package com.atlassian.stash.internal.ssh.servlet;

import com.atlassian.sal.api.auth.AuthenticationController;
import com.atlassian.sal.api.auth.LoginUriProvider;
import com.atlassian.sal.api.xsrf.XsrfTokenValidator;
import com.atlassian.stash.exception.AuthorisationException;
import com.atlassian.stash.exception.NoSuchEntityException;
import com.atlassian.stash.exception.NoSuchProjectException;
import com.atlassian.stash.exception.NoSuchRepositoryException;
import com.atlassian.stash.exception.NoSuchUserException;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.internal.ssh.InternalSshKeyService;
import com.atlassian.stash.nav.NavBuilder;
import com.atlassian.stash.project.Project;
import com.atlassian.stash.project.ProjectService;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.repository.RepositoryService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionValidationService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.user.UserService;
import com.atlassian.stash.user.UserType;
import com.google.common.base.Strings;
import java.io.IOException;
import java.net.URI;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.springframework.transaction.support.DefaultTransactionDefinition;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:stash-ssh-3.10.2.jar:com/atlassian/stash/internal/ssh/servlet/SshKeysController.class */
public class SshKeysController extends HttpServlet {
    protected static final Pattern PROJECT_PATTERN = Pattern.compile("/projects/([^/]+)/keys(/add)?");
    protected static final Pattern REPO_PATTERN = Pattern.compile("/projects/([^/]+)/repos/([^/]+)/keys(/add)?");
    protected static final Pattern USER_ADMIN_PATTERN = Pattern.compile("/admin/users/([^/]+)/keys(/add)?");
    protected static final Pattern USER_PROFILE_PATTERN = Pattern.compile("/account/keys(/add)?");
    private final StashAuthenticationContext authenticationContext;
    private final AuthenticationController authenticationController;
    private final I18nService i18nService;
    private final InternalSshKeyService keyService;
    private final LoginUriProvider loginUriProvider;
    private final NavBuilder navBuilder;
    private final PermissionValidationService permissionValidationService;
    private final ProjectService projectService;
    private final RepositoryService repositoryService;
    private final UserService userService;
    private final XsrfTokenValidator xsrfTokenValidator;
    private final SshKeysRequestHandler addHandler;
    private final SshKeysRequestHandler notFoundHandler;
    private final SshKeysRequestHandler viewHandler;

    public SshKeysController(StashAuthenticationContext stashAuthenticationContext, AuthenticationController authenticationController, I18nService i18nService, InternalSshKeyService internalSshKeyService, LoginUriProvider loginUriProvider, NavBuilder navBuilder, PermissionValidationService permissionValidationService, ProjectService projectService, RepositoryService repositoryService, UserService userService, XsrfTokenValidator xsrfTokenValidator, SshKeysRequestHandler sshKeysRequestHandler, SshKeysRequestHandler sshKeysRequestHandler2, SshKeysRequestHandler sshKeysRequestHandler3) {
        this.authenticationContext = stashAuthenticationContext;
        this.addHandler = sshKeysRequestHandler;
        this.notFoundHandler = sshKeysRequestHandler2;
        this.viewHandler = sshKeysRequestHandler3;
        this.authenticationController = authenticationController;
        this.i18nService = i18nService;
        this.keyService = internalSshKeyService;
        this.loginUriProvider = loginUriProvider;
        this.navBuilder = navBuilder;
        this.permissionValidationService = permissionValidationService;
        this.projectService = projectService;
        this.repositoryService = repositoryService;
        this.userService = userService;
        this.xsrfTokenValidator = xsrfTokenValidator;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SshKeysRequest parseRequest = parseRequest(httpServletRequest);
        getHandler(parseRequest, httpServletRequest).get(parseRequest, httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!this.xsrfTokenValidator.validateFormEncodedToken(httpServletRequest)) {
            httpServletRequest.getRequestDispatcher(this.navBuilder.xsrfNotification().buildRelNoContext()).forward(httpServletRequest, httpServletResponse);
        } else {
            SshKeysRequest parseRequest = parseRequest(httpServletRequest);
            getHandler(parseRequest, httpServletRequest).post(parseRequest, httpServletRequest, httpServletResponse);
        }
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (this.authenticationController.shouldAttemptAuthentication(httpServletRequest)) {
            sendRedirectToLogin(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            super.service(httpServletRequest, httpServletResponse);
        } catch (AuthorisationException e) {
            httpServletResponse.sendError(401, e.getLocalizedMessage());
        } catch (NoSuchEntityException e2) {
            httpServletResponse.sendError(404, e2.getLocalizedMessage());
        }
    }

    private Project getProjectIfAdminOrThrow(String str) {
        Project byKey = this.projectService.getByKey(str);
        if (byKey == null) {
            this.permissionValidationService.validateAuthenticated();
            throw new NoSuchProjectException(this.i18nService.createKeyedMessage("stash.ssh.nosuchproject", str));
        }
        this.permissionValidationService.validateForProject(byKey, Permission.PROJECT_ADMIN);
        return byKey;
    }

    private Repository getRepositoryIfAdminOrThrow(String str, String str2) {
        Repository bySlug = this.repositoryService.getBySlug(str, str2);
        if (bySlug == null) {
            this.permissionValidationService.validateAuthenticated();
            throw new NoSuchRepositoryException(this.i18nService.createKeyedMessage("stash.ssh.nosuchrepo", str, str2), this.projectService.getByKey(str));
        }
        this.permissionValidationService.validateForRepository(bySlug, Permission.REPO_ADMIN);
        return bySlug;
    }

    private StashUser getUserIfCanEditKeysOrThrow(String str) {
        StashUser userBySlug = this.userService.getUserBySlug(str);
        if (userBySlug == null || userBySlug.getType() == UserType.SERVICE) {
            throw new NoSuchUserException(this.i18nService.createKeyedMessage("stash.ssh.nosuchuser", str), str);
        }
        if (this.keyService.canEditSshKeyForUser(userBySlug)) {
            return userBySlug;
        }
        throw new AuthorisationException(this.i18nService.createKeyedMessage("stash.ssh.keys.not.authorized", userBySlug.getName()));
    }

    private SshKeysRequest parseRequest(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (StringUtils.isBlank(pathInfo)) {
            return null;
        }
        SshKeyForm extractModel = extractModel(httpServletRequest);
        if (USER_PROFILE_PATTERN.matcher(pathInfo).matches() && this.authenticationContext.isAuthenticated()) {
            return new SshKeysRequest(false, null, null, this.authenticationContext.getCurrentUser(), extractModel);
        }
        Matcher matcher = USER_ADMIN_PATTERN.matcher(pathInfo);
        if (matcher.matches()) {
            return new SshKeysRequest(true, null, null, getUserIfCanEditKeysOrThrow(matcher.group(1)), extractModel);
        }
        Matcher matcher2 = REPO_PATTERN.matcher(pathInfo);
        if (matcher2.matches()) {
            return new SshKeysRequest(false, null, getRepositoryIfAdminOrThrow(matcher2.group(1), matcher2.group(2)), null, extractModel);
        }
        Matcher matcher3 = PROJECT_PATTERN.matcher(pathInfo);
        if (matcher3.matches()) {
            return new SshKeysRequest(false, getProjectIfAdminOrThrow(matcher3.group(1)), null, null, extractModel);
        }
        return null;
    }

    private void sendRedirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (!Strings.isNullOrEmpty(contextPath)) {
            requestURI = requestURI.substring(contextPath.length());
        }
        httpServletResponse.sendRedirect(this.loginUriProvider.getLoginUri(URI.create(requestURI)).toString());
    }

    private SshKeyForm extractModel(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("text");
        String parameter2 = httpServletRequest.getParameter(DefaultTransactionDefinition.READ_ONLY_MARKER);
        return new SshKeyForm(Strings.emptyToNull(parameter), parameter2 == null ? true : Boolean.valueOf(parameter2).booleanValue());
    }

    private SshKeysRequestHandler getHandler(SshKeysRequest sshKeysRequest, HttpServletRequest httpServletRequest) {
        return sshKeysRequest == null ? this.notFoundHandler : httpServletRequest.getPathInfo().endsWith("/add") ? this.addHandler : this.viewHandler;
    }
}
