package de.cidaas.oauth.interceptor;

import de.cidaas.oauth.model.TokenCheckEntity;
import de.cidaas.oauth.model.TokenIntrospectionRequest;
import de.cidaas.oauth.model.TokenIntrospectionResponse;
import de.cidaas.oauth.windowupdate.TokenWindowUpdate;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.ext.Provider;
import org.apache.commons.lang3.StringUtils;
import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ResourceMethodInvoker;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:de/cidaas/oauth/interceptor/OAuthInterceptor.class */
public class OAuthInterceptor implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthInterceptor.class);
    private static final List<MediaType> typeJson = new ArrayList();
    private static final List<MediaType> typeXML = new ArrayList();
    private static final String XML_RESPONSE_ERROR = "<error>%s</error>";
    private static final String JSON_RESPONSE_ERROR = "{\"error\":\"%s\"}";
    private static final String ACCESS_DENIED = "Access denied for this resource";
    private static final String ACCESS_FORBIDDEN = "Nobody can access this resource";

    public void filter(ContainerRequestContext containerRequestContext) {
        LOG.info("Filtering request to: {}", containerRequestContext.getUriInfo().getAbsolutePath().toString());
        TokenWindowUpdate.getInstance();
        ResourceMethodInvoker resourceMethodInvoker = (ResourceMethodInvoker) containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker");
        Method method = resourceMethodInvoker.getMethod();
        if (method.getDeclaringClass().getName().equals("io.swagger.jaxrs.listing.ApiListingResource") && method.getName().equals("getListing")) {
            LOG.info("Swagger Request URL:" + method.getName());
            return;
        }
        if (method.isAnnotationPresent(PermitAll.class)) {
            LOG.info("Method has PermitAll:" + method.getName());
            return;
        }
        if (method.isAnnotationPresent(DenyAll.class)) {
            LOG.info("Method has DenyAll:" + method.getName());
            containerRequestContext.abortWith(getServerResponse(resourceMethodInvoker, ACCESS_DENIED, 401));
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) ResteasyProviderFactory.getContextData(HttpServletRequest.class);
        try {
            TokenIntrospectionRequest prepareTokenRequest = prepareTokenRequest(httpServletRequest, method);
            try {
                String accessToken = new CBOAuthAccessResourceRequest(httpServletRequest).getAccessToken();
                LOG.info("Access Token : {}", accessToken);
                prepareTokenRequest.setToken(accessToken);
                TokenIntrospectionResponse validateAccessToken = ValidateToken.getInstance().validateAccessToken(prepareTokenRequest);
                if (validateAccessToken == null || !validateAccessToken.isActive()) {
                    LOG.error("Access denied for URL {}", prepareTokenRequest.getRequest_url());
                    LOG.info("Request Info {}", prepareTokenRequest);
                    containerRequestContext.abortWith(getServerResponse(resourceMethodInvoker, ACCESS_DENIED, 401));
                } else {
                    OAuthUser oAuthUser = new OAuthUser(accessToken, validateAccessToken.getSub());
                    LOG.info("Interceptor got user {} from token {}.", oAuthUser.getUserId(), accessToken);
                    ResteasyProviderFactory.pushContext(OAuthUser.class, oAuthUser);
                }
            } catch (Exception e) {
                LOG.error("Exception {}", e);
                containerRequestContext.abortWith(getServerResponse(resourceMethodInvoker, ACCESS_DENIED, 401));
            }
        } catch (Exception e2) {
            LOG.error("Exception {}", e2);
            containerRequestContext.abortWith(getServerResponse(resourceMethodInvoker, ACCESS_DENIED, 401));
        }
    }

    private TokenIntrospectionRequest prepareTokenRequest(HttpServletRequest httpServletRequest, Method method) throws Exception {
        TokenIntrospectionRequest tokenIntrospectionRequest = new TokenIntrospectionRequest();
        tokenIntrospectionRequest.setScopes(getAnotationRequestedScope(method));
        tokenIntrospectionRequest.setRoles(getAnotationRequestedRoles(method));
        tokenIntrospectionRequest.setRequest_time(Long.valueOf(new Date().getTime()));
        tokenIntrospectionRequest.setRequest_url(httpServletRequest.getRequestURL().toString());
        for (String str : Collections.list(httpServletRequest.getHeaderNames())) {
            String lowerCase = str.toLowerCase();
            if (!lowerCase.contains("cookie") && !lowerCase.equals("authorization") && !lowerCase.equals("__access_token")) {
                tokenIntrospectionRequest.getRequest_headers().put(str, httpServletRequest.getHeader(str));
            }
        }
        String header = httpServletRequest.getHeader("X-FORWARDED-FOR");
        if (header == null) {
            header = httpServletRequest.getRemoteAddr();
        }
        if (header != null && header.contains(",")) {
            header = header.split(",")[0];
        }
        if (StringUtils.isNotEmpty(header)) {
            tokenIntrospectionRequest.getRequest_headers().put("x-forwarded-for", header);
        }
        return tokenIntrospectionRequest;
    }

    private TokenCheckEntity prepareHeaders(HttpServletRequest httpServletRequest, Method method) {
        TokenCheckEntity tokenCheckEntity = new TokenCheckEntity();
        String header = httpServletRequest.getHeader("referrer");
        if (StringUtils.isNotEmpty(header)) {
            tokenCheckEntity.setReferrer(header);
        }
        String header2 = httpServletRequest.getHeader("X-FORWARDED-FOR");
        if (header2 == null) {
            header2 = httpServletRequest.getRemoteAddr();
        }
        if (header2 != null && header2.contains(",")) {
            header2 = header2.split(",")[0];
        }
        if (StringUtils.isNotEmpty(header2)) {
            tokenCheckEntity.setIpAddress(header2);
        }
        String header3 = httpServletRequest.getHeader("X-Forwarded-Host");
        if (header3 == null) {
            header3 = httpServletRequest.getRemoteHost();
        }
        if (StringUtils.isNotEmpty(header3)) {
            tokenCheckEntity.setHost(header3);
        }
        String header4 = httpServletRequest.getHeader("Accept-Language");
        if (StringUtils.isNotEmpty(header4)) {
            tokenCheckEntity.setAcceptLanguage(header4);
        }
        String header5 = httpServletRequest.getHeader("user-agent");
        if (StringUtils.isNotEmpty(header5)) {
            tokenCheckEntity.setUserAgent(header5);
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (StringUtils.isNotEmpty(stringBuffer)) {
            tokenCheckEntity.setRequestURL(stringBuffer);
        }
        TokenHelper tokenHelper = new TokenHelper();
        tokenCheckEntity.setRequestedScopes(tokenHelper.getAnotationRequestedScopeJoined(method));
        tokenCheckEntity.setRequestedRoles(tokenHelper.getAnotationRequestedRolesJoined(method));
        tokenCheckEntity.setRequestInfo(new HashMap());
        for (String str : Collections.list(httpServletRequest.getHeaderNames())) {
            tokenCheckEntity.getRequestInfo().put(str, httpServletRequest.getHeader(str));
        }
        return tokenCheckEntity;
    }

    protected String[] getAnotationRequestedScope(Method method) {
        OAuthScopes oAuthScopes;
        if (!method.isAnnotationPresent(OAuthScopes.class) || (oAuthScopes = (OAuthScopes) method.getAnnotation(OAuthScopes.class)) == null || oAuthScopes.scopes().length <= 0) {
            return null;
        }
        return oAuthScopes.scopes();
    }

    protected String[] getAnotationRequestedRoles(Method method) {
        RolesAllowed annotation;
        if (!method.isAnnotationPresent(RolesAllowed.class) || (annotation = method.getAnnotation(RolesAllowed.class)) == null || annotation.value().length <= 0) {
            return null;
        }
        return annotation.value();
    }

    private ServerResponse getServerResponse(ResourceMethodInvoker resourceMethodInvoker, Object obj, int i) {
        return resourceMethodInvoker.doesProduce(typeJson) ? new ServerResponse(String.format(JSON_RESPONSE_ERROR, obj), i, new Headers()) : resourceMethodInvoker.doesProduce(typeXML) ? new ServerResponse(String.format(XML_RESPONSE_ERROR, obj), i, new Headers()) : new ServerResponse(obj, i, new Headers());
    }

    static {
        typeJson.add(MediaType.APPLICATION_JSON_TYPE);
        typeXML.add(MediaType.APPLICATION_XML_TYPE);
        typeXML.add(MediaType.APPLICATION_ATOM_XML_TYPE);
        typeXML.add(MediaType.TEXT_XML_TYPE);
    }
}
