package com.atlassian.jira.config.webwork;

import com.atlassian.jira.JiraFeatureFlagRegistrar;
import com.atlassian.jira.action.SafeAction;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.security.annotated.AnnotatedSecurityChecker;
import com.atlassian.jira.security.annotated.AnnotatedSecurityEnabledCheck;
import com.atlassian.jira.security.annotated.SecureDefaultsStats;
import com.atlassian.jira.security.request.RequestMethodCheckFailureException;
import com.atlassian.jira.security.request.RequestMethodCheckResult;
import com.atlassian.jira.security.request.RequestMethodChecker;
import com.atlassian.jira.security.request.SecurityAnnotationException;
import com.atlassian.jira.security.websudo.InternalWebSudoManager;
import com.atlassian.jira.security.xsrf.XsrfCheckResult;
import com.atlassian.jira.security.xsrf.XsrfFailureException;
import com.atlassian.jira.security.xsrf.XsrfInvocationChecker;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.jira.util.Supplier;
import com.atlassian.jira.webwork.JiraSafeActionParameterSetter;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.sal.core.permission.AccessType;
import com.google.common.base.Stopwatch;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.DispatcherType;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import webwork.action.Action;
import webwork.action.ActionContext;
import webwork.action.CommandDriven;
import webwork.action.ResultException;
import webwork.action.factory.ActionFactory;
import webwork.action.factory.ActionFactoryProxy;
import webwork.util.BeanUtil;

/* loaded from: input_file:com/atlassian/jira/config/webwork/SafeActionFactoryProxy.class */
class SafeActionFactoryProxy extends ActionFactoryProxy {
    private static final Logger log = LoggerFactory.getLogger(SafeActionFactoryProxy.class);
    private final JiraSafeActionParameterSetter parameterSetter;
    private final AnnotatedSecurityEnabledCheck annotatedSecurityEnabledCheck;
    private final Supplier<AnnotatedSecurityChecker> securityChecker;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SafeActionFactoryProxy(ActionFactory actionFactory, AnnotatedSecurityEnabledCheck annotatedSecurityEnabledCheck, Supplier<AnnotatedSecurityChecker> supplier) {
        super(actionFactory);
        this.annotatedSecurityEnabledCheck = annotatedSecurityEnabledCheck;
        this.parameterSetter = new JiraSafeActionParameterSetter();
        this.securityChecker = supplier;
    }

    public Action getActionImpl(String str) throws Exception {
        Action actionImpl = getNextFactory().getActionImpl(str);
        if (actionImpl != null) {
            checkSecurityAnnotations(actionImpl, getActionMethodName(actionImpl), str);
            checkRequestMethod(actionImpl);
            checkXsrfStatus(actionImpl);
            checkWebSudoStatus(actionImpl.getClass());
            setActionParameters(actionImpl);
        }
        return actionImpl;
    }

    private void checkSecurityAnnotations(Action action, String str, String str2) {
        Stopwatch createStarted = Stopwatch.createStarted();
        if (this.annotatedSecurityEnabledCheck.isAnnotatedSecurityDisabled()) {
            return;
        }
        AccessType accessType = AccessType.getAccessType(action.getClass(), str, new Class[0]);
        if (((AnnotatedSecurityChecker) this.securityChecker.get()).isAllowedFor(accessType)) {
            ComponentAccessor.getComponentSafely(SecureDefaultsStats.class).ifPresent(secureDefaultsStats -> {
                secureDefaultsStats.actionAllowed(createStarted.elapsed(TimeUnit.MICROSECONDS));
            });
        } else {
            ComponentAccessor.getComponentSafely(SecureDefaultsStats.class).ifPresent(secureDefaultsStats2 -> {
                secureDefaultsStats2.actionNotAllowed(createStarted.elapsed(TimeUnit.MICROSECONDS));
            });
            throw new SecurityAnnotationException("Insufficient permissions to execute action.", action.getClass(), str, accessType);
        }
    }

    private static String getActionMethodName(Action action) {
        String str;
        if (!(action instanceof CommandDriven) || ((CommandDriven) action).getCommandName() == null || ((CommandDriven) action).getCommandName().isEmpty()) {
            str = "doExecute";
        } else {
            StringBuilder sb = new StringBuilder("do");
            sb.append(((CommandDriven) action).getCommandName());
            sb.setCharAt(2, Character.toUpperCase(sb.charAt(2)));
            str = sb.toString();
        }
        return str;
    }

    private void checkRequestMethod(Action action) {
        if (((Boolean) ComponentAccessor.getComponentSafely(FeatureManager.class).map(featureManager -> {
            return Boolean.valueOf(featureManager.isEnabled(JiraFeatureFlagRegistrar.WEBACTIONS_REQUEST_METHOD_RECOGNITION));
        }).orElse(false)).booleanValue()) {
            HttpServletRequest request = ActionContext.getRequest();
            if (request.getDispatcherType() == DispatcherType.ERROR) {
                return;
            }
            RequestMethodCheckResult checkActionInvocation = getRequestMethodChecker().checkActionInvocation(action, request.getMethod());
            if (!checkActionInvocation.isMethodSupported()) {
                throw new RequestMethodCheckFailureException(checkActionInvocation, action);
            }
        }
    }

    private RequestMethodChecker getRequestMethodChecker() {
        return (RequestMethodChecker) ComponentAccessor.getComponent(RequestMethodChecker.class);
    }

    private void checkXsrfStatus(Action action) {
        XsrfCheckResult checkActionInvocation = getXsrfInvocationChecker().checkActionInvocation(action, ActionContext.getParameters());
        if (checkActionInvocation.isRequired()) {
            boolean sessionExpired = sessionExpired(checkActionInvocation);
            if (!checkActionInvocation.isValid() || sessionExpired) {
                throw new XsrfFailureException(action, checkActionInvocation);
            }
        }
    }

    private void checkWebSudoStatus(Class<? extends Action> cls) {
        InternalWebSudoManager internalWebSudoManager = getInternalWebSudoManager();
        if (internalWebSudoManager.isEnabled() && internalWebSudoManager.matches(cls)) {
            if (internalWebSudoManager.hasValidSession(ActionContext.getRequest().getSession())) {
                internalWebSudoManager.markWebSudoRequest(ActionContext.getRequest());
                return;
            }
            PermissionManager permissionManager = (PermissionManager) ComponentAccessor.getComponent(PermissionManager.class);
            if (((JiraAuthenticationContext) ComponentAccessor.getComponent(JiraAuthenticationContext.class)).getLoggedInUser() != null || !permissionManager.hasPermission(0, (ApplicationUser) null)) {
                throw new WebSudoSessionException("No websudo session and it is required");
            }
            internalWebSudoManager.startSession(ActionContext.getRequest(), ActionContext.getResponse());
        }
    }

    private boolean sessionExpired(XsrfCheckResult xsrfCheckResult) {
        return xsrfCheckResult.isGeneratedForAuthenticatedUser() && getAuthenticationContext().getLoggedInUser() == null;
    }

    JiraAuthenticationContext getAuthenticationContext() {
        return (JiraAuthenticationContext) ComponentAccessor.getComponent(JiraAuthenticationContext.class);
    }

    XsrfInvocationChecker getXsrfInvocationChecker() {
        return (XsrfInvocationChecker) ComponentAccessor.getComponent(XsrfInvocationChecker.class);
    }

    InternalWebSudoManager getInternalWebSudoManager() {
        return (InternalWebSudoManager) ComponentAccessor.getComponent(InternalWebSudoManager.class);
    }

    private void setActionParameters(Action action) throws ResultException {
        Map<String, ?> parameters = ActionContext.getParameters();
        if (log.isDebugEnabled()) {
            debugActionParameters(action, parameters);
        }
        try {
            if (action instanceof SafeAction) {
                BeanUtil.setProperties(parameters, action);
            } else {
                this.parameterSetter.setSafeParameters(action, parameters);
            }
        } catch (IllegalArgumentException e) {
            throw new ResultException("error");
        }
    }

    private <C extends Comparable<C>> void debugActionParameters(Action action, Map<C, ?> map) {
        if (!log.isDebugEnabled() || action == null) {
            return;
        }
        Set<C> keySet = map.keySet();
        if (keySet.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList(keySet);
        Collections.sort(arrayList);
        String str = "BackEnd Action";
        if (ActionContext.getRequest() != null && ActionContext.getRequest().getRequestURL() != null) {
            str = ActionContext.getRequest().getRequestURL().toString();
        }
        log.debug("JAFP {} - {}", action.getClass().getName(), str);
        for (Object obj : arrayList) {
            log.debug("JAFP param={} value={}", obj, valStr(map.get(obj)));
        }
        log.debug("JAFP ------");
    }

    private String valStr(Object obj) {
        StringBuilder sb = new StringBuilder();
        if (obj != null) {
            sb.append(obj.getClass().getName()).append(" - ");
        }
        if (obj instanceof String[]) {
            for (String str : (String[]) obj) {
                sb.append(str).append(", ");
            }
        } else {
            sb.append(obj);
        }
        return sb.toString();
    }
}
