package com.atlassian.plugins.rest.v2.security.xsrf;

import com.atlassian.annotations.security.XsrfProtectionExcluded;
import com.atlassian.plugins.rest.v2.security.cors.CorsDefaultService;
import com.atlassian.sal.api.web.context.HttpContext;
import com.atlassian.sal.api.xsrf.XsrfRequestValidator;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Objects;
import javax.annotation.Priority;
import javax.ws.rs.GET;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(2000)
@Provider
/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins-setup/com.atlassian.plugins.rest.atlassian-rest-v2-plugin-8.1.2.jar:com/atlassian/plugins/rest/v2/security/xsrf/XsrfResourceDynamicFeature.class */
public class XsrfResourceDynamicFeature implements DynamicFeature {
    private static final Logger log = LoggerFactory.getLogger(XsrfResourceDynamicFeature.class);
    private final HttpContext httpContext;
    private final XsrfRequestValidator xsrfRequestValidator;
    private final CorsDefaultService corsDefaultService;

    public XsrfResourceDynamicFeature(HttpContext httpContext, XsrfRequestValidator xsrfRequestValidator, CorsDefaultService corsDefaultService) {
        this.httpContext = (HttpContext) Objects.requireNonNull(httpContext, "httpContext can't be null");
        this.xsrfRequestValidator = (XsrfRequestValidator) Objects.requireNonNull(xsrfRequestValidator, "xsrfRequestValidator can't be null");
        this.corsDefaultService = corsDefaultService;
    }

    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        Method resourceMethod = resourceInfo.getResourceMethod();
        boolean isXsrfProtectionExcludedAnnotationPresent = isXsrfProtectionExcludedAnnotationPresent(resourceMethod.getAnnotations());
        XsrfResourceFilter xsrfResourceFilter = null;
        if (!resourceMethod.isAnnotationPresent(GET.class) && !isXsrfProtectionExcludedAnnotationPresent) {
            xsrfResourceFilter = new XsrfResourceFilter();
        }
        if (xsrfResourceFilter != null) {
            xsrfResourceFilter.setHttpContext(this.httpContext);
            xsrfResourceFilter.setXsrfRequestValidator(this.xsrfRequestValidator);
            xsrfResourceFilter.setCorsDefaults(this.corsDefaultService.getCorsDefaults());
            featureContext.register(xsrfResourceFilter);
        }
    }

    private static boolean isXsrfProtectionExcludedAnnotationPresent(Annotation[] annotationArr) {
        for (Annotation annotation : annotationArr) {
            if (annotation.annotationType().getCanonicalName().equals(XsrfProtectionExcluded.class.getCanonicalName())) {
                if (annotation.annotationType().equals(XsrfProtectionExcluded.class)) {
                    return true;
                }
                log.warn("Detected usage of the com.atlassian.annotations.security. XsrfProtectionExcluded annotation loaded from elsewhere. {} != {}", XsrfProtectionExcluded.class.getClassLoader(), annotation.annotationType().getClassLoader());
                return true;
            }
        }
        return false;
    }
}
