package org.kurento.jsonrpc.internal.server.config;

import com.google.common.base.Strings;
import com.woorea.openstack.keystone.Keystone;
import com.woorea.openstack.keystone.model.authentication.UsernamePassword;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.scribe.model.OAuthConstants;
import org.scribe.model.OAuthRequest;
import org.scribe.model.Response;
import org.scribe.model.Verb;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:lib/kurento-jsonrpc-server-6.0.0.jar:org/kurento/jsonrpc/internal/server/config/OAuthFiWareFilter.class */
public class OAuthFiWareFilter extends OncePerRequestFilter {
    private static final String X_AUTH_HEADER = "X-Auth-Token";
    private static final Logger log = LoggerFactory.getLogger(OAuthFiWareFilter.class);

    @Autowired
    private JsonRpcProperties props;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        log.trace("Client trying to stablish new websocket session with {}", httpServletRequest.getRequestURL().append('?').append(httpServletRequest.getQueryString()).toString());
        if (Strings.isNullOrEmpty(this.props.getKeystoneHost())) {
            log.trace("Request from {} authorized: no keystone host configured", httpServletRequest.getRemoteAddr());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String parseAccessToken = parseAccessToken(httpServletRequest);
        if (Strings.isNullOrEmpty(parseAccessToken)) {
            log.warn("Request from {} without OAuth token", httpServletRequest.getRemoteAddr());
            httpServletResponse.sendError(401, "Access token not found in request");
        } else if (!isTokenValid(parseAccessToken)) {
            httpServletResponse.sendError(401, "Unathorized request");
        } else {
            log.trace("The request from {} was authorized", httpServletRequest.getRemoteAddr());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private boolean isTokenValid(String str) {
        Response validateTokenWithServer = validateTokenWithServer(str);
        if (!validateTokenWithServer.isSuccessful() && validateTokenWithServer.getCode() == 401) {
            this.props.setAuthToken(obtainFilterToken());
            validateTokenWithServer = validateTokenWithServer(str);
        }
        if (!validateTokenWithServer.isSuccessful()) {
            log.warn("There was a request with a unauthorized OAuth token. {}", "OAuth server returns error code: " + validateTokenWithServer.getCode() + " and message '" + validateTokenWithServer.getMessage() + '\'');
        }
        return validateTokenWithServer.isSuccessful();
    }

    private Response validateTokenWithServer(String str) {
        String authToken = this.props.getAuthToken();
        OAuthRequest oAuthRequest = new OAuthRequest(Verb.GET, this.props.getKeystoneHost() + ':' + this.props.getKeystonePort() + this.props.getKeystonePath() + str);
        oAuthRequest.addHeader(X_AUTH_HEADER, authToken);
        return oAuthRequest.send();
    }

    private String obtainFilterToken() {
        return new Keystone(this.props.getKeystoneHost() + ':' + this.props.getKeystonePort() + '/' + this.props.getOAuthVersion()).tokens().authenticate(new UsernamePassword(this.props.getKeystoneProxyUser(), this.props.getKeystoneProxyPass())).execute().getToken().getId();
    }

    private String parseAccessToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(X_AUTH_HEADER);
        if (header == null) {
            header = httpServletRequest.getParameter(OAuthConstants.ACCESS_TOKEN);
        }
        return header;
    }
}
