package org.apache.ranger.authz.handler.jwt;

import com.nimbusds.jose.proc.JWSKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import javax.servlet.ServletRequest;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.ranger.authz.handler.RangerAuth;

/* loaded from: input_file:org/apache/ranger/authz/handler/jwt/RangerDefaultJwtAuthHandler.class */
public class RangerDefaultJwtAuthHandler extends RangerJwtAuthHandler {
    protected static final String AUTHORIZATION_HEADER = "Authorization";
    protected static final String DO_AS_PARAMETER = "doAs";

    @Override // org.apache.ranger.authz.handler.jwt.RangerJwtAuthHandler
    public ConfigurableJWTProcessor<SecurityContext> getJwtProcessor(JWSKeySelector<SecurityContext> jWSKeySelector) {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        DefaultJWTClaimsVerifier defaultJWTClaimsVerifier = new DefaultJWTClaimsVerifier();
        defaultJWTProcessor.setJWSKeySelector(jWSKeySelector);
        defaultJWTProcessor.setJWTClaimsSetVerifier(defaultJWTClaimsVerifier);
        return defaultJWTProcessor;
    }

    @Override // org.apache.ranger.authz.handler.RangerAuthHandler
    public RangerAuth authenticate(HttpServletRequest httpServletRequest) {
        RangerAuth rangerAuth = null;
        String jwtAuthHeader = getJwtAuthHeader(httpServletRequest);
        AuthenticationToken authenticate = authenticate(jwtAuthHeader, StringUtils.isBlank(jwtAuthHeader) ? getJwtCookie(httpServletRequest) : null, httpServletRequest.getParameter(DO_AS_PARAMETER));
        if (authenticate != null) {
            rangerAuth = new RangerAuth(authenticate, RangerAuth.AUTH_TYPE.JWT_JWKS);
        }
        return rangerAuth;
    }

    public static boolean canAuthenticateRequest(ServletRequest servletRequest) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String jwtAuthHeader = getJwtAuthHeader(httpServletRequest);
        return shouldProceedAuth(jwtAuthHeader, StringUtils.isBlank(jwtAuthHeader) ? getJwtCookie(httpServletRequest) : null);
    }

    public static String getJwtAuthHeader(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(AUTHORIZATION_HEADER);
    }

    public static String getJwtCookie(HttpServletRequest httpServletRequest) {
        String str = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookieName.equals(cookie.getName())) {
                    str = cookie.getName() + "=" + cookie.getValue();
                    break;
                }
                i++;
            }
        }
        return str;
    }
}
