package com.liferay.oauth2.provider.jsonws.internal.security.auth.verifier;

import com.liferay.oauth2.provider.jsonws.internal.constants.OAuth2JSONWSConstants;
import com.liferay.oauth2.provider.jsonws.internal.service.access.policy.scope.SAPEntryScope;
import com.liferay.oauth2.provider.jsonws.internal.service.access.policy.scope.SAPEntryScopeDescriptorFinderRegistrator;
import com.liferay.oauth2.provider.model.OAuth2Application;
import com.liferay.oauth2.provider.model.OAuth2Authorization;
import com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProvider;
import com.liferay.oauth2.provider.rest.spi.bearer.token.provider.BearerTokenProviderAccessor;
import com.liferay.oauth2.provider.scope.liferay.LiferayOAuth2Scope;
import com.liferay.oauth2.provider.scope.liferay.ScopeLocator;
import com.liferay.oauth2.provider.service.OAuth2ApplicationLocalService;
import com.liferay.oauth2.provider.service.OAuth2ApplicationScopeAliasesLocalService;
import com.liferay.oauth2.provider.service.OAuth2AuthorizationLocalService;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.auth.AccessControlContext;
import com.liferay.portal.kernel.security.auth.AuthException;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.security.service.access.policy.ServiceAccessPolicyThreadLocal;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@Component(property = {"auth.verifier.OAuth2JSONWSAuthVerifier.urls.includes=/api/jsonws/*"})
/* loaded from: input_file:com/liferay/oauth2/provider/jsonws/internal/security/auth/verifier/OAuth2JSONWSAuthVerifier.class */
public class OAuth2JSONWSAuthVerifier implements AuthVerifier {
    private static final String _TOKEN_KEY = "Bearer";
    private static final Log _log = LogFactoryUtil.getLog(OAuth2JSONWSAuthVerifier.class);

    @Reference(policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    private volatile BearerTokenProviderAccessor _bearerTokenProviderAccessor;

    @Reference
    private OAuth2ApplicationLocalService _oAuth2ApplicationLocalService;

    @Reference
    private OAuth2ApplicationScopeAliasesLocalService _oAuth2ApplicationScopeAliasesLocalService;

    @Reference
    private OAuth2AuthorizationLocalService _oAuth2AuthorizationLocalService;

    @Reference
    private SAPEntryScopeDescriptorFinderRegistrator _sapEntryScopeDescriptorFinderRegistrator;

    @Reference
    private ScopeLocator _scopeLocator;

    public String getAuthType() {
        return "OAuth2";
    }

    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        OAuth2Application oAuth2Application;
        long companyId;
        BearerTokenProvider bearerTokenProvider;
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        try {
            BearerTokenProvider.AccessToken accessToken = getAccessToken(accessControlContext);
            if (accessToken != null && (bearerTokenProvider = this._bearerTokenProviderAccessor.getBearerTokenProvider((companyId = (oAuth2Application = accessToken.getOAuth2Application()).getCompanyId()), oAuth2Application.getClientId())) != null && bearerTokenProvider.isValid(accessToken)) {
                HashSet hashSet = new HashSet();
                Iterator it = accessToken.getScopes().iterator();
                while (it.hasNext()) {
                    Iterator it2 = this._scopeLocator.getLiferayOAuth2Scopes(companyId, (String) it.next(), OAuth2JSONWSConstants.APPLICATION_NAME).iterator();
                    while (it2.hasNext()) {
                        hashSet.add(((LiferayOAuth2Scope) it2.next()).getScope());
                    }
                }
                for (SAPEntryScope sAPEntryScope : this._sapEntryScopeDescriptorFinderRegistrator.getRegisteredSAPEntryScopes(companyId)) {
                    if (hashSet.contains(sAPEntryScope.getScope())) {
                        ServiceAccessPolicyThreadLocal.addActiveServiceAccessPolicyName(sAPEntryScope.getSapEntryName());
                    }
                }
                authVerifierResult.getSettings().put(BearerTokenProvider.AccessToken.class.getName(), accessToken);
                authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
                authVerifierResult.setUserId(accessToken.getUserId());
                return authVerifierResult;
            }
            return authVerifierResult;
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug("Unable to verify OAuth2 access token", e);
            }
            return authVerifierResult;
        }
    }

    protected BearerTokenProvider.AccessToken getAccessToken(AccessControlContext accessControlContext) throws PortalException {
        OAuth2Authorization fetchOAuth2AuthorizationByAccessTokenContent;
        String header = accessControlContext.getRequest().getHeader("Authorization");
        if (Validator.isBlank(header)) {
            return null;
        }
        String[] split = header.split("\\s");
        if (!StringUtil.equalsIgnoreCase(split[0], _TOKEN_KEY)) {
            return null;
        }
        String str = split[1];
        if (Validator.isBlank(str) || (fetchOAuth2AuthorizationByAccessTokenContent = this._oAuth2AuthorizationLocalService.fetchOAuth2AuthorizationByAccessTokenContent(str)) == null) {
            return null;
        }
        String accessTokenContent = fetchOAuth2AuthorizationByAccessTokenContent.getAccessTokenContent();
        if ("EXPIRED_TOKEN".equals(accessTokenContent)) {
            return null;
        }
        OAuth2Application oAuth2Application = this._oAuth2ApplicationLocalService.getOAuth2Application(fetchOAuth2AuthorizationByAccessTokenContent.getOAuth2ApplicationId());
        Date accessTokenCreateDate = fetchOAuth2AuthorizationByAccessTokenContent.getAccessTokenCreateDate();
        long time = (fetchOAuth2AuthorizationByAccessTokenContent.getAccessTokenExpirationDate().getTime() - accessTokenCreateDate.getTime()) / 1000;
        long time2 = accessTokenCreateDate.getTime() / 1000;
        List emptyList = Collections.emptyList();
        long oAuth2ApplicationScopeAliasesId = fetchOAuth2AuthorizationByAccessTokenContent.getOAuth2ApplicationScopeAliasesId();
        if (oAuth2ApplicationScopeAliasesId > 0) {
            emptyList = this._oAuth2ApplicationScopeAliasesLocalService.getOAuth2ApplicationScopeAliases(oAuth2ApplicationScopeAliasesId).getScopeAliasesList();
        }
        return new BearerTokenProvider.AccessToken(oAuth2Application, new ArrayList(), "", time, new HashMap(), "", "", time2, "", "", new HashMap(), "", "", emptyList, accessTokenContent, _TOKEN_KEY, fetchOAuth2AuthorizationByAccessTokenContent.getUserId(), fetchOAuth2AuthorizationByAccessTokenContent.getUserName());
    }
}
