package com.atlassian.servicedesk.internal.user.external;

import com.atlassian.jira.issue.Issue;
import com.atlassian.jira.user.ApplicationUser;
import com.atlassian.pocketknife.api.commons.error.AnError;
import com.atlassian.servicedesk.api.customer.CustomerContextService;
import com.atlassian.servicedesk.api.user.CheckedUser;
import com.atlassian.servicedesk.internal.api.issue.InternalServiceDeskIssueManager;
import com.atlassian.servicedesk.internal.api.permission.security.CustomerInvolvedService;
import com.atlassian.servicedesk.internal.api.portal.PortalManager;
import com.atlassian.servicedesk.internal.api.user.UserFactoryOld;
import com.atlassian.servicedesk.internal.customer.context.urimatching.UriMatch;
import com.atlassian.servicedesk.internal.customer.context.urimatching.UriMatcher;
import com.atlassian.servicedesk.internal.priorities.ServiceDeskPrioritySchemeManagerImpl;
import com.atlassian.servicedesk.internal.user.permission.ServiceDeskPermissions;
import com.atlassian.servicedesk.internal.web.RequestPathSanitisationUtil;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import io.atlassian.fugue.Either;
import io.atlassian.fugue.Option;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/atlassian/servicedesk/internal/user/external/ExternalCustomerAccessServiceImpl.class */
class ExternalCustomerAccessServiceImpl implements ExternalCustomerAccessService {
    private static final String DEFAULT_PORTAL_URL = "/servicedesk/customer/portals";
    private final UserFactoryOld userFactoryOld;
    private final ServiceDeskPermissions serviceDeskPermissions;
    private final CustomerContextService customerContextService;
    private final InternalServiceDeskIssueManager internalServiceDeskIssueManager;
    private final CustomerInvolvedService customerInvolvedService;
    private final PortalManager portalManager;
    protected static final Logger log = LoggerFactory.getLogger(ExternalCustomerAccessServiceImpl.class);
    private static final UriMatcher WHITELIST_URI_MATCHER = new UriMatcher(ImmutableList.of(UriMatch.builder().startsWith("/download").addPattern("/.*").build(), UriMatch.builder().startsWith("/s").addPattern("/.*").build(), UriMatch.builder().startsWith("/images").addPattern(".*").build(), UriMatch.builder().startsWith("/secure/useravatar").addPattern(".*").build(), UriMatch.builder().startsWith("/static-assets").addPattern(".*").build(), UriMatch.builder().startsWith("/favicon.ico").addPattern(".*").build(), UriMatch.builder().setBlackList().startsWith("/rest").addPattern("/api/.*").addPattern("/servicedesk/.*").addPattern("/workinghours/.*").addPattern("/jira-email-processor-plugin/.*").addPattern("/internal/.*").addPattern("/auth/.*").build(), UriMatch.builder().startsWith("/rest").addPattern("/.*").build()));

    @Autowired
    public ExternalCustomerAccessServiceImpl(CustomerContextService customerContextService, UserFactoryOld userFactoryOld, ServiceDeskPermissions serviceDeskPermissions, InternalServiceDeskIssueManager internalServiceDeskIssueManager, CustomerInvolvedService customerInvolvedService, PortalManager portalManager) {
        this.customerContextService = customerContextService;
        this.userFactoryOld = userFactoryOld;
        this.serviceDeskPermissions = serviceDeskPermissions;
        this.internalServiceDeskIssueManager = internalServiceDeskIssueManager;
        this.customerInvolvedService = customerInvolvedService;
        this.portalManager = portalManager;
    }

    @Override // com.atlassian.servicedesk.internal.user.external.ExternalCustomerAccessService
    public boolean canExecuteRequest(ApplicationUser applicationUser, HttpServletRequest httpServletRequest) {
        String sanitisedRequestPath = RequestPathSanitisationUtil.getSanitisedRequestPath(httpServletRequest);
        if (!executeAndLog(isAnonymous(applicationUser), "Anonymous", applicationUser, sanitisedRequestPath) && !executeAndLog(isInCustomerContext(), "In portal", applicationUser, sanitisedRequestPath) && !executeAndLog(isInWhiteList(sanitisedRequestPath), "In whitelist", applicationUser, sanitisedRequestPath)) {
            if (!executeAndLog(!hasExternalCustomerAccess(applicationUser), "Internal customer", applicationUser, sanitisedRequestPath)) {
                return false;
            }
        }
        return true;
    }

    @Override // com.atlassian.servicedesk.internal.user.external.ExternalCustomerAccessService
    public String generateRedirectUrl(HttpServletRequest httpServletRequest) {
        return (String) getIssue(httpServletRequest).filter(this::currentUserCanAccessRequest).flatMap(this::generatePortalUrlForIssue).getOrElse(DEFAULT_PORTAL_URL);
    }

    @Override // com.atlassian.servicedesk.internal.user.external.ExternalCustomerAccessService
    public boolean isAuthorisedByServiceDesk(ApplicationUser applicationUser) {
        boolean hasExternalCustomerAccess = hasExternalCustomerAccess(applicationUser);
        log.debug("isAuthorisedByServiceDesk: {}", Boolean.valueOf(hasExternalCustomerAccess));
        return hasExternalCustomerAccess;
    }

    private String requestUrlWithoutContextPath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().replaceFirst(httpServletRequest.getContextPath(), ServiceDeskPrioritySchemeManagerImpl.JSD_DEFAULT_PRIORITY_DESCRIPTION);
    }

    private boolean isAnonymous(ApplicationUser applicationUser) {
        return applicationUser == null;
    }

    private boolean hasExternalCustomerAccess(ApplicationUser applicationUser) {
        Either<AnError, CheckedUser> wrap = this.userFactoryOld.wrap(applicationUser);
        ServiceDeskPermissions serviceDeskPermissions = this.serviceDeskPermissions;
        serviceDeskPermissions.getClass();
        return wrap.exists((v1) -> {
            return r1.hasExternalCustomerAccess(v1);
        });
    }

    private Option<Issue> getIssue(HttpServletRequest httpServletRequest) {
        Option option = Option.option(httpServletRequest.getParameter("issueKey"));
        InternalServiceDeskIssueManager internalServiceDeskIssueManager = this.internalServiceDeskIssueManager;
        internalServiceDeskIssueManager.getClass();
        return option.map(internalServiceDeskIssueManager::getIssueByKey).flatMap((v0) -> {
            return v0.toOption();
        });
    }

    private boolean currentUserCanAccessRequest(Issue issue) {
        return this.userFactoryOld.getCheckedUser().toOption().filter(checkedUser -> {
            return this.customerInvolvedService.hasAccessToRequest(checkedUser, issue);
        }).isDefined();
    }

    private Option<String> generatePortalUrlForIssue(Issue issue) {
        return Option.option(issue.getProjectObject()).flatMap(project -> {
            return this.portalManager.getPortalByProject(project).toOption();
        }).map(portal -> {
            return "/servicedesk/customer/portal/" + portal.getId() + "/" + issue.getKey();
        });
    }

    private boolean isInWhiteList(String str) {
        return WHITELIST_URI_MATCHER.matches(str) == UriMatcher.Decision.GRANTED;
    }

    @VisibleForTesting
    boolean isInCustomerContext() {
        return this.customerContextService.isInCustomerContext();
    }

    private boolean executeAndLog(boolean z, String str, ApplicationUser applicationUser, String str2) {
        log.debug("{} is {} true for request {} and user {}", new Object[]{str, z ? ServiceDeskPrioritySchemeManagerImpl.JSD_DEFAULT_PRIORITY_DESCRIPTION : "not", str2 != null ? str2 : "NULL", applicationUser != null ? applicationUser.getUsername() : "ANON"});
        return z;
    }
}
