package com.openexchange.ajax.requesthandler.oauth;

import com.openexchange.ajax.requesthandler.AJAXActionService;
import com.openexchange.ajax.requesthandler.AJAXRequestData;
import com.openexchange.ajax.requesthandler.AbstractAJAXActionAnnotationProcessor;
import com.openexchange.exception.OXException;
import com.openexchange.mail.Protocol;
import com.openexchange.oauth.provider.exceptions.OAuthInsufficientScopeException;
import com.openexchange.oauth.provider.resourceserver.OAuthAccess;
import com.openexchange.oauth.provider.resourceserver.annotations.OAuthAction;
import com.openexchange.oauth.provider.resourceserver.annotations.OAuthScopeCheck;
import com.openexchange.tools.session.ServerSession;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/requesthandler/oauth/OAuthAnnotationProcessor.class */
public class OAuthAnnotationProcessor extends AbstractAJAXActionAnnotationProcessor<OAuthAction> {
    private static final Logger LOG = LoggerFactory.getLogger(OAuthAnnotationProcessor.class);

    @Override // com.openexchange.ajax.requesthandler.AbstractAJAXActionAnnotationProcessor
    protected Class<OAuthAction> getAnnotation() {
        return OAuthAction.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.requesthandler.AbstractAJAXActionAnnotationProcessor
    public void doProcess(OAuthAction oAuthAction, AJAXActionService aJAXActionService, AJAXRequestData aJAXRequestData, ServerSession serverSession) throws OXException {
        OAuthAccess oAuthAccess = (OAuthAccess) aJAXRequestData.getProperty(OAuthConstants.PARAM_OAUTH_ACCESS);
        if (oAuthAccess == null) {
            return;
        }
        String value = aJAXActionService.getClass().getAnnotation(OAuthAction.class).value();
        if (Protocol.ALL.equals(value)) {
            return;
        }
        if (!"__custom__".equals(value)) {
            if (!oAuthAccess.getScope().has(value)) {
                throw new OAuthInsufficientScopeException(value);
            }
            return;
        }
        for (Method method : aJAXActionService.getClass().getMethods()) {
            if (method.isAnnotationPresent(OAuthScopeCheck.class)) {
                if (hasScopeCheckSignature(method)) {
                    try {
                        if (((Boolean) method.invoke(aJAXActionService, aJAXRequestData, serverSession, oAuthAccess)).booleanValue()) {
                            return;
                        }
                    } catch (IllegalAccessException | IllegalArgumentException e) {
                        LOG.error("Could not check scope", e);
                        throw new OXException(e);
                    } catch (InvocationTargetException e2) {
                        OXException cause = e2.getCause();
                        if (!(cause instanceof OXException)) {
                            throw new OXException(cause);
                        }
                        throw cause;
                    }
                } else {
                    LOG.warn("Method '" + aJAXActionService.getClass() + "." + method.getName() + "' is annotated with @OAuthScopeCheck but its signature is invalid!");
                }
            }
        }
        throw new OAuthInsufficientScopeException();
    }

    private static boolean hasScopeCheckSignature(Method method) {
        if (!Modifier.isPublic(method.getModifiers()) || !method.getReturnType().isAssignableFrom(Boolean.TYPE)) {
            return false;
        }
        Class<?>[] parameterTypes = method.getParameterTypes();
        return parameterTypes.length == 3 && parameterTypes[0].isAssignableFrom(AJAXRequestData.class) && parameterTypes[1].isAssignableFrom(ServerSession.class) && parameterTypes[2].isAssignableFrom(OAuthAccess.class);
    }
}
