package com.predic8.membrane.core.interceptor.oauth2client;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.Required;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Header;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.jwt.Jwks;
import com.predic8.membrane.core.interceptor.jwt.JwtAuthInterceptor;
import java.util.ArrayList;

@MCElement(name = "requireAuth")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.8.5.jar:com/predic8/membrane/core/interceptor/oauth2client/RequireAuth.class */
public class RequireAuth extends AbstractInterceptor {
    private String expectedAud;
    private OAuth2Resource2Interceptor oauth2;
    private JwtAuthInterceptor jwtAuth;
    private boolean required = true;
    private Integer errorStatus = null;
    private String scope = null;

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public void init(Router router) throws Exception {
        super.init(router);
        Jwks jwks = new Jwks();
        jwks.setJwks(new ArrayList());
        jwks.setJwksUris(this.oauth2.getAuthService().getJwksEndpoint());
        jwks.setAuthorizationService(this.oauth2.getAuthService());
        this.jwtAuth = new JwtAuthInterceptor();
        this.jwtAuth.setJwks(jwks);
        this.jwtAuth.setExpectedAud(this.expectedAud);
        this.jwtAuth.init(router);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        if (!isBearer(exchange.getRequest().getHeader())) {
            if (this.errorStatus != null) {
                exchange.setProperty(OAuth2Resource2Interceptor.ERROR_STATUS, this.errorStatus);
            }
            exchange.setProperty(OAuth2Resource2Interceptor.EXPECTED_AUDIENCE, this.expectedAud);
            exchange.setProperty(OAuth2Resource2Interceptor.WANTED_SCOPE, this.scope);
            Outcome handleRequest = this.oauth2.handleRequest(exchange);
            if (handleRequest != Outcome.CONTINUE) {
                return !this.required ? Outcome.CONTINUE : handleRequest;
            }
        }
        return this.jwtAuth.handleRequest(exchange);
    }

    private boolean isBearer(Header header) {
        return header.contains("Authorization") && header.getFirstValue("Authorization").startsWith("Bearer");
    }

    public String getExpectedAud() {
        return this.expectedAud;
    }

    @MCAttribute
    @Required
    public void setExpectedAud(String str) {
        this.expectedAud = str;
        if (this.jwtAuth != null) {
            this.jwtAuth.setExpectedAud(str);
        }
    }

    public OAuth2Resource2Interceptor getOauth2() {
        return this.oauth2;
    }

    @MCAttribute
    @Required
    public void setOauth2(OAuth2Resource2Interceptor oAuth2Resource2Interceptor) {
        this.oauth2 = oAuth2Resource2Interceptor;
    }

    @MCAttribute
    public void setRequired(boolean z) {
        this.required = z;
    }

    public boolean isRequired() {
        return this.required;
    }

    public Integer getErrorStatus() {
        return this.errorStatus;
    }

    @MCAttribute
    public void setErrorStatus(int i) {
        this.errorStatus = Integer.valueOf(i);
    }

    public String getScope() {
        return this.scope;
    }

    @MCAttribute
    public void setScope(String str) {
        this.scope = str;
    }
}
