package org.talend.esb.security.oidc;

import java.io.IOException;
import java.io.InputStream;
import java.net.URLEncoder;
import java.util.Collections;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.provider.json.JSONProvider;

@Priority(1000)
@PreMatching
/* loaded from: input_file:org/talend/esb/security/oidc/OidcAccessTokenValidator.class */
public class OidcAccessTokenValidator implements ContainerRequestFilter {
    private OidcConfiguration oidcConfiguration;

    public OidcAccessTokenValidator() {
        this.oidcConfiguration = OidcClientUtils.getOidcConfiguration();
    }

    public OidcAccessTokenValidator(OidcConfiguration oidcConfiguration) {
        this.oidcConfiguration = OidcClientUtils.getOidcConfiguration();
        this.oidcConfiguration = oidcConfiguration;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String substring;
        boolean z = true;
        String str = (String) containerRequestContext.getHeaders().getFirst("Authorization");
        if (str != null && str.startsWith("Bearer ") && (substring = str.substring("Bearer ".length())) != null && !substring.isEmpty()) {
            String validationEndpoint = this.oidcConfiguration.getValidationEndpoint();
            if (validationEndpoint == null) {
                throw new RuntimeException("Location of Oidc validation endpoint is not set");
            }
            try {
                String str2 = OidcClientUtils.parseJson((InputStream) WebClient.create(validationEndpoint, Collections.singletonList(new JSONProvider())).type("application/x-www-form-urlencoded").post("token=" + URLEncoder.encode(substring, "UTF-8") + "&token_type_hint=access_token").getEntity()).get("active");
                if (str2 != null) {
                    if (str2.equalsIgnoreCase("true")) {
                        z = false;
                    }
                }
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        if (z) {
            Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
            status.header("WWW-Authenticate", "Bearer");
            containerRequestContext.abortWith(status.build());
        }
    }
}
