package com.atlassian.jira.plugin.servlet;

import com.atlassian.annotations.security.UnrestrictedAccess;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.security.annotated.AnnotatedSecurityChecker;
import com.atlassian.jira.security.annotated.AnnotatedSecurityEnabledCheck;
import com.atlassian.jira.security.annotated.SecureDefaultsStats;
import com.atlassian.jira.servlet.ServletRequestUtil;
import com.atlassian.jira.web.filters.annotations.CheckResult;
import com.atlassian.plugin.servlet.DelegatingPluginServlet;
import com.atlassian.plugin.servlet.ServletModuleManager;
import com.atlassian.plugin.servlet.descriptors.ServletModuleDescriptor;
import com.atlassian.plugin.servlet.util.RequestUtil;
import com.atlassian.sal.core.permission.AccessType;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Stopwatch;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@UnrestrictedAccess
/* loaded from: input_file:com/atlassian/jira/plugin/servlet/ServletModuleContainerServlet.class */
public class ServletModuleContainerServlet extends com.atlassian.plugin.servlet.ServletModuleContainerServlet {
    private static final Logger log = LoggerFactory.getLogger(ServletModuleContainerServlet.class);
    private static final Map<String, AccessType> SERVLET_TO_ACCESS_TYPE_SHORTCUT = new ImmutableMap.Builder().put("Toolbar Servlet", AccessType.UNRESTRICTED_ACCESS).put("Multi Path Servlet", AccessType.UNRESTRICTED_ACCESS).put("Servlet with translation key", AccessType.UNRESTRICTED_ACCESS).put("Jira Mobile Servlet", AccessType.UNRESTRICTED_ACCESS).put("Wallboard", AccessType.UNRESTRICTED_ACCESS).put("BootstrapScriptServlet", AccessType.UNRESTRICTED_ACCESS).put("TestServletModuleContainerServlet.mapHasPriorityOverTheAnnotation", AccessType.SYSTEM_ADMIN_ONLY).build();
    private final AnnotatedSecurityEnabledCheck annotatedSecurityEnabledCheck;
    private final Supplier<AnnotatedSecurityChecker> securityCheckerSupplier;
    private ServletConfig servletConfig;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/plugin/servlet/ServletModuleContainerServlet$ServletNameAndClass.class */
    public static final class ServletNameAndClass {
        private final String name;
        private final Class<? extends HttpServlet> clazz;

        public ServletNameAndClass(String str, Class<? extends HttpServlet> cls) {
            this.name = str;
            this.clazz = cls;
        }
    }

    public ServletModuleContainerServlet() {
        this(new AnnotatedSecurityEnabledCheck(), ServletRequestUtil::getSecurityChecker);
    }

    @VisibleForTesting
    ServletModuleContainerServlet(AnnotatedSecurityEnabledCheck annotatedSecurityEnabledCheck, Supplier<AnnotatedSecurityChecker> supplier) {
        this.annotatedSecurityEnabledCheck = annotatedSecurityEnabledCheck;
        this.securityCheckerSupplier = supplier;
    }

    protected ServletModuleManager getServletModuleManager() {
        return (ServletModuleManager) ComponentAccessor.getComponent(ServletModuleManager.class);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Stopwatch createStarted = Stopwatch.createStarted();
        if (this.annotatedSecurityEnabledCheck.isAnnotatedSecurityDisabled()) {
            super.service(httpServletRequest, httpServletResponse);
            return;
        }
        ServletNameAndClass servletDetails = getServletDetails(httpServletRequest);
        if (servletDetails == null) {
            super.service(httpServletRequest, httpServletResponse);
            return;
        }
        String str = servletDetails.name;
        AccessType accessType = SERVLET_TO_ACCESS_TYPE_SHORTCUT.get(str);
        if (accessType == null) {
            accessType = getAccessType(httpServletRequest, servletDetails.clazz);
        }
        if (this.securityCheckerSupplier.get().isAllowedFor(accessType)) {
            ServletRequestUtil.clearRedirectAttributes(httpServletRequest);
            ComponentAccessor.getComponentSafely(SecureDefaultsStats.class).ifPresent(secureDefaultsStats -> {
                secureDefaultsStats.pluginServletAllowed(createStarted.elapsed(TimeUnit.MICROSECONDS));
            });
            super.service(httpServletRequest, httpServletResponse);
        } else {
            if (log.isDebugEnabled()) {
                if (accessType == AccessType.EMPTY) {
                    log.debug("{} Servlet {}, class {}, method {} is not allowed for the current user. The servlet has no security annotation and so we use the default value. Redirecting to login screen.", new Object[]{CheckResult.CHECK_TAG, str, servletDetails.clazz.getName(), ServletRequestUtil.getMethodName(httpServletRequest)});
                } else {
                    log.debug("{} Servlet {}, class {}, method {} is not allowed for the current user. The servlet has accessType={}. Redirecting to login screen.", new Object[]{CheckResult.CHECK_TAG, str, servletDetails.clazz.getName(), ServletRequestUtil.getMethodName(httpServletRequest), accessType});
                }
            }
            ServletRequestUtil.redirectToLoginScreen(httpServletRequest, httpServletResponse, accessType);
            ComponentAccessor.getComponentSafely(SecureDefaultsStats.class).ifPresent(secureDefaultsStats2 -> {
                secureDefaultsStats2.pluginServletNotAllowed(createStarted.elapsed(TimeUnit.MICROSECONDS));
            });
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.servletConfig = servletConfig;
    }

    private AccessType getAccessType(HttpServletRequest httpServletRequest, Class<? extends HttpServlet> cls) {
        return AccessType.getAccessType(cls, ServletRequestUtil.getMethodName(httpServletRequest), new Class[]{HttpServletRequest.class, HttpServletResponse.class});
    }

    @Nullable
    private ServletNameAndClass getServletDetails(HttpServletRequest httpServletRequest) throws ServletException {
        DelegatingPluginServlet servlet = getServletModuleManager().getServlet(RequestUtil.getPathInfo(httpServletRequest), this.servletConfig);
        if (servlet == null) {
            return null;
        }
        if (!(servlet instanceof DelegatingPluginServlet)) {
            throw new IllegalStateException("Servlet is not an instance of DelegatingPluginServlet, but of " + servlet.getClass().getName());
        }
        ServletModuleDescriptor moduleDescriptor = servlet.getModuleDescriptor();
        return new ServletNameAndClass(moduleDescriptor.getDisplayName(), moduleDescriptor.getModuleClass());
    }
}
