package org.apache.cxf.rs.security.jose.jaxrs;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import org.apache.cxf.helpers.IOUtils;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.jose.common.JoseUtils;
import org.apache.cxf.rs.security.jose.jws.JwsException;
import org.apache.cxf.rs.security.jose.jws.JwsJsonConsumer;
import org.apache.cxf.rs.security.jose.jws.JwsJsonSignatureEntry;
import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;

@Priority(1002)
@PreMatching
/* loaded from: input_file:lib/cxf-rt-rs-security-jose-jaxrs-3.1.18.jar:org/apache/cxf/rs/security/jose/jaxrs/JwsJsonContainerRequestFilter.class */
public class JwsJsonContainerRequestFilter extends AbstractJwsJsonReaderProvider implements ContainerRequestFilter {
    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (isMethodWithNoContent(containerRequestContext.getMethod())) {
            return;
        }
        if (!isCheckEmptyStream() || containerRequestContext.hasEntity()) {
            JwsSignatureVerifier initializedSigVerifier = getInitializedSigVerifier();
            JwsJsonConsumer jwsJsonConsumer = new JwsJsonConsumer(IOUtils.readStringFromStream(containerRequestContext.getEntityStream()));
            try {
                validate(jwsJsonConsumer, initializedSigVerifier);
                byte[] decodedJwsPayloadBytes = jwsJsonConsumer.getDecodedJwsPayloadBytes();
                containerRequestContext.setEntityStream(new ByteArrayInputStream(decodedJwsPayloadBytes));
                containerRequestContext.getHeaders().putSingle("Content-Length", Integer.toString(decodedJwsPayloadBytes.length));
                JwsJsonSignatureEntry jwsJsonSignatureEntry = jwsJsonConsumer.getSignatureEntries().get(0);
                String checkContentType = JoseUtils.checkContentType(jwsJsonSignatureEntry.getUnionHeader().getContentType(), getDefaultMediaType());
                if (checkContentType != null) {
                    containerRequestContext.getHeaders().putSingle("Content-Type", checkContentType);
                }
                if (super.isValidateHttpHeaders()) {
                    super.validateHttpHeadersIfNeeded(containerRequestContext.getHeaders(), jwsJsonSignatureEntry.getProtectedHeader());
                }
            } catch (JwsException e) {
                containerRequestContext.abortWith(JAXRSUtils.toResponse(400));
            }
        }
    }

    protected boolean isMethodWithNoContent(String str) {
        return "DELETE".equals(str) || HttpUtils.isMethodWithNoRequestContent(str);
    }
}
