package org.wso2.msf4j.security;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.Date;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.msf4j.Request;
import org.wso2.msf4j.Response;
import org.wso2.msf4j.interceptor.RequestInterceptor;
import org.wso2.msf4j.util.SystemVariableUtil;

/* loaded from: input_file:org/wso2/msf4j/security/JWTSecurityInterceptor.class */
public class JWTSecurityInterceptor implements RequestInterceptor {
    private static final String JWT_HEADER = "X-JWT-Assertion";
    private static final String AUTH_TYPE_JWT = "JWT";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JWTSecurityInterceptor.class);
    private static final String KEYSTORE = SystemVariableUtil.getValue("PETSTORE_KEYSTORE", "wso2carbon.jks");
    private static final String ALIAS = SystemVariableUtil.getValue("PETSTORE_KEY_ALIAS", "wso2carbon");
    private static final String KEYSTORE_PASSWORD = SystemVariableUtil.getValue("PETSTORE_KEYSTORE_PASS", "wso2carbon");

    @Override // org.wso2.msf4j.interceptor.RequestInterceptor
    public boolean interceptRequest(Request request, Response response) throws Exception {
        log.info("Authentication precall");
        String header = request.getHeader(JWT_HEADER);
        if (header != null && verifySignature(header)) {
            return true;
        }
        response.setHeader("WWW-Authenticate", AUTH_TYPE_JWT);
        response.setStatus(Response.Status.UNAUTHORIZED.getStatusCode());
        return false;
    }

    private boolean verifySignature(String str) {
        try {
            SignedJWT parse = SignedJWT.parse(str);
            if (new Date().before(parse.getJWTClaimsSet().getExpirationTime())) {
                return parse.verify(new RSASSAVerifier((RSAPublicKey) getPublicKey(KEYSTORE, KEYSTORE_PASSWORD, ALIAS)));
            }
            log.info("Token has expired");
            return false;
        } catch (JOSEException | IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | ParseException e) {
            log.error("Error occurred while JWT signature verification. JWT=" + str, e);
            return false;
        }
    }

    private PublicKey getPublicKey(String str, String str2, String str3) throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
        Throwable th = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(resourceAsStream, str2.toCharArray());
                if (keyStore.getKey(str3, str2.toCharArray()) instanceof PrivateKey) {
                    PublicKey publicKey = keyStore.getCertificate(str3).getPublicKey();
                    if (resourceAsStream != null) {
                        if (0 != 0) {
                            try {
                                resourceAsStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            resourceAsStream.close();
                        }
                    }
                    return publicKey;
                }
                if (resourceAsStream == null) {
                    return null;
                }
                if (0 == 0) {
                    resourceAsStream.close();
                    return null;
                }
                try {
                    resourceAsStream.close();
                    return null;
                } catch (Throwable th3) {
                    th.addSuppressed(th3);
                    return null;
                }
            } catch (Throwable th4) {
                th = th4;
                throw th4;
            }
        } catch (Throwable th5) {
            if (resourceAsStream != null) {
                if (th != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
            throw th5;
        }
    }
}
