package com.atlassian.jira.web.servlet;

import com.atlassian.jira.ComponentManager;
import com.atlassian.jira.avatar.Avatar;
import com.atlassian.jira.avatar.AvatarManager;
import com.atlassian.jira.project.Project;
import com.atlassian.jira.project.ProjectManager;
import com.atlassian.jira.security.PermissionManager;
import com.atlassian.jira.util.StreamCopyingConsumer;
import com.atlassian.seraph.auth.AuthenticationContextImpl;
import com.opensymphony.user.User;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.math.NumberUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/jira/web/servlet/ViewProjectAvatarServlet.class */
public class ViewProjectAvatarServlet extends HttpServlet {
    private static final Logger log = Logger.getLogger(ViewProjectAvatarServlet.class);
    static final int AVATAR_BUFFER_SIZE = 4096;
    private static final String PARAM_PROJECT_ID = "pid";
    private static final String PARAM_SIZE = "size";
    private static final String VALUE_SMALL = "small";
    private static final int ABOUT_ONE_YEAR = 31536000;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Long createLong = NumberUtils.createLong(httpServletRequest.getParameter(PARAM_PROJECT_ID));
        String parameter = httpServletRequest.getParameter("avatarId");
        if (createLong == null && parameter == null) {
            httpServletResponse.sendError(404, "No avatar requested");
        } else if (createLong != null) {
            Project projectObj = getProjectManager().getProjectObj(createLong);
            if (projectObj == null) {
                httpServletResponse.sendError(404, "Unknown project");
                return;
            } else if (!userHasViewAvatarPermission(projectObj)) {
                httpServletResponse.sendError(403, "Unknown project");
                return;
            } else if (parameter == null) {
                httpServletResponse.sendRedirect(getRedirectForProjectAvatar(httpServletRequest, projectObj));
                return;
            }
        }
        try {
            Avatar byId = getAvatarManager().getById(Long.valueOf(Long.parseLong(parameter)));
            if (byId == null) {
                httpServletResponse.sendError(404, "Avatar not found");
            } else {
                if (!avatarOkForProject(createLong, byId)) {
                    log.warn("Attempted access to avatar " + byId.getId() + " for project " + createLong + " when it doesn't belong to that project.");
                    httpServletResponse.sendError(404);
                    return;
                }
                sendAvatar(httpServletRequest, httpServletResponse, byId);
            }
        } catch (IOException e) {
            handleOutputStreamingException(httpServletResponse, false, e);
        } catch (NumberFormatException e2) {
            httpServletResponse.sendError(404);
        } catch (RuntimeException e3) {
            handleOutputStreamingException(httpServletResponse, false, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void handleOutputStreamingException(HttpServletResponse httpServletResponse, boolean z, Exception exc) throws IOException, ServletException {
        log.warn("Problem streaming the avatar image, user will get a 404: " + exc.getMessage());
        if (z) {
            throw new ServletException("Unable to write a coherent reponse for avatar request", exc);
        }
        httpServletResponse.sendError(404);
    }

    private boolean userHasViewAvatarPermission(Project project) {
        return hasAvatarPermission(project, (User) new AuthenticationContextImpl().getUser());
    }

    private String getRedirectForProjectAvatar(HttpServletRequest httpServletRequest, Project project) {
        return httpServletRequest.getRequestURI() + "?pid=" + project.getId() + "&avatarId=" + project.getAvatar().getId() + ("&size=" + (VALUE_SMALL.equals(httpServletRequest.getParameter(PARAM_SIZE)) ? VALUE_SMALL : "large"));
    }

    private void sendAvatar(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Avatar avatar) throws IOException {
        httpServletResponse.setContentType(avatar.getContentType());
        httpServletResponse.setHeader("Cache-control", "private, max-age=" + System.currentTimeMillis() + ABOUT_ONE_YEAR);
        StreamCopyingConsumer streamCopyingConsumer = new StreamCopyingConsumer(httpServletResponse.getOutputStream(), AVATAR_BUFFER_SIZE);
        if (!VALUE_SMALL.equals(httpServletRequest.getParameter(PARAM_SIZE))) {
            getAvatarManager().readLargeAvatarData(avatar, streamCopyingConsumer);
        } else {
            getAvatarManager().readSmallAvatarData(avatar, streamCopyingConsumer);
        }
    }

    private boolean avatarOkForProject(Long l, Avatar avatar) {
        String owner = avatar.getOwner();
        return owner == null || (l != null && l.toString().equals(owner));
    }

    private boolean hasAvatarPermission(Project project, User user) {
        return getPermissionManager().hasPermission(0, user) || getPermissionManager().hasPermission(23, project, user) || getPermissionManager().hasPermission(10, project, user);
    }

    ProjectManager getProjectManager() {
        return ComponentManager.getInstance().getProjectManager();
    }

    PermissionManager getPermissionManager() {
        return ComponentManager.getInstance().getPermissionManager();
    }

    AvatarManager getAvatarManager() {
        return ComponentManager.getInstance().getAvatarManager();
    }
}
