package com.liferay.oauth2.provider.rest.internal.endpoint.authorize;

import com.liferay.oauth2.provider.rest.internal.endpoint.authorize.configuration.AuthorizeScreenConfiguration;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.module.configuration.ConfigurationException;
import com.liferay.portal.kernel.module.configuration.ConfigurationProvider;
import com.liferay.portal.kernel.servlet.ProtectedPrincipal;
import com.liferay.portal.kernel.settings.CompanyServiceSettingsLocator;
import com.liferay.portal.kernel.util.Http;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.StringUtil;
import com.liferay.portal.kernel.util.Validator;
import java.net.URI;
import java.security.Principal;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@PreMatching
@Component(property = {"osgi.jaxrs.application.select=(osgi.jaxrs.name=Liferay.OAuth2.Application)", "osgi.jaxrs.extension=true", "osgi.jaxrs.name=AuthorizationCodeGrantServiceContainerRequestFilter"}, service = {ContainerRequestFilter.class})
@Priority(1000)
@Provider
/* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/endpoint/authorize/AuthorizationCodeGrantServiceContainerRequestFilter.class */
public class AuthorizationCodeGrantServiceContainerRequestFilter implements ContainerRequestFilter {
    private static final Log _log = LogFactoryUtil.getLog(AuthorizationCodeGrantServiceContainerRequestFilter.class);

    @Reference
    private ConfigurationProvider _configurationProvider;

    @Reference
    private Http _http;

    @Context
    private HttpServletRequest _httpServletRequest;

    @Reference
    private Portal _portal;

    /* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/endpoint/authorize/AuthorizationCodeGrantServiceContainerRequestFilter$PortalCXFSecurityContext.class */
    private static abstract class PortalCXFSecurityContext implements SecurityContext, org.apache.cxf.security.SecurityContext {
        private PortalCXFSecurityContext() {
        }

        public String getAuthenticationScheme() {
            return "session";
        }

        public boolean isUserInRole(String str) {
            return false;
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (StringUtil.startsWith(uriInfo.getPath(), "authorize")) {
            try {
                final User user = this._portal.getUser(this._httpServletRequest);
                if (user != null && !user.isDefaultUser()) {
                    containerRequestContext.setSecurityContext(new PortalCXFSecurityContext() { // from class: com.liferay.oauth2.provider.rest.internal.endpoint.authorize.AuthorizationCodeGrantServiceContainerRequestFilter.1
                        /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                        {
                            super();
                        }

                        public Principal getUserPrincipal() {
                            return new ProtectedPrincipal(String.valueOf(user.getUserId()));
                        }

                        public boolean isSecure() {
                            return AuthorizationCodeGrantServiceContainerRequestFilter.this._portal.isSecure(AuthorizationCodeGrantServiceContainerRequestFilter.this._httpServletRequest);
                        }
                    });
                    return;
                }
                try {
                    String loginURL = getLoginURL();
                    String aSCIIString = uriInfo.getRequestUri().toASCIIString();
                    String portalURL = this._portal.getPortalURL(this._httpServletRequest);
                    if (aSCIIString.startsWith(portalURL)) {
                        aSCIIString = aSCIIString.substring(portalURL.length());
                    }
                    containerRequestContext.abortWith(Response.status(Response.Status.FOUND).location(URI.create(this._http.addParameter(loginURL, "redirect", aSCIIString))).build());
                } catch (ConfigurationException e) {
                    _log.error("Unable to locate configuration", e);
                    throw new WebApplicationException(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
                }
            } catch (Exception e2) {
                _log.error("Unable to resolve authenticated user", e2);
                containerRequestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).build());
            }
        }
    }

    protected String getLoginURL() throws ConfigurationException {
        String loginURL = ((AuthorizeScreenConfiguration) this._configurationProvider.getConfiguration(AuthorizeScreenConfiguration.class, new CompanyServiceSettingsLocator(this._portal.getCompanyId(this._httpServletRequest), AuthorizeScreenConfiguration.class.getName()))).loginURL();
        if (Validator.isBlank(loginURL)) {
            StringBundler stringBundler = new StringBundler(4);
            stringBundler.append(this._portal.getPortalURL(this._httpServletRequest));
            stringBundler.append(this._portal.getPathContext());
            stringBundler.append(this._portal.getPathMain());
            stringBundler.append("/portal/login");
            loginURL = stringBundler.toString();
        } else if (!this._http.hasDomain(loginURL)) {
            loginURL = this._portal.getPortalURL(this._httpServletRequest) + loginURL;
        }
        return loginURL;
    }
}
