package com.atlassian.bamboo.agent.classserver;

import com.atlassian.bamboo.agent.bootstrap.BootstrapUpdater;
import com.atlassian.bamboo.agent.bootstrap.BootstrapUtils;
import com.atlassian.bamboo.util.BuildUtils;
import com.atlassian.bamboo.v2.build.agent.remote.UpgradeRemoteAgent;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.impl.StaticLoggerBinder;

/* loaded from: input_file:com/atlassian/bamboo/agent/classserver/GetResourceServlet.class */
public class GetResourceServlet extends AgentServerServlet {
    private static final Logger log = Logger.getLogger(GetResourceServlet.class);
    private static final Class<?>[] WHITELISTED_3RD_PARTY_CLASSES = {LogFactory.class, LoggerFactory.class, StaticLoggerBinder.class};
    private static final Class<?>[] WHITELISTED_BAMBOO_CLASSES = {UpgradeRemoteAgent.class, BootstrapUpdater.class, BootstrapUtils.class};
    final Collection<String> whiteListedJarPaths = createWhitelistedJarPathsList();

    @Override // com.atlassian.bamboo.agent.classserver.AgentServerServlet
    protected void calculateResult(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AgentServerManager agentServerManager = getAgentServerManager();
        if (agentServerManager == null) {
            log.debug("Application Context is not yet set up, agentServerManager is null");
            httpServletResponse.sendError(500, "Application Context is not yet set up.");
            return;
        }
        String parameter = httpServletRequest.getParameter("name");
        URL resource = agentServerManager.getClassLoader().getResource(parameter);
        if (resource == null) {
            String requestURI = httpServletRequest.getRequestURI();
            if (log.isDebugEnabled()) {
                log.debug("Unable to find '" + parameter + "' from '" + requestURI + "'. Returning status code 404.");
            }
            httpServletResponse.sendError(404, "Unable to find '" + parameter + "' from '" + requestURI + "'.");
            return;
        }
        if (!isContainingJarWhiteListed(resource) && (!BuildUtils.isDevMode() || !isResourceWhiteListedForDevMode(resource))) {
            httpServletResponse.sendError(403, "Forbidden.");
            return;
        }
        URLConnection openConnection = resource.openConnection();
        int contentLength = openConnection.getContentLength();
        if (log.isDebugEnabled()) {
            log.debug("Fetching resource with name = " + parameter + ",  resource = " + resource + " " + contentLength);
        }
        copyToResponse(httpServletResponse, contentLength, "application/octet-stream", openConnection.getInputStream());
    }

    private boolean isResourceWhiteListedForDevMode(URL url) {
        for (Class<?> cls : WHITELISTED_BAMBOO_CLASSES) {
            if (url.getFile().startsWith(cls.getProtectionDomain().getCodeSource().getLocation().getFile())) {
                return true;
            }
        }
        return false;
    }

    private Collection<String> createWhitelistedJarPathsList() {
        ArrayList arrayList = new ArrayList();
        for (Class<?> cls : WHITELISTED_3RD_PARTY_CLASSES) {
            arrayList.add(locationOf(cls).getFile());
        }
        for (Class<?> cls2 : WHITELISTED_BAMBOO_CLASSES) {
            arrayList.add(locationOf(cls2).getFile());
        }
        return arrayList;
    }

    private boolean isContainingJarWhiteListed(URL url) {
        Iterator<String> it = this.whiteListedJarPaths.iterator();
        while (it.hasNext()) {
            if (StringUtils.removeStart(url.getFile(), "file:").startsWith(it.next() + "!")) {
                return true;
            }
        }
        return false;
    }

    private URL locationOf(Class<?> cls) {
        return cls.getProtectionDomain().getCodeSource().getLocation();
    }
}
