package com.adobe.cq.assetcompute.impl.frameio;

import com.adobe.cq.assetcompute.api.frameio.FrameIOService;
import com.adobe.granite.toggle.api.ToggleCondition;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.http.context.ServletContextHelper;
import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ServletContextHelper.class}, configurationPolicy = ConfigurationPolicy.REQUIRE, reference = {@Reference(service = ToggleCondition.class, name = "toggleCondition", target = "(toggle.name=FT_ASSETS-10827)", policy = ReferencePolicy.STATIC, cardinality = ReferenceCardinality.MANDATORY)})
@HttpWhiteboardContext(name = FrameIOServletContext.CONTEXT_NAME, path = FrameIOServletContext.CONTEXT_PATH)
/* loaded from: input_file:com/adobe/cq/assetcompute/impl/frameio/FrameIOServletContext.class */
public class FrameIOServletContext extends ServletContextHelper {
    private static final Logger LOG = LoggerFactory.getLogger(FrameIOServletContext.class);
    public static final String CONTEXT_NAME = "frameio-context";
    public static final String CONTEXT_PATH = "/frameio";
    public static final String REQ_ATTR_RESOLVER = "aem.frameio.resolver";
    private ResourceResolverFactory resourceResolverFactory;
    private FrameIOService frameIOService;

    @Activate
    public FrameIOServletContext(@Reference FrameIOService frameIOService, @Reference ResourceResolverFactory resourceResolverFactory) {
        this.frameIOService = frameIOService;
        this.resourceResolverFactory = resourceResolverFactory;
    }

    public boolean handleSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!"POST".equals(httpServletRequest.getMethod())) {
            httpServletResponse.sendError(405);
            httpServletResponse.flushBuffer();
            return false;
        }
        try {
            ResourceResolver serviceResourceResolver = this.resourceResolverFactory.getServiceResourceResolver(FrameIOConstants.FRAMEIO_SERVICE_USER_AUTH_INFO);
            String header = httpServletRequest.getHeader("X-Frameio-Signature");
            String header2 = httpServletRequest.getHeader("X-Frameio-Request-Timestamp");
            String iOUtils = IOUtils.toString(httpServletRequest.getReader());
            if (this.frameIOService.verifyRequest(serviceResourceResolver, header, header2, iOUtils)) {
                httpServletRequest.setAttribute("frameio.action.request.body", iOUtils);
                httpServletRequest.setAttribute(REQ_ATTR_RESOLVER, serviceResourceResolver);
                return true;
            }
        } catch (LoginException e) {
            LOG.error("Error establishing session.", e);
        } catch (IOException e2) {
            LOG.error("Error trying to read request body.", e2);
        } catch (InvalidKeyException | NoSuchAlgorithmException e3) {
            LOG.error("Error generating request signature.", e3);
        }
        httpServletResponse.sendError(401);
        httpServletResponse.flushBuffer();
        return false;
    }
}
