package com.symphony.bdk.workflow.security;

import com.symphony.bdk.workflow.api.v1.WorkflowsApi;
import com.symphony.bdk.workflow.api.v1.WorkflowsMgtApi;
import com.symphony.bdk.workflow.configuration.WorkflowBotConfiguration;
import com.symphony.bdk.workflow.exception.UnauthorizedException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;

@Aspect
@Component
/* loaded from: input_file:com/symphony/bdk/workflow/security/AuthorizationAspect.class */
public class AuthorizationAspect {
    private static final String UNAUTHORIZED_EXCEPTION_INVALID_TOKEN_MESSAGE = "Request is not authorised";
    private final WorkflowBotConfiguration workflowBotConfiguration;

    public AuthorizationAspect(WorkflowBotConfiguration workflowBotConfiguration) {
        this.workflowBotConfiguration = workflowBotConfiguration;
    }

    @Before("@within(org.springframework.web.bind.annotation.RequestMapping) && @annotation(authorized)")
    public void authorizationCheck(Authorized authorized) {
        String headerTokenKey = authorized.headerTokenKey();
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (WorkflowsMgtApi.X_MANAGEMENT_TOKEN_KEY.equals(headerTokenKey)) {
            validateToken(httpServletRequest.getHeader(headerTokenKey), this.workflowBotConfiguration.getManagementToken());
        } else {
            if (!WorkflowsApi.X_MONITORING_TOKEN_KEY.equals(headerTokenKey)) {
                throw new UnauthorizedException(UNAUTHORIZED_EXCEPTION_INVALID_TOKEN_MESSAGE);
            }
            validateToken(httpServletRequest.getHeader(headerTokenKey), this.workflowBotConfiguration.getMonitoringToken());
        }
    }

    private static void validateToken(String str, String str2) {
        if (StringUtils.isBlank(str2) || !str2.equals(str)) {
            throw new UnauthorizedException(UNAUTHORIZED_EXCEPTION_INVALID_TOKEN_MESSAGE);
        }
    }

    private HttpServletRequest getHttpServletRequest() {
        return RequestContextHolder.currentRequestAttributes().getRequest();
    }
}
