package org.apache.nifi.web.security.jwt;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
    public static final String AUTHORIZATION = "Authorization";
    private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    private static final Pattern tokenPattern = Pattern.compile("^Bearer (\\S*\\.\\S*\\.\\S*)$");

    @Override // org.apache.nifi.web.security.NiFiAuthenticationFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest) {
        String header;
        if (httpServletRequest.isSecure() && (header = httpServletRequest.getHeader("Authorization")) != null && validJwtFormat(header)) {
            return new JwtAuthenticationRequestToken(getTokenFromHeader(header), httpServletRequest.getRemoteAddr());
        }
        return null;
    }

    private boolean validJwtFormat(String str) {
        return tokenPattern.matcher(str).matches();
    }

    private String getTokenFromHeader(String str) {
        Matcher matcher = tokenPattern.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        throw new InvalidAuthenticationException("JWT did not match expected pattern.");
    }
}
