package com.liferay.oauth2.provider.rest.spi.scope.checker.container.request.filter;

import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.util.MapUtil;
import com.liferay.portal.kernel.util.Validator;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;

/* loaded from: input_file:com/liferay/oauth2/provider/rest/spi/scope/checker/container/request/filter/BaseScopeCheckerContainerRequestFilter.class */
public abstract class BaseScopeCheckerContainerRequestFilter implements ContainerRequestFilter {
    public void filter(ContainerRequestContext containerRequestContext) {
        if (!isOAuth2AuthVerified() || isContainerRequestContextAllowed(containerRequestContext)) {
            return;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
    }

    protected abstract boolean isContainerRequestContextAllowed(ContainerRequestContext containerRequestContext);

    protected boolean isOAuth2AuthVerified() {
        AuthVerifierResult authVerifierResult = AccessControlUtil.getAccessControlContext().getAuthVerifierResult();
        if (authVerifierResult == null || !AuthVerifierResult.State.SUCCESS.equals(authVerifierResult.getState())) {
            return true;
        }
        String string = MapUtil.getString(authVerifierResult.getSettings(), "auth.type");
        return !Validator.isNotNull(string) || string.equals("OAuth2");
    }
}
