package org.springframework.security.oauth2.provider.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/springframework/security/oauth2/provider/filter/OAuth2ProtectedResourceFilter.class */
public class OAuth2ProtectedResourceFilter extends GenericFilterBean {
    private ResourceServerTokenServices tokenServices;
    private String resourceId;

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.tokenServices, "OAuth 2 token services must be supplied.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String parseToken = parseToken(httpServletRequest);
        if (parseToken != null) {
            OAuth2Authentication loadAuthentication = this.tokenServices.loadAuthentication(parseToken);
            if (loadAuthentication == null) {
                throw new InvalidTokenException("Invalid token: " + parseToken);
            }
            Set<String> resourceIds = loadAuthentication.getAuthorizationRequest().getResourceIds();
            if (resourceIds != null && !resourceIds.isEmpty() && !resourceIds.contains(this.resourceId)) {
                throw new InvalidTokenException("Invalid token does not contain resource id (" + this.resourceId + "): " + parseToken);
            }
            SecurityContextHolder.getContext().setAuthentication(loadAuthentication);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Chain processed normally");
        }
    }

    protected String parseToken(HttpServletRequest httpServletRequest) {
        String parseHeaderToken = parseHeaderToken(httpServletRequest);
        if (parseHeaderToken == null) {
            this.logger.debug("Token not found in headers. Trying request parameters.");
            parseHeaderToken = httpServletRequest.getParameter(OAuth2AccessToken.ACCESS_TOKEN);
            if (parseHeaderToken == null) {
                this.logger.debug("Token not found in request parameters.  Not an OAuth2 request.");
            }
        }
        return parseHeaderToken;
    }

    protected String parseHeaderToken(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith(OAuth2AccessToken.BEARER_TYPE.toLowerCase())) {
                String trim = str.substring(OAuth2AccessToken.BEARER_TYPE.length()).trim();
                if (!trim.contains("oauth_signature_method") && !trim.contains("oauth_verifier")) {
                    int indexOf = trim.indexOf(44);
                    if (indexOf > 0) {
                        trim = trim.substring(0, indexOf);
                    }
                    return trim;
                }
            }
        }
        return null;
    }

    @Autowired
    public void setTokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        this.tokenServices = resourceServerTokenServices;
    }

    public void setResourceId(String str) {
        this.resourceId = str;
    }
}
