package org.pageseeder.oauth.servlet;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.pageseeder.oauth.OAuthException;
import org.pageseeder.oauth.OAuthParameter;
import org.pageseeder.oauth.OAuthProblem;
import org.pageseeder.oauth.OAuthRequest;
import org.pageseeder.oauth.server.OAuthAccessToken;
import org.pageseeder.oauth.server.OAuthClient;
import org.pageseeder.oauth.server.OAuthConfig;
import org.pageseeder.oauth.signature.OAuthSignatures;
import org.pageseeder.oauth.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/pageseeder/oauth/servlet/OAuthServerFilter.class */
public final class OAuthServerFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuthServerFilter.class);
    public static final String BYPASS_SESSION_ATTRIBUTE = "com.weborganic.oauth.servlet.bypass";

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        doHttpFilter((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, filterChain);
    }

    private void doHttpFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpSession session = httpServletRequest.getSession();
        if (!((httpServletRequest.getAttribute(BYPASS_SESSION_ATTRIBUTE) == null && (session == null || session.getAttribute(BYPASS_SESSION_ATTRIBUTE) == null)) ? false : true)) {
            try {
                checkOAuthRequest(httpServletRequest, httpServletResponse);
            } catch (OAuthException e) {
                OAuthProblem problem = e.getProblem();
                httpServletResponse.sendError(problem.getHttpCode(), problem.name());
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private static final void checkOAuthRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OAuthException, IOException {
        OAuthConfig oAuthConfig = OAuthConfig.getInstance();
        OAuthRequest parse = OAuthRequest.parse(httpServletRequest);
        parse.checkRequired(OAuthParameter.RESOURCE_CREDENTIALS_REQUIRED);
        OAuthClient byKey = oAuthConfig.manager().getByKey(parse.getOAuthParameter(OAuthParameter.oauth_consumer_key));
        if (byKey == null) {
            throw new OAuthException(OAuthProblem.consumer_key_unknown);
        }
        LOGGER.debug("Identified client as {}", byKey.id());
        String oAuthParameter = parse.getOAuthParameter(OAuthParameter.oauth_signature_method);
        String oAuthParameter2 = parse.getOAuthParameter(OAuthParameter.oauth_signature);
        String oAuthParameter3 = parse.getOAuthParameter(OAuthParameter.oauth_token);
        OAuthAccessToken oAuthAccessToken = oAuthConfig.factory().get(oAuthParameter3);
        if (oAuthAccessToken == null) {
            throw new OAuthException(OAuthProblem.token_rejected);
        }
        if (oAuthAccessToken.hasExpired()) {
            throw new OAuthException(OAuthProblem.token_expired);
        }
        LOGGER.debug("Token {} is valid", oAuthParameter3);
        String signature = OAuthSignatures.newSigner(oAuthParameter).getSignature(parse.toSignatureBaseString(), byKey.getCredentials().secret(), oAuthAccessToken.credentials().secret());
        if (!Strings.equals(oAuthParameter2, signature)) {
            LOGGER.debug("Signatures do not match: expected {} but got {}", signature, oAuthParameter2);
            throw new OAuthException(OAuthProblem.signature_invalid);
        }
        LOGGER.debug("OAuth filter OK for {}", oAuthParameter3);
        oAuthConfig.listener().filter(oAuthAccessToken, httpServletRequest);
    }
}
