package org.apache.oltu.oauth2.rsfilter;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.common.OAuth;
import org.apache.oltu.oauth2.common.error.OAuthError;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.apache.oltu.oauth2.rs.response.OAuthRSResponse;

/* loaded from: input_file:WEB-INF/lib/org.apache.oltu.oauth2.resourceserver-filter-1.0.0.jar:org/apache/oltu/oauth2/rsfilter/OAuthFilter.class */
public class OAuthFilter implements Filter {
    public static final String OAUTH_RS_PROVIDER_CLASS = "oauth.rs.provider-class";
    public static final String RS_REALM = "oauth.rs.realm";
    public static final String RS_REALM_DEFAULT = "OAuth Protected Service";
    public static final String RS_TOKENS = "oauth.rs.tokens";
    public static final ParameterStyle RS_TOKENS_DEFAULT = ParameterStyle.HEADER;
    private static final String TOKEN_DELIMITER = ",";
    private String realm;
    private OAuthRSProvider provider;
    private ParameterStyle[] parameterStyles;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.provider = (OAuthRSProvider) OAuthUtils.initiateServletContext(filterConfig.getServletContext(), OAUTH_RS_PROVIDER_CLASS, OAuthRSProvider.class);
        this.realm = filterConfig.getServletContext().getInitParameter(RS_REALM);
        if (OAuthUtils.isEmpty(this.realm)) {
            this.realm = RS_REALM_DEFAULT;
        }
        String initParameter = filterConfig.getServletContext().getInitParameter(RS_TOKENS);
        if (OAuthUtils.isEmpty(initParameter)) {
            this.parameterStyles = new ParameterStyle[]{RS_TOKENS_DEFAULT};
            return;
        }
        String[] split = initParameter.split(",");
        if (split == null || split.length <= 0) {
            return;
        }
        this.parameterStyles = new ParameterStyle[split.length];
        for (int i = 0; i < split.length; i++) {
            ParameterStyle valueOf = ParameterStyle.valueOf(split[i]);
            if (valueOf == null) {
                throw new ServletException("Incorrect ParameterStyle: " + split[i]);
            }
            this.parameterStyles[i] = valueOf;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            OAuthDecision validateRequest = this.provider.validateRequest(this.realm, new OAuthAccessResourceRequest(httpServletRequest, this.parameterStyles).getAccessToken(), httpServletRequest);
            final Principal principal = validateRequest.getPrincipal();
            HttpServletRequestWrapper httpServletRequestWrapper = new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: org.apache.oltu.oauth2.rsfilter.OAuthFilter.1
                public String getRemoteUser() {
                    if (principal != null) {
                        return principal.getName();
                    }
                    return null;
                }

                public Principal getUserPrincipal() {
                    return principal;
                }
            };
            httpServletRequestWrapper.setAttribute(OAuth.OAUTH_CLIENT_ID, validateRequest.getOAuthClient().getClientId());
            filterChain.doFilter(httpServletRequestWrapper, servletResponse);
        } catch (OAuthProblemException e) {
            respondWithError(httpServletResponse, e);
        } catch (OAuthSystemException e2) {
            throw new ServletException(e2);
        }
    }

    public void destroy() {
    }

    private void respondWithError(HttpServletResponse httpServletResponse, OAuthProblemException oAuthProblemException) throws IOException, ServletException {
        OAuthResponse buildHeaderMessage;
        try {
            if (OAuthUtils.isEmpty(oAuthProblemException.getError())) {
                buildHeaderMessage = OAuthRSResponse.errorResponse(401).setRealm(this.realm).buildHeaderMessage();
            } else {
                int i = 401;
                if (oAuthProblemException.getError().equals("invalid_request")) {
                    i = 400;
                } else if (oAuthProblemException.getError().equals(OAuthError.ResourceResponse.INSUFFICIENT_SCOPE)) {
                    i = 403;
                }
                buildHeaderMessage = OAuthRSResponse.errorResponse(i).setRealm(this.realm).setError(oAuthProblemException.getError()).setErrorDescription(oAuthProblemException.getDescription()).setErrorUri(oAuthProblemException.getUri()).buildHeaderMessage();
            }
            httpServletResponse.addHeader("WWW-Authenticate", buildHeaderMessage.getHeader("WWW-Authenticate"));
            httpServletResponse.sendError(buildHeaderMessage.getResponseStatus());
        } catch (OAuthSystemException e) {
            throw new ServletException(e);
        }
    }
}
