package com.atlassian.streams.internal.servlet;

import com.atlassian.sal.api.xsrf.XsrfHeaderValidator;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.streams.api.common.Either;
import com.atlassian.streams.internal.MissingModuleKeyException;
import com.atlassian.streams.internal.NoSuchModuleException;
import com.atlassian.streams.internal.PostReplyHandler;
import com.atlassian.streams.internal.RemotePostReplyException;
import com.atlassian.streams.internal.RemotePostValidationException;
import com.atlassian.streams.spi.StreamsCommentHandler;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URI;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.batik.util.SVG12Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/atlassian-bundled-plugins/streams-aggregator-plugin-6.0.2.jar:com/atlassian/streams/internal/servlet/StreamsCommentsServlet.class */
public class StreamsCommentsServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) StreamsCommentsServlet.class);
    private final PostReplyHandler handler;
    private final XsrfTokenValidator xsrfTokenValidator;
    private final XsrfHeaderValidator xsrfHeaderValidator;

    public StreamsCommentsServlet(PostReplyHandler postReplyHandler, XsrfTokenValidator xsrfTokenValidator, XsrfHeaderValidator xsrfHeaderValidator) {
        this.handler = (PostReplyHandler) Preconditions.checkNotNull(postReplyHandler, SVG12Constants.SVG_HANDLER_TAG);
        this.xsrfTokenValidator = (XsrfTokenValidator) Preconditions.checkNotNull(xsrfTokenValidator, "XSRF token validator");
        this.xsrfHeaderValidator = (XsrfHeaderValidator) Preconditions.checkNotNull(xsrfHeaderValidator, "XSRF header validator");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        PrintWriter writer = httpServletResponse.getWriter();
        if (!isXsrfSafe(httpServletRequest)) {
            httpServletResponse.setContentType("application/json");
            StreamsCommentHandler.PostReplyError.Type type = StreamsCommentHandler.PostReplyError.Type.CONFLICT;
            httpServletResponse.setStatus(type.getStatusCode());
            writer.print(type.asJsonString());
            writer.close();
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        String parameter = httpServletRequest.getParameter("comment");
        if (parameter == null) {
            httpServletResponse.sendError(400, "No comment specified");
            return;
        }
        try {
            try {
                try {
                    try {
                        Either<StreamsCommentHandler.PostReplyError, URI> postReply = this.handler.postReply(pathInfo, parameter, httpServletRequest.getParameter("replyTo"));
                        if (postReply.isLeft()) {
                            StreamsCommentHandler.PostReplyError postReplyError = postReply.left().get();
                            if (!postReplyError.getType().equals(StreamsCommentHandler.PostReplyError.Type.UNKNOWN_ERROR)) {
                                log.warn("Logged an error while posting comment: " + postReplyError.getType().toString());
                            } else if (postReplyError.getCause().isDefined()) {
                                log.error("Unknown error while posting comment", postReplyError.getCause().get());
                            } else {
                                log.error("Unknown error while posting comment. No exception details available");
                            }
                            httpServletResponse.setContentType("application/json");
                            httpServletResponse.setStatus(postReplyError.getType().getStatusCode());
                            writer.print(postReplyError.getType().asJsonString());
                            writer.flush();
                        } else {
                            httpServletResponse.setStatus(201);
                            httpServletResponse.setHeader("Location", postReply.right().get().toASCIIString());
                        }
                        writer.close();
                    } catch (RemotePostValidationException e) {
                        httpServletResponse.sendError(400, Joiner.on('\n').join(e.getErrors()));
                        writer.close();
                    }
                } catch (MissingModuleKeyException e2) {
                    httpServletResponse.sendError(404, "No module key in URI");
                    writer.close();
                }
            } catch (NoSuchModuleException e3) {
                httpServletResponse.sendError(404, "No module with key " + e3.getKey() + " installed");
                writer.close();
            } catch (RemotePostReplyException e4) {
                httpServletResponse.sendError(502, e4.getMessage());
                writer.close();
            }
        } catch (Throwable th) {
            writer.close();
            throw th;
        }
    }

    @VisibleForTesting
    boolean isXsrfSafe(HttpServletRequest httpServletRequest) {
        if (this.xsrfHeaderValidator.requestHasValidXsrfHeader(httpServletRequest)) {
            return true;
        }
        return this.xsrfTokenValidator.validateFormEncodedToken(new XsrfAwareRequest(httpServletRequest, this.xsrfTokenValidator.getXsrfParameterName()));
    }
}
