package com.liferay.commerce.payment.internal.util;

import com.liferay.commerce.model.CommerceOrder;
import com.liferay.commerce.payment.util.CommercePaymentHttpHelper;
import com.liferay.commerce.service.CommerceOrderLocalService;
import com.liferay.commerce.service.CommerceOrderService;
import com.liferay.portal.kernel.encryptor.Encryptor;
import com.liferay.portal.kernel.model.Company;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.kernel.security.permission.PermissionThreadLocal;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.Portal;
import com.liferay.portal.kernel.util.Validator;
import javax.servlet.http.HttpServletRequest;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {CommercePaymentHttpHelper.class})
/* loaded from: input_file:com/liferay/commerce/payment/internal/util/CommercePaymentHttpHelperImpl.class */
public class CommercePaymentHttpHelperImpl implements CommercePaymentHttpHelper {

    @Reference
    private CommerceOrderLocalService _commerceOrderLocalService;

    @Reference
    private CommerceOrderService _commerceOrderService;

    @Reference
    private Encryptor _encryptor;

    @Reference
    private Portal _portal;

    public CommerceOrder getCommerceOrder(HttpServletRequest httpServletRequest) throws Exception {
        CommerceOrder commerceOrderByUuidAndGroupId;
        long j = ParamUtil.getLong(httpServletRequest, "groupId");
        String string = ParamUtil.getString(httpServletRequest, "uuid");
        String string2 = ParamUtil.getString(httpServletRequest, "guestToken");
        if (Validator.isNotNull(string2)) {
            String replaceAll = string2.replaceAll(" ", "+");
            commerceOrderByUuidAndGroupId = this._commerceOrderLocalService.getCommerceOrderByUuidAndGroupId(string, j);
            Company company = this._portal.getCompany(httpServletRequest);
            User guestUser = company.getGuestUser();
            if (!replaceAll.equals(_getGuestToken(company, commerceOrderByUuidAndGroupId.getCommerceOrderId()))) {
                throw new PrincipalException.MustHavePermission(guestUser.getUserId(), CommerceOrder.class.getName(), commerceOrderByUuidAndGroupId.getCommerceOrderId(), new String[]{"VIEW"});
            }
            PermissionThreadLocal.setPermissionChecker(PermissionCheckerFactoryUtil.create(guestUser));
        } else {
            PermissionThreadLocal.setPermissionChecker(PermissionCheckerFactoryUtil.create(this._portal.getUser(httpServletRequest)));
            commerceOrderByUuidAndGroupId = this._commerceOrderService.getCommerceOrderByUuidAndGroupId(string, j);
        }
        return commerceOrderByUuidAndGroupId;
    }

    private String _getGuestToken(Company company, long j) throws Exception {
        return this._encryptor.encrypt(company.getKeyObj(), String.valueOf(j));
    }
}
