package org.eclipse.lyo.server.oauth.core.utils;

import java.io.IOException;
import java.net.URISyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import javax.ws.rs.core.HttpHeaders;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.http.HttpResponseMessage;
import net.oauth.server.OAuthServlet;
import org.eclipse.lyo.server.oauth.core.Application;
import org.eclipse.lyo.server.oauth.core.AuthenticationException;
import org.eclipse.lyo.server.oauth.core.OAuthConfiguration;
import org.eclipse.lyo.server.oauth.core.OAuthRequest;
import org.eclipse.lyo.server.oauth.core.consumer.ConsumerStore;
import org.eclipse.lyo.server.oauth.core.consumer.LyoOAuthConsumer;
import org.eclipse.lyo.server.oauth.core.token.LRUCache;
import org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy;

/* loaded from: input_file:WEB-INF/lib/oauth-core-2.1.0.jar:org/eclipse/lyo/server/oauth/core/utils/AbstractAdapterCredentialsFilter.class */
public abstract class AbstractAdapterCredentialsFilter<Credentials, Connection> implements Filter {
    private static final String ATTRIBUTE_BASE = "org.eclipse.lyo.server.oauth.core.utils.";
    protected static final String CONNECTOR_ATTRIBUTE = "org.eclipse.lyo.server.oauth.core.utils.Connector";
    protected static final String CREDENTIALS_ATTRIBUTE = "org.eclipse.lyo.server.oauth.core.utils.Credentials";
    protected static final String ADMIN_SESSION_ATTRIBUTE = "org.eclipse.lyo.server.oauth.core.utils.AdminSession";
    protected static final String JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM = "invalid_expired_token";
    protected static final String OAUTH_EMPTY_TOKEN_KEY = new String("OAUTH_EMPTY_TOKEN_KEY");
    private final String displayName;
    private final String realm;
    private final LRUCache<String, Connection> tokenToConnectionCache = new LRUCache<>(HttpResponseMessage.STATUS_OK);
    private HttpSessionListener listener = new HttpSessionListener() { // from class: org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter.1
        /* JADX WARN: Multi-variable type inference failed */
        public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
            HttpSession session = httpSessionEvent.getSession();
            AbstractAdapterCredentialsFilter.this.logout(session.getAttribute(AbstractAdapterCredentialsFilter.CONNECTOR_ATTRIBUTE), session);
        }

        public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        }
    };

    protected AbstractAdapterCredentialsFilter(String str, String str2) {
        this.displayName = str;
        this.realm = str2;
    }

    protected abstract Credentials getCredentialsFromRequest(HttpServletRequest httpServletRequest) throws UnauthorizedException;

    protected abstract Credentials getCredentialsForOAuth(String str, String str2);

    protected abstract Connection login(Credentials credentials, HttpServletRequest httpServletRequest) throws UnauthorizedException, ServletException;

    protected void logout(Connection connection, HttpSession httpSession) {
    }

    protected abstract boolean isAdminSession(String str, Connection connection, HttpServletRequest httpServletRequest);

    protected abstract ConsumerStore createConsumerStore() throws Exception;

    public static <T> T getConnector(HttpServletRequest httpServletRequest) {
        return (T) httpServletRequest.getAttribute(CONNECTOR_ATTRIBUTE);
    }

    public static <T> T getCredentials(HttpServletRequest httpServletRequest) {
        return (T) httpServletRequest.getSession().getAttribute(CREDENTIALS_ATTRIBUTE);
    }

    protected String getOAuthRealm() {
        return this.realm;
    }

    protected String getDisplayName() {
        return this.displayName;
    }

    public void destroy() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Credentials attribute;
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            boolean z = false;
            String str = null;
            try {
                if (!httpServletRequest.getPathInfo().startsWith("/oauth")) {
                    try {
                        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
                        if ("".equals(message.getToken())) {
                            validateTwoLeggedOAuthMessage(message);
                            z = true;
                            str = message.getConsumerKey();
                        }
                        if (!z && message.getToken() != null) {
                            new OAuthRequest(httpServletRequest).validate();
                            Connection connection = this.tokenToConnectionCache.get(message.getToken());
                            if (connection == null) {
                                throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
                            }
                            httpServletRequest.getSession().setAttribute(CONNECTOR_ATTRIBUTE, connection);
                        }
                    } catch (OAuthProblemException e) {
                        if (!OAuth.Problems.TOKEN_REJECTED.equals(e.getProblem())) {
                            throw e;
                        }
                        throwInvalidExpiredException(e);
                    }
                    HttpSession session = httpServletRequest.getSession();
                    Connection attribute2 = session.getAttribute(CONNECTOR_ATTRIBUTE);
                    if (attribute2 == null) {
                        try {
                            if (z) {
                                attribute2 = this.tokenToConnectionCache.get("");
                                if (attribute2 == null) {
                                    attribute2 = login(getCredentialsForOAuth(OAUTH_EMPTY_TOKEN_KEY, str), httpServletRequest);
                                    this.tokenToConnectionCache.put("", attribute2);
                                }
                                attribute = null;
                            } else {
                                attribute = httpServletRequest.getSession().getAttribute(CREDENTIALS_ATTRIBUTE);
                                if (attribute == null) {
                                    attribute = getCredentialsFromRequest(httpServletRequest);
                                    if (attribute == null) {
                                        throw new UnauthorizedException();
                                    }
                                }
                                attribute2 = login(attribute, httpServletRequest);
                            }
                            session.setAttribute(CONNECTOR_ATTRIBUTE, attribute2);
                            session.setAttribute(CREDENTIALS_ATTRIBUTE, attribute);
                        } catch (UnauthorizedException e2) {
                            sendUnauthorizedResponse(httpServletResponse, e2);
                            System.err.println(e2.getMessage());
                            return;
                        } catch (ServletException e3) {
                            throw e3;
                        }
                    }
                    if (attribute2 != null) {
                        doChainDoFilterWithConnector(httpServletRequest, httpServletResponse, filterChain, attribute2);
                        return;
                    }
                }
            } catch (URISyntaxException e4) {
                throw new ServletException(e4);
            } catch (OAuthException e5) {
                OAuthServlet.handleException(httpServletResponse, e5, getOAuthRealm());
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected void doChainDoFilterWithConnector(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Connection connection) throws IOException, ServletException {
        httpServletRequest.setAttribute(CONNECTOR_ATTRIBUTE, connection);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void validateTwoLeggedOAuthMessage(OAuthMessage oAuthMessage) throws IOException, OAuthException, URISyntaxException {
        OAuthConfiguration oAuthConfiguration = OAuthConfiguration.getInstance();
        LyoOAuthConsumer consumer = oAuthConfiguration.getConsumerStore().getConsumer(oAuthMessage.getConsumerKey());
        if (consumer == null || !consumer.isTrusted()) {
            throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
        }
        OAuthAccessor oAuthAccessor = new OAuthAccessor(consumer);
        oAuthAccessor.requestToken = "";
        oAuthAccessor.tokenSecret = "";
        oAuthConfiguration.getValidator().validateMessage(oAuthMessage, oAuthAccessor);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        OAuthConfiguration oAuthConfiguration = OAuthConfiguration.getInstance();
        filterConfig.getServletContext().addListener(this.listener);
        oAuthConfiguration.setApplication(new Application() { // from class: org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter.2
            /* JADX WARN: Multi-variable type inference failed */
            @Override // org.eclipse.lyo.server.oauth.core.Application
            public void login(HttpServletRequest httpServletRequest, String str, String str2) throws AuthenticationException {
                try {
                    Object credentialsForOAuth = AbstractAdapterCredentialsFilter.this.getCredentialsForOAuth(str, str2);
                    httpServletRequest.getSession().setAttribute(AbstractAdapterCredentialsFilter.CREDENTIALS_ATTRIBUTE, credentialsForOAuth);
                    Object login = AbstractAdapterCredentialsFilter.this.login(credentialsForOAuth, httpServletRequest);
                    httpServletRequest.setAttribute(AbstractAdapterCredentialsFilter.CONNECTOR_ATTRIBUTE, login);
                    httpServletRequest.getSession().setAttribute(AbstractAdapterCredentialsFilter.ADMIN_SESSION_ATTRIBUTE, Boolean.valueOf(AbstractAdapterCredentialsFilter.this.isAdminSession(str, login, httpServletRequest)));
                } catch (Exception e) {
                    throw new AuthenticationException(e.getCause().getMessage(), e);
                }
            }

            @Override // org.eclipse.lyo.server.oauth.core.Application
            public String getName() {
                return AbstractAdapterCredentialsFilter.this.getDisplayName();
            }

            @Override // org.eclipse.lyo.server.oauth.core.Application
            public boolean isAdminSession(HttpServletRequest httpServletRequest) {
                return Boolean.TRUE.equals(httpServletRequest.getSession().getAttribute(AbstractAdapterCredentialsFilter.ADMIN_SESSION_ATTRIBUTE));
            }

            @Override // org.eclipse.lyo.server.oauth.core.Application
            public String getRealm(HttpServletRequest httpServletRequest) {
                return AbstractAdapterCredentialsFilter.this.getOAuthRealm();
            }

            @Override // org.eclipse.lyo.server.oauth.core.Application
            public boolean isAuthenticated(HttpServletRequest httpServletRequest) {
                Object attribute = httpServletRequest.getSession().getAttribute(AbstractAdapterCredentialsFilter.CONNECTOR_ATTRIBUTE);
                if (attribute == null) {
                    return false;
                }
                httpServletRequest.setAttribute(AbstractAdapterCredentialsFilter.CONNECTOR_ATTRIBUTE, attribute);
                return true;
            }
        });
        oAuthConfiguration.setTokenStrategy(new SimpleTokenStrategy() { // from class: org.eclipse.lyo.server.oauth.core.utils.AbstractAdapterCredentialsFilter.3
            @Override // org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy, org.eclipse.lyo.server.oauth.core.token.TokenStrategy
            public void markRequestTokenAuthorized(HttpServletRequest httpServletRequest, String str) throws OAuthProblemException {
                AbstractAdapterCredentialsFilter.this.tokenToConnectionCache.put(str, httpServletRequest.getAttribute(AbstractAdapterCredentialsFilter.CONNECTOR_ATTRIBUTE));
                super.markRequestTokenAuthorized(httpServletRequest, str);
            }

            @Override // org.eclipse.lyo.server.oauth.core.token.SimpleTokenStrategy, org.eclipse.lyo.server.oauth.core.token.TokenStrategy
            public void generateAccessToken(OAuthRequest oAuthRequest) throws OAuthProblemException, IOException {
                Object remove = AbstractAdapterCredentialsFilter.this.tokenToConnectionCache.remove(oAuthRequest.getMessage().getToken());
                super.generateAccessToken(oAuthRequest);
                AbstractAdapterCredentialsFilter.this.tokenToConnectionCache.put(oAuthRequest.getAccessor().accessToken, remove);
            }
        });
        try {
            oAuthConfiguration.setConsumerStore(createConsumerStore());
        } catch (Throwable th) {
            System.err.println("Error initializing the OAuth consumer store: " + th.getMessage());
        }
    }

    private void throwInvalidExpiredException(OAuthProblemException oAuthProblemException) throws OAuthProblemException {
        OAuthProblemException oAuthProblemException2 = new OAuthProblemException(JAZZ_INVALID_EXPIRED_TOKEN_OAUTH_PROBLEM);
        oAuthProblemException2.setParameter("HTTP status", new Integer(401));
        throw oAuthProblemException2;
    }

    private void sendUnauthorizedResponse(HttpServletResponse httpServletResponse, UnauthorizedException unauthorizedException) throws IOException, ServletException {
        String str = "Basic realm=\"" + getOAuthRealm() + "\"";
        httpServletResponse.addHeader(HttpHeaders.WWW_AUTHENTICATE, "OAuth realm=\"" + getOAuthRealm() + "\"");
        httpServletResponse.addHeader(HttpHeaders.WWW_AUTHENTICATE, str);
        httpServletResponse.sendError(401);
    }
}
