package org.springframework.security.oauth2.provider;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.DefaultThrowableAnalyzer;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.token.OAuth2ProviderTokenServices;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:org/springframework/security/oauth2/provider/OAuth2ProtectedResourceFilter.class */
public class OAuth2ProtectedResourceFilter extends GenericFilterBean {
    private OAuth2ProviderTokenServices tokenServices;
    private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(getTokenServices(), "OAuth 2 token services must be supplied.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            String parseToken = parseToken(httpServletRequest);
            if (parseToken != null) {
                OAuth2Authentication loadAuthentication = getTokenServices().loadAuthentication(parseToken);
                if (loadAuthentication == null) {
                    throw new InvalidTokenException("Invalid token: " + parseToken);
                }
                SecurityContextHolder.getContext().setAuthentication(loadAuthentication);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Chain processed normally");
            }
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            Throwable[] determineCauseChain = getThrowableAnalyzer().determineCauseChain(e2);
            AccessDeniedException accessDeniedException = (AuthenticationException) getThrowableAnalyzer().getFirstThrowableOfType(AuthenticationException.class, determineCauseChain);
            if (accessDeniedException == null) {
                accessDeniedException = getThrowableAnalyzer().getFirstThrowableOfType(AccessDeniedException.class, determineCauseChain);
            }
            if (accessDeniedException == null) {
                if (e2 instanceof ServletException) {
                    throw e2;
                }
                if (!(e2 instanceof RuntimeException)) {
                    throw new RuntimeException((Throwable) e2);
                }
                throw ((RuntimeException) e2);
            }
            String str = null;
            String str2 = null;
            Map<String, String> map = null;
            if (accessDeniedException instanceof OAuth2Exception) {
                str = ((OAuth2Exception) accessDeniedException).getOAuth2ErrorCode();
                str2 = accessDeniedException.getMessage();
                map = ((OAuth2Exception) accessDeniedException).getAdditionalInformation();
            }
            setAuthenticateHeader(httpServletResponse, str, str2, map);
            throw accessDeniedException;
        }
    }

    protected void setAuthenticateHeader(HttpServletResponse httpServletResponse, String str, String str2, Map<String, String> map) throws IOException {
        StringBuilder sb = new StringBuilder("OAuth");
        String str3 = " ";
        if (str != null) {
            sb.append(str3).append("error=\"").append(str).append("\"");
            str3 = ", ";
        }
        if (str2 != null) {
            sb.append(str3).append("error_description=\"").append(str2).append("\"");
            str3 = ", ";
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append(str3).append(entry.getKey()).append("=\"").append(entry.getValue()).append("\"");
                str3 = ", ";
            }
        }
        httpServletResponse.addHeader("WWW-Authenticate", sb.toString());
    }

    protected String parseToken(HttpServletRequest httpServletRequest) {
        String parseHeaderToken = parseHeaderToken(httpServletRequest);
        if (parseHeaderToken == null) {
            parseHeaderToken = httpServletRequest.getParameter("oauth_token");
        }
        return parseHeaderToken;
    }

    protected String parseHeaderToken(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith("oauth ")) {
                String substring = str.substring(6);
                if (!substring.contains("oauth_signature_method")) {
                    int indexOf = substring.indexOf(44);
                    if (indexOf > 0) {
                        substring = substring.substring(0, indexOf);
                    }
                    return substring;
                }
            }
        }
        return null;
    }

    public ThrowableAnalyzer getThrowableAnalyzer() {
        return this.throwableAnalyzer;
    }

    @Autowired(required = false)
    public void setThrowableAnalyzer(ThrowableAnalyzer throwableAnalyzer) {
        this.throwableAnalyzer = throwableAnalyzer;
    }

    public OAuth2ProviderTokenServices getTokenServices() {
        return this.tokenServices;
    }

    @Autowired
    public void setTokenServices(OAuth2ProviderTokenServices oAuth2ProviderTokenServices) {
        this.tokenServices = oAuth2ProviderTokenServices;
    }
}
