package org.apache.cxf.rs.security.oauth2.services;

import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenValidation;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenValidator;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.AuthorizationUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:resources/fedorahome.zip:client/cxf-bundle-2.6.2.jar:org/apache/cxf/rs/security/oauth2/services/AbstractAccessTokenValidator.class */
public abstract class AbstractAccessTokenValidator {
    private static final String DEFAULT_AUTH_SCHEME = "Bearer";
    private MessageContext mc;
    private List<AccessTokenValidator> tokenHandlers = Collections.emptyList();
    private Set<String> supportedSchemes = new HashSet();
    private OAuthDataProvider dataProvider;

    public void setTokenValidator(AccessTokenValidator accessTokenValidator) {
        setTokenValidators(Collections.singletonList(accessTokenValidator));
    }

    public void setTokenValidators(List<AccessTokenValidator> list) {
        this.tokenHandlers = list;
        Iterator<AccessTokenValidator> it = list.iterator();
        while (it.hasNext()) {
            this.supportedSchemes.addAll(it.next().getSupportedAuthorizationSchemes());
        }
    }

    public void setDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.dataProvider = oAuthDataProvider;
    }

    @Context
    public void setMessageContext(MessageContext messageContext) {
        this.mc = messageContext;
    }

    public MessageContext getMessageContext() {
        return this.mc;
    }

    protected AccessTokenValidator findTokenValidator(String str) {
        for (AccessTokenValidator accessTokenValidator : this.tokenHandlers) {
            List<String> supportedAuthorizationSchemes = accessTokenValidator.getSupportedAuthorizationSchemes();
            if ((supportedAuthorizationSchemes.size() == 1 && "*".equals(supportedAuthorizationSchemes.get(0))) || supportedAuthorizationSchemes.contains(str)) {
                return accessTokenValidator;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessTokenValidation getAccessTokenValidation() {
        AccessTokenValidation accessTokenValidation = null;
        if (this.dataProvider == null && this.tokenHandlers.isEmpty()) {
            throw new WebApplicationException(500);
        }
        String[] authorizationParts = AuthorizationUtils.getAuthorizationParts(this.mc, this.supportedSchemes);
        String str = authorizationParts[0];
        String str2 = authorizationParts[1];
        AccessTokenValidator findTokenValidator = findTokenValidator(str);
        if (findTokenValidator != null) {
            try {
                accessTokenValidation = findTokenValidator.validateAccessToken(this.mc, str, str2);
            } catch (OAuthServiceException e) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(str));
            }
        }
        ServerAccessToken serverAccessToken = null;
        if (accessTokenValidation == null && this.dataProvider != null && str.equals("Bearer")) {
            try {
                serverAccessToken = this.dataProvider.getAccessToken(str2);
            } catch (OAuthServiceException e2) {
            }
            if (serverAccessToken == null) {
                AuthorizationUtils.throwAuthorizationFailure(Collections.singleton(str));
            }
            accessTokenValidation = new AccessTokenValidation(serverAccessToken);
        }
        if (accessTokenValidation == null) {
            AuthorizationUtils.throwAuthorizationFailure(this.supportedSchemes);
        }
        if (OAuthUtils.isExpired(Long.valueOf(accessTokenValidation.getTokenIssuedAt()), Long.valueOf(accessTokenValidation.getTokenLifetime()))) {
            if (serverAccessToken != null) {
                this.dataProvider.removeAccessToken(serverAccessToken);
            }
            AuthorizationUtils.throwAuthorizationFailure(this.supportedSchemes);
        }
        return accessTokenValidation;
    }
}
