package net.krotscheck.kangaroo.authz.oauth2.authn.authn;

import java.math.BigInteger;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.inject.Provider;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.container.ContainerRequestContext;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthTokenType;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Principal;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.common.hibernate.id.IdUtil;
import org.glassfish.jersey.server.ContainerRequest;
import org.hibernate.Session;

@Priority(1000)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/authn/O2BearerTokenFilter.class */
public final class O2BearerTokenFilter extends AbstractO2AuthenticationFilter {
    private static final Pattern BEARER = Pattern.compile("^Bearer ([a-f0-9]{32})$", 2);
    private final Boolean permitPrivate;
    private final Boolean permitPublic;

    public O2BearerTokenFilter(Provider<ContainerRequest> provider, Provider<Session> provider2, boolean z, boolean z2) {
        super(provider, provider2);
        this.permitPrivate = Boolean.valueOf(z);
        this.permitPublic = Boolean.valueOf(z2);
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        Optional map = Optional.ofNullable(containerRequestContext.getHeaderString("Authorization")).map((v0) -> {
            return v0.trim();
        });
        Pattern pattern = BEARER;
        pattern.getClass();
        Matcher matcher = (Matcher) map.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).orElse(null);
        if (matcher == null) {
            return;
        }
        OAuthToken oAuthToken = (OAuthToken) Optional.of((BigInteger) Optional.ofNullable(matcher.group(1)).map(IdUtil::fromString).orElseThrow(BadRequestException::new)).map(bigInteger -> {
            return (OAuthToken) getSession().find(OAuthToken.class, bigInteger);
        }).filter(oAuthToken2 -> {
            return oAuthToken2.getTokenType().equals(OAuthTokenType.Bearer);
        }).filter(oAuthToken3 -> {
            return !oAuthToken3.isExpired();
        }).orElseThrow(RFC6749.AccessDeniedException::new);
        Client client = oAuthToken.getClient();
        if (!client.isPublic().equals(this.permitPublic) && !client.isPrivate().equals(this.permitPrivate)) {
            throw new RFC6749.AccessDeniedException();
        }
        setPrincipal(new O2Principal(oAuthToken));
    }
}
