package com.liferay.oauth.web.internal.security.auth;

import com.liferay.oauth.model.OAuthUser;
import com.liferay.oauth.service.OAuthUserLocalService;
import com.liferay.oauth.util.DefaultOAuthAccessor;
import com.liferay.oauth.util.OAuthAccessor;
import com.liferay.oauth.util.OAuthMessage;
import com.liferay.oauth.util.OAuthUtil;
import com.liferay.oauth.util.WebServerUtil;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.oauth.OAuthException;
import com.liferay.portal.kernel.security.auth.AccessControlContext;
import com.liferay.portal.kernel.security.auth.AuthException;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifier;
import com.liferay.portal.kernel.security.auth.verifier.AuthVerifierResult;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import java.io.IOException;
import java.util.Properties;
import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuthProblemException;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(immediate = true, property = {"auth.verifier.OAuthVerifier.send.body=true", "auth.verifier.OAuthVerifier.urls.includes=/api/*"})
/* loaded from: input_file:com/liferay/oauth/web/internal/security/auth/OAuthVerifier.class */
public class OAuthVerifier implements AuthVerifier {
    private static final String _OAUTH = "OAuth";
    private OAuthUserLocalService _oAuthUserLocalService;

    public String getAuthType() {
        return OAuthVerifier.class.getSimpleName();
    }

    public AuthVerifierResult verify(AccessControlContext accessControlContext, Properties properties) throws AuthException {
        AuthVerifierResult authVerifierResult = new AuthVerifierResult();
        HttpServletRequest request = accessControlContext.getRequest();
        if (!isUsingOAuth(request)) {
            return authVerifierResult;
        }
        try {
            OAuthMessage oAuthMessage = OAuthUtil.getOAuthMessage(request, WebServerUtil.getWebServerURL(request.getRequestURL()));
            OAuthUser oAuthUser = getOAuthUser(oAuthMessage);
            OAuthUtil.validateOAuthMessage(oAuthMessage, getOAuthAccessor(oAuthMessage, oAuthUser));
            authVerifierResult.setState(AuthVerifierResult.State.SUCCESS);
            authVerifierResult.setUserId(oAuthUser.getUserId());
        } catch (Exception e) {
            try {
                OAuthUtil.handleException(request, accessControlContext.getResponse(), e, GetterUtil.getBoolean(properties.getProperty("send.body")));
                authVerifierResult.setState(AuthVerifierResult.State.INVALID_CREDENTIALS);
            } catch (OAuthException e2) {
                throw new AuthException(e2);
            }
        }
        return authVerifierResult;
    }

    protected OAuthAccessor getOAuthAccessor(OAuthMessage oAuthMessage, OAuthUser oAuthUser) throws PortalException {
        DefaultOAuthAccessor defaultOAuthAccessor = new DefaultOAuthAccessor(OAuthUtil.getOAuthConsumer(oAuthMessage));
        defaultOAuthAccessor.setAccessToken(oAuthUser.getAccessToken());
        defaultOAuthAccessor.setRequestToken((String) null);
        defaultOAuthAccessor.setTokenSecret(oAuthUser.getAccessSecret());
        return defaultOAuthAccessor;
    }

    protected OAuthUser getOAuthUser(OAuthMessage oAuthMessage) throws IOException, OAuthException {
        if (Validator.isNull(oAuthMessage) || Validator.isNull(oAuthMessage.getToken())) {
            throw new OAuthException(new OAuthProblemException("parameter_absent"));
        }
        OAuthUser fetchOAuthUser = this._oAuthUserLocalService.fetchOAuthUser(oAuthMessage.getToken());
        if (fetchOAuthUser == null) {
            throw new OAuthException(new OAuthProblemException("token_rejected"));
        }
        return fetchOAuthUser;
    }

    protected boolean isUsingOAuth(HttpServletRequest httpServletRequest) {
        if (Validator.isNotNull(ParamUtil.getString(httpServletRequest, "oauth_token"))) {
            return true;
        }
        String string = GetterUtil.getString(httpServletRequest.getHeader("Authorization"));
        return Validator.isNotNull(string) && StringUtil.equalsIgnoreCase(string.substring(0, 5), _OAUTH);
    }

    @Reference(unbind = "-")
    protected void setOAuthUserLocalService(OAuthUserLocalService oAuthUserLocalService) {
        this._oAuthUserLocalService = oAuthUserLocalService;
    }
}
