package com.atlassian.bamboo.filter;

import com.atlassian.bamboo.filter.ServletFilterRegistrar;
import com.atlassian.bamboo.plugin.sitemesh.RequestAttributeMapper;
import com.atlassian.bamboo.security.AnnotatedPermitChecker;
import com.atlassian.bamboo.security.DefaultAnnotatedPermitChecker;
import com.atlassian.bamboo.servlet.ServletContextRegistrar;
import com.atlassian.bamboo.servlet.UrlPattern;
import com.atlassian.bamboo.struts.BambooMappedAction;
import com.atlassian.bamboo.user.Authority;
import com.atlassian.bamboo.util.RedirectUtils;
import com.atlassian.bamboo.util.UrlUtils;
import com.atlassian.bamboo.utils.SystemProperty;
import com.atlassian.bamboo.webwork.StrutsSupport;
import com.atlassian.bamboo.ww2.FreemarkerRequestDispatcherPageFilter;
import com.atlassian.bamboo.ww2.StrutsPrepareFilter;
import com.atlassian.config.bootstrap.AtlassianBootstrapManager;
import com.atlassian.config.util.BootstrapUtils;
import com.atlassian.core.filters.AbstractHttpFilter;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.ActionProxy;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.EnumSet;
import java.util.function.Supplier;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.Authentication;
import org.acegisecurity.context.SecurityContextHolder;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.dispatcher.Dispatcher;
import org.apache.struts2.dispatcher.filter.StrutsExecuteFilter;
import org.springframework.beans.BeanInstantiationException;
import org.springframework.web.context.request.async.WebAsyncUtils;

/* loaded from: input_file:com/atlassian/bamboo/filter/SecureAccessFilters.class */
public enum SecureAccessFilters {
    ACCESS_LOG(ServletFilterRegistrar.filter("accessLogFilter", new AccessLogFilter()).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_URLS)),
    NONCACHING(ServletFilterRegistrar.filter("nonCachingFilter", new Filter() { // from class: com.atlassian.bamboo.filter.NonCachingHeaderFilter
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setDateHeader("Expires", System.currentTimeMillis() - 1);
            httpServletResponse.setHeader("Cache-Control", "max-age=0");
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void destroy() {
        }
    }).mapping(UrlPattern.AJAX)),
    PROFILER(ServletFilterRegistrar.filter("profiler", new BambooProfilingFilter()).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_URLS)),
    UPM_DECORATOR_OVERRIDE(ServletFilterRegistrar.filter("upm-decorator-override", new Filter() { // from class: com.atlassian.bamboo.filter.DecoratorOverrideFilter
        private String decoratorName;

        public void init(FilterConfig filterConfig) throws ServletException {
            this.decoratorName = filterConfig.getInitParameter("decoratorName");
            if (this.decoratorName == null) {
                throw new ServletException("Init parameter '" + this.decoratorName + "' not provided");
            }
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            servletRequest.setAttribute(RequestAttributeMapper.BAMBOO_SITEMESH_DECORATOR, this.decoratorName);
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void destroy() {
        }
    }).initParam("decoratorName", "upm").mapping(UrlPattern.UPM)),
    PLUGIN_FILTERS_BEFORE_DECORATION(PluginFilterLocation.BEFORE_DECORATION),
    SECURE_SERVLET_FILTER(ServletFilterRegistrar.filter("secureServletFilter", new BambooSecureServletAccessFilter()).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_URLS)),
    STRUTS_PREPARE(ServletFilterRegistrar.filter("struts-prepare", new StrutsPrepareFilter()).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_URLS)),
    STRUTS_SECURE(ServletFilterRegistrar.filter("struts-secure", new AbstractHttpFilter() { // from class: com.atlassian.bamboo.filter.BambooStrutsSecureAccessFilter
        private static final Logger log = LogManager.getLogger(BambooStrutsSecureAccessFilter.class);
        public static final String ACCESS_DENIED_ACTION = "/accessDenied.action";
        private AtlassianBootstrapManager bootstrapManager = BootstrapUtils.getBootstrapManager();
        private Dispatcher dispatcher;
        private final AnnotatedPermitChecker permitChecker;

        {
            this.permitChecker = new DefaultAnnotatedPermitChecker((Supplier<Authentication>) () -> {
                return SecurityContextHolder.getContext().getAuthentication();
            }, !SystemProperty.DEFAULT_ENDPOINT_TO_LICENSED_ACCESS.getTypedValue());
            this.dispatcher = null;
        }

        protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
            log.debug("Running {}", getClass().getName());
            if (this.bootstrapManager == null) {
                this.bootstrapManager = BootstrapUtils.getBootstrapManager();
                if (this.bootstrapManager == null) {
                    log.error("Struts filter was invoked before Bootstrap Manager finished initialization");
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
            if (!this.bootstrapManager.isSetupComplete()) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (this.dispatcher == null) {
                try {
                    this.dispatcher = (Dispatcher) StrutsSupport.getDispatchers().getDispatchers().get(0);
                } catch (BeanInstantiationException e) {
                    log.error("Struts filter was invoked before the Struts framework finished initialization ");
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
            BambooMappedAction of = BambooMappedAction.of(this.dispatcher, getClass(), httpServletRequest);
            if (of == null) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            Class<?> actionClass = of.getActionClass();
            String actionName = of.getActionName();
            Method actionMethod = of.getActionMethod();
            log.debug("Verifying access to action {}", actionName);
            if (this.permitChecker.verifyIsPermitted(actionClass, actionMethod)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                handleRedirect(httpServletRequest, httpServletResponse, SecurityContextHolder.getContext().getAuthentication() == null || Authority.isAnonymousUser(Arrays.asList(SecurityContextHolder.getContext().getAuthentication().getAuthorities())));
            }
        }

        private void handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
            if (z) {
                RedirectUtils.redirectToLogin(httpServletRequest, httpServletResponse, log);
            } else {
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/accessDenied.action");
            }
        }
    }).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_ACTIONS)),
    NEWRELIC(ServletFilterRegistrar.filter("newRelicTransactionNamingFilter", new Filter() { // from class: com.atlassian.bamboo.filter.NewRelicTransactionNamingFilter
        public static final String NEWRELIC_TRANS_NAME_PARAM = "com.newrelic.agent.TRANSACTION_NAME";

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
            String requestURI;
            ActionInvocation actionInvocation;
            ActionProxy proxy;
            filterChain.doFilter(servletRequest, servletResponse);
            ActionContext context = ServletActionContext.getContext();
            String str = null;
            if (context != null && (actionInvocation = context.getActionInvocation()) != null && (proxy = actionInvocation.getProxy()) != null) {
                str = UrlUtils.appendSlashIfDoesntExist(proxy.getNamespace()) + proxy.getActionName();
            }
            if (str == null && (servletRequest instanceof HttpServletRequest) && (requestURI = ((HttpServletRequest) servletRequest).getRequestURI()) != null && requestURI.contains("rest/api")) {
                str = requestURI;
            }
            if (str != null) {
                setTransactionName(servletRequest, str);
            }
        }

        public static void setTransactionName(ServletRequest servletRequest, String str) {
            servletRequest.setAttribute(NEWRELIC_TRANS_NAME_PARAM, str);
        }

        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void destroy() {
        }
    }).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_URLS)),
    SITEMESH(ServletFilterRegistrar.filter("sitemesh", new FreemarkerRequestDispatcherPageFilter()).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_ACTIONS, UrlPattern.PLUGINS_SERVLET)),
    PLUGIN_FILTERS_BEFORE_DISPATCH(PluginFilterLocation.BEFORE_DISPATCH),
    CLEANUP_SPRING_REQUEST_ATTRIBUTES(ServletFilterRegistrar.filter("cleanup-spring-request-attributes", new Filter() { // from class: com.atlassian.bamboo.filter.CleanupSpringRequestAttributesFilter
        public void init(FilterConfig filterConfig) throws ServletException {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            if (servletRequest.getAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE) != null) {
                servletRequest.setAttribute(WebAsyncUtils.WEB_ASYNC_MANAGER_ATTRIBUTE, (Object) null);
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void destroy() {
        }
    }).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.ERROR), UrlPattern.EMBEDDED_CROWD)),
    STRUTS_EXECUTE(ServletFilterRegistrar.filter("struts-execute", new StrutsExecuteFilter() { // from class: com.atlassian.bamboo.ww2.StrutsExecuteFilter
    }).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.ALL_ACTIONS)),
    IGNORE_NEWRELIC(ServletFilterRegistrar.filter("ignoreNewRelic", new Filter() { // from class: com.atlassian.bamboo.filter.IgnoreNewRelicFilter
        public void destroy() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
            servletRequest.setAttribute("com.newrelic.agent.IGNORE", true);
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public void init(FilterConfig filterConfig) throws ServletException {
        }
    }).mapping(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), UrlPattern.AGENT_SERVER_CLASSPATH));

    private final ServletContextRegistrar registrar;

    public ServletContextRegistrar getRegistrar() {
        return this.registrar;
    }

    SecureAccessFilters(ServletContextRegistrar servletContextRegistrar) {
        this.registrar = servletContextRegistrar;
    }

    SecureAccessFilters(ServletFilterRegistrar.Builder builder) {
        this(builder.build());
    }
}
