package org.springframework.security.oauth.provider.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth.common.OAuthConsumerParameter;
import org.springframework.security.oauth.common.OAuthException;
import org.springframework.security.oauth.common.signature.CoreOAuthSignatureMethodFactory;
import org.springframework.security.oauth.common.signature.OAuthSignatureMethod;
import org.springframework.security.oauth.common.signature.OAuthSignatureMethodFactory;
import org.springframework.security.oauth.common.signature.SignatureSecret;
import org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException;
import org.springframework.security.oauth.provider.ConsumerAuthentication;
import org.springframework.security.oauth.provider.ConsumerCredentials;
import org.springframework.security.oauth.provider.ConsumerDetails;
import org.springframework.security.oauth.provider.ConsumerDetailsService;
import org.springframework.security.oauth.provider.InvalidOAuthParametersException;
import org.springframework.security.oauth.provider.OAuthAuthenticationDetails;
import org.springframework.security.oauth.provider.OAuthProcessingFilterEntryPoint;
import org.springframework.security.oauth.provider.OAuthProviderSupport;
import org.springframework.security.oauth.provider.OAuthVersionUnsupportedException;
import org.springframework.security.oauth.provider.nonce.ExpiringTimestampNonceServices;
import org.springframework.security.oauth.provider.nonce.OAuthNonceServices;
import org.springframework.security.oauth.provider.token.OAuthProviderToken;
import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth-2.0.10.RELEASE.jar:org/springframework/security/oauth/provider/filter/OAuthProviderProcessingFilter.class */
public abstract class OAuthProviderProcessingFilter implements Filter, InitializingBean, MessageSourceAware {
    public static final String OAUTH_PROCESSING_HANDLED = "org.springframework.security.oauth.provider.OAuthProviderProcessingFilter#SKIP_PROCESSING";
    private final Log log = LogFactory.getLog(getClass());
    private final List<String> allowedMethods = new ArrayList(Arrays.asList("GET", "POST"));
    private OAuthProcessingFilterEntryPoint authenticationEntryPoint = new OAuthProcessingFilterEntryPoint();
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private String filterProcessesUrl = "/oauth_filter";
    private OAuthProviderSupport providerSupport = new CoreOAuthProviderSupport();
    private OAuthSignatureMethodFactory signatureMethodFactory = new CoreOAuthSignatureMethodFactory();
    private OAuthNonceServices nonceServices = new ExpiringTimestampNonceServices();
    private boolean ignoreMissingCredentials = false;
    private OAuthProviderTokenServices tokenServices;
    private ConsumerDetailsService consumerDetailsService;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.consumerDetailsService, "A consumer details service is required.");
        Assert.notNull(this.tokenServices, "Token services are required.");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (skipProcessing(httpServletRequest)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Processing explicitly skipped.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!requiresAuthentication(httpServletRequest, httpServletResponse, filterChain)) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Request does not require authentication.  OAuth processing skipped.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!allowMethod(httpServletRequest.getMethod().toUpperCase())) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Method " + httpServletRequest.getMethod() + " not supported.");
            }
            httpServletResponse.sendError(405);
            return;
        }
        try {
            Map<String, String> parseParameters = getProviderSupport().parseParameters(httpServletRequest);
            if (parametersAreAdequate(parseParameters)) {
                if (this.log.isDebugEnabled()) {
                    StringBuilder sb = new StringBuilder("OAuth parameters parsed: ");
                    for (String str : parseParameters.keySet()) {
                        sb.append(str).append('=').append(parseParameters.get(str)).append(' ');
                    }
                    this.log.debug(sb.toString());
                }
                String str2 = parseParameters.get(OAuthConsumerParameter.oauth_consumer_key.toString());
                if (str2 == null) {
                    throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingConsumerKey", "Missing consumer key."));
                }
                ConsumerDetails loadConsumerByConsumerKey = getConsumerDetailsService().loadConsumerByConsumerKey(str2);
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Consumer details loaded for " + str2 + ": " + loadConsumerByConsumerKey);
                }
                validateOAuthParams(loadConsumerByConsumerKey, parseParameters);
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Parameters validated.");
                }
                ConsumerAuthentication consumerAuthentication = new ConsumerAuthentication(loadConsumerByConsumerKey, new ConsumerCredentials(str2, parseParameters.get(OAuthConsumerParameter.oauth_signature.toString()), parseParameters.get(OAuthConsumerParameter.oauth_signature_method.toString()), getProviderSupport().getSignatureBaseString(httpServletRequest), parseParameters.get(OAuthConsumerParameter.oauth_token.toString())), parseParameters);
                consumerAuthentication.setDetails(createDetails(httpServletRequest, loadConsumerByConsumerKey));
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                try {
                    SecurityContextHolder.getContext().setAuthentication(consumerAuthentication);
                    validateSignature(consumerAuthentication);
                    consumerAuthentication.setSignatureValidated(true);
                    httpServletRequest.setAttribute(OAUTH_PROCESSING_HANDLED, Boolean.TRUE);
                    if (this.log.isDebugEnabled()) {
                        this.log.debug("Signature validated.");
                    }
                    onValidSignature(httpServletRequest, httpServletResponse, filterChain);
                    resetPreviousAuthentication(authentication);
                } catch (Throwable th) {
                    resetPreviousAuthentication(authentication);
                    throw th;
                }
            } else {
                if (!isIgnoreInadequateCredentials()) {
                    throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingCredentials", "Inadequate OAuth consumer credentials."));
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug("Supplied OAuth parameters are inadequate. Ignoring.");
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } catch (ServletException e) {
            if (!(e.getRootCause() instanceof AuthenticationException)) {
                throw e;
            }
            fail(httpServletRequest, httpServletResponse, (AuthenticationException) e.getRootCause());
        } catch (AuthenticationException e2) {
            fail(httpServletRequest, httpServletResponse, e2);
        }
    }

    protected boolean parametersAreAdequate(Map<String, String> map) {
        return map.containsKey(OAuthConsumerParameter.oauth_consumer_key.toString());
    }

    protected void resetPreviousAuthentication(Authentication authentication) {
        SecurityContextHolder.getContext().setAuthentication(authentication);
    }

    protected Object createDetails(HttpServletRequest httpServletRequest, ConsumerDetails consumerDetails) {
        return new OAuthAuthenticationDetails(httpServletRequest, consumerDetails);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean allowMethod(String str) {
        return this.allowedMethods.contains(str);
    }

    protected void validateSignature(ConsumerAuthentication consumerAuthentication) throws AuthenticationException {
        SignatureSecret signatureSecret = consumerAuthentication.getConsumerDetails().getSignatureSecret();
        String token = consumerAuthentication.getConsumerCredentials().getToken();
        OAuthProviderToken oAuthProviderToken = null;
        if (token != null && !"".equals(token)) {
            oAuthProviderToken = getTokenServices().getToken(token);
        }
        try {
            OAuthSignatureMethod signatureMethod = getSignatureMethodFactory().getSignatureMethod(consumerAuthentication.getConsumerCredentials().getSignatureMethod(), signatureSecret, oAuthProviderToken != null ? oAuthProviderToken.getSecret() : null);
            String signatureBaseString = consumerAuthentication.getConsumerCredentials().getSignatureBaseString();
            String signature = consumerAuthentication.getConsumerCredentials().getSignature();
            if (this.log.isDebugEnabled()) {
                this.log.debug("Verifying signature " + signature + " for signature base string " + signatureBaseString + " with method " + signatureMethod.getName() + ".");
            }
            signatureMethod.verify(signatureBaseString, signature);
        } catch (UnsupportedSignatureMethodException e) {
            throw new OAuthException(e.getMessage(), e);
        }
    }

    protected abstract void onValidSignature(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException;

    protected void validateOAuthParams(ConsumerDetails consumerDetails, Map<String, String> map) throws InvalidOAuthParametersException {
        String str = map.get(OAuthConsumerParameter.oauth_version.toString());
        if (str != null && !"1.0".equals(str)) {
            throw new OAuthVersionUnsupportedException("Unsupported OAuth version: " + str);
        }
        String str2 = map.get("realm");
        String str3 = (str2 == null || "".equals(str2)) ? null : str2;
        if (str3 != null && !str3.equals(this.authenticationEntryPoint.getRealmName())) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.incorrectRealm", new Object[]{str3, getAuthenticationEntryPoint().getRealmName()}, "Response realm name '{0}' does not match system realm name of '{1}'"));
        }
        if (map.get(OAuthConsumerParameter.oauth_signature_method.toString()) == null) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingSignatureMethod", "Missing signature method."));
        }
        if (map.get(OAuthConsumerParameter.oauth_signature.toString()) == null) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingSignature", "Missing signature."));
        }
        String str4 = map.get(OAuthConsumerParameter.oauth_timestamp.toString());
        if (str4 == null) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingTimestamp", "Missing timestamp."));
        }
        String str5 = map.get(OAuthConsumerParameter.oauth_nonce.toString());
        if (str5 == null) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.missingNonce", "Missing nonce."));
        }
        try {
            getNonceServices().validateNonce(consumerDetails, Long.parseLong(str4), str5);
            validateAdditionalParameters(consumerDetails, map);
        } catch (NumberFormatException e) {
            throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.invalidTimestamp", new Object[]{str4}, "Timestamp must be a positive integer. Invalid value: {0}"));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateAdditionalParameters(ConsumerDetails consumerDetails, Map<String, String> map) {
    }

    protected void onNewTimestamp() throws AuthenticationException {
        throw new InvalidOAuthParametersException(this.messages.getMessage("OAuthProcessingFilter.timestampNotNew", "A new timestamp should not be used in a request for an access token."));
    }

    protected void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.getContext().setAuthentication(null);
        if (this.log.isDebugEnabled()) {
            this.log.debug(authenticationException);
        }
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(59);
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        if ("".equals(httpServletRequest.getContextPath())) {
            return requestURI.endsWith(this.filterProcessesUrl);
        }
        boolean endsWith = requestURI.endsWith(httpServletRequest.getContextPath() + this.filterProcessesUrl);
        if (this.log.isDebugEnabled()) {
            this.log.debug(requestURI + (endsWith ? " matches " : " does not match ") + this.filterProcessesUrl);
        }
        return endsWith;
    }

    protected boolean skipProcessing(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(OAUTH_PROCESSING_HANDLED) != null && Boolean.TRUE.equals(httpServletRequest.getAttribute(OAUTH_PROCESSING_HANDLED));
    }

    public OAuthProcessingFilterEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    @Autowired(required = false)
    public void setAuthenticationEntryPoint(OAuthProcessingFilterEntryPoint oAuthProcessingFilterEntryPoint) {
        this.authenticationEntryPoint = oAuthProcessingFilterEntryPoint;
    }

    public ConsumerDetailsService getConsumerDetailsService() {
        return this.consumerDetailsService;
    }

    @Autowired
    public void setConsumerDetailsService(ConsumerDetailsService consumerDetailsService) {
        this.consumerDetailsService = consumerDetailsService;
    }

    public OAuthNonceServices getNonceServices() {
        return this.nonceServices;
    }

    @Autowired(required = false)
    public void setNonceServices(OAuthNonceServices oAuthNonceServices) {
        this.nonceServices = oAuthNonceServices;
    }

    public OAuthProviderTokenServices getTokenServices() {
        return this.tokenServices;
    }

    @Autowired
    public void setTokenServices(OAuthProviderTokenServices oAuthProviderTokenServices) {
        this.tokenServices = oAuthProviderTokenServices;
    }

    public String getFilterProcessesUrl() {
        return this.filterProcessesUrl;
    }

    public void setFilterProcessesUrl(String str) {
        this.filterProcessesUrl = str;
    }

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public OAuthProviderSupport getProviderSupport() {
        return this.providerSupport;
    }

    @Autowired(required = false)
    public void setProviderSupport(OAuthProviderSupport oAuthProviderSupport) {
        this.providerSupport = oAuthProviderSupport;
    }

    public OAuthSignatureMethodFactory getSignatureMethodFactory() {
        return this.signatureMethodFactory;
    }

    @Autowired(required = false)
    public void setSignatureMethodFactory(OAuthSignatureMethodFactory oAuthSignatureMethodFactory) {
        this.signatureMethodFactory = oAuthSignatureMethodFactory;
    }

    public boolean isIgnoreInadequateCredentials() {
        return this.ignoreMissingCredentials;
    }

    public void setIgnoreMissingCredentials(boolean z) {
        this.ignoreMissingCredentials = z;
    }

    public void setAllowedMethods(List<String> list) {
        this.allowedMethods.clear();
        if (list != null) {
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                this.allowedMethods.add(it.next().toUpperCase());
            }
        }
    }
}
