package org.primeframework.mvc.security;

import com.google.inject.Inject;
import java.net.URI;
import org.primeframework.mvc.config.MVCConfiguration;
import org.primeframework.mvc.http.HTTPMethod;
import org.primeframework.mvc.http.HTTPRequest;
import org.primeframework.mvc.http.HTTPTools;
import org.primeframework.mvc.security.csrf.CSRFProvider;

/* loaded from: input_file:org/primeframework/mvc/security/UserLoginSecurityScheme.class */
public class UserLoginSecurityScheme implements SecurityScheme {
    private final MVCConfiguration configuration;
    private final UserLoginConstraintsValidator constraintsValidator;
    private final CSRFProvider csrfProvider;
    private final HTTPMethod method;
    private final HTTPRequest request;
    private UserLoginSecurityContext userLoginSecurityContext;

    @Inject
    public UserLoginSecurityScheme(MVCConfiguration mVCConfiguration, UserLoginConstraintsValidator userLoginConstraintsValidator, CSRFProvider cSRFProvider, HTTPRequest hTTPRequest, HTTPMethod hTTPMethod) {
        this.configuration = mVCConfiguration;
        this.constraintsValidator = userLoginConstraintsValidator;
        this.csrfProvider = cSRFProvider;
        this.request = hTTPRequest;
        this.method = hTTPMethod;
    }

    @Override // org.primeframework.mvc.security.SecurityScheme
    public void handle(String[] strArr) {
        if (this.userLoginSecurityContext == null) {
            return;
        }
        if (!this.userLoginSecurityContext.isLoggedIn()) {
            throw new UnauthenticatedException();
        }
        if (!this.constraintsValidator.validate(strArr)) {
            throw new UnauthorizedException();
        }
        if (this.configuration.csrfEnabled() && HTTPMethod.POST.is(this.method)) {
            String originHeader = HTTPTools.getOriginHeader(this.request);
            if (originHeader == null) {
                throw new UnauthorizedException();
            }
            URI create = URI.create(this.request.getBaseURL());
            URI create2 = URI.create(originHeader);
            if (create.getPort() != create2.getPort() || !create.getScheme().equalsIgnoreCase(create2.getScheme()) || !create.getHost().equalsIgnoreCase(create2.getHost())) {
                throw new UnauthorizedException();
            }
            if (!this.csrfProvider.validateRequest(this.request)) {
                throw new UnauthorizedException();
            }
        }
    }

    @Inject(optional = true)
    public void setUserLoginSecurityContext(UserLoginSecurityContext userLoginSecurityContext) {
        this.userLoginSecurityContext = userLoginSecurityContext;
    }
}
