package org.jahia.modules.jexperience.admin.security.impl;

import java.util.ArrayList;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.jahia.modules.jexperience.admin.Constants;
import org.jahia.modules.jexperience.admin.security.ProxyEntry;
import org.jahia.modules.jexperience.admin.security.ProxyServletAccessChecker;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.usermanager.JahiaUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;

/* loaded from: input_file:org/jahia/modules/jexperience/admin/security/impl/ProxyServletAccessCheckerImpl.class */
public class ProxyServletAccessCheckerImpl implements ProxyServletAccessChecker {
    private static final Logger logger = LoggerFactory.getLogger(ProxyServletAccessCheckerImpl.class);
    private List<ProxyEntry> proxyEntries = new ArrayList();
    private final PathMatcher matcher = new AntPathMatcher();

    @Override // org.jahia.modules.jexperience.admin.security.ProxyServletAccessChecker
    public ProxyEntry getProxyEntry(HttpServletRequest httpServletRequest, String str) {
        JahiaUser currentUser = JCRSessionFactory.getInstance().getCurrentUser();
        String substringAfter = StringUtils.substringAfter(httpServletRequest.getPathInfo(), str);
        String method = httpServletRequest.getMethod();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (currentUser == null) {
            logger.warn("JExperience proxy access checker: [ACCESS DENIED:{}:{}:{}] No current user found", new Object[]{remoteAddr, method, substringAfter});
            return null;
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        String str2 = "";
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(Constants.WEM_PROFILE_ID_COOKIE)) {
                    str2 = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        for (ProxyEntry proxyEntry : this.proxyEntries) {
            String from = proxyEntry.getFrom();
            if (from.startsWith("[")) {
                if (method.equals(StringUtils.substringBetween(from, "[", "]"))) {
                    from = StringUtils.substringAfter(from, "]");
                } else {
                    continue;
                }
            }
            if (from.contains("[context-profile-id]")) {
                from = StringUtils.replace(from, "[context-profile-id]", str2);
            }
            if (this.matcher.match(from, substringAfter)) {
                if (!(proxyEntry.isPublic() || proxyEntry.getRequiredPermissions() == null || proxyEntry.getRequiredPermissions().size() == 0 || proxyEntry.getRequiredPermissions().stream().anyMatch(str3 -> {
                    String str3 = "live";
                    String str4 = str3;
                    if (str3.contains("#")) {
                        String[] split = str3.split("#", 2);
                        str3 = split[0];
                        str4 = split[1];
                    }
                    try {
                        return JCRSessionFactory.getInstance().getCurrentUserSession(str3).getNode("/sites/" + str).hasPermission(str4);
                    } catch (RepositoryException e) {
                        return false;
                    }
                }))) {
                    logger.warn("JExperience proxy access checker: [ACCESS DENIED:{}:{}:{}] for user: {}, on site: {}", new Object[]{remoteAddr, method, substringAfter, currentUser.getUsername(), str});
                    return null;
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("JExperience proxy access checker: [ACCESS GRANTED:{}:{}:{}] for user: {}, on site: {}", new Object[]{remoteAddr, method, substringAfter, currentUser.getUsername(), str});
                }
                return proxyEntry;
            }
        }
        logger.warn("JExperience proxy access checker: [ACCESS DENIED:{}:{}:{}] No access rules found to allow user: {}, on site: {}", new Object[]{remoteAddr, method, substringAfter, currentUser.getUsername(), str});
        return null;
    }

    public void setProxyEntries(List<ProxyEntry> list) {
        this.proxyEntries = list;
    }
}
