package net.krotscheck.kangaroo.authz.admin.v1.auth.filter;

import java.io.IOException;
import java.math.BigInteger;
import javax.annotation.Priority;
import javax.inject.Provider;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import net.krotscheck.kangaroo.authz.admin.v1.auth.OAuth2SecurityContext;
import net.krotscheck.kangaroo.authz.admin.v1.auth.exception.OAuth2NotAuthorizedException;
import net.krotscheck.kangaroo.authz.admin.v1.servlet.Config;
import net.krotscheck.kangaroo.authz.common.database.entity.Application;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang3.StringUtils;
import org.apache.lucene.analysis.wikipedia.WikipediaTokenizer;
import org.hibernate.Criteria;
import org.hibernate.Session;
import org.hibernate.criterion.Restrictions;
import org.openqa.selenium.logging.LogType;

@Priority(1000)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/filter/OAuth2AuthenticationFilter.class */
public final class OAuth2AuthenticationFilter implements ContainerRequestFilter {
    private final Provider<Session> sessionProvider;
    private final Provider<Configuration> configProvider;
    private final String[] scopesAllowed;

    public OAuth2AuthenticationFilter(Provider<Session> provider, Provider<Configuration> provider2, String[] strArr) {
        this.scopesAllowed = strArr;
        this.sessionProvider = provider;
        this.configProvider = provider2;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (containerRequestContext.getSecurityContext() == null) {
            throw new OAuth2NotAuthorizedException(containerRequestContext.getUriInfo(), this.scopesAllowed);
        }
        BigInteger tokenIdFromHeader = getTokenIdFromHeader(containerRequestContext.getHeaderString("Authorization"));
        Application loadAdminApplication = loadAdminApplication();
        Session session = this.sessionProvider.get();
        session.getTransaction().begin();
        OAuthToken oAuthToken = (OAuthToken) session.createCriteria(OAuthToken.class).createAlias(LogType.CLIENT, WikipediaTokenizer.CATEGORY).createAlias("c.application", "a").add(Restrictions.eq("id", tokenIdFromHeader)).add(Restrictions.eq("a.id", loadAdminApplication.getId())).add(Restrictions.eq("tokenType", OAuthTokenType.Bearer)).setMaxResults(1).setResultTransformer(Criteria.DISTINCT_ROOT_ENTITY).uniqueResult();
        if (oAuthToken == null || oAuthToken.isExpired()) {
            session.getTransaction().commit();
            throw new OAuth2NotAuthorizedException(containerRequestContext.getUriInfo(), this.scopesAllowed);
        }
        containerRequestContext.setSecurityContext(new OAuth2SecurityContext(oAuthToken, true));
        session.getTransaction().commit();
    }

    private BigInteger getTokenIdFromHeader(String str) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        String[] split = str.split(" ");
        if (split.length != 2 || !split[0].equals("Bearer")) {
            return null;
        }
        try {
            return IdUtil.fromString(split[1]);
        } catch (IllegalArgumentException | NullPointerException e) {
            return null;
        }
    }

    private Application loadAdminApplication() {
        return (Application) this.sessionProvider.get().get(Application.class, IdUtil.fromString(this.configProvider.get().getString(Config.APPLICATION_ID)));
    }
}
