package com.atlassian.jira.plugins.workflow.sharing.servlet;

import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.plugins.workflow.sharing.file.CanNotCreateFileException;
import com.atlassian.jira.security.xsrf.XsrfTokenGenerator;
import com.atlassian.jira.web.action.XsrfErrorAction;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.message.I18nResolver;
import com.atlassian.sal.api.user.UserManager;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.opensymphony.workflow.FactoryException;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-workflow-sharing-plugin-2.0.2.jar:com/atlassian/jira/plugins/workflow/sharing/servlet/AbstractServletWizardHandler.class */
public abstract class AbstractServletWizardHandler extends AbstractServlet {
    static final String JIRA_SERAPH_SECURITY_ORIGINAL_URL = "os_security_originalurl";
    static final String CONF_SERAPH_SECURITY_ORIGINAL_URL = "seraph_originalurl";
    protected static final String DATA_NOT_FOUND_IN_SESSION_PARAM = "notFoundInSession";
    private final LoginUriProvider loginUriProvider;
    private final UserManager userManager;
    protected final I18nResolver i18n;
    private final XsrfTokenValidator xsrfTokenValidator;
    private final XsrfTokenGenerator xsrfTokenGenerator;

    /* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/jira-workflow-sharing-plugin-2.0.2.jar:com/atlassian/jira/plugins/workflow/sharing/servlet/AbstractServletWizardHandler$RequestHandler.class */
    protected interface RequestHandler {
        void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, Object> map, ServletMapping servletMapping) throws DataNotFoundInSessionException, IOException, FactoryException, ValidationException, CanNotCreateFileException, URISyntaxException, ServletException;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServletWizardHandler(LoginUriProvider loginUriProvider, UserManager userManager, I18nResolver i18nResolver, XsrfTokenValidator xsrfTokenValidator, XsrfTokenGenerator xsrfTokenGenerator, ApplicationProperties applicationProperties) {
        super(applicationProperties);
        this.loginUriProvider = loginUriProvider;
        this.userManager = userManager;
        this.i18n = i18nResolver;
        this.xsrfTokenValidator = xsrfTokenValidator;
        this.xsrfTokenGenerator = xsrfTokenGenerator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean enforceAdminLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isAdmin()) {
            return false;
        }
        redirectToLogin(httpServletRequest, httpServletResponse);
        return true;
    }

    protected boolean isAdmin() {
        if (this.userManager.getRemoteUsername() == null) {
            return false;
        }
        return this.userManager.isSystemAdmin(this.userManager.getRemoteUsername()) || this.userManager.isAdmin(this.userManager.getRemoteUsername());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSystemAdmin() {
        if (this.userManager.getRemoteUsername() == null) {
            return false;
        }
        return this.userManager.isSystemAdmin(this.userManager.getRemoteUsername());
    }

    protected void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        URI uri = getUri(httpServletRequest);
        addSessionAttributes(httpServletRequest, uri.toASCIIString());
        httpServletResponse.sendRedirect(this.loginUriProvider.getLoginUri(uri).toASCIIString());
    }

    protected URI getUri(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?");
            requestURL.append(httpServletRequest.getQueryString());
        }
        return URI.create(requestURL.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T getSessionAttribute(HttpServletRequest httpServletRequest, String str, String str2) throws ValidationException {
        try {
            T t = (T) httpServletRequest.getSession().getAttribute(str);
            if (null == t) {
                throw new ValidationException(str2);
            }
            return t;
        } catch (Exception e) {
            throw new ValidationException(str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T> T getSessionAttributeOrNull(HttpServletRequest httpServletRequest, String str) {
        return (T) httpServletRequest.getSession().getAttribute(str);
    }

    private void addSessionAttributes(HttpServletRequest httpServletRequest, String str) {
        httpServletRequest.getSession().setAttribute("os_security_originalurl", str);
        httpServletRequest.getSession().setAttribute("seraph_originalurl", str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void clearSessionAttributes(HttpSession httpSession) {
        httpSession.removeAttribute("os_security_originalurl");
        httpSession.removeAttribute("seraph_originalurl");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getMappingPath(HttpServletRequest httpServletRequest) {
        String substringAfterLast = StringUtils.substringAfterLast(httpServletRequest.getRequestURI(), "/");
        if (StringUtils.isBlank(substringAfterLast)) {
            substringAfterLast = StringUtils.substringBeforeLast(httpServletRequest.getRequestURI(), "/");
        }
        return substringAfterLast;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addXsrfToken(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        map.put("atl_token", getXsrfToken(httpServletRequest));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getXsrfToken(HttpServletRequest httpServletRequest) {
        return this.xsrfTokenGenerator.generateToken(httpServletRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkXsrf(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (this.xsrfTokenValidator.validateFormEncodedToken(httpServletRequest)) {
            return false;
        }
        httpServletRequest.getRequestDispatcher(XsrfErrorAction.FORWARD_PATH).include(httpServletRequest, httpServletResponse);
        return true;
    }
}
