package eu.unicore.services.rest.jwt;

import de.fzj.unicore.wsrflite.Kernel;
import de.fzj.unicore.wsrflite.KernelInjectable;
import de.fzj.unicore.wsrflite.security.util.PubkeyCache;
import eu.unicore.security.AuthenticationException;
import eu.unicore.security.SecurityTokens;
import eu.unicore.security.wsutil.CXFUtils;
import eu.unicore.services.rest.security.IAuthenticator;
import eu.unicore.services.rest.security.jwt.JWTUtils;
import eu.unicore.util.Log;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import org.apache.cxf.message.Message;
import org.apache.log4j.Logger;
import org.json.JSONObject;

/* loaded from: input_file:eu/unicore/services/rest/jwt/JWTAuthenticator.class */
public class JWTAuthenticator implements IAuthenticator, KernelInjectable {
    private static final Logger logger = Log.getLogger("unicore.security", JWTAuthenticator.class);
    private static final Collection<String> s = Collections.singletonList("Bearer");
    private String dnTemplate = "CN=%s, OU=sshkey-local-users";
    private JWTHelper jwt;

    public void setKernel(Kernel kernel) {
        this.jwt = new JWTHelper(new JWTServerProperties(kernel.getContainerProperties().getRawProperties()), kernel.getContainerSecurityConfiguration(), PubkeyCache.get(kernel));
    }

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public final Collection<String> getAuthSchemes() {
        return s;
    }

    @Override // eu.unicore.services.rest.security.IAuthenticator
    public boolean authenticate(Message message, SecurityTokens securityTokens) {
        String bearerToken = CXFUtils.getBearerToken(message);
        if (bearerToken == null) {
            return false;
        }
        try {
            return validate(bearerToken, securityTokens);
        } catch (Exception e) {
            String createFaultMessage = Log.createFaultMessage("JWT token could not be validated.", e);
            logger.warn(createFaultMessage);
            throw new AuthenticationException(createFaultMessage);
        }
    }

    protected boolean validate(String str, SecurityTokens securityTokens) throws Exception {
        try {
            JSONObject payload = JWTUtils.getPayload(str);
            this.jwt.verifyJWTToken(str);
            JSONObject jSONObject = new JSONObject(payload);
            new Date(1000 * Long.valueOf(jSONObject.getString("exp")).longValue()).toString();
            String string = jSONObject.getString("sub");
            if (!string.equals(jSONObject.getString("iss"))) {
                throw new IllegalStateException("Subject and issuer do not match.");
            }
            securityTokens.setUserName(string);
            securityTokens.setConsignorTrusted(true);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public void setDNTemplate(String str) {
        this.dnTemplate = str;
    }

    public String toString() {
        return "JWT";
    }
}
