package com.liferay.oauth2.provider.rest.internal.jaxrs.feature;

import com.liferay.oauth2.provider.rest.internal.jaxrs.feature.configuration.ConfigurableScopeCheckerFeatureConfiguration;
import com.liferay.oauth2.provider.rest.spi.scope.checker.container.request.filter.BaseScopeCheckerContainerRequestFilter;
import com.liferay.oauth2.provider.scope.ScopeChecker;
import com.liferay.oauth2.provider.scope.spi.scope.finder.ScopeFinder;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.configuration.metatype.bnd.util.ConfigurableUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.HashMapBuilder;
import com.liferay.portal.kernel.util.HashMapDictionary;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Dictionary;
import java.util.List;
import java.util.Map;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import java.util.stream.Collectors;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Feature;
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ServiceScope;

@Priority(1992)
@Provider
@Component(configurationPid = {"com.liferay.oauth2.provider.rest.internal.jaxrs.feature.configuration.ConfigurableScopeCheckerFeatureConfiguration"}, configurationPolicy = ConfigurationPolicy.REQUIRE, property = {"osgi.jaxrs.extension=true", "osgi.jaxrs.extension.select=(osgi.jaxrs.name=Liferay.OAuth2)", "osgi.jaxrs.name=Liferay.OAuth2.HTTP.configurable.request.checker"}, scope = ServiceScope.PROTOTYPE, service = {Feature.class})
/* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/jaxrs/feature/ConfigurableScopeCheckerFeature.class */
public class ConfigurableScopeCheckerFeature implements Feature {
    private static final Log _log = LogFactoryUtil.getLog(ConfigurableScopeCheckerFeature.class);
    private boolean _allowUnmatched;
    private BundleContext _bundleContext;
    private final List<CheckPattern> _checkPatterns = new ArrayList();

    @Reference
    private ScopeChecker _scopeChecker;
    private ServiceRegistration<ScopeFinder> _serviceRegistration;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/jaxrs/feature/ConfigurableScopeCheckerFeature$CheckPattern.class */
    public static class CheckPattern {
        private final Predicate<String> _methodPatternPredicate;
        private final String[] _scopes;
        private final Predicate<String> _urlPatternPredicate;

        public CheckPattern(Pattern pattern, Pattern pattern2, String[] strArr) {
            this._methodPatternPredicate = pattern.asPredicate();
            this._urlPatternPredicate = pattern2.asPredicate();
            this._scopes = strArr;
        }

        public Predicate<String> getMethodPatternPredicate() {
            return this._methodPatternPredicate;
        }

        public String[] getScopes() {
            return this._scopes;
        }

        public Predicate<String> getUrlPatternPredicate() {
            return this._urlPatternPredicate;
        }
    }

    /* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/jaxrs/feature/ConfigurableScopeCheckerFeature$ConfigurableContainerScopeCheckerContainerRequestFilter.class */
    private class ConfigurableContainerScopeCheckerContainerRequestFilter extends BaseScopeCheckerContainerRequestFilter {

        @Context
        private UriInfo _uriInfo;

        private ConfigurableContainerScopeCheckerContainerRequestFilter() {
        }

        public boolean isContainerRequestContextAllowed(ContainerRequestContext containerRequestContext) {
            boolean z = false;
            String str = "/" + this._uriInfo.getPath();
            Request request = containerRequestContext.getRequest();
            for (CheckPattern checkPattern : ConfigurableScopeCheckerFeature.this._checkPatterns) {
                if (matches(checkPattern, str, request)) {
                    z = true;
                    String[] scopes = checkPattern.getScopes();
                    if (requiresNoScope(scopes)) {
                        if (!ConfigurableScopeCheckerFeature._log.isDebugEnabled()) {
                            return true;
                        }
                        ConfigurableScopeCheckerFeature._log.debug("Path  " + str + " was approved, does not require a scope");
                        return true;
                    }
                    if (ConfigurableScopeCheckerFeature.this._scopeChecker.checkAllScopes(scopes)) {
                        if (!ConfigurableScopeCheckerFeature._log.isDebugEnabled()) {
                            return true;
                        }
                        ConfigurableScopeCheckerFeature._log.debug(StringBundler.concat(new String[]{"Path ", str, " was approved, token includes all scopes ", StringUtil.merge(scopes)}));
                        return true;
                    }
                }
            }
            if (z) {
                if (!ConfigurableScopeCheckerFeature._log.isDebugEnabled()) {
                    return false;
                }
                ConfigurableScopeCheckerFeature._log.debug(StringBundler.concat(new String[]{"Path ", str, " was not allowed because it does not have ", "required scopes"}));
                return false;
            }
            if (ConfigurableScopeCheckerFeature.this._allowUnmatched) {
                if (!ConfigurableScopeCheckerFeature._log.isDebugEnabled()) {
                    return true;
                }
                ConfigurableScopeCheckerFeature._log.debug(StringBundler.concat(new String[]{"Path ", str, " was approved, does not match any patterns"}));
                return true;
            }
            if (!ConfigurableScopeCheckerFeature._log.isDebugEnabled()) {
                return false;
            }
            ConfigurableScopeCheckerFeature._log.debug(StringBundler.concat(new String[]{"Path ", str, " was not allowed because it does not match any ", "patterns"}));
            return false;
        }

        protected boolean matches(CheckPattern checkPattern, String str, Request request) {
            return checkPattern.getUrlPatternPredicate().test(str) && checkPattern.getMethodPatternPredicate().test(request.getMethod());
        }

        protected boolean requiresNoScope(String[] strArr) {
            if (ArrayUtil.isEmpty(strArr)) {
                return true;
            }
            return strArr.length == 1 && Validator.isNull(strArr[0]);
        }
    }

    @Activate
    public void activate(BundleContext bundleContext, Map<String, Object> map) {
        this._bundleContext = bundleContext;
        ConfigurableScopeCheckerFeatureConfiguration configurableScopeCheckerFeatureConfiguration = (ConfigurableScopeCheckerFeatureConfiguration) ConfigurableUtil.createConfigurable(ConfigurableScopeCheckerFeatureConfiguration.class, map);
        this._allowUnmatched = configurableScopeCheckerFeatureConfiguration.allowUnmatched();
        for (String str : configurableScopeCheckerFeatureConfiguration.patterns()) {
            String[] split = str.split("::");
            if (split.length != 3) {
                _log.error("Invalid syntax " + str + " does not match 3 sequences of ::");
                return;
            }
            try {
                this._checkPatterns.add(new CheckPattern(Pattern.compile(split[0]), Pattern.compile(split[1]), split[2].split(",")));
            } catch (PatternSyntaxException e) {
                _log.error("Invalid pattern " + str, e);
                throw new IllegalArgumentException(e);
            }
        }
    }

    public boolean configure(FeatureContext featureContext) {
        if (this._checkPatterns.isEmpty()) {
            return false;
        }
        featureContext.register(new ConfigurableContainerScopeCheckerContainerRequestFilter(), HashMapBuilder.put(ContainerRequestFilter.class, 1992).build());
        Configuration configuration = featureContext.getConfiguration();
        this._serviceRegistration = this._bundleContext.registerService(ScopeFinder.class, new CollectionScopeFinder((Collection) this._checkPatterns.stream().flatMap(checkPattern -> {
            return Arrays.stream(checkPattern.getScopes());
        }).filter(Validator::isNotNull).collect(Collectors.toSet())), buildProperties(configuration));
        return true;
    }

    protected Dictionary<String, Object> buildProperties(Configuration configuration) {
        HashMapDictionary hashMapDictionary = new HashMapDictionary();
        hashMapDictionary.putAll((Map) configuration.getProperty("osgi.jaxrs.application.serviceProperties"));
        hashMapDictionary.put("service.ranking", Integer.MIN_VALUE);
        return hashMapDictionary;
    }

    @Deactivate
    protected void deactivate() {
        if (this._serviceRegistration != null) {
            this._serviceRegistration.unregister();
        }
    }
}
