package org.craftercms.profile.interceptors;

import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.craftercms.commons.http.HttpUtils;
import org.craftercms.commons.i10n.I10nLogger;
import org.craftercms.commons.mongo.MongoDataException;
import org.craftercms.profile.api.AccessToken;
import org.craftercms.profile.api.exceptions.I10nProfileException;
import org.craftercms.profile.api.exceptions.ProfileException;
import org.craftercms.profile.exceptions.AccessDeniedException;
import org.craftercms.profile.repositories.AccessTokenRepository;
import org.craftercms.profile.services.impl.AccessTokenServiceImpl;
import org.craftercms.profile.utils.AccessTokenUtils;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:org/craftercms/profile/interceptors/AccessTokenCheckingInterceptor.class */
public class AccessTokenCheckingInterceptor extends HandlerInterceptorAdapter {
    private static final I10nLogger logger = new I10nLogger(AccessTokenCheckingInterceptor.class, "crafter.profile.messages.logging");
    public static final String LOG_KEY_ACCESS_TOKEN_FOUND = "profile.accessToken.accessTokenFound";
    protected AccessTokenRepository accessTokenRepository;
    protected String[] urlsToInclude;

    @Required
    public void setAccessTokenRepository(AccessTokenRepository accessTokenRepository) {
        this.accessTokenRepository = accessTokenRepository;
    }

    @Required
    public void setUrlsToInclude(String[] strArr) {
        this.urlsToInclude = strArr;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!includeRequest(httpServletRequest)) {
            return true;
        }
        AccessToken accessToken = getAccessToken(httpServletRequest);
        Date date = new Date();
        if (accessToken.getExpiresOn() != null && !date.before(accessToken.getExpiresOn())) {
            throw new AccessDeniedException.ExpiredAccessToken(accessToken.getId(), accessToken.getApplication(), accessToken.getExpiresOn());
        }
        AccessTokenUtils.setAccessToken(httpServletRequest, accessToken);
        return true;
    }

    protected boolean includeRequest(HttpServletRequest httpServletRequest) {
        if (!ArrayUtils.isNotEmpty(this.urlsToInclude)) {
            return false;
        }
        for (String str : this.urlsToInclude) {
            if (HttpUtils.getRequestUriWithoutContextPath(httpServletRequest).matches(str)) {
                return true;
            }
        }
        return false;
    }

    protected AccessToken getAccessToken(HttpServletRequest httpServletRequest) throws ProfileException {
        String parameter = httpServletRequest.getParameter("accessTokenId");
        if (!StringUtils.isNotEmpty(parameter)) {
            throw new AccessDeniedException.MissingAccessToken();
        }
        try {
            AccessToken accessToken = (AccessToken) this.accessTokenRepository.findByStringId(parameter);
            if (accessToken == null) {
                throw new AccessDeniedException.NoSuchAccessToken(parameter);
            }
            logger.debug(LOG_KEY_ACCESS_TOKEN_FOUND, new Object[]{parameter, accessToken});
            return accessToken;
        } catch (MongoDataException e) {
            throw new I10nProfileException(AccessTokenServiceImpl.ERROR_KEY_GET_ACCESS_TOKEN_ERROR, e, new Object[]{parameter});
        }
    }
}
