package com.atlassian.bamboo.agent.messaging;

import com.atlassian.annotations.security.UnrestrictedAccess;
import com.atlassian.bamboo.ClusterAwareLifecycleManager;
import com.atlassian.bamboo.NodeLifecycleState;
import com.atlassian.bamboo.agent.BambooAgentHttpRequestUtils;
import com.atlassian.bamboo.agent.classserver.AgentServerManager;
import com.atlassian.bamboo.security.SecureToken;
import com.atlassian.bamboo.security.SecureTokenService;
import com.atlassian.bamboo.servlet.BambooHttpServlet;
import com.atlassian.bamboo.storage.StorageCappingService;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

@UnrestrictedAccess
/* loaded from: input_file:com/atlassian/bamboo/agent/messaging/TokenVerificationServlet.class */
public class TokenVerificationServlet extends BambooHttpServlet {
    private static final Logger log = Logger.getLogger(TokenVerificationServlet.class);

    @Inject
    @VisibleForTesting
    AgentServerManager agentServerManager;

    @Inject
    @VisibleForTesting
    SecureTokenService secureTokenService;

    @Inject
    @VisibleForTesting
    StorageCappingService storageCappingService;

    @Inject
    @VisibleForTesting
    ClusterAwareLifecycleManager clusterAwareLifecycleManager;

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isUploadRequestValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!isFingerprintAndTokenValid(httpServletRequest, httpServletResponse)) {
            return false;
        }
        if (!this.storageCappingService.isHardLimitExceeded()) {
            return true;
        }
        String str = "Unable to publish " + getArtifactDescription(httpServletRequest) + " because local storage is full. Switch to S3 storage";
        log.error(str);
        httpServletResponse.sendError(403, str);
        return false;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (isUploadRequestValid(httpServletRequest, httpServletResponse)) {
            httpServletResponse.setStatus(204);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isFingerprintAndTokenValid(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = false;
        String header = httpServletRequest.getHeader("Atlassian-Bamboo-Server-Fingerprint");
        if (header == null) {
            header = httpServletRequest.getHeader("Atlassian-Bamboo-Fingerprint");
            z = true;
        }
        if (header == null) {
            BambooAgentHttpRequestUtils.sendError(httpServletResponse, 400, String.format("Both %s and %s are missing", "Atlassian-Bamboo-Server-Fingerprint", "Atlassian-Bamboo-Fingerprint"));
            return false;
        }
        if (z) {
            if (Long.parseLong(header) != this.agentServerManager.getFingerprint().getInstanceFingerprint()) {
                BambooAgentHttpRequestUtils.sendError(httpServletResponse, 404, "Atlassian-Bamboo-Fingerprint is invalid");
                return false;
            }
        } else if (!this.agentServerManager.isServerFingerprintValid(header)) {
            BambooAgentHttpRequestUtils.sendError(httpServletResponse, 404, "Atlassian-Bamboo-Server-Fingerprint is invalid");
            return false;
        }
        if (this.clusterAwareLifecycleManager.getBufferedNodeLifecycleState() != NodeLifecycleState.RUNNING) {
            BambooAgentHttpRequestUtils.sendError(httpServletResponse, 503, "Cannot process message: server not ready to accept requests " + getArtifactDescription(httpServletRequest));
            return false;
        }
        String header2 = httpServletRequest.getHeader("X-Bamboo-AuthenticationToken");
        if (StringUtils.isBlank(header2)) {
            BambooAgentHttpRequestUtils.sendError(httpServletResponse, 401, "Cannot process message: authentication token missing for " + getArtifactDescription(httpServletRequest));
            return false;
        }
        SecureToken createFromString = SecureToken.createFromString(header2);
        if (this.secureTokenService.isValid(createFromString)) {
            return true;
        }
        BambooAgentHttpRequestUtils.sendError(httpServletResponse, 401, "Cannot process message: invalid authentication token [" + createFromString.getToken() + "]: " + getArtifactDescription(httpServletRequest));
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getArtifactDescription(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Content-Description");
    }
}
