package org.apache.cxf.rs.security.oauth2.services;

import java.util.logging.Logger;
import javax.ws.rs.Consumes;
import javax.ws.rs.Encoded;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.SecurityContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.openjpa.jdbc.meta.MappingTool;

@Path(MappingTool.ACTION_VALIDATE)
/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/services/AccessTokenValidatorService.class */
public class AccessTokenValidatorService extends AbstractAccessTokenValidator {
    private static final Logger LOG = LogUtils.getL7dLogger(AccessTokenValidatorService.class);
    private boolean blockUnsecureRequests;
    private boolean blockUnauthorizedRequests = true;

    @POST
    @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
    @Consumes({MediaType.APPLICATION_FORM_URLENCODED})
    public AccessTokenValidation getTokenValidationInfo(@Encoded MultivaluedMap<String, String> multivaluedMap) {
        checkSecurityContext();
        try {
            return super.getAccessTokenValidation(multivaluedMap.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_TYPE), multivaluedMap.getFirst(OAuthConstants.AUTHORIZATION_SCHEME_DATA), multivaluedMap);
        } catch (NotAuthorizedException e) {
            AccessTokenValidation accessTokenValidation = new AccessTokenValidation();
            accessTokenValidation.setInitialValidationSuccessful(false);
            return accessTokenValidation;
        }
    }

    private void checkSecurityContext() {
        SecurityContext securityContext = getMessageContext().getSecurityContext();
        if (!securityContext.isSecure() && this.blockUnsecureRequests) {
            LOG.warning("Unsecure HTTP, Transport Layer Security is recommended");
            AuthorizationUtils.throwAuthorizationFailure(this.supportedSchemes, this.realm);
        }
        if (securityContext.getUserPrincipal() == null && this.blockUnauthorizedRequests) {
            LOG.warning("Authenticated Principal is not available");
            AuthorizationUtils.throwAuthorizationFailure(this.supportedSchemes, this.realm);
        }
    }

    public void setBlockUnsecureRequests(boolean z) {
        this.blockUnsecureRequests = z;
    }

    public void setBlockUnauthorizedRequests(boolean z) {
        this.blockUnauthorizedRequests = z;
    }
}
