package pl.edu.icm.saos.api.services.interceptor;

import com.google.common.base.Objects;
import com.google.common.collect.Sets;
import java.beans.PropertyDescriptor;
import java.lang.annotation.Annotation;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeanUtils;
import org.springframework.core.MethodParameter;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import pl.edu.icm.saos.api.services.exceptions.WrongRequestParameterException;

/* loaded from: input_file:WEB-INF/lib/saos-restful-web-api-0.9.14-SNAPSHOT.jar:pl/edu/icm/saos/api/services/interceptor/RestrictParamsHandlerInterceptor.class */
public class RestrictParamsHandlerInterceptor extends HandlerInterceptorAdapter {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/saos-restful-web-api-0.9.14-SNAPSHOT.jar:pl/edu/icm/saos/api/services/interceptor/RestrictParamsHandlerInterceptor$PropertyNameWrapper.class */
    public static class PropertyNameWrapper {
        private boolean writableProperty;
        private String name;

        public PropertyNameWrapper(boolean z, String str) {
            this.writableProperty = z;
            this.name = str;
        }

        public boolean isWritableProperty() {
            return this.writableProperty;
        }

        public String getName() {
            return this.name;
        }

        public String toString() {
            return Objects.toStringHelper(this).add("writableProperty", this.writableProperty).add("name", this.name).toString();
        }
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        RestrictParamsNames restrictParamsNames = (RestrictParamsNames) handlerMethod.getMethodAnnotation(RestrictParamsNames.class);
        if (!shouldHandle(restrictParamsNames)) {
            return true;
        }
        checkIfRequestContainNotAllowedParameter(httpServletRequest, handlerMethod, restrictParamsNames);
        return true;
    }

    private boolean shouldHandle(RestrictParamsNames restrictParamsNames) {
        return restrictParamsNames != null;
    }

    private void checkIfRequestContainNotAllowedParameter(HttpServletRequest httpServletRequest, HandlerMethod handlerMethod, RestrictParamsNames restrictParamsNames) throws WrongRequestParameterException {
        Set<String> extractAllowedParameterNamesFor = extractAllowedParameterNamesFor(handlerMethod);
        HashSet newHashSet = Sets.newHashSet(httpServletRequest.getParameterMap().keySet());
        newHashSet.removeAll(extractAllowedParameterNamesFor);
        if (newHashSet.isEmpty()) {
            return;
        }
        checkThatRequestNamesStartWith(extractAllowedPrefixes(restrictParamsNames), newHashSet);
    }

    private String[] extractAllowedPrefixes(RestrictParamsNames restrictParamsNames) {
        String[] allowedPrefixes = restrictParamsNames.allowedPrefixes();
        if (allowedPrefixes == null) {
            allowedPrefixes = new String[0];
        }
        return allowedPrefixes;
    }

    private void checkThatRequestNamesStartWith(String[] strArr, Set<String> set) throws WrongRequestParameterException {
        set.stream().forEach(str -> {
            checkAllowedRequestName(str, strArr);
        });
    }

    private void checkAllowedRequestName(String str, String[] strArr) throws WrongRequestParameterException {
        for (String str2 : strArr) {
            if (str.startsWith(str2)) {
                return;
            }
        }
        throw new WrongRequestParameterException(str, " name is incorrect");
    }

    private Set<String> extractAllowedParameterNamesFor(HandlerMethod handlerMethod) {
        HashSet newHashSet = Sets.newHashSet();
        for (MethodParameter methodParameter : handlerMethod.getMethodParameters()) {
            newHashSet.addAll(extractAllowedParametersNamesFor(methodParameter));
        }
        return newHashSet;
    }

    private Set<String> extractAllowedParametersNamesFor(MethodParameter methodParameter) {
        for (Annotation annotation : methodParameter.getParameterAnnotations()) {
            if (annotation instanceof RequestParam) {
                return Sets.newHashSet(((RequestParam) annotation).value());
            }
            if (annotation instanceof ModelAttribute) {
                return extractReadablePropertiesNamesFor(methodParameter.getParameterType());
            }
        }
        return Collections.emptySet();
    }

    private Set<String> extractReadablePropertiesNamesFor(Class<?> cls) {
        HashSet newHashSet = Sets.newHashSet();
        PropertyDescriptor[] propertyDescriptors = BeanUtils.getPropertyDescriptors(cls);
        if (propertyDescriptors == null) {
            propertyDescriptors = new PropertyDescriptor[0];
        }
        for (PropertyDescriptor propertyDescriptor : propertyDescriptors) {
            PropertyNameWrapper extractName = extractName(propertyDescriptor);
            if (extractName.isWritableProperty()) {
                newHashSet.add(extractName.getName());
            }
        }
        return newHashSet;
    }

    private PropertyNameWrapper extractName(PropertyDescriptor propertyDescriptor) {
        return new PropertyNameWrapper(propertyDescriptor.getWriteMethod() != null, propertyDescriptor.getName());
    }
}
