package org.apache.nifi.web.security.jwt;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/NiFiBearerTokenResolver.class */
public class NiFiBearerTokenResolver implements BearerTokenResolver {
    private static final Logger logger = LoggerFactory.getLogger(NiFiBearerTokenResolver.class);
    private static final Pattern BEARER_HEADER_PATTERN = Pattern.compile("^Bearer (\\S*\\.\\S*\\.\\S*){1}$");
    private static final Pattern JWT_PATTERN = Pattern.compile("^(\\S*\\.\\S*\\.\\S*)$");
    public static final String AUTHORIZATION = "Authorization";
    public static final String JWT_COOKIE_NAME = "__Host-Authorization-Bearer";

    @Override // org.apache.nifi.web.security.jwt.BearerTokenResolver
    public String resolve(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        Cookie cookie = WebUtils.getCookie(httpServletRequest, JWT_COOKIE_NAME);
        if (StringUtils.isNotBlank(header) && validAuthorizationHeaderFormat(header)) {
            return getTokenFromHeader(header);
        }
        if (cookie != null && validJwtFormat(cookie.getValue())) {
            return cookie.getValue();
        }
        logger.debug("Authorization header was not present or not in a valid format.");
        return null;
    }

    private boolean validAuthorizationHeaderFormat(String str) {
        return BEARER_HEADER_PATTERN.matcher(str).matches();
    }

    private boolean validJwtFormat(String str) {
        return JWT_PATTERN.matcher(str).matches();
    }

    private String getTokenFromHeader(String str) {
        Matcher matcher = BEARER_HEADER_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        throw new InvalidAuthenticationException("JWT did not match expected pattern.");
    }
}
