package com.atlassian.upm.core.servlet;

import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.user.UserRole;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.templaterenderer.TemplateRenderer;
import com.atlassian.upm.core.rest.resources.permission.PermissionEnforcer;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.net.URI;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.UriBuilder;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-2.20.2.jar:com/atlassian/upm/core/servlet/UpmServletHandler.class */
public abstract class UpmServletHandler {
    public static final String FRAGMENT_NAME = "fragment";
    public static final String JIRA_SERAPH_SECURITY_ORIGINAL_URL = "os_security_originalurl";
    public static final String CONF_SERAPH_SECURITY_ORIGINAL_URL = "seraph_originalurl";
    private final TemplateRenderer renderer;
    private final PermissionEnforcer permissionEnforcer;
    private final LoginUriProvider loginUriProvider;
    private final WebSudoManager webSudoManager;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-2.20.2.jar:com/atlassian/upm/core/servlet/UpmServletHandler$PermissionLevel.class */
    public enum PermissionLevel {
        ANY,
        ADMIN
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UpmServletHandler(TemplateRenderer templateRenderer, PermissionEnforcer permissionEnforcer, LoginUriProvider loginUriProvider, WebSudoManager webSudoManager) {
        this.renderer = (TemplateRenderer) Preconditions.checkNotNull(templateRenderer, "renderer");
        this.webSudoManager = (WebSudoManager) Preconditions.checkNotNull(webSudoManager, "webSudoManager");
        this.permissionEnforcer = (PermissionEnforcer) Preconditions.checkNotNull(permissionEnforcer, "permissionEnforcer");
        this.loginUriProvider = (LoginUriProvider) Preconditions.checkNotNull(loginUriProvider, "loginUriProvider");
    }

    public abstract Map<String, Object> getContext(HttpServletRequest httpServletRequest);

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws IOException, ServletException {
        handle(httpServletRequest, httpServletResponse, str, z, ImmutableMap.of());
    }

    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z, Map<String, Object> map) throws IOException, ServletException {
        try {
            if (authenticate(httpServletRequest, httpServletResponse, z)) {
                return;
            }
            if (httpServletRequest.getParameter("fragment") != null) {
                redirectToFragment(httpServletRequest, httpServletResponse);
                return;
            }
            removeSessionAttributes(httpServletRequest.getSession());
            httpServletResponse.setContentType("text/html;charset=utf-8");
            ImmutableMap.Builder builder = ImmutableMap.builder();
            builder.putAll2(map);
            builder.putAll2(getContext(httpServletRequest));
            this.renderer.render(str, builder.build(), httpServletResponse.getWriter());
        } catch (WebSudoSessionException e) {
            this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
        }
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException {
        if (z) {
            if (!this.webSudoManager.canExecuteRequest(httpServletRequest)) {
                this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
                return true;
            }
            this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
        }
        if (this.permissionEnforcer.isLoggedIn() && (!z || this.permissionEnforcer.isAdmin())) {
            return false;
        }
        redirectToLogin(httpServletRequest, httpServletResponse, z ? PermissionLevel.ADMIN : PermissionLevel.ANY);
        return true;
    }

    public void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, PermissionLevel permissionLevel) throws IOException {
        URI uri = getUri(httpServletRequest);
        addSessionAttributes(httpServletRequest, uri.toASCIIString());
        httpServletResponse.sendRedirect(getLoginUri(uri, permissionLevel).toASCIIString());
    }

    private URI getLoginUri(URI uri, PermissionLevel permissionLevel) {
        UserRole userRole;
        try {
            getClass().getClassLoader().loadClass("com.atlassian.sal.api.user.UserRole");
            switch (permissionLevel) {
                case ADMIN:
                    userRole = UserRole.ADMIN;
                    break;
                default:
                    userRole = UserRole.USER;
                    break;
            }
            return this.loginUriProvider.getLoginUriForRole(uri, userRole);
        } catch (ClassNotFoundException e) {
            return this.loginUriProvider.getLoginUri(uri);
        }
    }

    private void redirectToFragment(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UriBuilder fromUri = UriBuilder.fromUri(httpServletRequest.getRequestURL().toString());
        fromUri.fragment(httpServletRequest.getParameter("fragment"));
        Iterator it = httpServletRequest.getParameterMap().keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (!"fragment".equals(obj)) {
                fromUri.queryParam(obj, httpServletRequest.getParameter(obj));
            }
        }
        httpServletResponse.sendRedirect(fromUri.build(new Object[0]).toASCIIString());
    }

    public URI getUri(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?");
            requestURL.append(httpServletRequest.getQueryString());
        }
        return URI.create(requestURL.toString());
    }

    private void addSessionAttributes(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.getSession().setAttribute(JIRA_SERAPH_SECURITY_ORIGINAL_URL, str);
        httpServletRequest.getSession().setAttribute(CONF_SERAPH_SECURITY_ORIGINAL_URL, str);
    }

    private void removeSessionAttributes(HttpSession httpSession) {
        httpSession.removeAttribute(JIRA_SERAPH_SECURITY_ORIGINAL_URL);
        httpSession.removeAttribute(CONF_SERAPH_SECURITY_ORIGINAL_URL);
    }
}
