package com.atlassian.jira.web.filters.annotations;

import com.atlassian.jira.security.annotated.AnnotatedSecurityChecker;
import com.atlassian.jira.servlet.ServletRequestUtil;
import com.atlassian.jira.web.ServletContextProvider;
import com.atlassian.sal.core.permission.AccessType;
import com.google.common.base.Preconditions;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.function.Supplier;
import javax.servlet.ServletRegistration;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/web/filters/annotations/JspChecker.class */
class JspChecker {
    private static final Logger log = LoggerFactory.getLogger(JspChecker.class);
    static final Map<String, AccessType> JSP_ACCESS_TYPES = Map.ofEntries(Map.entry("secure.admin.default", AccessType.ADMIN_ONLY), Map.entry("secure.errors", AccessType.UNRESTRICTED_ACCESS), Map.entry("default", AccessType.UNRESTRICTED_ACCESS), Map.entry("login", AccessType.UNRESTRICTED_ACCESS), Map.entry("logout", AccessType.UNRESTRICTED_ACCESS), Map.entry("alreadyloggedout", AccessType.UNRESTRICTED_ACCESS), Map.entry("logoutconfirm", AccessType.UNRESTRICTED_ACCESS), Map.entry("secure.admin.debug.logMessage", AccessType.ADMIN_ONLY), Map.entry("secure.views.projectnotfound", AccessType.ANONYMOUS_SITE_ACCESS), Map.entry("secure.views.searchrequesterror", AccessType.ANONYMOUS_SITE_ACCESS), Map.entry("secure.views.securitybreach", AccessType.ANONYMOUS_SITE_ACCESS), Map.entry("views.setup_002dadmin_002daccount", AccessType.UNRESTRICTED_ACCESS), Map.entry("includes.loginpage", AccessType.UNRESTRICTED_ACCESS), Map.entry("includes.loginform", AccessType.UNRESTRICTED_ACCESS), Map.entry("osd", AccessType.UNRESTRICTED_ACCESS), Map.entry("views.setup_002dmail_002dnotifications", AccessType.UNRESTRICTED_ACCESS), Map.entry("views.setup_002dimport", AccessType.UNRESTRICTED_ACCESS), Map.entry("views.setup_002dapplication_002dproperties", AccessType.UNRESTRICTED_ACCESS));
    private final Supplier<AnnotatedSecurityChecker> securityCheckerSupplier;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JspChecker(Supplier<AnnotatedSecurityChecker> supplier) {
        this.securityCheckerSupplier = supplier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<CheckResult> checkJsps(HttpServletRequest httpServletRequest) {
        String servletName = httpServletRequest.getHttpServletMapping().getServletName();
        boolean isJsp = isJsp(servletName);
        Object attribute = httpServletRequest.getAttribute(ServletRequestUtil.VIEW_REQUESTED_BY_ACTION);
        if (isJsp) {
            return getCheckResultIfViewRequestedByAction(attribute, servletName).or(() -> {
                return getCheckResultBasedOnJspAccessTypesList(servletName);
            });
        }
        if (attribute != null) {
            log.debug("[SECURITY ANNOTATION CHECK] {}={}, but servlet '{}' is not a JSP", new Object[]{ServletRequestUtil.VIEW_REQUESTED_BY_ACTION, attribute, servletName});
        }
        return Optional.empty();
    }

    private static Optional<CheckResult> getCheckResultIfViewRequestedByAction(Object obj, String str) {
        if (obj != null) {
            Collection mappings = ((ServletRegistration) ServletContextProvider.getServletContext().getServletRegistrations().get(str)).getMappings();
            if (mappings.contains(obj)) {
                log.trace("[SECURITY ANNOTATION CHECK] {}={} and servlet='{}' mappings={} match", new Object[]{ServletRequestUtil.VIEW_REQUESTED_BY_ACTION, obj, str, mappings});
                return Optional.of(new CheckResult(str, AccessType.UNRESTRICTED_ACCESS, true));
            }
            log.debug("[SECURITY ANNOTATION CHECK] {}={}, but servlet='{}' mappings={} do not match", new Object[]{ServletRequestUtil.VIEW_REQUESTED_BY_ACTION, obj, str, mappings});
        }
        return Optional.empty();
    }

    private Optional<CheckResult> getCheckResultBasedOnJspAccessTypesList(String str) {
        AccessType accessType = JSP_ACCESS_TYPES.get(getJspName(str));
        if (accessType != null) {
            log.trace("[SECURITY ANNOTATION CHECK] Servlet='{}' matched allowlist", str);
            return Optional.of(new CheckResult(str, accessType, this.securityCheckerSupplier.get().isAllowedFor(accessType)));
        }
        log.debug("[SECURITY ANNOTATION CHECK] Servlet='{}' did not match any allowlistEntry", str);
        return Optional.of(CheckResult.notFound(str));
    }

    private static boolean isJsp(String str) {
        return str.startsWith("jsp.") && str.endsWith("_jsp");
    }

    private static String getJspName(String str) {
        Preconditions.checkArgument(isJsp(str));
        return str.substring("jsp.".length(), str.length() - "_jsp".length());
    }
}
