package com.atlassian.audit.frontend.servlet;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.audit.analytics.ViewEvent;
import com.atlassian.audit.permission.PermissionChecker;
import com.atlassian.audit.plugin.AuditPluginInfo;
import com.atlassian.audit.spi.feature.DelegatedViewFeature;
import com.atlassian.event.api.EventPublisher;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserRole;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import com.atlassian.soy.renderer.SoyException;
import com.atlassian.soy.renderer.SoyTemplateRenderer;
import com.atlassian.user.configuration.Configuration;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-audit-plugin-1.15.0.jar:com/atlassian/audit/frontend/servlet/AuditServlet.class */
public class AuditServlet extends HttpServlet {
    private static final String ENCODING = StandardCharsets.UTF_8.name();

    @VisibleForTesting
    static final String RESOURCE_KEY = ":audit-base-resources";
    private static final String TEMPLATE_KEY = "atlassian.audit.auditBase";

    @VisibleForTesting
    static final String TEMPLATE_KEY_UNAUTHORISED = "atlassian.audit.auditUnauthorised";

    @VisibleForTesting
    static final String JIRA_SERAPH_SECURITY_ORIGINAL_URL = "os_security_originalurl";
    private final LoginUriProvider loginUriProvider;
    private final SoyTemplateRenderer soyTemplateRenderer;
    private final UserManager userManager;
    private final ApplicationProperties applicationProperties;
    private final PermissionChecker permissionChecker;
    private final EventPublisher eventPublisher;
    private final AuditPluginInfo auditPluginInfo;
    private final DelegatedViewFeature delegatedViewFeature;
    private final WebSudoManager webSudoManager;

    public AuditServlet(@Nonnull LoginUriProvider loginUriProvider, @Nonnull SoyTemplateRenderer soyTemplateRenderer, @Nonnull UserManager userManager, @Nonnull ApplicationProperties applicationProperties, @Nonnull EventPublisher eventPublisher, @Nonnull PermissionChecker permissionChecker, @Nonnull DelegatedViewFeature delegatedViewFeature, @Nonnull AuditPluginInfo auditPluginInfo, @Nonnull WebSudoManager webSudoManager) {
        this.auditPluginInfo = (AuditPluginInfo) Objects.requireNonNull(auditPluginInfo, "auditPluginInfo");
        this.applicationProperties = (ApplicationProperties) Objects.requireNonNull(applicationProperties, "applicationProperties");
        this.delegatedViewFeature = (DelegatedViewFeature) Objects.requireNonNull(delegatedViewFeature, "delegatedViewFeature");
        this.eventPublisher = (EventPublisher) Objects.requireNonNull(eventPublisher, "eventPublisher");
        this.loginUriProvider = (LoginUriProvider) Objects.requireNonNull(loginUriProvider, "loginUriProvider");
        this.permissionChecker = (PermissionChecker) Objects.requireNonNull(permissionChecker, "permissionChecker");
        this.soyTemplateRenderer = (SoyTemplateRenderer) Objects.requireNonNull(soyTemplateRenderer, "soyTemplateRenderer");
        this.userManager = (UserManager) Objects.requireNonNull(userManager, Configuration.USERMANAGER);
        this.webSudoManager = (WebSudoManager) Objects.requireNonNull(webSudoManager, "webSudoManager");
    }

    private String safeSoyParam(String str) {
        return str == null ? "" : str;
    }

    private Map<String, Object> getMetaParams(Map<String, String[]> map) {
        HashMap hashMap = new HashMap();
        map.forEach((str, strArr) -> {
            if (str.startsWith("meta.")) {
                hashMap.put(str.split("\\.", 2)[1], safeSoyParam(strArr[0]));
            }
        });
        return hashMap;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (this.userManager.getRemoteUser(httpServletRequest) == null) {
            redirectToLogin(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletResponse.setContentType("text/html;charset=" + ENCODING);
        HashMap hashMap = new HashMap();
        if (httpServletRequest.getPathInfo().contains("/resource")) {
            String str = "";
            String str2 = "";
            Map<String, Object> metaParams = getMetaParams(httpServletRequest.getParameterMap());
            Matcher matcher = Pattern.compile("/resource/(.+)/*").matcher(httpServletRequest.getPathInfo());
            String group = matcher.find() ? matcher.group(1) : "";
            if (group != null && group.contains(",")) {
                String[] split = group.split(",\\s*");
                str = split[0];
                str2 = split[1];
            }
            hashMap.put("affectedObject", safeSoyParam(group));
            hashMap.put("resourceId", safeSoyParam(str2));
            hashMap.put("productName", this.applicationProperties.getDisplayName());
            hashMap.put("isResourceView", true);
            hashMap.putAll(metaParams);
            hashMap.put("resourceType", safeSoyParam(str));
            if (this.delegatedViewFeature.isEnabled() && this.permissionChecker.hasResourceAuditViewPermission(str, str2)) {
                publishViewEvent(safeSoyParam(str));
                renderView(httpServletResponse, hashMap);
                return;
            }
        } else if (this.permissionChecker.hasUnrestrictedAuditViewPermission()) {
            try {
                this.webSudoManager.willExecuteWebSudoRequest(httpServletRequest);
                publishViewEvent("global");
                renderView(httpServletResponse, hashMap);
                return;
            } catch (WebSudoSessionException e) {
                this.webSudoManager.enforceWebSudoProtection(httpServletRequest, httpServletResponse);
                return;
            }
        }
        if (isJiraPlatform()) {
            redirectToElevatedPermissionsLogin(httpServletRequest, httpServletResponse);
        } else {
            renderUnauthorizedView(httpServletResponse);
        }
    }

    private void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.loginUriProvider.getLoginUri(getUri(httpServletRequest)).toASCIIString());
    }

    private boolean isJiraPlatform() {
        return "jira".equals(this.applicationProperties.getPlatformId());
    }

    private void redirectToElevatedPermissionsLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        URI uri = getUri(httpServletRequest);
        httpServletRequest.getSession().setAttribute("os_security_originalurl", uri.toASCIIString());
        httpServletResponse.sendRedirect(this.loginUriProvider.getLoginUriForRole(uri, UserRole.ADMIN).toASCIIString());
    }

    private static URI getUri(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        return URI.create(requestURL.toString());
    }

    private void renderView(HttpServletResponse httpServletResponse, Map<String, Object> map) throws IOException, ServletException {
        render(httpServletResponse, TEMPLATE_KEY, map);
    }

    private void renderUnauthorizedView(HttpServletResponse httpServletResponse) throws IOException, ServletException {
        render(httpServletResponse, TEMPLATE_KEY_UNAUTHORISED, Collections.singletonMap("message", "Unauthorised access"));
    }

    private void render(HttpServletResponse httpServletResponse, String str, Map<String, Object> map) throws IOException, ServletException {
        try {
            this.soyTemplateRenderer.render(httpServletResponse.getWriter(), this.auditPluginInfo.getPluginKey() + RESOURCE_KEY, str, map);
        } catch (SoyException e) {
            Throwable cause = e.getCause();
            if (!(cause instanceof IOException)) {
                throw new ServletException(e);
            }
            throw ((IOException) cause);
        }
    }

    private void publishViewEvent(String str) {
        this.eventPublisher.publish(new ViewEvent(str, this.auditPluginInfo.getPluginVersion()));
    }
}
