package cn.aotcloud.oauth2.altu.oauth2.rsfilter;

import cn.aotcloud.oauth2.altu.oauth2.common.OAuth;
import cn.aotcloud.oauth2.altu.oauth2.common.error.OAuthError;
import cn.aotcloud.oauth2.altu.oauth2.common.exception.OAuthProblemException;
import cn.aotcloud.oauth2.altu.oauth2.common.exception.OAuthSystemException;
import cn.aotcloud.oauth2.altu.oauth2.common.message.OAuthResponse;
import cn.aotcloud.oauth2.altu.oauth2.common.message.types.ParameterStyle;
import cn.aotcloud.oauth2.altu.oauth2.rs.request.OAuthAccessResourceRequest;
import cn.aotcloud.oauth2.altu.oauth2.rs.response.OAuthRSResponse;
import cn.aotcloud.utils.HttpServletUtil;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

/* compiled from: OAuthFilter.java */
/* loaded from: input_file:cn/aotcloud/oauth2/altu/oauth2/rsfilter/I111ii1I.class */
public class I111ii1I implements Filter {
    public static final String II11iIiI = "oauth.rs.provider-class";
    public static final String I111ii1I = "oauth.rs.realm";
    public static final String i111IiI1 = "OAuth Protected Service";
    public static final String i1iI111I = "oauth.rs.tokens";
    public static final ParameterStyle iI1II1Ii = ParameterStyle.HEADER;
    private static final String I1iIiI1I = ",";
    private String Iii11I11;
    private OAuthRSProvider iiIII11I;
    private ParameterStyle[] i11I1I1i;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.iiIII11I = (OAuthRSProvider) i111IiI1.II11iIiI(filterConfig.getServletContext(), II11iIiI, OAuthRSProvider.class);
        this.Iii11I11 = filterConfig.getServletContext().getInitParameter(I111ii1I);
        if (i111IiI1.II11iIiI(this.Iii11I11)) {
            this.Iii11I11 = i111IiI1;
        }
        String initParameter = filterConfig.getServletContext().getInitParameter(i1iI111I);
        if (i111IiI1.II11iIiI(initParameter)) {
            this.i11I1I1i = new ParameterStyle[]{iI1II1Ii};
            return;
        }
        String[] split = initParameter.split(I1iIiI1I);
        if (split == null || split.length <= 0) {
            return;
        }
        this.i11I1I1i = new ParameterStyle[split.length];
        for (int i = 0; i < split.length; i++) {
            this.i11I1I1i[i] = ParameterStyle.valueOf(split[i]);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            OAuthDecision validateRequest = this.iiIII11I.validateRequest(this.Iii11I11, new OAuthAccessResourceRequest(httpServletRequest, this.i11I1I1i).getAccessToken(), httpServletRequest);
            final Principal principal = validateRequest.getPrincipal();
            HttpServletRequestWrapper httpServletRequestWrapper = new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: cn.aotcloud.oauth2.altu.oauth2.rsfilter.I111ii1I.1
                public String getRemoteUser() {
                    if (principal != null) {
                        return principal.getName();
                    }
                    return null;
                }

                public Principal getUserPrincipal() {
                    return principal;
                }
            };
            httpServletRequestWrapper.setAttribute(OAuth.OAUTH_CLIENT_ID, validateRequest.getOAuthClient().getClientId());
            filterChain.doFilter(httpServletRequestWrapper, servletResponse);
        } catch (OAuthProblemException e) {
            II11iIiI(httpServletResponse, e);
        } catch (OAuthSystemException e2) {
            throw new ServletException(e2);
        }
    }

    public void destroy() {
    }

    private void II11iIiI(HttpServletResponse httpServletResponse, OAuthProblemException oAuthProblemException) throws IOException, ServletException {
        OAuthResponse buildHeaderMessage;
        try {
            if (i111IiI1.II11iIiI(oAuthProblemException.getError())) {
                buildHeaderMessage = OAuthRSResponse.errorResponse(401).setRealm(this.Iii11I11).buildHeaderMessage();
            } else {
                int i = 401;
                if (oAuthProblemException.getError().equals("invalid_request")) {
                    i = 400;
                } else if (oAuthProblemException.getError().equals(OAuthError.ResourceResponse.INSUFFICIENT_SCOPE)) {
                    i = 403;
                }
                buildHeaderMessage = OAuthRSResponse.errorResponse(i).setRealm(this.Iii11I11).setError(oAuthProblemException.getError()).setErrorDescription(oAuthProblemException.getDescription()).setErrorUri(oAuthProblemException.getUri()).buildHeaderMessage();
            }
            HttpServletUtil.addHeader(httpServletResponse, OAuth.HeaderType.WWW_AUTHENTICATE, buildHeaderMessage.getHeader(OAuth.HeaderType.WWW_AUTHENTICATE));
            HttpServletUtil.sendError(httpServletResponse, buildHeaderMessage.getResponseStatus());
        } catch (OAuthSystemException e) {
            throw new ServletException(e);
        }
    }
}
