package fi.foyt.fni.rest;

import fi.foyt.fni.auth.OAuthController;
import fi.foyt.fni.persistence.model.oauth.OAuthAccessToken;
import fi.foyt.fni.persistence.model.oauth.OAuthClientType;
import fi.foyt.fni.session.SessionController;
import java.io.IOException;
import java.lang.reflect.Method;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.jboss.resteasy.core.ResourceMethodInvoker;
import org.jboss.resteasy.spi.ResteasyProviderFactory;

@Provider
/* loaded from: input_file:WEB-INF/classes/fi/foyt/fni/rest/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {

    @Inject
    private SessionController sessionController;

    @Context
    private HttpServletRequest request;

    @Inject
    private OAuthController oAuthController;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Method method = ((ResourceMethodInvoker) containerRequestContext.getProperty("org.jboss.resteasy.core.ResourceMethodInvoker")).getMethod();
        if (method == null) {
            containerRequestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
            return;
        }
        if (!method.isAnnotationPresent(Security.class)) {
            containerRequestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Endpoint is configured incorrectly").build());
            return;
        }
        Security security = (Security) method.getAnnotation(Security.class);
        if (!this.sessionController.isLoggedIn()) {
            try {
                OAuthAccessToken findAccessTokenByAccessToken = this.oAuthController.findAccessTokenByAccessToken(new OAuthAccessResourceRequest(this.request, ParameterStyle.QUERY, ParameterStyle.HEADER).getAccessToken());
                if (findAccessTokenByAccessToken == null) {
                    containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Invalid access token").build());
                    return;
                }
                if (System.currentTimeMillis() / 1000 > findAccessTokenByAccessToken.getExpires().longValue()) {
                    containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Token expired").build());
                    return;
                }
                ResteasyProviderFactory.pushContext(OAuthAccessToken.class, findAccessTokenByAccessToken);
                if (findAccessTokenByAccessToken.getAuthorizationCode() == null) {
                    if (findAccessTokenByAccessToken.getClient().getType() != OAuthClientType.SERVICE) {
                        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Invalid access token, non-service token without authorization code").build());
                        return;
                    } else {
                        if (security.allowService() || security.allowNotLogged()) {
                            return;
                        }
                        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity("Endpoint is not allowed for service accounts").build());
                        return;
                    }
                }
                this.sessionController.login(findAccessTokenByAccessToken.getAuthorizationCode().getUser());
            } catch (OAuthProblemException e) {
            } catch (OAuthSystemException e2) {
                containerRequestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(e2.getMessage()).build());
                return;
            }
        }
        if (security.allowNotLogged() || this.sessionController.isLoggedIn()) {
            return;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
    }
}
