package ee.datel.dogis.proxy.oauth;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayDeque;
import java.util.Deque;
import java.util.concurrent.TimeUnit;
import javax.security.auth.login.CredentialNotFoundException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.owasp.encoder.Encode;
import org.springframework.core.Ordered;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:ee/datel/dogis/proxy/oauth/OAuthAuthenticationFilter.class */
public class OAuthAuthenticationFilter extends OncePerRequestFilter implements Ordered {
    private static final byte[] NOTACTIVE = "{\"active\": false}".getBytes(StandardCharsets.US_ASCII);
    private static final byte[] OK = "{\"active\": true}".getBytes(StandardCharsets.US_ASCII);
    private final OAuthTokenService service;
    private final Deque<String> queue = new ArrayDeque();

    public OAuthAuthenticationFilter(OAuthTokenService oAuthTokenService) {
        this.service = oAuthTokenService;
    }

    public int getOrder() {
        return -101;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("token");
        if (StringUtils.isBlank(parameter)) {
            manageNotactive(httpServletResponse, "null");
            return;
        }
        if ("T0F1dGhDb25uZWN0aW9uSGVhbHRoSW5kaWNhdG9y".equals(parameter)) {
            writeNotactive(httpServletResponse);
            return;
        }
        try {
            this.service.existsToken(parameter);
            httpServletResponse.setContentType("application/json");
            httpServletResponse.setContentLength(OK.length);
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                outputStream.write(OK);
                if (outputStream != null) {
                    outputStream.close();
                }
            } catch (Throwable th) {
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            httpServletResponse.setStatus(500);
        } catch (CredentialNotFoundException e2) {
            manageNotactive(httpServletResponse, parameter);
        }
    }

    protected void writeNotactive(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setContentLength(NOTACTIVE.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        try {
            outputStream.write(NOTACTIVE);
            if (outputStream != null) {
                outputStream.close();
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void manageNotactive(HttpServletResponse httpServletResponse, String str) throws IOException {
        this.queue.push("");
        long size = this.queue.size();
        this.logger.info(String.format("Illegal OAuth token '%s', penalty %d", Encode.forHtmlContent(str), Long.valueOf(size)));
        try {
            TimeUnit.MILLISECONDS.sleep(Math.min(1000L, 100 * size));
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
        }
        this.queue.poll();
        writeNotactive(httpServletResponse);
    }

    protected boolean shouldNotFilter(HttpServletRequest httpServletRequest) throws ServletException {
        return ("/oauth/introspect".equals(httpServletRequest.getServletPath()) && "POST".equals(httpServletRequest.getMethod()) && "application/x-www-form-urlencoded".equals(httpServletRequest.getContentType())) ? false : true;
    }
}
