package uk.ac.warwick.sso.client.oauth;

import java.io.IOException;
import java.util.concurrent.ExecutionException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.server.OAuthServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import uk.ac.warwick.sso.client.SSOClientFilter;
import uk.ac.warwick.sso.client.SSOConfigLoader;
import uk.ac.warwick.sso.client.SSOConfiguration;
import uk.ac.warwick.sso.client.oauth.OAuthToken;
import uk.ac.warwick.sso.client.oauth.uk.ac.warwick.sso.client.oauth.CoreOAuthHandler;
import uk.ac.warwick.sso.client.tags.SSOLinkGenerator;
import uk.ac.warwick.userlookup.User;
import uk.ac.warwick.userlookup.UserLookupFactory;
import uk.ac.warwick.userlookup.UserLookupInterface;

/* loaded from: input_file:uk/ac/warwick/sso/client/oauth/OAuthFilter.class */
public final class OAuthFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuthFilter.class);
    private SSOConfiguration _config;
    private OAuthService _service;
    private UserLookupInterface _userLookup;
    private String _configSuffix = "";
    private boolean _expiredToken401 = true;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        User userByUserId;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (SSOClientFilter.getUserFromRequest(httpServletRequest).isFoundUser()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        SSOLinkGenerator sSOLinkGenerator = new SSOLinkGenerator();
        sSOLinkGenerator.setConfig(getConfig());
        sSOLinkGenerator.setRequest(httpServletRequest);
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, sSOLinkGenerator.getTarget());
        if (message != null && message.getToken() != null) {
            try {
                OAuthToken oAuthToken = (OAuthToken) getOAuthService().getToken(message.getToken()).get();
                if (oAuthToken != null && oAuthToken.isAuthorised() && !oAuthToken.isExpired() && oAuthToken.getType() == OAuthToken.Type.ACCESS && oAuthToken.getConsumerKey().equals(message.getConsumerKey()) && isCorrectScope(oAuthToken, getConfig().getString("shire.providerid")) && (userByUserId = getUserLookup().getUserByUserId(oAuthToken.getUserId())) != null && userByUserId.isFoundUser()) {
                    userByUserId.setOAuthUser(true);
                    userByUserId.setIsLoggedIn(true);
                    httpServletRequest.setAttribute(SSOClientFilter.getUserKey(), userByUserId);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            } catch (ExecutionException e) {
                LOGGER.error("Couldn't retrieve user from OAuth token", e);
            } catch (OAuthProblemException e2) {
                OAuthServlet.handleException(httpServletResponse, e2, getConfig().getString("shire.providerid"));
            } catch (InterruptedException e3) {
                LOGGER.error("Couldn't retrieve user from OAuth token", e3);
            }
            if (this._expiredToken401) {
                httpServletResponse.addHeader("WWW-Authenticate", "OAuth realm=\"" + getConfig().getString("shire.providerid") + "\"");
                httpServletResponse.setStatus(401);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private static boolean isCorrectScope(OAuthToken oAuthToken, String str) throws OAuthProblemException {
        return CoreOAuthHandler.isCorrectScope(oAuthToken, str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        if (filterConfig.getInitParameter("configsuffix") != null) {
            this._configSuffix = filterConfig.getInitParameter("configsuffix");
        }
        if (this._config == null) {
            ServletContext servletContext = filterConfig.getServletContext();
            this._config = (SSOConfiguration) servletContext.getAttribute(SSOConfigLoader.SSO_CONFIG_KEY + this._configSuffix);
            if (this._config == null) {
                LOGGER.warn("Could not find sso config in servlet context attribute SSO-CONFIG" + this._configSuffix + "; attempting to load sso config");
                new SSOConfigLoader().loadSSOConfig(servletContext);
                this._config = (SSOConfiguration) servletContext.getAttribute(SSOConfigLoader.SSO_CONFIG_KEY + this._configSuffix);
            }
            if (this._config == null) {
                LOGGER.warn("Could not find sso config in servlet context attribute SSO-CONFIG" + this._configSuffix);
            } else {
                LOGGER.info("Found sso config");
            }
        }
        if (this._service != null || this._config == null) {
            return;
        }
        this._service = new OAuthServiceImpl(this._config);
    }

    public void destroy() {
    }

    public SSOConfiguration getConfig() {
        if (this._config == null) {
            this._config = SSOConfiguration.getConfig();
        }
        return this._config;
    }

    public void setConfig(SSOConfiguration sSOConfiguration) {
        this._config = sSOConfiguration;
    }

    public String getConfigSuffix() {
        return this._configSuffix;
    }

    public void setConfigSuffix(String str) {
        this._configSuffix = str;
    }

    public OAuthService getOAuthService() {
        if (this._service == null) {
            this._service = new OAuthServiceImpl(getConfig());
        }
        return this._service;
    }

    public void setOAuthService(OAuthService oAuthService) {
        this._service = oAuthService;
    }

    public UserLookupInterface getUserLookup() {
        if (this._userLookup == null) {
            this._userLookup = UserLookupFactory.getInstance();
        }
        return this._userLookup;
    }

    public void setUserLookup(UserLookupInterface userLookupInterface) {
        this._userLookup = userLookupInterface;
    }

    public void setExpiredToken401(boolean z) {
        this._expiredToken401 = z;
    }
}
