package com.atlassian.plugin.web.springmvc.interceptor;

import com.atlassian.crowd.embedded.admin.authorisation.AuthorisationHandler;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.UrlMode;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.user.UserRole;
import com.atlassian.upm.core.servlet.UpmServletHandler;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xml.security.c14n.Canonicalizer;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/embedded-crowd-admin-plugin-3.3.0-platform5-jdk11-m01.jar:com/atlassian/plugin/web/springmvc/interceptor/AuthorisationInterceptor.class */
abstract class AuthorisationInterceptor extends HandlerInterceptorAdapter implements InitializingBean, DisposableBean {
    protected final UserManager userManager;
    private final LoginUriProvider loginUriProvider;
    private final ApplicationProperties applicationProperties;
    private ServiceTracker authorisationHandlerServiceTracker;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorisationInterceptor(UserManager userManager, LoginUriProvider loginUriProvider, ApplicationProperties applicationProperties) {
        this.userManager = userManager;
        this.loginUriProvider = loginUriProvider;
        this.applicationProperties = applicationProperties;
        this.authorisationHandlerServiceTracker = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorisationInterceptor(UserManager userManager, LoginUriProvider loginUriProvider, ApplicationProperties applicationProperties, BundleContext bundleContext) {
        this.userManager = userManager;
        this.loginUriProvider = loginUriProvider;
        this.applicationProperties = applicationProperties;
        this.authorisationHandlerServiceTracker = new ServiceTracker(bundleContext, AuthorisationHandler.class.getName(), (ServiceTrackerCustomizer) null);
    }

    @Override // org.springframework.web.servlet.handler.HandlerInterceptorAdapter, org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        Object service;
        if (obj != null && obj.getClass().isAnnotationPresent(PubliclyAccessible.class)) {
            return true;
        }
        if (this.authorisationHandlerServiceTracker != null && (service = this.authorisationHandlerServiceTracker.getService()) != null) {
            return ((AuthorisationHandler) service).handle(httpServletRequest, httpServletResponse, obj);
        }
        boolean checkPermission = checkPermission(this.userManager.getRemoteUserKey(httpServletRequest));
        if (!checkPermission) {
            StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
            String str = "?";
            if ("GET".equals(httpServletRequest.getMethod())) {
                for (Map.Entry<String, String[]> entry : httpServletRequest.getParameterMap().entrySet()) {
                    sb.append(str);
                    sb.append(entry.getKey());
                    sb.append("=");
                    sb.append(URLEncoder.encode(entry.getValue()[0], Canonicalizer.ENCODING));
                    str = "&";
                }
            }
            String sb2 = sb.toString();
            httpServletRequest.getSession().setAttribute(UpmServletHandler.CONF_SERAPH_SECURITY_ORIGINAL_URL, sb2);
            httpServletResponse.sendRedirect(getRelativeLoginUrl(httpServletRequest.getContextPath(), sb2));
        }
        return checkPermission;
    }

    abstract boolean checkPermission(UserKey userKey);

    abstract UserRole getRole();

    private String getRelativeLoginUrl(String str, String str2) throws URISyntaxException {
        String uri = this.loginUriProvider.getLoginUriForRole(new URI(str2), getRole()).toString();
        String baseUrl = this.applicationProperties.getBaseUrl(UrlMode.ABSOLUTE);
        if (!uri.startsWith(baseUrl)) {
            return uri;
        }
        String substring = uri.substring(baseUrl.length());
        if (!substring.startsWith("/")) {
            substring = "/" + substring;
        }
        return str + substring;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.authorisationHandlerServiceTracker != null) {
            this.authorisationHandlerServiceTracker.open();
        }
    }

    public void destroy() throws Exception {
        if (this.authorisationHandlerServiceTracker != null) {
            this.authorisationHandlerServiceTracker.close();
        }
    }

    @Deprecated
    public void setAuthorisationHandlerServiceTracker(ServiceTracker serviceTracker) throws Exception {
        this.authorisationHandlerServiceTracker = serviceTracker;
        afterPropertiesSet();
    }
}
