package com.atlassian.bitbucket.internal.scm.git.lfs.jwt;

import com.atlassian.bitbucket.auth.AuthenticationResult;
import com.atlassian.bitbucket.auth.HttpAuthenticationContext;
import com.atlassian.bitbucket.auth.HttpAuthenticationHandler;
import com.atlassian.bitbucket.auth.InactiveUserAuthenticationException;
import com.atlassian.bitbucket.i18n.I18nService;
import com.atlassian.bitbucket.scm.http.HttpRequestDetails;
import com.atlassian.bitbucket.scm.http.HttpScmRequestHandler;
import com.atlassian.bitbucket.server.ApplicationMode;
import com.atlassian.bitbucket.server.ApplicationPropertiesService;
import com.atlassian.bitbucket.user.ApplicationUser;
import com.atlassian.bitbucket.user.UserService;
import com.atlassian.jwt.JwtConstants;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/bitbucket-git-lfs-6.0.0.jar:com/atlassian/bitbucket/internal/scm/git/lfs/jwt/GitLfsJwtHttpAuthenticationHandler.class */
public class GitLfsJwtHttpAuthenticationHandler implements HttpAuthenticationHandler {
    private final ApplicationMode applicationMode;
    private final I18nService i18nService;
    private final HttpScmRequestHandler requestHandler;
    private final UserService userService;

    public GitLfsJwtHttpAuthenticationHandler(I18nService i18nService, ApplicationPropertiesService applicationPropertiesService, HttpScmRequestHandler httpScmRequestHandler, UserService userService) {
        this.applicationMode = applicationPropertiesService.getMode();
        this.i18nService = i18nService;
        this.requestHandler = httpScmRequestHandler;
        this.userService = userService;
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationHandler
    public AuthenticationResult performAuthentication(@Nonnull HttpAuthenticationContext httpAuthenticationContext) {
        Object attribute;
        HttpServletRequest request = httpAuthenticationContext.getRequest();
        if (ApplicationMode.DEFAULT != this.applicationMode || !isLfsRequest(request) || (attribute = request.getAttribute(JwtConstants.HttpRequests.JWT_SUBJECT_ATTRIBUTE_NAME)) == null) {
            return null;
        }
        ApplicationUser userById = this.userService.getUserById(Integer.parseInt(String.valueOf(attribute)));
        if (userById == null || !this.userService.isUserActive(userById)) {
            throw new InactiveUserAuthenticationException(this.i18nService.createKeyedMessage("bitbucket.scm.git.lfs.http.inactiveuser", attribute));
        }
        return new AuthenticationResult.Builder(userById).build();
    }

    @Override // com.atlassian.bitbucket.auth.HttpAuthenticationHandler
    public void validateAuthentication(@Nonnull HttpAuthenticationContext httpAuthenticationContext) {
    }

    private boolean isLfsRequest(HttpServletRequest httpServletRequest) {
        return StringUtils.startsWith(httpServletRequest.getServletPath(), "/rest/git-lfs/storage") || this.requestHandler.supports(HttpRequestDetails.ofServletRequest(httpServletRequest));
    }
}
