package com.adobe.acs.commons.dispatcher.impl;

import com.adobe.acs.commons.forms.helpers.impl.PostRedirectGetWithCookiesFormHelperImpl;
import org.apache.commons.lang3.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(label = "ACS AEM Commons - Permission Sensitive Cache Servlet", description = "Servlet that checks if the current sessions has access to a cached object", metatype = true, immediate = true)
@Properties({@Property(name = "sling.servlet.paths", cardinality = Integer.MAX_VALUE, label = "Sling Servlet Paths", description = "Paths that this servlet will resolve to")})
/* loaded from: input_file:com/adobe/acs/commons/dispatcher/impl/PermissionSensitiveCacheServlet.class */
public class PermissionSensitiveCacheServlet extends SlingSafeMethodsServlet {
    private final Logger log = LoggerFactory.getLogger(PermissionSensitiveCacheServlet.class);

    public void doHead(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) {
        try {
            ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
            String parameter = slingHttpServletRequest.getParameter("uri");
            this.log.debug("Checking access for URI {}", parameter);
            if (!isUriValid(parameter)) {
                this.log.debug("Invalid URI {}", parameter);
                slingHttpServletResponse.setStatus(401);
            } else if (ResourceUtil.isNonExistingResource(resourceResolver.resolve(slingHttpServletRequest, parameter))) {
                this.log.info("Current Session does not have access to {}", parameter);
                slingHttpServletResponse.setStatus(401);
            } else {
                this.log.debug("Current Session has access to {}", parameter);
                slingHttpServletResponse.setStatus(200);
            }
        } catch (Exception e) {
            this.log.error("Authchecker servlet exception", e);
            slingHttpServletResponse.setStatus(401);
        }
    }

    public boolean isUriValid(String str) {
        boolean z = true;
        if (!StringUtils.startsWith(str, PostRedirectGetWithCookiesFormHelperImpl.ROOT_COOKIE_PATH)) {
            z = false;
        }
        return z;
    }
}
