(Jwts.parser().setSigningKey(ShiroJwtProvider.SIGNING_KEY).parseClaimsJws(header).getBody().getSubject());
        } catch (JwtException | IllegalArgumentException e) {
            LOG.error("Failed validating JWT {} from {}", header, httpServletRequest.getRemoteAddr());
            LOG.debug("exception", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        ((HttpServletResponse) servletResponse).setStatus(403);
        return false;
    }
}
