package org.primeframework.mvc.security;

import com.google.inject.Inject;
import java.net.URI;
import javax.servlet.http.HttpServletRequest;
import org.primeframework.mvc.config.MVCConfiguration;
import org.primeframework.mvc.servlet.HTTPMethod;
import org.primeframework.mvc.servlet.ServletTools;

/* loaded from: input_file:org/primeframework/mvc/security/UserLoginSecurityScheme.class */
public class UserLoginSecurityScheme implements SecurityScheme {
    private final MVCConfiguration configuration;
    private final UserLoginConstraintsValidator constraintsValidator;
    private final HTTPMethod method;
    private final HttpServletRequest request;
    private UserLoginSecurityContext userLoginSecurityContext;

    @Inject
    public UserLoginSecurityScheme(MVCConfiguration mVCConfiguration, UserLoginConstraintsValidator userLoginConstraintsValidator, HttpServletRequest httpServletRequest, HTTPMethod hTTPMethod) {
        this.configuration = mVCConfiguration;
        this.constraintsValidator = userLoginConstraintsValidator;
        this.request = httpServletRequest;
        this.method = hTTPMethod;
    }

    @Override // org.primeframework.mvc.security.SecurityScheme
    public void handle(String[] strArr) {
        if (this.userLoginSecurityContext == null) {
            return;
        }
        if (!this.userLoginSecurityContext.isLoggedIn()) {
            throw new UnauthenticatedException();
        }
        if (!this.constraintsValidator.validate(strArr)) {
            throw new UnauthorizedException();
        }
        if (this.configuration.csrfEnabled() && this.method == HTTPMethod.POST) {
            String originHeader = ServletTools.getOriginHeader(this.request);
            if (originHeader == null) {
                throw new UnauthorizedException();
            }
            URI baseURI = ServletTools.getBaseURI(this.request);
            URI create = URI.create(originHeader);
            if (!baseURI.getScheme().equalsIgnoreCase(create.getScheme()) || baseURI.getPort() != create.getPort() || !baseURI.getHost().equalsIgnoreCase(create.getHost())) {
                throw new UnauthorizedException();
            }
            String sessionToken = CSRF.getSessionToken(this.request);
            String parameterToken = CSRF.getParameterToken(this.request);
            if (sessionToken != null && !sessionToken.equals(parameterToken)) {
                throw new UnauthorizedException();
            }
        }
    }

    @Inject(optional = true)
    public void setUserLoginSecurityContext(UserLoginSecurityContext userLoginSecurityContext) {
        this.userLoginSecurityContext = userLoginSecurityContext;
    }
}
