package org.springframework.security.oauth.consumer.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.oauth.common.OAuthProviderParameter;
import org.springframework.security.oauth.consumer.AccessTokenRequiredException;
import org.springframework.security.oauth.consumer.OAuthConsumerSupport;
import org.springframework.security.oauth.consumer.OAuthConsumerToken;
import org.springframework.security.oauth.consumer.OAuthRequestFailedException;
import org.springframework.security.oauth.consumer.OAuthSecurityContextHolder;
import org.springframework.security.oauth.consumer.OAuthSecurityContextImpl;
import org.springframework.security.oauth.consumer.ProtectedResourceDetails;
import org.springframework.security.oauth.consumer.rememberme.HttpSessionOAuthRememberMeServices;
import org.springframework.security.oauth.consumer.rememberme.OAuthRememberMeServices;
import org.springframework.security.oauth.consumer.token.HttpSessionBasedTokenServices;
import org.springframework.security.oauth.consumer.token.OAuthConsumerTokenServices;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.PortResolver;
import org.springframework.security.web.PortResolverImpl;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter.class */
public class OAuthConsumerContextFilter implements Filter, InitializingBean, MessageSourceAware {
    public static final String ACCESS_TOKENS_DEFAULT_ATTRIBUTE = "OAUTH_ACCESS_TOKENS";
    public static final String OAUTH_FAILURE_KEY = "OAUTH_FAILURE_KEY";
    private static final Log LOG = LogFactory.getLog(OAuthConsumerContextFilter.class);
    private AccessDeniedHandler OAuthFailureHandler;
    private OAuthConsumerSupport consumerSupport;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private OAuthRememberMeServices rememberMeServices = new HttpSessionOAuthRememberMeServices();
    private String accessTokensRequestAttribute = ACCESS_TOKENS_DEFAULT_ATTRIBUTE;
    private PortResolver portResolver = new PortResolverImpl();
    private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
    private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private OAuthConsumerTokenServices tokenServices = new HttpSessionBasedTokenServices();

    /* loaded from: input_file:org/springframework/security/oauth/consumer/filter/OAuthConsumerContextFilter$DefaultThrowableAnalyzer.class */
    private static final class DefaultThrowableAnalyzer extends ThrowableAnalyzer {
        private DefaultThrowableAnalyzer() {
        }

        protected void initExtractorMap() {
            super.initExtractorMap();
            registerExtractor(ServletException.class, new ThrowableCauseExtractor() { // from class: org.springframework.security.oauth.consumer.filter.OAuthConsumerContextFilter.DefaultThrowableAnalyzer.1
                public Throwable extractCause(Throwable th) {
                    ThrowableAnalyzer.verifyThrowableHierarchy(th, ServletException.class);
                    return ((ServletException) th).getRootCause();
                }
            });
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.rememberMeServices, "Remember-me services must be provided.");
        Assert.notNull(this.consumerSupport, "Consumer support must be provided.");
        Assert.notNull(this.tokenServices, "OAuth token services are required.");
        Assert.notNull(this.redirectStrategy, "A redirect strategy must be supplied.");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        OAuthSecurityContextImpl oAuthSecurityContextImpl = new OAuthSecurityContextImpl();
        oAuthSecurityContextImpl.setDetails(httpServletRequest);
        Map<String, OAuthConsumerToken> loadRememberedTokens = getRememberMeServices().loadRememberedTokens(httpServletRequest, httpServletResponse);
        TreeMap treeMap = new TreeMap();
        TreeMap treeMap2 = new TreeMap();
        if (loadRememberedTokens != null) {
            for (Map.Entry<String, OAuthConsumerToken> entry : loadRememberedTokens.entrySet()) {
                OAuthConsumerToken value = entry.getValue();
                if (value != null) {
                    if (value.isAccessToken()) {
                        treeMap.put(entry.getKey(), value);
                    } else {
                        treeMap2.put(entry.getKey(), value);
                    }
                }
            }
        }
        oAuthSecurityContextImpl.setAccessTokens(treeMap);
        OAuthSecurityContextHolder.setContext(oAuthSecurityContextImpl);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Storing access tokens in request attribute '" + getAccessTokensRequestAttribute() + "'.");
        }
        try {
            try {
                httpServletRequest.setAttribute(getAccessTokensRequestAttribute(), new ArrayList(treeMap.values()));
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (Exception e) {
                try {
                    ProtectedResourceDetails checkForResourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e);
                    String id = checkForResourceThatNeedsAuthorization.getId();
                    while (!treeMap.containsKey(id)) {
                        OAuthConsumerToken oAuthConsumerToken = (OAuthConsumerToken) treeMap2.remove(id);
                        if (oAuthConsumerToken == null) {
                            oAuthConsumerToken = getTokenServices().getToken(id);
                        }
                        String parameter = httpServletRequest.getParameter(OAuthProviderParameter.oauth_verifier.toString());
                        if (oAuthConsumerToken == null || (!oAuthConsumerToken.isAccessToken() && (!checkForResourceThatNeedsAuthorization.isUse10a() || parameter == null))) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Obtaining request token for resource: " + id);
                            }
                            String encodeRedirectURL = httpServletResponse.encodeRedirectURL(getCallbackURL(httpServletRequest));
                            OAuthConsumerToken unauthorizedRequestToken = getConsumerSupport().getUnauthorizedRequestToken(id, encodeRedirectURL);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Request token obtained for resource " + id + ": " + unauthorizedRequestToken);
                            }
                            treeMap2.put(id, unauthorizedRequestToken);
                            getTokenServices().storeToken(id, unauthorizedRequestToken);
                            String userAuthorizationRedirectURL = getUserAuthorizationRedirectURL(checkForResourceThatNeedsAuthorization, unauthorizedRequestToken, encodeRedirectURL);
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Redirecting request to " + userAuthorizationRedirectURL + " for user authorization of the request token for resource " + id + ".");
                            }
                            httpServletRequest.setAttribute("org.springframework.security.oauth.consumer.AccessTokenRequiredException", e);
                            this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, userAuthorizationRedirectURL);
                            OAuthSecurityContextHolder.setContext(null);
                            HashMap hashMap = new HashMap();
                            hashMap.putAll(treeMap2);
                            hashMap.putAll(treeMap);
                            getRememberMeServices().rememberTokens(hashMap, httpServletRequest, httpServletResponse);
                            return;
                        }
                        if (!oAuthConsumerToken.isAccessToken()) {
                            if (LOG.isDebugEnabled()) {
                                LOG.debug("Obtaining access token for resource: " + id);
                            }
                            try {
                                oAuthConsumerToken = getConsumerSupport().getAccessToken(oAuthConsumerToken, parameter);
                                getTokenServices().removeToken(id);
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug("Access token " + oAuthConsumerToken + " obtained for resource " + id + ". Now storing and using.");
                                }
                                getTokenServices().storeToken(id, oAuthConsumerToken);
                            } catch (Throwable th) {
                                getTokenServices().removeToken(id);
                                throw th;
                            }
                        }
                        treeMap.put(id, oAuthConsumerToken);
                        try {
                        } catch (Exception e2) {
                            checkForResourceThatNeedsAuthorization = checkForResourceThatNeedsAuthorization(e2);
                            id = checkForResourceThatNeedsAuthorization.getId();
                        }
                        if (httpServletResponse.isCommitted()) {
                            throw new IllegalStateException("Unable to reprocess filter chain with needed OAuth2 resources because the response is already committed.");
                            break;
                        } else {
                            httpServletRequest.setAttribute(getAccessTokensRequestAttribute(), new ArrayList(treeMap.values()));
                            filterChain.doFilter(httpServletRequest, httpServletResponse);
                        }
                    }
                } catch (Exception e3) {
                    OAuthRequestFailedException oAuthRequestFailedException = (OAuthRequestFailedException) getThrowableAnalyzer().getFirstThrowableOfType(OAuthRequestFailedException.class, getThrowableAnalyzer().determineCauseChain(e3));
                    if (oAuthRequestFailedException == null) {
                        if (e3 instanceof ServletException) {
                            throw e3;
                        }
                        if (!(e3 instanceof RuntimeException)) {
                            throw new RuntimeException((Throwable) e3);
                        }
                        throw ((RuntimeException) e3);
                    }
                    fail(httpServletRequest, httpServletResponse, oAuthRequestFailedException);
                } catch (OAuthRequestFailedException e4) {
                    fail(httpServletRequest, httpServletResponse, e4);
                }
            }
            OAuthSecurityContextHolder.setContext(null);
            HashMap hashMap2 = new HashMap();
            hashMap2.putAll(treeMap2);
            hashMap2.putAll(treeMap);
            getRememberMeServices().rememberTokens(hashMap2, httpServletRequest, httpServletResponse);
        } catch (Throwable th2) {
            OAuthSecurityContextHolder.setContext(null);
            HashMap hashMap3 = new HashMap();
            hashMap3.putAll(treeMap2);
            hashMap3.putAll(treeMap);
            getRememberMeServices().rememberTokens(hashMap3, httpServletRequest, httpServletResponse);
            throw th2;
        }
    }

    protected ProtectedResourceDetails checkForResourceThatNeedsAuthorization(Exception exc) throws ServletException, IOException {
        AccessTokenRequiredException accessTokenRequiredException = (AccessTokenRequiredException) getThrowableAnalyzer().getFirstThrowableOfType(AccessTokenRequiredException.class, getThrowableAnalyzer().determineCauseChain(exc));
        if (accessTokenRequiredException != null) {
            ProtectedResourceDetails resource = accessTokenRequiredException.getResource();
            if (resource == null) {
                throw new OAuthRequestFailedException(accessTokenRequiredException.getMessage());
            }
            return resource;
        }
        if (exc instanceof ServletException) {
            throw ((ServletException) exc);
        }
        if (exc instanceof IOException) {
            throw ((IOException) exc);
        }
        if (exc instanceof RuntimeException) {
            throw ((RuntimeException) exc);
        }
        throw new RuntimeException(exc);
    }

    protected String getCallbackURL(HttpServletRequest httpServletRequest) {
        return new DefaultSavedRequest(httpServletRequest, getPortResolver()).getRedirectUrl();
    }

    protected String getUserAuthorizationRedirectURL(ProtectedResourceDetails protectedResourceDetails, OAuthConsumerToken oAuthConsumerToken, String str) {
        try {
            String userAuthorizationURL = protectedResourceDetails.getUserAuthorizationURL();
            StringBuilder sb = new StringBuilder(userAuthorizationURL);
            sb.append(userAuthorizationURL.indexOf(63) < 0 ? '?' : '&').append("oauth_token=");
            sb.append(URLEncoder.encode(oAuthConsumerToken.getValue(), "UTF-8"));
            if (!protectedResourceDetails.isUse10a()) {
                sb.append('&').append("oauth_callback=");
                sb.append(URLEncoder.encode(str, "UTF-8"));
            }
            return sb.toString();
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OAuthRequestFailedException oAuthRequestFailedException) throws IOException, ServletException {
        try {
            httpServletRequest.getSession().setAttribute(OAUTH_FAILURE_KEY, oAuthRequestFailedException);
        } catch (Exception e) {
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(oAuthRequestFailedException);
        }
        if (getOAuthFailureHandler() == null) {
            throw oAuthRequestFailedException;
        }
        getOAuthFailureHandler().handle(httpServletRequest, httpServletResponse, oAuthRequestFailedException);
    }

    public AccessDeniedHandler getOAuthFailureHandler() {
        return this.OAuthFailureHandler;
    }

    public void setOAuthFailureHandler(AccessDeniedHandler accessDeniedHandler) {
        this.OAuthFailureHandler = accessDeniedHandler;
    }

    public OAuthConsumerTokenServices getTokenServices() {
        return this.tokenServices;
    }

    public void setTokenServices(OAuthConsumerTokenServices oAuthConsumerTokenServices) {
        this.tokenServices = oAuthConsumerTokenServices;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public OAuthConsumerSupport getConsumerSupport() {
        return this.consumerSupport;
    }

    @Autowired
    public void setConsumerSupport(OAuthConsumerSupport oAuthConsumerSupport) {
        this.consumerSupport = oAuthConsumerSupport;
    }

    public String getAccessTokensRequestAttribute() {
        return this.accessTokensRequestAttribute;
    }

    public void setAccessTokensRequestAttribute(String str) {
        this.accessTokensRequestAttribute = str;
    }

    public PortResolver getPortResolver() {
        return this.portResolver;
    }

    @Autowired(required = false)
    public void setPortResolver(PortResolver portResolver) {
        this.portResolver = portResolver;
    }

    public OAuthRememberMeServices getRememberMeServices() {
        return this.rememberMeServices;
    }

    public void setRememberMeServices(OAuthRememberMeServices oAuthRememberMeServices) {
        this.rememberMeServices = oAuthRememberMeServices;
    }

    public ThrowableAnalyzer getThrowableAnalyzer() {
        return this.throwableAnalyzer;
    }

    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        this.throwableAnalyzer = throwableAnalyzer;
    }

    public RedirectStrategy getRedirectStrategy() {
        return this.redirectStrategy;
    }

    public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }
}
