package org.artifactory.webapp.servlet.authentication.interceptor.anonymous;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.artifactory.webapp.servlet.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/artifactory/webapp/servlet/authentication/interceptor/anonymous/AnonymousRefreshTokenRequestInterceptor.class */
public class AnonymousRefreshTokenRequestInterceptor implements AnonymousAuthenticationInterceptor {
    private static final Logger log = LoggerFactory.getLogger(AnonymousRefreshTokenRequestInterceptor.class);
    private static final Set<String> EXPECTED_QUERY_PARAMS = ImmutableSet.of("grant_type", "refresh_token", "access_token");

    @Override // org.artifactory.webapp.servlet.authentication.interceptor.anonymous.AnonymousAuthenticationInterceptor
    public boolean accept(HttpServletRequest httpServletRequest) {
        try {
            if (refreshTokenRequest(httpServletRequest)) {
                if (requestContainSufficientCredentials(httpServletRequest)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.debug("Could not check for allowing anonymous refresh token request.", e);
            return false;
        }
    }

    private boolean refreshTokenRequest(HttpServletRequest httpServletRequest) {
        return requestEqualsTo(httpServletRequest, "POST", "/api/security/token") && notAuthenticated(httpServletRequest) && grantTypeIsRefreshToken(httpServletRequest);
    }

    private boolean grantTypeIsRefreshToken(HttpServletRequest httpServletRequest) {
        return "refresh_token".equals(httpServletRequest.getParameter("grant_type"));
    }

    private boolean requestEqualsTo(HttpServletRequest httpServletRequest, String str, String str2) {
        return httpServletRequest.getMethod().equals(str) && RequestUtils.getServletPathFromRequest(httpServletRequest).equals(str2);
    }

    private boolean notAuthenticated(HttpServletRequest httpServletRequest) {
        return !RequestUtils.isBasicAuthHeaderPresent(httpServletRequest) || RequestUtils.extractUsernameFromRequest(httpServletRequest).equalsIgnoreCase("anonymous");
    }

    private boolean requestContainSufficientCredentials(HttpServletRequest httpServletRequest) {
        return Sets.newHashSet(Collections.list(httpServletRequest.getParameterNames())).equals(EXPECTED_QUERY_PARAMS);
    }
}
