package org.apache.cxf.rs.security.oauth.filters;

import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.security.SimplePrincipal;
import org.apache.cxf.rs.security.oauth.data.AccessToken;
import org.apache.cxf.rs.security.oauth.data.Client;
import org.apache.cxf.rs.security.oauth.data.OAuthContext;
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
import org.apache.cxf.rs.security.oauth.data.UserSubject;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth.utils.OAuthUtils;
import org.apache.cxf.security.SecurityContext;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth/filters/AbstractAuthFilter.class */
public class AbstractAuthFilter {
    protected static final String USE_USER_SUBJECT = "org.apache.cxf.rs.security.oauth.use_user_subject";
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractAuthFilter.class);
    private static final String[] REQUIRED_PARAMETERS = {"oauth_consumer_key", "oauth_token", "oauth_signature_method", "oauth_signature", "oauth_timestamp", "oauth_nonce"};
    private OAuthDataProvider dataProvider;

    public void setDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.dataProvider = oAuthDataProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthInfo handleOAuthRequest(HttpServletRequest httpServletRequest, boolean z) throws Exception, OAuthProblemException {
        Client client;
        if (LOG.isLoggable(Level.FINE)) {
            LOG.log(Level.FINE, "OAuth security filter for url: {0}", httpServletRequest.getRequestURL());
        }
        AccessToken accessToken = null;
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, httpServletRequest.getRequestURL().toString());
        if (message.getParameter("oauth_token") != null) {
            message.requireParameters(REQUIRED_PARAMETERS);
            accessToken = this.dataProvider.getAccessToken(message.getToken());
            if (accessToken == null) {
                LOG.warning("Access token is unavailable");
                throw new OAuthProblemException("token_rejected");
            }
            client = accessToken.getClient();
        } else {
            String parameter = message.getParameter("oauth_consumer_key");
            String parameter2 = message.getParameter("oauth_consumer_secret");
            client = this.dataProvider.getClient(parameter);
            if (client == null || parameter2 == null || !parameter2.equals(client.getSecretKey())) {
                LOG.warning("Client is invalid");
                throw new OAuthProblemException("consumer_key_unknown");
            }
        }
        OAuthUtils.validateMessage(message, client, accessToken, this.dataProvider);
        checkRequestURI(httpServletRequest, OAuthUtils.getAllUris(client, accessToken));
        List<OAuthPermission> permissionsInfo = this.dataProvider.getPermissionsInfo(OAuthUtils.getAllScopes(client, accessToken));
        for (OAuthPermission oAuthPermission : permissionsInfo) {
            checkRequestURI(httpServletRequest, oAuthPermission.getUris());
            if (!oAuthPermission.getHttpVerbs().isEmpty() && !oAuthPermission.getHttpVerbs().contains(httpServletRequest.getMethod())) {
                LOG.warning("Invalid http verb");
                throw new OAuthProblemException("Invalid http verb");
            }
            checkNoAccessTokenIsAllowed(client, accessToken, oAuthPermission);
        }
        return new OAuthInfo(client, accessToken, permissionsInfo, z);
    }

    protected void checkNoAccessTokenIsAllowed(Client client, AccessToken accessToken, OAuthPermission oAuthPermission) throws OAuthProblemException {
        if (accessToken == null && oAuthPermission.isAuthorizationKeyRequired()) {
            throw new OAuthProblemException();
        }
    }

    protected void checkRequestURI(HttpServletRequest httpServletRequest, List<String> list) throws OAuthProblemException {
        if (list.isEmpty()) {
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        boolean z = false;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            } else if (OAuthUtils.checkRequestURI(pathInfo, it.next())) {
                z = true;
                break;
            }
        }
        if (z) {
            return;
        }
        LOG.warning("Invalid request URI");
        throw new OAuthProblemException("Invalid request URI");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityContext createSecurityContext(HttpServletRequest httpServletRequest, final OAuthInfo oAuthInfo) {
        httpServletRequest.setAttribute("oauth_authorities", oAuthInfo.getRoles());
        final UserSubject subject = oAuthInfo.getToken().getSubject();
        return new SecurityContext() { // from class: org.apache.cxf.rs.security.oauth.filters.AbstractAuthFilter.1
            public Principal getUserPrincipal() {
                return new SimplePrincipal(oAuthInfo.useUserSubject() ? subject != null ? subject.getLogin() : null : oAuthInfo.getClient().getLoginName());
            }

            public boolean isUserInRole(String str) {
                if (oAuthInfo.useUserSubject()) {
                    if (subject != null) {
                        return oAuthInfo.getToken().getSubject().getRoles().contains(str);
                    }
                    return false;
                }
                Iterator<String> it = oAuthInfo.getRoles().iterator();
                while (it.hasNext()) {
                    if (it.next().equals(str)) {
                        return true;
                    }
                }
                return false;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthContext createOAuthContext(OAuthInfo oAuthInfo) {
        UserSubject userSubject = null;
        if (oAuthInfo.getToken() != null) {
            userSubject = oAuthInfo.getToken().getSubject();
        }
        return new OAuthContext(userSubject, oAuthInfo.getPermissions());
    }
}
