package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import org.apache.cxf.common.util.Base64UrlUtility;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.jose.common.JoseException;
import org.apache.cxf.rs.security.jose.jwe.JweHeaders;
import org.apache.cxf.rs.security.jose.jwt.JoseJwtProducer;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rt.security.crypto.CryptoUtils;

@Priority(1000)
/* loaded from: input_file:lib/cxf-rt-rs-security-jose-jaxrs-3.3.8.jar:org/apache/cxf/rs/security/jose/jaxrs/JwtAuthenticationClientFilter.class */
public class JwtAuthenticationClientFilter extends JoseJwtProducer implements ClientRequestFilter {
    private static final String DEFAULT_AUTH_SCHEME = "JWT";
    private String authScheme = "JWT";

    @Override // javax.ws.rs.client.ClientRequestFilter
    public void filter(ClientRequestContext clientRequestContext) throws IOException {
        AuthorizationPolicy authorizationPolicy;
        JwtToken jwtToken = getJwtToken(clientRequestContext);
        if (jwtToken == null && super.isJweRequired() && (authorizationPolicy = (AuthorizationPolicy) JAXRSUtils.getCurrentMessage().getExchange().getEndpoint().getEndpointInfo().getExtensor(AuthorizationPolicy.class)) != null && authorizationPolicy.getUserName() != null) {
            JwtClaims jwtClaims = new JwtClaims();
            jwtClaims.setSubject(authorizationPolicy.getUserName());
            jwtClaims.setClaim("password", authorizationPolicy.getPassword());
            jwtClaims.setIssuedAt(Long.valueOf(System.currentTimeMillis() / 1000));
            jwtToken = new JwtToken(new JweHeaders(), jwtClaims);
        }
        if (jwtToken == null) {
            throw new JoseException("JWT token is not available");
        }
        clientRequestContext.getHeaders().putSingle("Authorization", this.authScheme + " " + super.processJwt(jwtToken));
    }

    protected JwtToken getJwtToken(ClientRequestContext clientRequestContext) {
        JwtToken jwtToken = (JwtToken) clientRequestContext.getProperty(JwtConstants.JWT_TOKEN);
        if (jwtToken == null) {
            jwtToken = (JwtToken) PhaseInterceptorChain.getCurrentMessage().getContextualProperty(JwtConstants.JWT_TOKEN);
        }
        if (jwtToken != null) {
            return jwtToken;
        }
        JwtClaims jwtClaims = (JwtClaims) clientRequestContext.getProperty(JwtConstants.JWT_CLAIMS);
        if (jwtClaims == null) {
            jwtClaims = (JwtClaims) PhaseInterceptorChain.getCurrentMessage().getContextualProperty(JwtConstants.JWT_CLAIMS);
        }
        if (jwtClaims != null) {
            jwtToken = new JwtToken(jwtClaims);
        }
        return jwtToken;
    }

    protected String getContextPropertyValue() {
        return Base64UrlUtility.encode(CryptoUtils.generateSecureRandomBytes(16));
    }

    public void setAuthScheme(String str) {
        this.authScheme = str;
    }
}
