package org.wso2.carbon.device.mgt.input.adapter.http.jwt;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jwt.SignedJWT;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import org.apache.axiom.util.base64.Base64Utils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.device.mgt.input.adapter.http.internal.InputAdapterServiceDataHolder;
import org.wso2.carbon.device.mgt.input.adapter.http.util.AuthenticationInfo;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/device/mgt/input/adapter/http/jwt/JWTAuthenticator.class */
public class JWTAuthenticator {
    private static final Log log = LogFactory.getLog(JWTAuthenticator.class);
    public static final String SIGNED_JWT_AUTH_USERNAME = "Username";
    private static final String JWT_ASSERTION_HEADER = "X-JWT-Assertion";

    public boolean isJWTHeaderExist(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(JWT_ASSERTION_HEADER);
        return (header == null || header.isEmpty()) ? false : true;
    }

    public AuthenticationInfo authenticate(HttpServletRequest httpServletRequest) {
        AuthenticationInfo authenticationInfo = new AuthenticationInfo();
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(-1234);
        try {
            keyStoreManager.getDefaultPrimaryCertificate();
            String decodeAuthorizationHeader = decodeAuthorizationHeader(httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION));
            RSASSAVerifier rSASSAVerifier = new RSASSAVerifier((RSAPublicKey) keyStoreManager.getDefaultPublicKey());
            SignedJWT parse = SignedJWT.parse(decodeAuthorizationHeader);
            if (parse.verify(rSASSAVerifier)) {
                String stringClaim = parse.getJWTClaimsSet().getStringClaim(SIGNED_JWT_AUTH_USERNAME);
                String tenantDomain = MultitenantUtils.getTenantDomain(stringClaim);
                String tenantAwareUsername = MultitenantUtils.getTenantAwareUsername(stringClaim);
                int tenantId = InputAdapterServiceDataHolder.getRealmService().getTenantManager().getTenantId(tenantDomain);
                if (tenantId == -1) {
                    log.error("tenantDomain is not valid. username : " + tenantAwareUsername + ", tenantDomain : " + tenantDomain);
                } else if (InputAdapterServiceDataHolder.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager().isExistingUser(tenantAwareUsername)) {
                    authenticationInfo.setTenantId(tenantId);
                    authenticationInfo.setUsername(tenantAwareUsername);
                    authenticationInfo.setTenantDomain(tenantDomain);
                    authenticationInfo.setAuthenticated(true);
                }
            }
        } catch (ParseException e) {
            log.error("Error occurred while parsing the JWT header.", e);
        } catch (UserStoreException e2) {
            log.error("Error occurred while obtaining the user.", e2);
        } catch (Exception e3) {
            log.error("Error occurred while verifying the JWT header.", e3);
        } catch (JOSEException e4) {
            log.error("Error occurred while verifying the JWT header.", e4);
        }
        return authenticationInfo;
    }

    private String decodeAuthorizationHeader(String str) {
        if (str == null) {
            return null;
        }
        byte[] decode = Base64Utils.decode(str.trim().split(" ")[1].trim());
        if (decode != null) {
            return new String(decode);
        }
        if (!log.isDebugEnabled()) {
            return null;
        }
        log.debug("Error decoding authorization header.");
        return null;
    }
}
