package com.manydesigns.portofino.shiro;

import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.PathMatchingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/shiro/JWTFilter.class */
public class JWTFilter extends PathMatchingFilter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JWTFilter.class);

    @Override // org.apache.shiro.web.filter.PathMatchingFilter
    protected boolean onPreHandle(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String jSONWebToken = getJSONWebToken(http);
        if (jSONWebToken == null) {
            logger.debug("JWT not found, proceeding with the request");
            return true;
        }
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            subject.logout();
        }
        try {
            subject.login(new JSONWebToken(jSONWebToken));
            return true;
        } catch (AuthenticationException e) {
            logger.warn("Failed JWT authentication to " + http.getRequestURL(), (Throwable) e);
            WebUtils.toHttp(servletResponse).setStatus(401);
            return false;
        }
    }

    @Nullable
    public static String getJSONWebToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.startsWith("Bearer ")) {
            header = header.substring("Bearer ".length());
        }
        return header;
    }
}
