package org.omnifaces.jwt.eesecurity;

import java.lang.annotation.Annotation;
import javax.enterprise.inject.spi.CDI;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;

/* loaded from: input_file:org/omnifaces/jwt/eesecurity/JWTAuthenticationMechanism.class */
public class JWTAuthenticationMechanism implements HttpAuthenticationMechanism {
    @Override // javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        if (httpMessageContext.isProtected()) {
            IdentityStoreHandler identityStoreHandler = (IdentityStoreHandler) CDI.current().select(IdentityStoreHandler.class, new Annotation[0]).get();
            SignedJWTCredential credential = getCredential(httpServletRequest);
            if (credential != null) {
                CredentialValidationResult validate = identityStoreHandler.validate(credential);
                if (validate.getStatus() == CredentialValidationResult.Status.VALID) {
                    httpMessageContext.getClientSubject().getPrincipals().add(validate.getCallerPrincipal());
                }
                return httpMessageContext.notifyContainerAboutLogin(validate);
            }
        }
        return httpMessageContext.doNothing();
    }

    private SignedJWTCredential getCredential(HttpServletRequest httpServletRequest) {
        String substring;
        String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
        if (header == null || !header.startsWith("Bearer ") || (substring = header.substring("Bearer ".length())) == null || substring.isEmpty()) {
            return null;
        }
        return new SignedJWTCredential(substring);
    }
}
