package com.atlassian.jira.plugin.webresource;

import com.atlassian.jira.workflow.function.issue.UpdateIssueFieldFunction;
import com.atlassian.plugin.servlet.ResourceDownloadUtils;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.tuckey.web.filters.urlrewrite.extend.RewriteMatch;
import org.tuckey.web.filters.urlrewrite.extend.RewriteRule;

/* loaded from: input_file:com/atlassian/jira/plugin/webresource/CachingResourceDownloadRewriteRule.class */
public class CachingResourceDownloadRewriteRule extends RewriteRule {
    public static final String PATH_SEPARATOR = "/";
    private static final Pattern PATH_PATTERN = Pattern.compile("^/s/(.*)/_/(.*)");
    private static final Pattern PATHS_DENIED = Pattern.compile("[^a-zA-Z0-9]((?i)(WEB-INF)|(META-INF))[^a-zA-Z0-9]");

    public RewriteMatch matches(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String normalisedPathFrom = getNormalisedPathFrom(decodeURLSafely(stripContextFrom(httpServletRequest)));
        final Matcher matcher = PATH_PATTERN.matcher(normalisedPathFrom);
        if (!matcher.matches() || isPathDenied(normalisedPathFrom)) {
            return null;
        }
        final String str = "/" + matcher.group(2);
        final String str2 = httpServletRequest.getContextPath() + str;
        return new RewriteMatch() { // from class: com.atlassian.jira.plugin.webresource.CachingResourceDownloadRewriteRule.1
            public String getMatchingUrl() {
                return str2;
            }

            public boolean execute(HttpServletRequest httpServletRequest2, HttpServletResponse httpServletResponse2) throws ServletException, IOException {
                ResourceDownloadUtils.addPublicCachingHeaders(httpServletRequest2, httpServletResponse2);
                httpServletRequest2.setAttribute("cachingHeadersApplied", true);
                httpServletRequest2.setAttribute("_statichash", matcher.group(1));
                Optional ofNullable = Optional.ofNullable(httpServletRequest2.getRequestDispatcher(str));
                if (ofNullable.isPresent()) {
                    ((RequestDispatcher) ofNullable.get()).forward(httpServletRequest2, httpServletResponse2);
                    return true;
                }
                httpServletResponse2.sendError(404);
                return true;
            }
        };
    }

    private boolean isPathDenied(String str) {
        return PATHS_DENIED.matcher(str).find();
    }

    private String getNormalisedPathFrom(String str) {
        try {
            return new URI(str).normalize().toString();
        } catch (URISyntaxException e) {
            return UpdateIssueFieldFunction.UNASSIGNED_VALUE;
        }
    }

    private String stripContextFrom(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    static String decodeURLSafely(String str) {
        String decodeURL = decodeURL(str);
        return (decodeURL.length() == 0 || !decodeURL.equals(decodeURL(decodeURL))) ? UpdateIssueFieldFunction.UNASSIGNED_VALUE : decodeURL;
    }

    static String decodeURL(String str) {
        try {
            return URLDecoder.decode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException | IllegalArgumentException e) {
            return UpdateIssueFieldFunction.UNASSIGNED_VALUE;
        }
    }
}
