package com.atlassian.bamboo.servlet;

import com.atlassian.bamboo.configuration.AdministrationConfigurationAccessor;
import com.atlassian.bamboo.filter.AccessTypePolicy;
import com.atlassian.bamboo.servlet.ServletRegistrar;
import com.atlassian.bamboo.spring.ComponentAccessor;
import com.atlassian.bamboo.user.BambooRemoteUserUtils;
import com.atlassian.bamboo.util.RedirectUtils;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.config.util.BootstrapUtils;
import com.atlassian.plugin.servlet.DelegatingPluginServlet;
import com.atlassian.plugin.servlet.ServletModuleContainerServlet;
import com.atlassian.plugin.servlet.ServletModuleManager;
import com.atlassian.plugin.servlet.descriptors.ServletModuleDescriptor;
import com.atlassian.plugin.servlet.util.RequestUtil;
import com.atlassian.sal.core.permission.AccessType;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Map;
import java.util.Optional;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/servlet/Servlets.class */
public enum Servlets {
    PLUGIN_SERVLETS(ServletRegistrar.servlet("servlet-module-container-servlet", (Servlet) new ServletModuleContainerServlet() { // from class: com.atlassian.bamboo.servlet.SecureServletModuleContainerServlet
        private static final Logger log = LogManager.getLogger(SecureServletModuleContainerServlet.class);
        private static final Map<String, String> HTTP_TO_JAVA = Map.of("GET", "doGet", "POST", "doPost", "PUT", "doPut", "DELETE", "doDelete", "HEAD", "doHead", "OPTIONS", "doOptions", "TRACE", "doTrace");
        private ServletConfig servletConfig;
        private static final String NOT_RECOGNIZED_CONST = "[not recognized]";

        public void init(ServletConfig servletConfig) throws ServletException {
            super.init(servletConfig);
            this.servletConfig = servletConfig;
        }

        protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
            ServletModuleManager servletModuleManager = getServletModuleManager();
            if (servletModuleManager == null) {
                log.error("Could not get ServletModuleManager");
                httpServletResponse.sendError(500);
                return;
            }
            DelegatingPluginServlet servlet = servletModuleManager.getServlet(RequestUtil.getPathInfo(httpServletRequest), this.servletConfig);
            if (servlet == null) {
                super.service(httpServletRequest, httpServletResponse);
                return;
            }
            if (!(servlet instanceof DelegatingPluginServlet)) {
                log.error("Servlet for {} is not an instance of DelegatingPluginServlet", RequestUtil.getRequestURI(httpServletRequest));
                httpServletResponse.sendError(500);
                return;
            }
            ServletModuleDescriptor moduleDescriptor = servlet.getModuleDescriptor();
            if (moduleDescriptor == null) {
                log.error("Could not get moduleDescriptor");
                httpServletResponse.sendError(500);
                return;
            }
            AccessType effectiveSecurityAnnotation = getEffectiveSecurityAnnotation(httpServletRequest, moduleDescriptor);
            AccessTypePolicy forAccessType = AccessTypePolicy.forAccessType(effectiveSecurityAnnotation, isEnableAnonymousAccess());
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (!(effectiveSecurityAnnotation != AccessType.EMPTY || SystemProperty.DEFAULT_ENDPOINT_TO_LICENSED_ACCESS.getTypedValue()) || forAccessType.hasAuthority(authentication)) {
                if (log.isTraceEnabled()) {
                    log.trace("{} has sufficient authority to access plugin servlet {} - request allowed", getPrincipalName(authentication), getServletName(httpServletRequest));
                }
                super.service(httpServletRequest, httpServletResponse);
            } else {
                if (log.isInfoEnabled()) {
                    log.info("{} has no authority to access plugin servlet {}:{} ({}) - request denied", getPrincipalName(authentication), getServletName(httpServletRequest), servlet, moduleDescriptor.getCompleteKey());
                }
                if (BambooRemoteUserUtils.getRemoteUsername() == null) {
                    RedirectUtils.redirectToLogin(httpServletRequest, httpServletResponse, log);
                } else {
                    httpServletResponse.sendError(401);
                }
            }
        }

        /* JADX WARN: Multi-variable type inference failed */
        private AccessType getEffectiveSecurityAnnotation(HttpServletRequest httpServletRequest, ServletModuleDescriptor servletModuleDescriptor) {
            Class<?> cls = servletModuleDescriptor.getModule().getClass();
            Method httpMethodToJava = httpMethodToJava(httpServletRequest, cls);
            return httpMethodToJava == null ? AccessType.getAccessType(cls, "", new Class[0]) : AccessType.getAccessType(httpMethodToJava);
        }

        @Nullable
        private Method httpMethodToJava(HttpServletRequest httpServletRequest, Class<? extends HttpServlet> cls) {
            String str = HTTP_TO_JAVA.get(httpServletRequest.getMethod().toUpperCase());
            if (str == null) {
                log.warn("Unknown HTTP method: " + httpServletRequest.getMethod());
                return null;
            }
            try {
                return cls.getDeclaredMethod(str, HttpServletRequest.class, HttpServletResponse.class);
            } catch (NoSuchMethodException e) {
                return null;
            }
        }

        private boolean isEnableAnonymousAccess() {
            if (isSetupIncomplete()) {
                return true;
            }
            Optional map = Optional.ofNullable((AdministrationConfigurationAccessor) ComponentAccessor.ADMINISTRATION_CONFIGURATION_ACCESSOR.get()).map((v0) -> {
                return v0.getAdministrationConfiguration();
            });
            if (map.isEmpty()) {
                log.warn("Could not load administration configuration. Assuming Anonymous access is disabled.");
            }
            return ((Boolean) map.map((v0) -> {
                return v0.isEnableAnonymousAccess();
            }).orElse(false)).booleanValue();
        }

        private boolean isSetupIncomplete() {
            return !BootstrapUtils.getBootstrapManager().isSetupComplete();
        }

        private String getPrincipalName(Authentication authentication) {
            return authentication == null ? "[not authenticated]" : authentication.getName();
        }

        private String getServletName(HttpServletRequest httpServletRequest) {
            try {
                return (String) Optional.ofNullable(httpServletRequest.getHttpServletMapping()).flatMap(httpServletMapping -> {
                    return Optional.ofNullable(httpServletMapping.getServletName());
                }).orElse(NOT_RECOGNIZED_CONST);
            } catch (Throwable th) {
                log.debug("Could not establish the servlet name", th);
                return NOT_RECOGNIZED_CONST;
            }
        }
    }).loadOnStartup(9).mapping(UrlPattern.PLUGINS_SERVLET));

    private final ServletContextRegistrar registrar;

    ServletContextRegistrar getRegistrar() {
        return this.registrar;
    }

    Servlets(ServletContextRegistrar servletContextRegistrar) {
        this.registrar = servletContextRegistrar;
    }

    Servlets(ServletRegistrar.Builder builder) {
        this(builder.build());
    }

    public static void registerAll(ServletContext servletContext) throws ServletException {
        for (Servlets servlets : values()) {
            servlets.registrar.register(servletContext);
        }
    }
}
