package org.restlet.ext.oauth;

import java.util.logging.Level;
import java.util.logging.Logger;
import org.json.JSONException;
import org.json.JSONObject;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.CacheDirective;
import org.restlet.data.ChallengeResponse;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.ClientInfo;
import org.restlet.data.Form;
import org.restlet.data.MediaType;
import org.restlet.data.Method;
import org.restlet.data.Reference;
import org.restlet.ext.json.JsonRepresentation;
import org.restlet.ext.oauth.internal.Scopes;
import org.restlet.representation.Representation;
import org.restlet.resource.ClientResource;
import org.restlet.security.User;
import org.restlet.security.Verifier;

/* loaded from: input_file:org/restlet/ext/oauth/TokenVerifier.class */
public class TokenVerifier implements Verifier {
    private Reference authReference;
    private boolean acceptBodyMethod = false;
    private boolean acceptQueryMethod = false;
    private static final Logger logger = Logger.getLogger(TokenVerifier.class.getName());

    public TokenVerifier(Reference reference) {
        this.authReference = reference;
    }

    public int verify(Request request, Response response) {
        JSONObject createBearerAuthRequest;
        try {
            ChallengeResponse challengeResponse = request.getChallengeResponse();
            if (challengeResponse == null) {
                String str = null;
                if (this.acceptBodyMethod) {
                    str = getAccessTokenFromBody(request);
                }
                if (str == null && this.acceptQueryMethod) {
                    str = getAccessTokenFromQuery(request);
                    if (str != null) {
                        OAuthServerResource.addCacheDirective(response, CacheDirective.privateInfo());
                    }
                }
                if (str == null) {
                    return 0;
                }
                logger.config("Verify: Bearer (Alternative)");
                createBearerAuthRequest = createBearerAuthRequest(str);
            } else {
                if (!ChallengeScheme.HTTP_OAUTH_BEARER.equals(challengeResponse.getScheme())) {
                    return 3;
                }
                logger.config("Verify: Bearer");
                String rawValue = challengeResponse.getRawValue();
                if (rawValue == null || rawValue.isEmpty()) {
                    return 0;
                }
                createBearerAuthRequest = createBearerAuthRequest(rawValue);
            }
            ClientResource clientResource = new ClientResource(this.authReference);
            try {
                logger.fine("Post auth request to auth resource...");
                JSONObject jsonObject = new JsonRepresentation(clientResource.post(new JsonRepresentation(createBearerAuthRequest))).getJsonObject();
                if (!jsonObject.has(OAuthResourceDefs.ERROR)) {
                    try {
                        ClientInfo clientInfo = request.getClientInfo();
                        clientInfo.setUser(new User(jsonObject.getString(OAuthResourceDefs.USERNAME)));
                        clientInfo.setRoles(Scopes.toRoles(jsonObject.getString(OAuthResourceDefs.SCOPE)));
                        return 4;
                    } catch (JSONException e) {
                        return -1;
                    }
                }
                try {
                    logger.warning(jsonObject.getString(OAuthResourceDefs.ERROR));
                    logger.warning(jsonObject.getString(OAuthResourceDefs.ERROR_DESC));
                    return -1;
                } catch (JSONException e2) {
                    logger.log(Level.SEVERE, (String) null, (Throwable) e2);
                    return -1;
                }
            } catch (Exception e3) {
                logger.log(Level.SEVERE, (String) null, (Throwable) e3);
                return -1;
            }
        } catch (Exception e4) {
            return -1;
        }
    }

    private static JSONObject createBearerAuthRequest(String str) throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(OAuthResourceDefs.TOKEN_TYPE, OAuthResourceDefs.TOKEN_TYPE_BEARER);
        jSONObject.put(OAuthResourceDefs.ACCESS_TOKEN, str);
        return jSONObject;
    }

    private String getAccessTokenFromQuery(Request request) {
        String firstValue = request.getOriginalRef().getQueryAsForm().getFirstValue(OAuthResourceDefs.ACCESS_TOKEN);
        if (firstValue == null || firstValue.isEmpty()) {
            return null;
        }
        logger.fine("Found Bearer Token in URI query.");
        return firstValue;
    }

    private String getAccessTokenFromBody(Request request) {
        Form form;
        String firstValue;
        if (request.getMethod().equals(Method.GET)) {
            return null;
        }
        Representation entity = request.getEntity();
        if ((entity != null && !MediaType.APPLICATION_WWW_FORM.equals(entity.getMediaType())) || (firstValue = (form = new Form(request.getEntity())).getFirstValue(OAuthResourceDefs.ACCESS_TOKEN)) == null || firstValue.isEmpty()) {
            return null;
        }
        request.setEntity(form.getWebRepresentation());
        logger.fine("Found Bearer Token in Body.");
        return firstValue;
    }

    public boolean isAcceptBodyMethod() {
        return this.acceptBodyMethod;
    }

    public void setAcceptBodyMethod(boolean z) {
        this.acceptBodyMethod = z;
    }

    public boolean isAcceptQueryMethod() {
        return this.acceptQueryMethod;
    }

    public void setAcceptQueryMethod(boolean z) {
        this.acceptQueryMethod = z;
    }
}
