package jp.ossc.nimbus.service.aop.interceptor.servlet;

import java.io.InputStream;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import jp.ossc.nimbus.core.ServiceManagerFactory;
import jp.ossc.nimbus.core.ServiceName;
import jp.ossc.nimbus.service.aop.InterceptorChain;
import jp.ossc.nimbus.service.aop.ServletFilterInvocationContext;
import jp.ossc.nimbus.service.aop.interceptor.OAuth2ScopeMatcher;
import jp.ossc.nimbus.service.aop.interceptor.OAuth2ScopeResolver;
import jp.ossc.nimbus.service.http.HttpClient;
import jp.ossc.nimbus.service.http.HttpClientFactory;
import jp.ossc.nimbus.service.http.HttpRequest;
import jp.ossc.nimbus.service.http.HttpResponse;
import jp.ossc.nimbus.util.converter.BeanJSONConverter;

/* loaded from: input_file:jp/ossc/nimbus/service/aop/interceptor/servlet/OAuth2AuthenticateInterceptorService.class */
public class OAuth2AuthenticateInterceptorService extends ServletFilterInterceptorService implements OAuth2AuthenticateInterceptorServiceMBean {
    private static final Pattern CHALLENGE_PATTERN = Pattern.compile("^Bearer ([^ ]+)$", 2);
    private ServiceName oAuth2ScopeResolverServiceName;
    private OAuth2ScopeResolver oAuth2ScopeResolver;
    private ServiceName oAuth2ScopeMatcherServiceName;
    private OAuth2ScopeMatcher oAuth2ScopeMatcher;
    private ServiceName httpClientFactoryServiceName;
    private HttpClientFactory httpClientFactory;
    private String actionName = OAuth2AuthenticateInterceptorServiceMBean.DEFAULT_ACTION_NAME;
    private String tokenHeaderName = "Authorization";
    private String tokenParameterName = OAuth2AuthenticateInterceptorServiceMBean.DEFAULT_TOKEN_PARAMETER_NAME;
    private String scopeParameterName;

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public String getTokenHeaderName() {
        return this.tokenHeaderName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setTokenHeaderName(String str) {
        this.tokenHeaderName = str;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public String getTokenParameterName() {
        return this.tokenParameterName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setTokenParameterName(String str) {
        this.tokenParameterName = str;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public String getScopeParameterName() {
        return this.scopeParameterName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setScopeParameterName(String str) {
        this.scopeParameterName = str;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public String getActionName() {
        return this.actionName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setActionName(String str) {
        this.actionName = str;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setHttpClientFactoryServiceName(ServiceName serviceName) {
        this.httpClientFactoryServiceName = serviceName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public ServiceName getHttpClientFactoryServiceName() {
        return this.httpClientFactoryServiceName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setOAuth2ScopeResolverServiceName(ServiceName serviceName) {
        this.oAuth2ScopeResolverServiceName = serviceName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public ServiceName getOAuth2ScopeResolverServiceName() {
        return this.oAuth2ScopeResolverServiceName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public ServiceName getOAuth2ScopeMatcherServiceName() {
        return this.oAuth2ScopeMatcherServiceName;
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.OAuth2AuthenticateInterceptorServiceMBean
    public void setOAuth2ScopeMatcherServiceName(ServiceName serviceName) {
        this.oAuth2ScopeMatcherServiceName = serviceName;
    }

    public void setHttpClientFactory(HttpClientFactory httpClientFactory) {
        this.httpClientFactory = httpClientFactory;
    }

    public void setOAuth2ScopeResolver(OAuth2ScopeResolver oAuth2ScopeResolver) {
        this.oAuth2ScopeResolver = oAuth2ScopeResolver;
    }

    public void setOAuth2ScopeMatcher(OAuth2ScopeMatcher oAuth2ScopeMatcher) {
        this.oAuth2ScopeMatcher = oAuth2ScopeMatcher;
    }

    @Override // jp.ossc.nimbus.core.ServiceBase
    public void startService() throws Exception {
        if (this.oAuth2ScopeResolverServiceName != null) {
            this.oAuth2ScopeResolver = (OAuth2ScopeResolver) ServiceManagerFactory.getServiceObject(this.oAuth2ScopeResolverServiceName);
        }
        if (this.oAuth2ScopeMatcherServiceName != null) {
            this.oAuth2ScopeMatcher = (OAuth2ScopeMatcher) ServiceManagerFactory.getServiceObject(this.oAuth2ScopeMatcherServiceName);
        }
        if (this.httpClientFactoryServiceName != null) {
            this.httpClientFactory = (HttpClientFactory) ServiceManagerFactory.getServiceObject(this.httpClientFactoryServiceName);
        }
        if (this.httpClientFactory == null) {
            throw new IllegalArgumentException("It is necessary to set HttpClientFactory.");
        }
    }

    @Override // jp.ossc.nimbus.core.ServiceBase
    public void stopService() throws Exception {
    }

    @Override // jp.ossc.nimbus.service.aop.interceptor.servlet.ServletFilterInterceptorService
    public Object invokeFilter(ServletFilterInvocationContext servletFilterInvocationContext, InterceptorChain interceptorChain) throws Throwable {
        if (getState() == 3) {
            String[] strArr = null;
            if (this.oAuth2ScopeResolver != null) {
                strArr = this.oAuth2ScopeResolver.resolve(servletFilterInvocationContext);
            }
            HttpClient createHttpClient = this.httpClientFactory.createHttpClient();
            try {
                HttpRequest createRequest = this.httpClientFactory.createRequest(this.actionName);
                HttpServletRequest servletRequest = servletFilterInvocationContext.getServletRequest();
                String header = servletRequest.getHeader(this.tokenHeaderName);
                String str = null;
                if (header != null) {
                    Matcher matcher = CHALLENGE_PATTERN.matcher(header.trim());
                    if (matcher.matches()) {
                        str = matcher.group(1);
                    }
                }
                if (str == null) {
                    str = servletRequest.getParameter(this.tokenParameterName);
                }
                if (str == null) {
                    throw new NoAuthenticateException("token is null.");
                }
                createRequest.setParameter(OAuth2AuthenticateInterceptorServiceMBean.DEFAULT_TOKEN_PARAMETER_NAME, str);
                if (this.scopeParameterName != null && strArr != null && strArr.length != 0) {
                    createRequest.setParameter(this.scopeParameterName, String.join(" ", strArr));
                }
                HttpResponse executeRequest = createHttpClient.executeRequest(createRequest);
                if (executeRequest.getStatusCode() != 200) {
                    throw new IllegalAuthenticateException("status code error. statusCode=" + executeRequest.getStatusCode() + ", message=" + executeRequest.getStatusMessage());
                }
                InputStream inputStream = executeRequest.getInputStream();
                BeanJSONConverter beanJSONConverter = new BeanJSONConverter();
                if (executeRequest.getCharacterEncoding() != null) {
                    beanJSONConverter.setCharacterEncodingToObject(executeRequest.getCharacterEncoding());
                }
                Map map = (Map) beanJSONConverter.convertToObject(inputStream);
                Boolean bool = (Boolean) map.get("active");
                if (bool == null || !bool.booleanValue()) {
                    throw new IllegalAuthenticateException("Token is not active. response=" + map);
                }
                if (strArr != null && this.oAuth2ScopeMatcher != null) {
                    String str2 = (String) map.get("scope");
                    String[] strArr2 = null;
                    if (str2 != null) {
                        strArr2 = str2.split(" ");
                    }
                    if (!this.oAuth2ScopeMatcher.match(strArr, strArr2)) {
                        throw new IllegalAuthenticateException("scope is unmatched. resourceScope=" + String.join(" ", strArr) + ", clientScope=" + str2);
                    }
                }
            } finally {
                createHttpClient.close();
            }
        }
        return interceptorChain.invokeNext(servletFilterInvocationContext);
    }
}
