package com.atlassian.jira.rest.filter;

import com.atlassian.annotations.security.UnrestrictedAccess;
import com.atlassian.core.filters.AbstractHttpFilter;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.dashboard.JiraWhitelist;
import com.atlassian.jira.issue.SelfUrlOriginType;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.jira.util.SelfUrlOriginTypeUtil;
import com.atlassian.jira.util.velocity.VelocityRequestContextFactory;
import com.atlassian.sal.api.user.UserKey;
import java.io.IOException;
import java.net.URI;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@UnrestrictedAccess
/* loaded from: input_file:com/atlassian/jira/rest/filter/DenyRequestWithNotAllowedHostHeaderFilter.class */
public class DenyRequestWithNotAllowedHostHeaderFilter extends AbstractHttpFilter {
    private final JiraWhitelist jiraWhitelist = (JiraWhitelist) ComponentAccessor.getComponent(JiraWhitelist.class);
    private final VelocityRequestContextFactory velocityRequestContextFactory;
    private final JiraAuthenticationContext authenticationContext;
    private final ApplicationProperties applicationProperties;

    public DenyRequestWithNotAllowedHostHeaderFilter(VelocityRequestContextFactory velocityRequestContextFactory, JiraAuthenticationContext jiraAuthenticationContext, ApplicationProperties applicationProperties) {
        this.velocityRequestContextFactory = velocityRequestContextFactory;
        this.authenticationContext = jiraAuthenticationContext;
        this.applicationProperties = applicationProperties;
    }

    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (SelfUrlOriginTypeUtil.getOrDefaultSelfUrlOriginType(this.applicationProperties).equals(SelfUrlOriginType.ALLOW_LIST.name())) {
            if (!this.jiraWhitelist.allows(URI.create(this.velocityRequestContextFactory.getJiraVelocityRequestContext().getCanonicalBaseUrl()), new UserKey(this.authenticationContext.getLoggedInUser().getKey()))) {
                httpServletResponse.sendError(400, "The request host is not in the allowlist.");
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
