package com.atlassian.bitbucket.internal.mirroring.mirror.auth;

import com.atlassian.bitbucket.auth.HttpAuthenticationContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationHandler;
import com.atlassian.bitbucket.internal.mirroring.mirror.MirrorAuthenticationContext;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.jwt.JwtConstants;
import java.util.Objects;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-mirroring-mirror-5.16.0.jar:com/atlassian/bitbucket/internal/mirroring/mirror/auth/MirrorLfsJwtAuthenticationHandler.class */
public class MirrorLfsJwtAuthenticationHandler implements HttpAuthenticationHandler {
    public static final Pattern LFS_BATCH_URL_PATTERN = Pattern.compile("(?:/?[^/]*?)/?([^/]+)/([^/']+?)(?:\\.git)?/info/lfs/objects/batch");
    private final MirrorAuthenticationContext mirrorAuthenticationContext;

    public MirrorLfsJwtAuthenticationHandler(@Qualifier("mirrorLfsAuthenticationContext") MirrorAuthenticationContext mirrorAuthenticationContext) {
        this.mirrorAuthenticationContext = mirrorAuthenticationContext;
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationHandler
    public ApplicationUser authenticate(@Nonnull HttpAuthenticationContext httpAuthenticationContext) {
        if (shouldAttemptJwtAuthentication(httpAuthenticationContext.getRequest())) {
            return this.mirrorAuthenticationContext.getImpersonatedUser().orElse(null);
        }
        return null;
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationHandler
    public void validateAuthentication(@Nonnull HttpAuthenticationContext httpAuthenticationContext) {
    }

    private boolean isLfsSshBatchRequest(HttpServletRequest httpServletRequest) {
        Objects.requireNonNull(httpServletRequest, "request");
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.contains(JwtConstants.AppLinks.JWT_AUTH_METHOD_NAME)) {
            return false;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (!"POST".equals(httpServletRequest.getMethod()) || pathInfo == null) {
            return false;
        }
        return LFS_BATCH_URL_PATTERN.matcher(pathInfo).matches();
    }

    private boolean isLfsStorageRequest(HttpServletRequest httpServletRequest) {
        return StringUtils.startsWith(httpServletRequest.getServletPath(), "/rest/git-lfs/storage");
    }

    private boolean shouldAttemptJwtAuthentication(HttpServletRequest httpServletRequest) {
        return isLfsStorageRequest(httpServletRequest) || isLfsSshBatchRequest(httpServletRequest);
    }
}
