package org.ow2.contrail.common.oauth.client;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.net.URI;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.scheme.SchemeSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.message.BasicNameValuePair;

/* loaded from: input_file:WEB-INF/lib/oauth-java-client-0.1-SNAPSHOT.jar:org/ow2/contrail/common/oauth/client/TokenValidator.class */
public class TokenValidator {
    private URI endpointUri;
    private String keystoreFile;
    private String keystorePass;
    private String truststoreFile;
    private String truststorePass;

    /* loaded from: input_file:WEB-INF/lib/oauth-java-client-0.1-SNAPSHOT.jar:org/ow2/contrail/common/oauth/client/TokenValidator$InvalidCertificateException.class */
    public static class InvalidCertificateException extends Exception {
        public InvalidCertificateException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/oauth-java-client-0.1-SNAPSHOT.jar:org/ow2/contrail/common/oauth/client/TokenValidator$InvalidOAuthTokenException.class */
    public static class InvalidOAuthTokenException extends Exception {
        public InvalidOAuthTokenException(String str) {
            super(str);
        }
    }

    public TokenValidator(URI uri, String str, String str2, String str3, String str4) {
        this.endpointUri = uri;
        this.keystoreFile = str;
        this.keystorePass = str2;
        this.truststoreFile = str3;
        this.truststorePass = str4;
    }

    public TokenInfo checkToken(HttpServletRequest httpServletRequest) throws Exception {
        String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
        if (header == null) {
            throw new InvalidOAuthTokenException("The Authorization header is missing.");
        }
        Matcher matcher = Pattern.compile("^Bearer ([\\w-]+)$").matcher(header);
        if (!matcher.find()) {
            throw new InvalidOAuthTokenException("Invalid Authorization header.");
        }
        String group = matcher.group(1);
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new InvalidCertificateException("The client certificate was not provided.");
        }
        return checkToken(group, x509CertificateArr[0].getSubjectDN().getName());
    }

    public TokenInfo checkToken(String str, String str2) throws Exception {
        HttpPost httpPost = new HttpPost(this.endpointUri);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("access_token", str));
        arrayList.add(new BasicNameValuePair("bearer_id", str2));
        httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(this.keystoreFile), this.keystorePass.toCharArray());
        KeyStore keyStore2 = KeyStore.getInstance("JKS");
        keyStore2.load(new FileInputStream(this.truststoreFile), this.truststorePass.toCharArray());
        SSLSocketFactory sSLSocketFactory = new SSLSocketFactory("TLS", keyStore, this.keystorePass, keyStore2, null, null, SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(new Scheme("https", this.endpointUri.getPort(), (SchemeSocketFactory) sSLSocketFactory));
        HttpResponse execute = new DefaultHttpClient(new ThreadSafeClientConnManager(schemeRegistry)).execute(httpPost);
        if (execute.getStatusLine().getStatusCode() != 200) {
            if (execute.getStatusLine().getStatusCode() == 401) {
                throw new InvalidOAuthTokenException("You are not authorized to access the requested resource.");
            }
            throw new Exception(String.format("Unexpected response received from the OAuth authorization server '%s': %s", this.endpointUri, execute.getStatusLine().toString()));
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        execute.getEntity().writeTo(byteArrayOutputStream);
        try {
            return new TokenInfo(byteArrayOutputStream.toString());
        } catch (Exception e) {
            throw new Exception(String.format("Invalid response received from the OAuth authorization server '%s': %s", this.endpointUri, e.getMessage()));
        }
    }
}
