package io.getlime.security.powerauth.rest.api.spring.annotation.support;

import io.getlime.security.powerauth.rest.api.spring.annotation.EncryptedRequestBody;
import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuth;
import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthEncryption;
import io.getlime.security.powerauth.rest.api.spring.annotation.PowerAuthToken;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthAuthenticationException;
import io.getlime.security.powerauth.rest.api.spring.exception.PowerAuthEncryptionException;
import io.getlime.security.powerauth.rest.api.spring.exception.authentication.PowerAuthHeaderMissingException;
import io.getlime.security.powerauth.rest.api.spring.model.PowerAuthRequestObjects;
import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthAuthenticationProvider;
import io.getlime.security.powerauth.rest.api.spring.provider.PowerAuthEncryptionProvider;
import java.lang.reflect.Type;
import java.util.Arrays;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.text.StringSubstitutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.MethodParameter;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.HandlerMapping;

@Component
/* loaded from: input_file:io/getlime/security/powerauth/rest/api/spring/annotation/support/PowerAuthAnnotationInterceptor.class */
public class PowerAuthAnnotationInterceptor implements AsyncHandlerInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(PowerAuthAnnotationInterceptor.class);
    private PowerAuthAuthenticationProvider authenticationProvider;
    private PowerAuthEncryptionProvider encryptionProvider;

    @Autowired
    public void setAuthenticationProvider(PowerAuthAuthenticationProvider powerAuthAuthenticationProvider) {
        this.authenticationProvider = powerAuthAuthenticationProvider;
    }

    @Autowired
    public void setEncryptionProvider(PowerAuthEncryptionProvider powerAuthEncryptionProvider) {
        this.encryptionProvider = powerAuthEncryptionProvider;
    }

    public boolean preHandle(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull Object obj) {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        PowerAuth powerAuth = (PowerAuth) handlerMethod.getMethodAnnotation(PowerAuth.class);
        PowerAuthToken powerAuthToken = (PowerAuthToken) handlerMethod.getMethodAnnotation(PowerAuthToken.class);
        PowerAuthEncryption powerAuthEncryption = (PowerAuthEncryption) handlerMethod.getMethodAnnotation(PowerAuthEncryption.class);
        if (powerAuth != null && powerAuthToken != null) {
            logger.warn("You cannot use both @PowerAuth and @PowerAuthToken on same handler method. We are removing both.");
            powerAuth = null;
            powerAuthToken = null;
        }
        if (powerAuthEncryption != null) {
            try {
                this.encryptionProvider.decryptRequest(httpServletRequest, resolveGenericParameterTypeForEcies(handlerMethod), powerAuthEncryption.scope());
            } catch (PowerAuthEncryptionException e) {
                logger.warn("Decryption failed, error: {}", e.getMessage());
                logger.debug("Error details", e);
            }
        }
        if (powerAuth != null) {
            try {
                String expandResourceId = expandResourceId(powerAuth.resourceId(), httpServletRequest, handlerMethod);
                String header = httpServletRequest.getHeader("X-PowerAuth-Authorization");
                if (header == null) {
                    logger.warn("Signature HTTP header is missing");
                    throw new PowerAuthHeaderMissingException();
                }
                httpServletRequest.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, this.authenticationProvider.validateRequestSignatureWithActivationDetails(httpServletRequest, expandResourceId, header, Arrays.asList(powerAuth.signatureType())));
            } catch (PowerAuthAuthenticationException e2) {
                logger.warn("Invalid request signature, authentication object was removed");
                httpServletRequest.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, (Object) null);
            }
        }
        if (powerAuthToken == null) {
            return true;
        }
        try {
            String header2 = httpServletRequest.getHeader("X-PowerAuth-Token");
            if (header2 == null) {
                logger.warn("Token HTTP header is missing");
                throw new PowerAuthHeaderMissingException();
            }
            httpServletRequest.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, this.authenticationProvider.validateTokenWithActivationDetails(header2, Arrays.asList(powerAuthToken.signatureType())));
            return true;
        } catch (PowerAuthAuthenticationException e3) {
            logger.warn("Invalid token, authentication object was removed");
            httpServletRequest.setAttribute(PowerAuthRequestObjects.AUTHENTICATION_OBJECT, (Object) null);
            return true;
        }
    }

    private Type resolveGenericParameterTypeForEcies(HandlerMethod handlerMethod) {
        for (MethodParameter methodParameter : handlerMethod.getMethodParameters()) {
            if (methodParameter.hasParameterAnnotation(EncryptedRequestBody.class)) {
                return methodParameter.getGenericParameterType();
            }
        }
        return Object.class;
    }

    private String expandResourceId(String str, HttpServletRequest httpServletRequest, HandlerMethod handlerMethod) {
        String str2;
        TreeMap treeMap = new TreeMap();
        for (MethodParameter methodParameter : handlerMethod.getMethodParameters()) {
            RequestParam parameterAnnotation = methodParameter.getParameterAnnotation(RequestParam.class);
            if (parameterAnnotation != null) {
                String name = parameterAnnotation.name();
                String parameter = httpServletRequest.getParameter(name);
                if (parameter != null) {
                    treeMap.put(name, parameter);
                }
            } else {
                PathVariable parameterAnnotation2 = methodParameter.getParameterAnnotation(PathVariable.class);
                if (parameterAnnotation2 != null) {
                    String name2 = parameterAnnotation2.name();
                    Map map = (Map) httpServletRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
                    if (map != null && !treeMap.containsKey(name2) && (str2 = (String) map.get(name2)) != null) {
                        treeMap.put(name2, str2);
                    }
                }
            }
        }
        return new StringSubstitutor(treeMap).replace(str);
    }
}
