package io.cassandrareaper.resources.auth;

import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.lang.Strings;
import java.util.Optional;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/cassandrareaper/resources/auth/ShiroJwtVerifyingFilter.class */
public final class ShiroJwtVerifyingFilter extends AccessControlFilter {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ShiroJwtVerifyingFilter.class);

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (null == subject.getPrincipal() || !(subject.isRemembered() || subject.isAuthenticated())) {
            return getJwtUser(servletRequest).isPresent();
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Subject getJwtSubject(Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) {
        return (null == subject.getPrincipal() || !(subject.isRemembered() || subject.isAuthenticated())) ? new WebSubject.Builder(servletRequest, servletResponse).principals(new SimplePrincipalCollection(getJwtUser(servletRequest).get(), "jwtRealm")).buildSubject() : subject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        WebUtils.toHttp(servletResponse).setStatus(403);
        WebUtils.toHttp(servletResponse).setHeader("Content-Type", "text/plain");
        WebUtils.toHttp(servletResponse).getOutputStream().print("Forbidden access. Please login to access this page.");
        WebUtils.toHttp(servletResponse).flushBuffer();
        return false;
    }

    private static Optional<String> getJwtUser(ServletRequest servletRequest) {
        String header = WebUtils.toHttp(servletRequest).getHeader("Authorization");
        if (null != header && header.startsWith("Bearer ")) {
            try {
                String subject = Jwts.parser().setSigningKey(ShiroJwtProvider.SIGNING_KEY).parseClaimsJws(header.substring(header.indexOf(32) + 1)).getBody().getSubject();
                return Strings.hasText(subject) ? Optional.of(subject) : Optional.empty();
            } catch (JwtException | IllegalArgumentException e) {
                LOG.error("Failed validating JWT {} from {}", header, WebUtils.toHttp(servletRequest).getRemoteAddr());
                LOG.debug("exception", e);
            }
        }
        return Optional.empty();
    }
}
