package com.atlassian.bamboo.agent.messaging;

import com.atlassian.bamboo.agent.classserver.AgentServerManager;
import com.atlassian.bamboo.filter.NewRelicTransactionNamingFilter;
import com.atlassian.bamboo.security.SecureToken;
import com.atlassian.bamboo.security.SecureTokenService;
import com.atlassian.bamboo.v2.build.agent.messages.AuthenticableMessage;
import com.atlassian.bamboo.v2.build.agent.messages.BambooAgentMessage;
import com.atlassian.spring.container.LazyComponentReference;
import com.atlassian.util.concurrent.Supplier;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:com/atlassian/bamboo/agent/messaging/DeliverMessageServlet.class */
public class DeliverMessageServlet extends HttpServlet {
    private static final Logger log = Logger.getLogger(DeliverMessageServlet.class);
    Supplier<AgentServerManager> agentServerManager;
    Supplier<SecureTokenService> secureTokenService;

    public void init() throws ServletException {
        this.agentServerManager = new LazyComponentReference("agentServerManager");
        this.secureTokenService = new LazyComponentReference("secureTokenService");
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("fingerprint");
        if (!((AgentServerManager) this.agentServerManager.get()).isServerFingerprintValid(parameter)) {
            log.warn("Incorrect fingerprint: " + parameter + ". This could be due to a remote agent left over from a previous Bamboo server process, or an attempted attack.");
            httpServletResponse.sendError(404);
            return;
        }
        Object deserializeObject = deserializeObject(httpServletRequest, httpServletResponse);
        if (deserializeObject == null) {
            return;
        }
        try {
            deliverMessage(httpServletResponse, (BambooAgentMessage) deserializeObject);
        } catch (ClassCastException e) {
            log.error("Object is not a BambooAgentMessage.", e);
            httpServletResponse.sendError(415, e.toString());
        }
    }

    void deliverMessage(HttpServletResponse httpServletResponse, BambooAgentMessage bambooAgentMessage) throws IOException {
        if (!(bambooAgentMessage instanceof AuthenticableMessage)) {
            String str = "Cannot process message: Only AuthenticableMessage are allowed. Message of type: " + bambooAgentMessage;
            log.error(str);
            httpServletResponse.sendError(401, str);
            return;
        }
        AuthenticableMessage authenticableMessage = (AuthenticableMessage) bambooAgentMessage;
        SecureToken authenticationToken = authenticableMessage.getAuthenticationToken();
        if (!getSecureTokenService().isValid(authenticationToken, authenticableMessage.getIdentification())) {
            String str2 = "Cannot process message: invalid authentication token [" + authenticationToken.getToken() + "] for " + authenticableMessage.getIdentification();
            log.error(str2);
            httpServletResponse.sendError(401, str2);
        } else {
            Object deliver = bambooAgentMessage.deliver();
            if (deliver == null) {
                httpServletResponse.setStatus(204);
            } else {
                serializeObject(deliver, httpServletResponse);
            }
        }
    }

    SecureTokenService getSecureTokenService() {
        return (SecureTokenService) this.secureTokenService.get();
    }

    void serializeObject(Object obj, HttpServletResponse httpServletResponse) throws IOException {
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(httpServletResponse.getOutputStream());
        objectOutputStream.flush();
        objectOutputStream.writeObject(obj);
        objectOutputStream.flush();
    }

    @Nullable
    private Object deserializeObject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Object obj = null;
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(inputStream);
            try {
                try {
                    obj = objectInputStream.readObject();
                    objectInputStream.close();
                } catch (Throwable th) {
                    objectInputStream.close();
                    throw th;
                }
            } catch (IOException e) {
                log.error(createErrorMessage(httpServletRequest), e);
                httpServletResponse.sendError(500, e.toString());
                objectInputStream.close();
            } catch (ClassNotFoundException e2) {
                log.error(createErrorMessage(httpServletRequest), e2);
                httpServletResponse.sendError(501, e2.toString());
                objectInputStream.close();
            }
            if (obj != null) {
                String simpleName = obj.getClass().getSimpleName();
                NewRelicTransactionNamingFilter.setTransactionName(httpServletRequest, "/deliverMessage/" + simpleName);
                if ("ArtifactPublishMessage".equals(simpleName)) {
                    httpServletRequest.setAttribute("com.newrelic.agent.IGNORE", true);
                }
            }
            inputStream.close();
            return obj;
        } finally {
            if (obj != null) {
                String simpleName2 = obj.getClass().getSimpleName();
                NewRelicTransactionNamingFilter.setTransactionName(httpServletRequest, "/deliverMessage/" + simpleName2);
                if ("ArtifactPublishMessage".equals(simpleName2)) {
                    httpServletRequest.setAttribute("com.newrelic.agent.IGNORE", true);
                }
            }
            inputStream.close();
        }
    }

    private String createErrorMessage(HttpServletRequest httpServletRequest) {
        return "Failed to deserialise message sent to " + httpServletRequest.getRequestURI() + "&" + httpServletRequest.getQueryString() + " : " + httpServletRequest.getHeader("Content-Description");
    }
}
