package io.bitunnel.common.security;

import com.lambdaworks.redis.api.StatefulRedisConnection;
import io.bitunnel.common.db.RedisConnectionFactory;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;

/* loaded from: input_file:io/bitunnel/common/security/SecureResourceFilter.class */
public class SecureResourceFilter implements Filter {
    public static final String INVALID_CLIENT_DESCRIPTION = "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method).";
    public static final String INVALID_TENANT_DESCRIPTION = "Client does not have access to Tenant";
    public static final String RESOURCE_SERVER_NAME = "TradeDepot";
    private FilterConfig config;

    public void setFilterConfig(FilterConfig filterConfig) {
        this.config = filterConfig;
    }

    public FilterConfig getFilterConfig() {
        return this.config;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        setFilterConfig(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String str = "" + httpServletRequest.getServletPath() + httpServletRequest.getPathInfo();
        StatefulRedisConnection<String, String> connection = ((RedisConnectionFactory) getFilterConfig().getServletContext().getAttribute("REDIS_SENTINEL_CONNECTION")).getConnection();
        if (str.contains("api-docs")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            try {
                if (!str.contains("access_token")) {
                    try {
                        String header = httpServletRequest.getHeader("tenant_id");
                        String accessToken = new OAuthAccessResourceRequest(httpServletRequest, new ParameterStyle[]{ParameterStyle.QUERY}).getAccessToken();
                        if (connection == null) {
                            buildErrorMessage(httpServletResponse, 400, "", "Token Server Not Available");
                            return;
                        } else if (validateToken(connection, accessToken, header)) {
                            filterChain.doFilter(servletRequest, servletResponse);
                            return;
                        } else {
                            buildErrorMessage(httpServletResponse, 401, "Invalid Credentials", INVALID_CLIENT_DESCRIPTION);
                            return;
                        }
                    } catch (OAuthProblemException e) {
                        if (OAuthUtils.isEmpty(e.getError())) {
                            buildErrorMessage(httpServletResponse, 400, "", "");
                            return;
                        } else {
                            buildErrorMessage(httpServletResponse, 401, e.getError(), "");
                            return;
                        }
                    }
                }
                try {
                    String header2 = httpServletRequest.getHeader("tenant_id");
                    OAuthTokenRequest oAuthTokenRequest = new OAuthTokenRequest(new OAuthRequestWrapper(httpServletRequest));
                    String clientId = oAuthTokenRequest.getClientId();
                    String clientSecret = oAuthTokenRequest.getClientSecret();
                    if (connection == null) {
                        buildErrorMessage(httpServletResponse, 400, "", "Token Server Not Available");
                        return;
                    }
                    if (!validateClientAndSecret(connection, clientId, clientSecret)) {
                        buildErrorMessage(httpServletResponse, 400, "invalid_request", INVALID_CLIENT_DESCRIPTION);
                    } else if (validateTenantPermission(connection, clientId, header2)) {
                        filterChain.doFilter(servletRequest, servletResponse);
                    } else {
                        buildErrorMessage(httpServletResponse, 400, "invalid_request", INVALID_TENANT_DESCRIPTION);
                    }
                } catch (OAuthProblemException e2) {
                    if (OAuthUtils.isEmpty(e2.getError())) {
                        buildErrorMessage(httpServletResponse, 400, "", "");
                    } else {
                        buildErrorMessage(httpServletResponse, 400, e2.getError(), "");
                    }
                }
            } catch (OAuthSystemException e3) {
                httpServletResponse.setStatus(400);
                httpServletResponse.setHeader("WWW-Authenticate", e3.getMessage());
            }
        } catch (OAuthSystemException e4) {
            httpServletResponse.setStatus(400);
            httpServletResponse.setHeader("WWW-Authenticate", e4.getMessage());
        }
    }

    private boolean validateClientAndSecret(StatefulRedisConnection<String, String> statefulRedisConnection, String str, String str2) {
        String str3 = (String) statefulRedisConnection.sync().hget(str, "SECRET");
        return str3 != null && str3.equals(str2);
    }

    private boolean validateTenantPermission(StatefulRedisConnection<String, String> statefulRedisConnection, String str, String str2) {
        return statefulRedisConnection.sync().sismember(new StringBuilder().append("TENANT_PERMISSIONS_").append(str2).toString(), str).booleanValue();
    }

    private boolean validateToken(StatefulRedisConnection<String, String> statefulRedisConnection, String str, String str2) {
        String str3 = (String) statefulRedisConnection.sync().hget(str, "TENANT_ID");
        return str3 != null && str3.equals(str2);
    }

    private void buildErrorMessage(HttpServletResponse httpServletResponse, int i, String str, String str2) throws IOException, OAuthSystemException {
        OAuthResponse.OAuthErrorResponseBuilder realm = OAuthASResponse.errorResponse(i).setError(str).setErrorDescription(str2).setRealm(RESOURCE_SERVER_NAME);
        OAuthResponse buildHeaderMessage = realm.buildHeaderMessage();
        OAuthResponse buildJSONMessage = realm.buildJSONMessage();
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setStatus(i);
        httpServletResponse.setHeader("WWW-Authenticate", buildHeaderMessage.getHeader("WWW-Authenticate"));
        PrintWriter writer = httpServletResponse.getWriter();
        writer.print(buildJSONMessage.getBody());
        writer.flush();
    }

    public void destroy() {
    }
}
