package org.ow2.contrail.common.oauth.client;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.ow2.contrail.common.oauth.client.TokenValidator;

/* loaded from: input_file:WEB-INF/lib/oauth-java-client-0.1-SNAPSHOT.jar:org/ow2/contrail/common/oauth/client/OAuthFilter.class */
public class OAuthFilter implements Filter {
    private static Logger log = Logger.getLogger(OAuthFilter.class);
    private static final String TOKEN_INFO_ATTR = "access_token_info";
    private TokenValidator tokenValidator;
    private Boolean testMode;

    public void init(FilterConfig filterConfig) throws ServletException {
        log.debug("Initializing OAuthFilter...");
        String initParameter = filterConfig.getInitParameter("configuration-file");
        if (initParameter == null) {
            throw new ServletException("OAuthFilter: missing parameter 'configuration-file'.");
        }
        Properties properties = new Properties();
        try {
            properties.load(new FileInputStream(initParameter));
            log.debug(String.format("Properties loaded successfully from file '%s'.", initParameter));
            try {
                this.testMode = Boolean.valueOf(filterConfig.getInitParameter("test-mode"));
                if (this.testMode.booleanValue()) {
                    log.warn("OAuthFilter is running in test mode. Non-SSL requests are allowed without authentication.");
                }
                this.tokenValidator = new TokenValidator(new URI(properties.getProperty("oauthFilter.validationEndpoint")), properties.getProperty("oauthFilter.keystore.file"), properties.getProperty("oauthFilter.keystore.pass"), properties.getProperty("oauthFilter.truststore.file"), properties.getProperty("oauthFilter.truststore.pass"));
                log.info("OAuthFilter initialized successfully.");
            } catch (Exception e) {
                log.error("Failed to initialize OAuthFilter: " + e.getMessage(), e);
                throw new ServletException("Failed to initialize OAuthFilter: " + e.getMessage(), e);
            }
        } catch (IOException e2) {
            String format = String.format("Failed to read properties file '%s': %s", initParameter, e2.getMessage());
            log.error(format, e2);
            throw new ServletException(format, e2);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!httpServletRequest.isSecure()) {
            if (this.testMode.booleanValue()) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                httpServletResponse.sendError(403, "Secure connection is required.");
                return;
            }
        }
        try {
            httpServletRequest.setAttribute(TOKEN_INFO_ATTR, this.tokenValidator.checkToken(httpServletRequest));
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (TokenValidator.InvalidCertificateException e) {
            httpServletResponse.sendError(401, e.getMessage());
        } catch (TokenValidator.InvalidOAuthTokenException e2) {
            httpServletResponse.sendError(401, e2.getMessage());
        } catch (Exception e3) {
            log.error("Failed to validate OAuth access token: " + e3.getMessage(), e3);
            throw new ServletException("Failed to validate OAuth access token.");
        }
    }

    public static TokenInfo getAccessTokenInfo(HttpServletRequest httpServletRequest) {
        return (TokenInfo) httpServletRequest.getAttribute(TOKEN_INFO_ATTR);
    }

    public void destroy() {
    }
}
