package com.atlassian.servicedesk.internal.web.shim;

import com.atlassian.jira.config.FeatureManager;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.exception.AttachmentNotFoundException;
import com.atlassian.jira.issue.AttachmentManager;
import com.atlassian.jira.issue.attachment.Attachment;
import com.atlassian.jira.security.JiraAuthenticationContext;
import com.atlassian.servicedesk.internal.api.condition.SDOperationalConditionHelper;
import com.atlassian.servicedesk.internal.featureflag.SDFeatureFlags;
import com.atlassian.servicedesk.internal.utils.CustomerUrlUtil;
import com.atlassian.servicedesk.internal.web.OperationalStatusAwareHttpFilter;
import io.atlassian.fugue.Either;
import io.atlassian.fugue.Option;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/atlassian/servicedesk/internal/web/shim/CustomerPortalShim.class */
public class CustomerPortalShim extends OperationalStatusAwareHttpFilter {
    private final JiraAuthenticationContext jiraAuthenticationContext;
    private final CustomerUrlUtil customerUrlUtil;
    private final ApplicationProperties applicationProperties;
    private final RequestAttachmentPermissionService requestAttachmentPermissionService;
    private final AttachmentManager attachmentManager;
    private final FeatureManager featureManager;

    @Autowired
    public CustomerPortalShim(JiraAuthenticationContext jiraAuthenticationContext, CustomerUrlUtil customerUrlUtil, ApplicationProperties applicationProperties, SDOperationalConditionHelper sDOperationalConditionHelper, RequestAttachmentPermissionService requestAttachmentPermissionService, AttachmentManager attachmentManager, FeatureManager featureManager) {
        super(sDOperationalConditionHelper);
        this.jiraAuthenticationContext = jiraAuthenticationContext;
        this.customerUrlUtil = customerUrlUtil;
        this.applicationProperties = applicationProperties;
        this.requestAttachmentPermissionService = requestAttachmentPermissionService;
        this.attachmentManager = attachmentManager;
        this.featureManager = featureManager;
    }

    @Override // com.atlassian.servicedesk.internal.web.OperationalStatusAwareHttpFilter
    protected void doFilterWhenLicensed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String requestURI = httpServletRequest.getRequestURI();
        String substring = requestURI.substring(requestURI.lastIndexOf(CustomerUrlUtil.SHIM_PREFIX) + CustomerUrlUtil.SHIM_PREFIX.length());
        if (!checkValidUri(substring)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (this.jiraAuthenticationContext.isLoggedInUser()) {
            handleRequest(httpServletRequest, httpServletResponse, substring);
        } else {
            String queryString = httpServletRequest.getQueryString();
            redirectToCustomerLoginPage(httpServletResponse, StringUtils.isNotBlank(queryString) ? requestURI + "?" + queryString : requestURI);
        }
    }

    private void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        if (this.requestAttachmentPermissionService.isAttachmentUrl(str)) {
            Option<Long> issueIdFromRequest = this.requestAttachmentPermissionService.getIssueIdFromRequest(httpServletRequest);
            Either left = this.featureManager.isEnabled(SDFeatureFlags.ATTACHMENT_IS_VIEWABLE_SHORTCIRCUIT) ? Either.left(this.requestAttachmentPermissionService.getAttachmentIdFromURI(httpServletRequest.getRequestURI()).flatMap(l -> {
                try {
                    return Option.some(this.attachmentManager.getAttachment(l));
                } catch (AttachmentNotFoundException e) {
                    return Option.none();
                }
            })) : Either.right(this.requestAttachmentPermissionService.getAttachmentIdFromURI(httpServletRequest.getRequestURI()));
            if (issueIdFromRequest.isEmpty() || ((Boolean) left.fold((v0) -> {
                return v0.isEmpty();
            }, (v0) -> {
                return v0.isEmpty();
            })).booleanValue()) {
                httpServletResponse.sendError(400);
                return;
            } else if (!((Boolean) left.fold(option -> {
                return Boolean.valueOf(this.requestAttachmentPermissionService.customerCanViewAttachment(((Long) issueIdFromRequest.get()).longValue(), (Attachment) option.get()));
            }, option2 -> {
                return Boolean.valueOf(this.requestAttachmentPermissionService.customerCanViewAttachment(((Long) issueIdFromRequest.get()).longValue(), ((Long) option2.get()).longValue()));
            })).booleanValue()) {
                httpServletResponse.sendError(403);
                return;
            }
        }
        httpServletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
    }

    private boolean checkValidUri(String str) {
        Stream<String> stream = CustomerUrlUtil.SHIM_WHITE_LIST.stream();
        str.getClass();
        return stream.anyMatch(str::startsWith);
    }

    private void redirectToCustomerLoginPage(HttpServletResponse httpServletResponse, String str) throws IOException {
        String encode = URLEncoder.encode(str, this.applicationProperties.getEncoding());
        HashMap hashMap = new HashMap();
        hashMap.put("destination", encode);
        hashMap.put("absolute", "true");
        String loginUrl = this.customerUrlUtil.getLoginUrl(hashMap, false);
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setStatus(307);
        httpServletResponse.setHeader("Location", loginUrl);
    }
}
