package net.krotscheck.kangaroo.authz.oauth2.authn.filter;

import java.io.IOException;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.oauth2.authn.annotation.OAuthFilterChain;
import net.krotscheck.kangaroo.authz.oauth2.authn.factory.CredentialsFactory;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import org.apache.commons.lang3.StringUtils;
import org.glassfish.jersey.internal.inject.AbstractBinder;
import org.hibernate.Session;

@Priority(2000)
@OAuthFilterChain
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/filter/ClientAuthorizationFilter.class */
public final class ClientAuthorizationFilter implements ContainerRequestFilter {
    private final Provider<CredentialsFactory.Credentials> credentialsProvider;
    private final Provider<Session> sessionProvider;

    /* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/filter/ClientAuthorizationFilter$Binder.class */
    public static final class Binder extends AbstractBinder {
        @Override // org.glassfish.jersey.internal.inject.AbstractBinder
        protected void configure() {
            bind(ClientAuthorizationFilter.class).to(ContainerRequestFilter.class).in(Singleton.class);
        }
    }

    @Inject
    public ClientAuthorizationFilter(Provider<CredentialsFactory.Credentials> provider, Provider<Session> provider2) {
        this.credentialsProvider = provider;
        this.sessionProvider = provider2;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        CredentialsFactory.Credentials credentials = this.credentialsProvider.get();
        Session session = this.sessionProvider.get();
        if (!credentials.isValid().booleanValue()) {
            throw new RFC6749.InvalidClientException();
        }
        Client client = (Client) session.get(Client.class, credentials.getLogin());
        if (client == null) {
            throw new RFC6749.InvalidClientException();
        }
        if (Boolean.valueOf(!StringUtils.isEmpty(client.getClientSecret())).booleanValue()) {
            if (!client.getClientSecret().equals(credentials.getPassword())) {
                throw new RFC6749.AccessDeniedException();
            }
        } else if (!StringUtils.isEmpty(credentials.getPassword())) {
            throw new RFC6749.AccessDeniedException();
        }
    }
}
