package com.atlassian.plugin.connect.plugin.rest;

import com.atlassian.jwt.JwtConstants;
import com.atlassian.plugin.connect.plugin.PermissionDeniedException;
import com.atlassian.sal.api.user.UserManager;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;

@Provider
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/rest/AddonOrUserOnlyResourceFilter.class */
public class AddonOrUserOnlyResourceFilter implements ResourceFilter {

    @Context
    HttpServletRequest httpRequest;

    @Context
    UriInfo uriInfo;
    private final UserManager userManager;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/atlassian-connect-server-plugin-2.0.0-39bf8e4.jar:com/atlassian/plugin/connect/plugin/rest/AddonOrUserOnlyResourceFilter$RequestFilter.class */
    private class RequestFilter implements ContainerRequestFilter {
        private RequestFilter() {
        }

        @Override // com.sun.jersey.spi.container.ContainerRequestFilter
        public ContainerRequest filter(ContainerRequest containerRequest) {
            Object attribute = AddonOrUserOnlyResourceFilter.this.httpRequest.getAttribute(JwtConstants.HttpRequests.ADD_ON_ID_ATTRIBUTE_NAME);
            if (attribute != null) {
                assertResourceAllowedForAddon(attribute);
            } else if (AddonOrUserOnlyResourceFilter.this.userManager.getRemoteUserKey() == null) {
                throw new ConnectAddonAuthenticationRequiredException();
            }
            return containerRequest;
        }

        private void assertResourceAllowedForAddon(Object obj) {
            List list = (List) AddonOrUserOnlyResourceFilter.this.uriInfo.getPathParameters().get("addonKey");
            if (list != null && !list.isEmpty() && !obj.equals((String) list.iterator().next())) {
                throw new PermissionDeniedException(null);
            }
        }
    }

    public AddonOrUserOnlyResourceFilter(UserManager userManager) {
        this.userManager = (UserManager) Preconditions.checkNotNull(userManager);
    }

    @VisibleForTesting
    AddonOrUserOnlyResourceFilter(UserManager userManager, HttpServletRequest httpServletRequest, UriInfo uriInfo) {
        this(userManager);
        this.httpRequest = (HttpServletRequest) Preconditions.checkNotNull(httpServletRequest);
        this.uriInfo = (UriInfo) Preconditions.checkNotNull(uriInfo);
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerRequestFilter getRequestFilter() {
        return new RequestFilter();
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerResponseFilter getResponseFilter() {
        return null;
    }
}
