package eu.contrail.security;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URI;
import java.net.URISyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.ow2.contrail.common.oauth.client.TokenInfo;
import org.ow2.contrail.common.oauth.client.TokenValidator;
import org.ow2.contrail.federation.federationdb.jpa.dao.UserDAO;
import org.ow2.contrail.federation.federationdb.jpa.entities.User;

/* loaded from: input_file:WEB-INF/classes/eu/contrail/security/OAuthFilter.class */
public class OAuthFilter implements Filter {
    private ServletContext ctx;
    private TokenValidator tokenValidator;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.ctx = filterConfig.getServletContext();
        try {
            this.tokenValidator = new TokenValidator(new URI(filterConfig.getInitParameter("checkTokenEndpointUri")), filterConfig.getInitParameter("keystoreFile"), filterConfig.getInitParameter("keystorePass"), filterConfig.getInitParameter("truststoreFile"), filterConfig.getInitParameter("truststorePass"));
        } catch (URISyntaxException e) {
            throw new ServletException("Failed to initialize OAuthFilter: " + e.getMessage());
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            TokenInfo checkToken = this.tokenValidator.checkToken(httpServletRequest);
            User findByUuid = new UserDAO().findByUuid(checkToken.getOwnerUuid());
            if (findByUuid == null) {
                throw new TokenValidator.InvalidOAuthTokenException("The user specified in the access token cannot be found.");
            }
            httpServletRequest.setAttribute("user", findByUuid);
            httpServletRequest.setAttribute("access_token", checkToken.getAccessToken());
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (TokenValidator.InvalidCertificateException e) {
            httpServletResponse.sendError(401, e.getMessage());
        } catch (TokenValidator.InvalidOAuthTokenException e2) {
            httpServletResponse.sendError(401, e2.getMessage());
        } catch (Exception e3) {
            this.ctx.log("Failed to validate OAuth access token: " + e3.getMessage(), e3);
            StringWriter stringWriter = new StringWriter();
            e3.printStackTrace(new PrintWriter(stringWriter));
            this.ctx.log("Stacktrace:" + stringWriter.toString());
            throw new ServletException("Failed to validate OAuth access token.");
        }
    }

    public void destroy() {
    }
}
