package com.atlassian.plugins.rest.v2.security.websudo;

import com.atlassian.plugins.rest.v2.util.ServletUtils;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.websudo.WebSudoManager;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins-setup/com.atlassian.plugins.rest.atlassian-rest-v2-plugin-8.1.2.jar:com/atlassian/plugins/rest/v2/security/websudo/SalWebSudoResourceContext.class */
public class SalWebSudoResourceContext {
    private static final Logger log = LoggerFactory.getLogger(SalWebSudoResourceContext.class);
    private static final String BASIC_AUTHZ_TYPE_PREFIX = "Basic ";
    private static final String BEARER_AUTHZ_TYPE_PREFIX = "Bearer ";
    private final WebSudoManager webSudoManager;
    private final UserManager userManager;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins-setup/com.atlassian.plugins.rest.atlassian-rest-v2-plugin-8.1.2.jar:com/atlassian/plugins/rest/v2/security/websudo/SalWebSudoResourceContext$UserPassCredentials.class */
    public static class UserPassCredentials {
        private final String username;
        private final String password;

        public UserPassCredentials(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public SalWebSudoResourceContext(WebSudoManager webSudoManager, UserManager userManager) {
        this.webSudoManager = webSudoManager;
        this.userManager = userManager;
    }

    public boolean shouldEnforceWebSudoProtection() {
        HttpServletRequest httpServletRequest = ServletUtils.getHttpServletRequest();
        if (null == httpServletRequest) {
            return false;
        }
        String header = httpServletRequest.getHeader("Authorization");
        return (header == null || !(isBasicAuthValid(header) || shouldDisableWebSudoForPersonalAccessTokens(httpServletRequest, header))) && !this.webSudoManager.canExecuteRequest(httpServletRequest);
    }

    private boolean shouldDisableWebSudoForPersonalAccessTokens(HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        return Objects.nonNull(session) && str.startsWith(BEARER_AUTHZ_TYPE_PREFIX) && Objects.nonNull(session.getAttribute("is.pats.enabled"));
    }

    private boolean isBasicAuthValid(String str) {
        if (isBasicAuthorizationHeader(str)) {
            return ((Boolean) decodeBasicAuthorizationCredentials(str).map(userPassCredentials -> {
                return Boolean.valueOf(validateCredentials(userPassCredentials.getUsername(), userPassCredentials.getPassword()));
            }).orElse(false)).booleanValue();
        }
        return false;
    }

    private boolean isBasicAuthorizationHeader(String str) {
        return str != null && str.startsWith(BASIC_AUTHZ_TYPE_PREFIX);
    }

    private boolean validateCredentials(String str, String str2) {
        return this.userManager.authenticate(str, str2);
    }

    private Optional<UserPassCredentials> decodeBasicAuthorizationCredentials(String str) {
        try {
            String[] split = new String(Base64.getDecoder().decode(str.substring(BASIC_AUTHZ_TYPE_PREFIX.length()).trim()), StandardCharsets.UTF_8).split(":", 2);
            if (split.length == 2 && !split[0].isEmpty() && !split[1].isEmpty()) {
                return Optional.of(new UserPassCredentials(split[0], split[1]));
            }
        } catch (IllegalArgumentException e) {
            log.warn("Provided BasicAuth token that is not valid base64 string: {}", e.getMessage());
        }
        return Optional.empty();
    }
}
