package org.glassfish.jersey.server.oauth1;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.internal.util.PropertiesHelper;
import org.glassfish.jersey.oauth1.signature.OAuth1Parameters;
import org.glassfish.jersey.oauth1.signature.OAuth1Secrets;
import org.glassfish.jersey.oauth1.signature.OAuth1Signature;
import org.glassfish.jersey.oauth1.signature.OAuth1SignatureException;
import org.glassfish.jersey.server.ExtendedUriInfo;
import org.glassfish.jersey.server.oauth1.internal.OAuthServerRequest;

@Priority(1000)
/* loaded from: input_file:org/glassfish/jersey/server/oauth1/OAuth1ServerFilter.class */
class OAuth1ServerFilter implements ContainerRequestFilter {

    @Inject
    private OAuth1Provider provider;
    private final NonceManager nonces;
    private final String wwwAuthenticateHeader;
    private final Set<String> versions;
    private final Pattern ignorePathPattern;

    @Inject
    private OAuth1Signature oAuth1Signature;

    @Inject
    private Provider<ExtendedUriInfo> uriInfo;
    private final boolean optional;

    @Inject
    public OAuth1ServerFilter(Configuration configuration) {
        HashSet hashSet = new HashSet();
        hashSet.add(null);
        hashSet.add("1.0");
        this.versions = Collections.unmodifiableSet(hashSet);
        String str = (String) OAuth1ServerProperties.getValue(configuration.getProperties(), OAuth1ServerProperties.REALM, "default", String.class);
        int intValue = ((Integer) OAuth1ServerProperties.getValue((Map<String, ?>) configuration.getProperties(), OAuth1ServerProperties.MAX_AGE, 300000)).intValue();
        int intValue2 = ((Integer) OAuth1ServerProperties.getValue((Map<String, ?>) configuration.getProperties(), OAuth1ServerProperties.GC_PERIOD, 100)).intValue();
        this.ignorePathPattern = pattern((String) OAuth1ServerProperties.getValue(configuration.getProperties(), OAuth1ServerProperties.IGNORE_PATH_PATTERN, null, String.class));
        this.optional = PropertiesHelper.isProperty(configuration.getProperties(), OAuth1ServerProperties.NO_FAIL);
        String str2 = (String) OAuth1ServerProperties.getValue((Map<String, ?>) configuration.getProperties(), OAuth1ServerProperties.TIMESTAMP_UNIT, String.class);
        this.nonces = new NonceManager(intValue, intValue2, str2 != null ? TimeUnit.valueOf(str2) : TimeUnit.SECONDS, ((Integer) OAuth1ServerProperties.getValue((Map<String, ?>) configuration.getProperties(), OAuth1ServerProperties.MAX_NONCE_CACHE_SIZE, 2000000)).intValue());
        this.wwwAuthenticateHeader = "OAuth realm=\"" + str + "\"";
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null || !headerString.toUpperCase().startsWith(OAuth1Parameters.SCHEME.toUpperCase())) {
            return;
        }
        Method handlingMethod = this.uriInfo.get().getMatchedResourceMethod().getInvocable().getHandlingMethod();
        if (handlingMethod.isAnnotationPresent(TokenResource.class) || handlingMethod.getDeclaringClass().isAnnotationPresent(TokenResource.class) || match(this.ignorePathPattern, containerRequestContext.getUriInfo().getPath())) {
            return;
        }
        try {
            containerRequestContext.setSecurityContext(getSecurityContext(containerRequestContext));
        } catch (OAuth1Exception e) {
            if (!this.optional) {
                throw e;
            }
        }
    }

    private OAuth1SecurityContext getSecurityContext(ContainerRequestContext containerRequestContext) throws OAuth1Exception {
        String str;
        OAuth1SecurityContext oAuth1SecurityContext;
        OAuthServerRequest oAuthServerRequest = new OAuthServerRequest(containerRequestContext);
        OAuth1Parameters readRequest = new OAuth1Parameters().readRequest(oAuthServerRequest);
        if (readRequest.size() == 0) {
            throw newUnauthorizedException();
        }
        String requiredOAuthParam = requiredOAuthParam(readRequest.getConsumerKey());
        String token = readRequest.getToken();
        String requiredOAuthParam2 = requiredOAuthParam(readRequest.getTimestamp());
        String requiredOAuthParam3 = requiredOAuthParam(readRequest.getNonce());
        requiredOAuthParam(readRequest.getSignature());
        supportedOAuthParam(readRequest.getVersion(), this.versions);
        OAuth1Consumer consumer = this.provider.getConsumer(requiredOAuthParam);
        if (consumer == null) {
            throw newUnauthorizedException();
        }
        OAuth1Secrets consumerSecret = new OAuth1Secrets().consumerSecret(consumer.getSecret());
        if (token != null) {
            OAuth1Token accessToken = this.provider.getAccessToken(token);
            if (accessToken == null) {
                throw newUnauthorizedException();
            }
            OAuth1Consumer consumer2 = accessToken.getConsumer();
            if (consumer2 == null || !requiredOAuthParam.equals(consumer2.getKey())) {
                throw newUnauthorizedException();
            }
            str = "t:" + token;
            consumerSecret.tokenSecret(accessToken.getSecret());
            oAuth1SecurityContext = new OAuth1SecurityContext(accessToken, containerRequestContext.getSecurityContext().isSecure());
        } else {
            if (consumer.getPrincipal() == null) {
                throw newUnauthorizedException();
            }
            str = "c:" + requiredOAuthParam;
            oAuth1SecurityContext = new OAuth1SecurityContext(consumer, containerRequestContext.getSecurityContext().isSecure());
        }
        if (!verifySignature(oAuthServerRequest, readRequest, consumerSecret)) {
            throw newUnauthorizedException();
        }
        if (this.nonces.verify(str, requiredOAuthParam2, requiredOAuthParam3)) {
            return oAuth1SecurityContext;
        }
        throw newUnauthorizedException();
    }

    private static String requiredOAuthParam(String str) throws OAuth1Exception {
        if (str == null) {
            throw newBadRequestException();
        }
        return str;
    }

    private static String supportedOAuthParam(String str, Set<String> set) throws OAuth1Exception {
        if (set.contains(str)) {
            return str;
        }
        throw newBadRequestException();
    }

    private static Pattern pattern(String str) {
        if (str == null) {
            return null;
        }
        return Pattern.compile(str);
    }

    private static boolean match(Pattern pattern, String str) {
        return (pattern == null || str == null || !pattern.matcher(str).matches()) ? false : true;
    }

    private boolean verifySignature(OAuthServerRequest oAuthServerRequest, OAuth1Parameters oAuth1Parameters, OAuth1Secrets oAuth1Secrets) {
        try {
            return this.oAuth1Signature.verify(oAuthServerRequest, oAuth1Parameters, oAuth1Secrets);
        } catch (OAuth1SignatureException e) {
            throw newBadRequestException();
        }
    }

    private static OAuth1Exception newBadRequestException() throws OAuth1Exception {
        return new OAuth1Exception(Response.Status.BAD_REQUEST, null);
    }

    private OAuth1Exception newUnauthorizedException() throws OAuth1Exception {
        return new OAuth1Exception(Response.Status.UNAUTHORIZED, this.wwwAuthenticateHeader);
    }
}
