package com.atlassian.jwt.server.servlet;

import com.atlassian.jwt.Jwt;
import com.atlassian.jwt.core.JwtUtil;
import com.atlassian.jwt.core.reader.JwtClaimVerifiersBuilder;
import com.atlassian.jwt.core.reader.NimbusJwtReaderFactory;
import com.atlassian.jwt.httpclient.CanonicalHttpServletRequest;
import com.atlassian.jwt.reader.JwtReaderFactory;
import com.atlassian.jwt.server.RequestCache;
import com.atlassian.jwt.server.SecretStore;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jwt/server/servlet/JwtVerificationServlet.class */
public class JwtVerificationServlet extends HttpServlet {
    public static final String PATH = "/verify";
    private static final Logger log = LoggerFactory.getLogger(JwtVerificationServlet.class);
    private final JwtReaderFactory readerFactory;
    private final SecretStore secretStore;
    private final RequestCache requestCache;

    public JwtVerificationServlet(SecretStore secretStore, RequestCache requestCache) {
        this.secretStore = secretStore;
        this.requestCache = requestCache;
        TrivialJwtPeerSharedSecretService trivialJwtPeerSharedSecretService = new TrivialJwtPeerSharedSecretService(secretStore);
        this.readerFactory = new NimbusJwtReaderFactory(trivialJwtPeerSharedSecretService, trivialJwtPeerSharedSecretService);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String extractJwt = JwtUtil.extractJwt(httpServletRequest);
        if (extractJwt == null) {
            httpServletResponse.sendError(400, "No JWT found in request.");
            return;
        }
        if (this.secretStore.getSecret() == null) {
            throw new IllegalStateException("Shared secret not initialized!");
        }
        try {
            Jwt readAndVerify = this.readerFactory.getReader(extractJwt).readAndVerify(extractJwt, JwtClaimVerifiersBuilder.build(new CanonicalHttpServletRequest(httpServletRequest)));
            this.requestCache.setMostRecentPayload(readAndVerify.getJsonPayload());
            httpServletResponse.setStatus(200);
            httpServletResponse.getWriter().write(readAndVerify.getJsonPayload());
        } catch (Exception e) {
            handleJwtException(httpServletResponse, e);
        }
    }

    private void handleJwtException(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        httpServletResponse.sendError(400, "Failed to verify JWT.");
        log.error("Failed to verify JWT.", exc);
    }
}
