package net.bull.javamelody;

import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/lib/javamelody-core-1.55.0.jar:net/bull/javamelody/JiraMonitoringFilter.class */
public class JiraMonitoringFilter extends PluginMonitoringFilter {
    private static final int SYSTEM_ADMIN = 44;
    private static final String LOGGED_IN_KEY = "seraph_defaultauthenticator_user";
    private final boolean jira = isJira();
    private final boolean confluence = isConfluence();
    private final boolean bamboo = isBamboo();
    private boolean confluenceGetUserByNameExists = true;
    private static final boolean PLUGIN_AUTHENTICATION_DISABLED = Boolean.parseBoolean(System.getProperty("javamelody.plugin-authentication-disabled"));
    private static final List<String> JIRA_USER_CLASSES = Arrays.asList("com.atlassian.jira.user.ApplicationUser", "com.atlassian.crowd.embedded.api.User", "com.opensymphony.user.User");

    @Override // net.bull.javamelody.PluginMonitoringFilter, net.bull.javamelody.MonitoringFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        if (this.jira) {
            LOG.debug("JavaMelody is monitoring JIRA");
        } else if (this.confluence) {
            LOG.debug("JavaMelody is monitoring Confluence");
        } else if (this.bamboo) {
            LOG.debug("JavaMelody is monitoring Bamboo");
        } else {
            LOG.debug("JavaMelody is monitoring unknown, access to monitoring reports is not secured by JavaMelody");
        }
        if (PLUGIN_AUTHENTICATION_DISABLED) {
            LOG.debug("Authentication for monitoring reports has been disabled");
        }
        if (System.getProperty("javamelody.analytics-disabled") == null && filterConfig.getServletContext().getInitParameter("javamelody.analytics-disabled") == null) {
            return;
        }
        System.setProperty("javamelody.analytics-id", "disabled");
    }

    @Override // net.bull.javamelody.PluginMonitoringFilter, net.bull.javamelody.MonitoringFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            super.doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getRequestURI().equals(getMonitoringUrl(httpServletRequest)) && hasNotPermission(httpServletRequest, httpServletResponse)) {
            return;
        }
        putRemoteUserInSession(httpServletRequest);
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    private void putRemoteUserInSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null || session.getAttribute("javamelody.remoteUser") != null) {
            return;
        }
        try {
            Object user = getUser(session);
            if (user instanceof Principal) {
                session.setAttribute("javamelody.remoteUser", ((Principal) user).getName());
            }
        } catch (Exception e) {
        }
    }

    private boolean hasNotPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return !PLUGIN_AUTHENTICATION_DISABLED && ((this.jira && !checkJiraAdminPermission(httpServletRequest, httpServletResponse)) || ((this.confluence && !checkConfluenceAdminPermission(httpServletRequest, httpServletResponse)) || (this.bamboo && !checkBambooAdminPermission(httpServletRequest, httpServletResponse))));
    }

    private boolean checkJiraAdminPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Object user = getUser(httpServletRequest);
        if (user == null) {
            httpServletResponse.sendRedirect("login.jsp?os_destination=" + getMonitoringUrl(httpServletRequest).substring(httpServletRequest.getContextPath().length()));
            return false;
        }
        if (hasJiraSystemAdminPermission(user)) {
            return true;
        }
        httpServletResponse.sendError(403, "Forbidden access");
        return false;
    }

    private boolean checkConfluenceAdminPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Object user = getUser(httpServletRequest);
        if (user == null) {
            httpServletResponse.sendRedirect("login.action?os_destination=" + getMonitoringUrl(httpServletRequest).substring(httpServletRequest.getContextPath().length()));
            return false;
        }
        if (hasConfluenceAdminPermission(user)) {
            return true;
        }
        httpServletResponse.sendError(403, "Forbidden access");
        return false;
    }

    private boolean checkBambooAdminPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Object user = getUser(httpServletRequest);
        if (user == null) {
            httpServletResponse.sendRedirect("userlogin!default.action?os_destination=" + getMonitoringUrl(httpServletRequest).substring(httpServletRequest.getContextPath().length()));
            return false;
        }
        if (hasBambooAdminPermission(user)) {
            return true;
        }
        httpServletResponse.sendError(403, "Forbidden access");
        return false;
    }

    private static boolean hasJiraSystemAdminPermission(Object obj) {
        try {
            Object invoke = Class.forName("com.atlassian.jira.ManagerFactory").getMethod("getPermissionManager", new Class[0]).invoke(null, new Object[0]);
            Exception exc = null;
            Iterator<String> it = JIRA_USER_CLASSES.iterator();
            while (it.hasNext()) {
                try {
                    return ((Boolean) invoke.getClass().getMethod("hasPermission", Integer.TYPE, Class.forName(it.next())).invoke(invoke, 44, obj)).booleanValue();
                } catch (Exception e) {
                    if (exc == null) {
                        exc = e;
                    }
                }
            }
            throw exc;
        } catch (Exception e2) {
            throw new IllegalStateException(e2);
        }
    }

    private static boolean hasConfluenceAdminPermission(Object obj) {
        try {
            Class<?> cls = Class.forName("com.atlassian.spring.container.ContainerManager");
            Class<?> cls2 = Class.forName("com.atlassian.user.User");
            Object invoke = cls.getMethod("getComponent", String.class).invoke(null, "permissionManager");
            return ((Boolean) invoke.getClass().getMethod("isConfluenceAdministrator", cls2).invoke(invoke, obj)).booleanValue();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private static boolean hasBambooAdminPermission(Object obj) {
        Boolean bool;
        try {
            Object invoke = Class.forName("com.atlassian.spring.container.ContainerManager").getMethod("getComponent", String.class).invoke(null, "bambooPermissionManager");
            try {
                bool = (Boolean) invoke.getClass().getMethod("isSystemAdmin", String.class).invoke(invoke, obj.toString());
            } catch (NoSuchMethodException e) {
                bool = (Boolean) invoke.getClass().getMethod("hasPermission", String.class, String.class, Object.class).invoke(invoke, obj.toString(), "ADMIN", Class.forName("com.atlassian.bamboo.security.GlobalApplicationSecureObject").getField("INSTANCE").get(null));
            }
            return bool.booleanValue();
        } catch (Exception e2) {
            throw new IllegalStateException(e2);
        }
    }

    private Object getUser(HttpServletRequest httpServletRequest) {
        return getUser(httpServletRequest.getSession(false));
    }

    private Object getUser(HttpSession httpSession) {
        if (httpSession == null) {
            return null;
        }
        Object attribute = httpSession.getAttribute(LOGGED_IN_KEY);
        if (this.confluence) {
            if (attribute != null && "com.atlassian.confluence.user.SessionSafePrincipal".equals(attribute.getClass().getName())) {
                String obj = attribute.toString();
                try {
                    Object invoke = Class.forName("com.atlassian.spring.container.ContainerManager").getMethod("getComponent", String.class).invoke(null, "userAccessor");
                    attribute = invoke.getClass().getMethod("getUser", String.class).invoke(invoke, obj);
                } catch (Exception e) {
                    throw new IllegalStateException(e);
                }
            } else if ((attribute instanceof Principal) && this.confluenceGetUserByNameExists) {
                String name = ((Principal) attribute).getName();
                try {
                    Object invoke2 = Class.forName("com.atlassian.spring.container.ContainerManager").getMethod("getComponent", String.class).invoke(null, "userAccessor");
                    try {
                        attribute = invoke2.getClass().getMethod("getUserByName", String.class).invoke(invoke2, name);
                    } catch (NoSuchMethodException e2) {
                        this.confluenceGetUserByNameExists = false;
                    }
                } catch (Exception e3) {
                    throw new IllegalStateException(e3);
                }
            }
        }
        return attribute;
    }

    private static boolean isJira() {
        try {
            Class.forName("com.atlassian.jira.ManagerFactory");
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    private static boolean isConfluence() {
        try {
            Class.forName("com.atlassian.confluence.security.PermissionManager");
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }

    private static boolean isBamboo() {
        try {
            Class.forName("com.atlassian.bamboo.security.BambooPermissionManager");
            return true;
        } catch (ClassNotFoundException e) {
            return false;
        }
    }
}
