package org.apache.nifi.web.security.jwt;

import io.jsonwebtoken.JwtException;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
import org.apache.nifi.web.security.token.NiFiAuthortizationRequestToken;
import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    public static final String AUTHORIZATION = "Authorization";
    private JwtService jwtService;

    @Override // org.apache.nifi.web.security.NiFiAuthenticationFilter
    public NiFiAuthortizationRequestToken attemptAuthentication(HttpServletRequest httpServletRequest) {
        String header;
        if (!httpServletRequest.isSecure() || (header = httpServletRequest.getHeader(AUTHORIZATION)) == null) {
            return null;
        }
        if (this.jwtService == null) {
            throw new InvalidAuthenticationException("NiFi is not configured to support username/password logins.");
        }
        try {
            String authenticationFromToken = this.jwtService.getAuthenticationFromToken(StringUtils.substringAfterLast(header, " "));
            return isNewAccountRequest(httpServletRequest) ? new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(authenticationFromToken), getJustification(httpServletRequest))) : new NiFiAuthortizationRequestToken(Arrays.asList(authenticationFromToken));
        } catch (JwtException e) {
            throw new InvalidAuthenticationException(e.getMessage(), e);
        }
    }

    public void setJwtService(JwtService jwtService) {
        this.jwtService = jwtService;
    }
}
