package org.apache.knox.gateway.provider.federation.jwt.filter;

import java.io.IOException;
import java.text.ParseException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.knox.gateway.services.security.token.impl.JWTToken;
import org.apache.knox.gateway.util.CertificateUtils;

/* loaded from: input_file:org/apache/knox/gateway/provider/federation/jwt/filter/JWTFederationFilter.class */
public class JWTFederationFilter extends AbstractJWTFilter {
    public static final String KNOX_TOKEN_AUDIENCES = "knox.token.audiences";
    public static final String TOKEN_VERIFICATION_PEM = "knox.token.verification.pem";
    private static final String KNOX_TOKEN_QUERY_PARAM_NAME = "knox.token.query.param.name";
    public static final String TOKEN_PRINCIPAL_CLAIM = "knox.token.principal.claim";
    public static final String JWKS_URL = "knox.token.jwks.url";
    private static final String BEARER = "Bearer ";
    private String paramName = "knoxtoken";

    @Override // org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        String initParameter = filterConfig.getInitParameter(KNOX_TOKEN_AUDIENCES);
        if (initParameter != null) {
            this.audiences = parseExpectedAudiences(initParameter);
        }
        String initParameter2 = filterConfig.getInitParameter(KNOX_TOKEN_QUERY_PARAM_NAME);
        if (initParameter2 != null) {
            this.paramName = initParameter2;
        }
        String initParameter3 = filterConfig.getInitParameter(JWKS_URL);
        if (initParameter3 != null) {
            this.expectedJWKSUrl = initParameter3;
        }
        String initParameter4 = filterConfig.getInitParameter(TOKEN_PRINCIPAL_CLAIM);
        if (initParameter4 != null) {
            this.expectedPrincipalClaim = initParameter4;
        }
        String initParameter5 = filterConfig.getInitParameter(TOKEN_VERIFICATION_PEM);
        if (initParameter5 != null) {
            this.publicKey = CertificateUtils.parseRSAPublicKey(initParameter5);
        }
        configureExpectedParameters(filterConfig);
    }

    public void destroy() {
    }

    @Override // org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        String parameter = (header == null || !header.startsWith(BEARER)) ? servletRequest.getParameter(this.paramName) : header.substring(BEARER.length());
        if (parameter == null) {
            ((HttpServletResponse) servletResponse).sendError(401);
            return;
        }
        try {
            JWTToken jWTToken = new JWTToken(parameter);
            if (validateToken((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain, jWTToken)) {
                continueWithEstablishedSecurityContext(createSubjectFromToken(jWTToken), (HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
            }
        } catch (ParseException e) {
            ((HttpServletResponse) servletResponse).sendError(401);
        }
    }

    @Override // org.apache.knox.gateway.provider.federation.jwt.filter.AbstractJWTFilter
    protected void handleValidationError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        if (str != null) {
            httpServletResponse.sendError(i, str);
        } else {
            httpServletResponse.sendError(i);
        }
    }
}
