package org.picketlink.oauth.filters;

import java.io.IOException;
import java.util.List;
import java.util.Properties;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.Persistence;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.config.FeatureSet;
import org.picketlink.idm.config.IdentityConfigurationBuilder;
import org.picketlink.idm.internal.IdentityManagerFactory;
import org.picketlink.idm.jpa.internal.JPAContextInitializer;
import org.picketlink.idm.jpa.schema.CredentialObject;
import org.picketlink.idm.jpa.schema.CredentialObjectAttribute;
import org.picketlink.idm.jpa.schema.IdentityObject;
import org.picketlink.idm.jpa.schema.IdentityObjectAttribute;
import org.picketlink.idm.jpa.schema.PartitionObject;
import org.picketlink.idm.jpa.schema.RelationshipIdentityObject;
import org.picketlink.idm.jpa.schema.RelationshipObject;
import org.picketlink.idm.jpa.schema.RelationshipObjectAttribute;
import org.picketlink.idm.model.Realm;
import org.picketlink.idm.model.User;
import org.picketlink.idm.query.IdentityQuery;
import org.picketlink.oauth.common.OAuthConstants;
import org.picketlink.oauth.messages.ResourceAccessRequest;
import org.picketlink.oauth.server.util.OAuthServerUtil;

/* loaded from: input_file:WEB-INF/classes/org/picketlink/oauth/filters/OAuthResourceFilter.class */
public class OAuthResourceFilter implements Filter {
    protected ServletContext context;
    private EntityManagerFactory entityManagerFactory;
    protected IdentityManager identityManager = null;
    private ThreadLocal<EntityManager> entityManager = new ThreadLocal<>();

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            this.context = filterConfig.getServletContext();
            handleIdentityManager();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        initializeEntityManager();
        try {
            try {
                ResourceAccessRequest parseResourceRequest = OAuthServerUtil.parseResourceRequest((HttpServletRequest) servletRequest);
                String parameter = httpServletRequest.getParameter(OAuthConstants.CLIENT_ID);
                String accessToken = parseResourceRequest.getAccessToken();
                IdentityQuery createIdentityQuery = this.identityManager.createIdentityQuery(User.class);
                createIdentityQuery.setParameter(User.ID, parameter);
                List resultList = createIdentityQuery.getResultList();
                if (resultList.size() == 0) {
                    httpServletResponse.sendError(403, "client_id not found");
                    closeEntityManager();
                    return;
                }
                if (resultList.size() > 1) {
                    httpServletResponse.sendError(403, "More than one user with the same client id");
                    closeEntityManager();
                    return;
                }
                User user = (User) resultList.get(0);
                String str = (String) user.getAttribute("clientID").getValue();
                String str2 = (String) user.getAttribute("accessToken").getValue();
                if (!str.equals(parameter)) {
                    httpServletResponse.sendError(403, "Client ID is wrong");
                    closeEntityManager();
                } else if (str2.equals(accessToken)) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    closeEntityManager();
                } else {
                    httpServletResponse.sendError(403, "UnAuthorized");
                    closeEntityManager();
                }
            } catch (Exception e) {
                httpServletResponse.sendError(403, e.getLocalizedMessage());
                closeEntityManager();
            }
        } catch (Throwable th) {
            closeEntityManager();
            throw th;
        }
    }

    public void destroy() {
    }

    private void handleIdentityManager() throws IOException {
        if (this.identityManager == null) {
            if (this.context == null) {
                throw new RuntimeException("Servlet Context has not been injected");
            }
            if (isJPAStoreConfigured()) {
                this.entityManagerFactory = Persistence.createEntityManagerFactory("picketlink-oauth-pu");
                IdentityConfigurationBuilder identityConfigurationBuilder = new IdentityConfigurationBuilder();
                identityConfigurationBuilder.stores().jpa().addRealm(Realm.DEFAULT_REALM).identityClass(IdentityObject.class).attributeClass(IdentityObjectAttribute.class).relationshipClass(RelationshipObject.class).relationshipIdentityClass(RelationshipIdentityObject.class).relationshipAttributeClass(RelationshipObjectAttribute.class).credentialClass(CredentialObject.class).credentialAttributeClass(CredentialObjectAttribute.class).partitionClass(PartitionObject.class).supportAllFeatures().addContextInitializer(new JPAContextInitializer(this.entityManagerFactory) { // from class: org.picketlink.oauth.filters.OAuthResourceFilter.1
                    @Override // org.picketlink.idm.jpa.internal.JPAContextInitializer
                    public EntityManager getEntityManager() {
                        return (EntityManager) OAuthResourceFilter.this.entityManager.get();
                    }
                });
                this.identityManager = new IdentityManagerFactory(identityConfigurationBuilder.build()).createIdentityManager();
            }
            if (isLDAPStoreConfigured()) {
                IdentityConfigurationBuilder identityConfigurationBuilder2 = new IdentityConfigurationBuilder();
                Properties properties = getProperties();
                identityConfigurationBuilder2.stores().ldap().baseDN(properties.getProperty("baseDN")).bindDN(properties.getProperty("bindDN")).bindCredential(properties.getProperty("bindCredential")).url(properties.getProperty("ldapURL")).userDNSuffix(properties.getProperty("userDNSuffix")).roleDNSuffix(properties.getProperty("roleDNSuffix")).agentDNSuffix(properties.getProperty("agentDNSuffix")).groupDNSuffix(properties.getProperty("groupDNSuffix")).addRealm(Realm.DEFAULT_REALM).supportFeature(FeatureSet.FeatureGroup.user, FeatureSet.FeatureGroup.agent, FeatureSet.FeatureGroup.user, FeatureSet.FeatureGroup.group, FeatureSet.FeatureGroup.role, FeatureSet.FeatureGroup.attribute, FeatureSet.FeatureGroup.relationship, FeatureSet.FeatureGroup.credential);
                this.identityManager = new IdentityManagerFactory(identityConfigurationBuilder2.build()).createIdentityManager();
            }
        }
    }

    private boolean isLDAPStoreConfigured() {
        return "ldap".equalsIgnoreCase(this.context.getInitParameter("storeType"));
    }

    private boolean isJPAStoreConfigured() {
        return this.context.getInitParameter("storeType") == null || "db".equals(this.context.getInitParameter("storeType"));
    }

    private void closeEntityManager() {
        if (!isJPAStoreConfigured() || this.entityManagerFactory == null) {
            return;
        }
        EntityManager entityManager = this.entityManager.get();
        entityManager.getTransaction().commit();
        entityManager.close();
        this.entityManager.remove();
    }

    private void initializeEntityManager() {
        if (!isJPAStoreConfigured() || this.entityManagerFactory == null) {
            return;
        }
        EntityManager createEntityManager = this.entityManagerFactory.createEntityManager();
        createEntityManager.getTransaction().begin();
        this.entityManager.set(createEntityManager);
    }

    private Properties getProperties() throws IOException {
        Properties properties = new Properties();
        properties.load(this.context.getResourceAsStream("/WEB-INF/idm.properties"));
        return properties;
    }
}
