package com.sun.jersey.oauth.server.api;

import com.sun.jersey.api.core.ResourceConfig;
import com.sun.jersey.oauth.server.NonceManager;
import com.sun.jersey.oauth.server.OAuthException;
import com.sun.jersey.oauth.server.OAuthSecurityContext;
import com.sun.jersey.oauth.server.OAuthServerRequest;
import com.sun.jersey.oauth.server.spi.OAuthConsumer;
import com.sun.jersey.oauth.server.spi.OAuthProvider;
import com.sun.jersey.oauth.server.spi.OAuthToken;
import com.sun.jersey.oauth.signature.OAuthParameters;
import com.sun.jersey.oauth.signature.OAuthSecrets;
import com.sun.jersey.oauth.signature.OAuthSignature;
import com.sun.jersey.oauth.signature.OAuthSignatureException;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/sun/jersey/oauth/server/api/OAuthServerFilter.class */
public class OAuthServerFilter implements ContainerRequestFilter {
    public static final String PROPERTY_REALM = "com.sun.jersey.config.property.oauth.realm";
    public static final String PROPERTY_IGNORE_PATH_PATTERN = "com.sun.jersey.config.property.oauth.ignorePathPattern";
    public static final String PROPERTY_MAX_AGE = "com.sun.jersey.config.property.oauth.maxAge";
    public static final String PROPERTY_GC_PERIOD = "com.sun.jersey.config.property.oauth.gcPeriod";
    public static final String FEATURE_NO_FAIL = "com.sun.jersey.config.feature.oauth.noFail";
    private final OAuthProvider provider;
    private final NonceManager nonces;
    private final int maxAge;
    private final int gcPeriod;
    private final String wwwAuthenticateHeader;
    private final Set<String> versions;
    private final Pattern ignorePathPattern;
    private final boolean optional;

    public OAuthServerFilter(@Context ResourceConfig resourceConfig, @Context OAuthProvider oAuthProvider) {
        this.provider = oAuthProvider;
        HashSet hashSet = new HashSet();
        hashSet.add(null);
        hashSet.add("1.0");
        this.versions = Collections.unmodifiableSet(hashSet);
        String defaultInitParam = defaultInitParam(resourceConfig, PROPERTY_REALM, "default");
        this.maxAge = intValue(defaultInitParam(resourceConfig, PROPERTY_MAX_AGE, "300000"));
        this.gcPeriod = intValue(defaultInitParam(resourceConfig, PROPERTY_GC_PERIOD, "100"));
        this.ignorePathPattern = pattern(defaultInitParam(resourceConfig, PROPERTY_IGNORE_PATH_PATTERN, null));
        this.optional = resourceConfig.getFeature(FEATURE_NO_FAIL);
        this.nonces = new NonceManager(this.maxAge, this.gcPeriod);
        this.wwwAuthenticateHeader = "OAuth realm=\"" + defaultInitParam + "\"";
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null || !headerValue.toUpperCase().startsWith("OAuth".toUpperCase())) {
            return containerRequest;
        }
        if (match(this.ignorePathPattern, containerRequest.getPath())) {
            return containerRequest;
        }
        try {
            containerRequest.setSecurityContext(getSecurityContext(containerRequest));
            return containerRequest;
        } catch (OAuthException e) {
            if (this.optional) {
                return containerRequest;
            }
            throw new WebApplicationException(e.toResponse());
        }
    }

    private OAuthSecurityContext getSecurityContext(ContainerRequest containerRequest) throws OAuthException {
        String str;
        OAuthSecurityContext oAuthSecurityContext;
        OAuthServerRequest oAuthServerRequest = new OAuthServerRequest(containerRequest);
        OAuthParameters readRequest = new OAuthParameters().readRequest(oAuthServerRequest);
        if (readRequest.size() == 0) {
            throw newUnauthorizedException();
        }
        String requiredOAuthParam = requiredOAuthParam(readRequest.getConsumerKey());
        String token = readRequest.getToken();
        String requiredOAuthParam2 = requiredOAuthParam(readRequest.getTimestamp());
        String requiredOAuthParam3 = requiredOAuthParam(readRequest.getNonce());
        requiredOAuthParam(readRequest.getSignature());
        supportedOAuthParam(readRequest.getVersion(), this.versions);
        OAuthConsumer consumer = this.provider.getConsumer(requiredOAuthParam);
        if (consumer == null) {
            throw newUnauthorizedException();
        }
        OAuthSecrets consumerSecret = new OAuthSecrets().consumerSecret(consumer.getSecret());
        if (token != null) {
            OAuthToken accessToken = this.provider.getAccessToken(token);
            if (accessToken == null) {
                throw newUnauthorizedException();
            }
            OAuthConsumer consumer2 = accessToken.getConsumer();
            if (consumer2 == null || !consumer2.getSecret().equals(consumer.getSecret())) {
                throw newUnauthorizedException();
            }
            str = "t:" + token;
            consumerSecret.tokenSecret(accessToken.getSecret());
            oAuthSecurityContext = new OAuthSecurityContext(accessToken, containerRequest.isSecure());
        } else {
            if (consumer.getPrincipal() == null) {
                throw newUnauthorizedException();
            }
            str = "c:" + requiredOAuthParam;
            oAuthSecurityContext = new OAuthSecurityContext(consumer, containerRequest.isSecure());
        }
        if (!verifySignature(oAuthServerRequest, readRequest, consumerSecret)) {
            throw newUnauthorizedException();
        }
        if (this.nonces.verify(str, requiredOAuthParam2, requiredOAuthParam3)) {
            return oAuthSecurityContext;
        }
        throw newUnauthorizedException();
    }

    private static String defaultInitParam(ResourceConfig resourceConfig, String str, String str2) {
        String str3 = (String) resourceConfig.getProperty(str);
        if (str3 == null || str3.length() == 0) {
            str3 = str2;
        }
        return str3;
    }

    private static int intValue(String str) {
        try {
            return Integer.valueOf(str).intValue();
        } catch (NumberFormatException e) {
            return -1;
        }
    }

    private static String requiredOAuthParam(String str) throws OAuthException {
        if (str == null) {
            throw newBadRequestException();
        }
        return str;
    }

    private static String supportedOAuthParam(String str, Set<String> set) throws OAuthException {
        if (set.contains(str)) {
            return str;
        }
        throw newBadRequestException();
    }

    private static Pattern pattern(String str) {
        if (str == null) {
            return null;
        }
        return Pattern.compile(str);
    }

    private static boolean match(Pattern pattern, String str) {
        return (pattern == null || str == null || !pattern.matcher(str).matches()) ? false : true;
    }

    private static boolean verifySignature(OAuthServerRequest oAuthServerRequest, OAuthParameters oAuthParameters, OAuthSecrets oAuthSecrets) {
        try {
            return OAuthSignature.verify(oAuthServerRequest, oAuthParameters, oAuthSecrets);
        } catch (OAuthSignatureException e) {
            throw newBadRequestException();
        }
    }

    private static OAuthException newBadRequestException() throws OAuthException {
        return new OAuthException(Response.Status.BAD_REQUEST, null);
    }

    private OAuthException newUnauthorizedException() throws OAuthException {
        return new OAuthException(Response.Status.UNAUTHORIZED, this.wwwAuthenticateHeader);
    }
}
