package com.atlassian.stash.internal.rest.auth;

import com.atlassian.bitbucket.Product;
import com.atlassian.bitbucket.auth.HttpAuthenticationFailureContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationFailureHandler;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.json.JsonRenderer;
import com.atlassian.bitbucket.nav.NavBuilder;
import com.atlassian.bitbucket.rest.RestErrorMessage;
import com.atlassian.bitbucket.rest.RestErrors;
import com.atlassian.bitbucket.server.ApplicationMode;
import com.atlassian.bitbucket.server.ApplicationModeSupplier;
import java.io.IOException;
import java.util.Collections;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-rest-5.16.0.jar:com/atlassian/stash/internal/rest/auth/RestAuthenticationFailureHandler.class */
public class RestAuthenticationFailureHandler implements HttpAuthenticationFailureHandler {
    public static final String REST_PATH_PREFIX = "/rest/";
    private final I18nService i18nService;
    private final NavBuilder navBuilder;
    private final JsonRenderer jsonRenderer;
    private final ApplicationModeSupplier modeSupplier;

    public RestAuthenticationFailureHandler(ApplicationModeSupplier applicationModeSupplier, I18nService i18nService, NavBuilder navBuilder, JsonRenderer jsonRenderer) {
        this.modeSupplier = applicationModeSupplier;
        this.i18nService = i18nService;
        this.navBuilder = navBuilder;
        this.jsonRenderer = jsonRenderer;
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationFailureHandler
    public boolean onAuthenticationFailure(@Nonnull HttpAuthenticationFailureContext httpAuthenticationFailureContext) throws IOException {
        String message;
        if (!httpAuthenticationFailureContext.getRequest().getServletPath().startsWith(REST_PATH_PREFIX)) {
            return false;
        }
        switch (httpAuthenticationFailureContext.getAuthenticationState()) {
            case CAPTCHA_REQUIRED:
                if (this.modeSupplier.getMode() != ApplicationMode.MIRROR) {
                    message = this.i18nService.getMessage("bitbucket.rest.auth.captcha.required", Product.NAME, this.navBuilder.buildAbsolute());
                    break;
                } else {
                    message = this.i18nService.getMessage("bitbucket.rest.auth.captcha.required.upstream", Product.NAME);
                    break;
                }
            case UNLICENSED:
                message = this.i18nService.getMessage("bitbucket.rest.auth.unlicensed", Product.NAME);
                break;
            default:
                message = this.i18nService.getMessage("bitbucket.rest.auth.failed", new Object[0]);
                break;
        }
        HttpServletResponse response = httpAuthenticationFailureContext.getResponse();
        response.setStatus(401);
        if ("basic".equals(httpAuthenticationFailureContext.getMethod())) {
            response.setHeader("WWW-Authenticate", "Basic realm=\"Atlassian Bitbucket\"");
        }
        response.setContentType("application/json;charset=UTF-8");
        response.getWriter().write(this.jsonRenderer.render(new RestErrors(new RestErrorMessage(null, message, httpAuthenticationFailureContext.getAuthenticationException().getClass().getName())), Collections.emptyMap()));
        return true;
    }
}
