package org.apache.camel.component.grpc.auth.jwt;

import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.exceptions.JWTCreationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.grpc.Context;
import io.grpc.Contexts;
import io.grpc.Metadata;
import io.grpc.ServerCall;
import io.grpc.ServerCallHandler;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import org.apache.camel.component.grpc.GrpcConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/camel/component/grpc/auth/jwt/JwtServerInterceptor.class */
public class JwtServerInterceptor implements ServerInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger(JwtServerInterceptor.class);
    private static final ServerCall.Listener NOOP_LISTENER = new ServerCall.Listener() { // from class: org.apache.camel.component.grpc.auth.jwt.JwtServerInterceptor.1
    };
    private final JWTVerifier verifier;

    public JwtServerInterceptor(JwtAlgorithm jwtAlgorithm, String str, String str2, String str3) {
        this.verifier = prepareJwtVerifier(jwtAlgorithm, str, str2, str3);
    }

    public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall(ServerCall<ReqT, RespT> serverCall, Metadata metadata, ServerCallHandler<ReqT, RespT> serverCallHandler) {
        String str = (String) metadata.get(GrpcConstants.GRPC_JWT_METADATA_KEY);
        if (str == null) {
            serverCall.close(Status.UNAUTHENTICATED.withDescription("JWT Token is missing from metadata"), metadata);
            return NOOP_LISTENER;
        }
        try {
            DecodedJWT verify = this.verifier.verify(str);
            return Contexts.interceptCall(Context.current().withValue(GrpcConstants.GRPC_JWT_USER_ID_CTX_KEY, verify.getSubject() == null ? "anonymous" : verify.getSubject()).withValue(GrpcConstants.GRPC_JWT_CTX_KEY, str), serverCall, metadata, serverCallHandler);
        } catch (Exception e) {
            LOG.debug("JWT token verification failed - Unauthenticated");
            serverCall.close(Status.UNAUTHENTICATED.withDescription(e.getMessage()).withCause(e), metadata);
            return NOOP_LISTENER;
        }
    }

    public static JWTVerifier prepareJwtVerifier(JwtAlgorithm jwtAlgorithm, String str, String str2, String str3) {
        try {
            return JWT.require(JwtHelper.selectAlgorithm(jwtAlgorithm, str)).withIssuer(str2).withSubject(str3).build();
        } catch (JWTCreationException e) {
            throw new IllegalArgumentException("Unable to create JWT verifier", e);
        }
    }
}
