package org.apache.knox.gateway.provider.federation.jwt.filter;

import java.io.IOException;
import java.security.AccessController;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.knox.gateway.filter.security.AbstractIdentityAssertionFilter;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.registry.ServiceRegistry;
import org.apache.knox.gateway.services.security.token.JWTokenAttributesBuilder;
import org.apache.knox.gateway.services.security.token.JWTokenAuthority;
import org.apache.knox.gateway.services.security.token.TokenServiceException;
import org.apache.knox.gateway.services.security.token.impl.JWT;
import org.apache.knox.gateway.util.JsonUtils;

/* loaded from: input_file:org/apache/knox/gateway/provider/federation/jwt/filter/JWTAuthCodeAssertionFilter.class */
public class JWTAuthCodeAssertionFilter extends AbstractIdentityAssertionFilter {
    private JWTokenAuthority authority;
    private ServiceRegistry sr;
    private String tokenIssuer;

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        if (filterConfig.getInitParameter("validity") == null) {
        }
        GatewayServices gatewayServices = (GatewayServices) filterConfig.getServletContext().getAttribute("org.apache.knox.gateway.gateway.services");
        this.authority = (JWTokenAuthority) gatewayServices.getService(ServiceType.TOKEN_SERVICE);
        this.sr = (ServiceRegistry) gatewayServices.getService(ServiceType.SERVICE_REGISTRY_SERVICE);
        this.tokenIssuer = StringUtils.isBlank(filterConfig.getInitParameter(JWTAccessTokenAssertionFilter.ISSUER)) ? AbstractJWTFilter.JWT_DEFAULT_ISSUER : filterConfig.getInitParameter(JWTAccessTokenAssertionFilter.ISSUER);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException {
        try {
            JWT issueToken = this.authority.issueToken(new JWTokenAttributesBuilder().setIssuer(this.tokenIssuer).setUserName(this.mapper.mapUserPrincipal(getPrincipalName(Subject.getSubject(AccessController.getContext())))).setAlgorithm(this.signatureAlgorithm).build());
            String str = null;
            if (this.sr != null) {
                str = this.sr.lookupServiceURL("token", "TGS");
            }
            HashMap hashMap = new HashMap();
            if (issueToken != null) {
                hashMap.put("iss", issueToken.getIssuer());
                hashMap.put("sub", issueToken.getPrincipal());
                hashMap.put("aud", issueToken.getAudience());
                hashMap.put("exp", issueToken.getExpires());
                hashMap.put("code", issueToken.toString());
            }
            if (str != null) {
                hashMap.put("tke", str);
            }
            servletResponse.getWriter().write(JsonUtils.renderAsJsonString(hashMap));
        } catch (TokenServiceException e) {
            e.printStackTrace();
        }
    }
}
