package com.atlassian.stash.web;

import com.atlassian.event.api.EventPublisher;
import com.atlassian.stash.event.RepositoryPullEvent;
import com.atlassian.stash.event.RepositoryPushEvent;
import com.atlassian.stash.exception.ResourceBusyException;
import com.atlassian.stash.help.HelpPathService;
import com.atlassian.stash.i18n.I18nService;
import com.atlassian.stash.i18n.KeyedMessage;
import com.atlassian.stash.license.LicenseService;
import com.atlassian.stash.nav.NavBuilder;
import com.atlassian.stash.repository.Repository;
import com.atlassian.stash.repository.RepositoryService;
import com.atlassian.stash.repository.ScmType;
import com.atlassian.stash.server.ApplicationPropertiesService;
import com.atlassian.stash.throttle.ThrottleService;
import com.atlassian.stash.user.Permission;
import com.atlassian.stash.user.PermissionService;
import com.atlassian.stash.user.SecurityService;
import com.atlassian.stash.user.StashAuthenticationContext;
import com.atlassian.stash.user.StashUser;
import com.atlassian.stash.util.Operation;
import com.atlassian.stash.util.RequestUtils;
import com.atlassian.stash.web.cgi.CgiInputHandler;
import com.atlassian.stash.web.cgi.CgiOutputHandler;
import com.atlassian.utils.process.ExternalProcess;
import com.atlassian.utils.process.ExternalProcessBuilder;
import com.atlassian.utils.process.InputHandler;
import com.atlassian.utils.process.OutputHandler;
import com.atlassian.utils.process.PluggableProcessHandler;
import com.atlassian.utils.process.ProcessException;
import com.atlassian.utils.process.ProcessHandler;
import com.atlassian.utils.process.StringOutputHandler;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/stash/web/ManagedRepositoryServlet.class */
public abstract class ManagedRepositoryServlet extends HttpServlet {
    private static final long serialVersionUID = -7363095074307715696L;
    public static final String DEBUG_STREAM_KEY_PREFIX = "git.http.backend.debug.stream.";
    public static final String DEBUG_STREAM_KEY_REQUEST = "req";
    public static final String DEBUG_STREAM_KEY_RESPONSE = "resp";
    private static final Logger LOG = LoggerFactory.getLogger(ManagedRepositoryServlet.class);
    protected final StashAuthenticationContext authenticationContext;
    protected final EventPublisher eventPublisher;
    protected final I18nService i18nService;
    protected final LicenseService licenseService;
    protected final NavBuilder navBuilder;
    protected final PermissionService permissionService;
    protected final ApplicationPropertiesService propertiesService;
    protected final RepositoryService repositoryService;
    protected final SecurityService securityService;
    private final HelpPathService helpPathService;
    private final ThrottleService throttleService;

    /* loaded from: input_file:com/atlassian/stash/web/ManagedRepositoryServlet$RequestType.class */
    public enum RequestType {
        OTHER_READ(false, true),
        OTHER_WRITE(true, true),
        PUSH(true),
        PULL(false),
        UNSUPPORTED(false);

        private final boolean other;
        private final boolean write;

        RequestType(boolean z) {
            this(z, false);
        }

        RequestType(boolean z, boolean z2) {
            this.other = z2;
            this.write = z;
        }

        public boolean isOther() {
            return this.other;
        }

        public boolean isWrite() {
            return this.write;
        }
    }

    public ManagedRepositoryServlet(RepositoryService repositoryService, ApplicationPropertiesService applicationPropertiesService, PermissionService permissionService, SecurityService securityService, StashAuthenticationContext stashAuthenticationContext, LicenseService licenseService, NavBuilder navBuilder, EventPublisher eventPublisher, I18nService i18nService, ThrottleService throttleService, HelpPathService helpPathService) {
        this.authenticationContext = stashAuthenticationContext;
        this.eventPublisher = eventPublisher;
        this.helpPathService = helpPathService;
        this.i18nService = i18nService;
        this.licenseService = licenseService;
        this.navBuilder = navBuilder;
        this.permissionService = permissionService;
        this.propertiesService = applicationPropertiesService;
        this.repositoryService = repositoryService;
        this.securityService = securityService;
        this.throttleService = throttleService;
    }

    public abstract ScmType getType();

    protected abstract void addCommand(ExternalProcessBuilder externalProcessBuilder, String str, File file, Repository repository);

    protected InputHandler createInputHandler(HttpServletRequest httpServletRequest) {
        return new CgiInputHandler(httpServletRequest, getBackendProcessBufferSize(), isDebug());
    }

    protected OutputHandler createOutputHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new CgiOutputHandler(httpServletRequest, httpServletResponse, getBackendProcessBufferSize(), isDebug());
    }

    private void createScmProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Repository repository, String str, File file) throws ProcessException {
        try {
            PluggableProcessHandler pluggableProcessHandler = new PluggableProcessHandler();
            StringOutputHandler stringOutputHandler = new StringOutputHandler();
            pluggableProcessHandler.setErrorHandler(stringOutputHandler);
            pluggableProcessHandler.setInputHandler(createInputHandler(httpServletRequest));
            pluggableProcessHandler.setOutputHandler(createOutputHandler(httpServletRequest, httpServletResponse));
            ExternalProcessBuilder executionTimeout = new ExternalProcessBuilder().handler(pluggableProcessHandler).idleTimeout(getBackendProcessIdleTimeout()).executionTimeout(getBackendProcessExecutionTimeout());
            addCommand(executionTimeout, str, file, repository);
            setupStandardCgiEnv(executionTimeout, httpServletRequest, str);
            ExternalProcess build = executionTimeout.build();
            build.execute();
            processErrors(httpServletResponse, build, pluggableProcessHandler, stringOutputHandler.getOutput());
            if (isDebug()) {
                cleanupDebugging(httpServletRequest);
            }
        } catch (Throwable th) {
            if (isDebug()) {
                cleanupDebugging(httpServletRequest);
            }
            throw th;
        }
    }

    protected abstract String extractPathInfo(HttpServletRequest httpServletRequest, Repository repository);

    protected abstract long getBackendProcessIdleTimeout();

    protected abstract long getBackendProcessExecutionTimeout();

    protected abstract int getBackendProcessBufferSize();

    private Repository getRepository(final String str, final String str2) {
        if (StringUtils.isNotEmpty(str) && StringUtils.isNotEmpty(str2)) {
            return (Repository) this.securityService.doWithPermission(getClass().getSimpleName() + " - findRepositoryBySlug", Permission.REPO_READ, new Operation<Repository, RuntimeException>() { // from class: com.atlassian.stash.web.ManagedRepositoryServlet.1
                /* renamed from: perform, reason: merged with bridge method [inline-methods] */
                public Repository m5perform() {
                    return ManagedRepositoryServlet.this.repositoryService.findRepositoryBySlug(str, str2);
                }
            });
        }
        return null;
    }

    protected abstract String getRepositorySlug(HttpServletRequest httpServletRequest);

    protected abstract String getProjectKey(HttpServletRequest httpServletRequest);

    protected abstract RequestType getRequestType(HttpServletRequest httpServletRequest);

    protected abstract boolean isDebug();

    protected boolean isOperationComplete(RequestType requestType, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return true;
    }

    protected void processErrors(HttpServletResponse httpServletResponse, ExternalProcess externalProcess, ProcessHandler processHandler, String str) throws ProcessException {
        boolean z = !processHandler.succeeded();
        boolean z2 = !str.isEmpty();
        if (z) {
            StringBuilder append = new StringBuilder().append(getType()).append(" process '").append(externalProcess.getCommandLine()).append("' caused an exception");
            if (z2) {
                append.append("\nProcess's error output: ").append(str);
            }
            throw new ProcessException(append.toString(), processHandler.getException());
        }
        if (z2 && LOG.isDebugEnabled()) {
            LOG.debug(getType() + "'s process succeeded, but it logged this to the error console\n: " + str);
        }
    }

    protected final void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession session;
        HttpSession session2;
        HttpSession session3;
        HttpSession session4;
        HttpServletResponse unwrap = RequestUtils.unwrap(httpServletResponse);
        String projectKey = getProjectKey(httpServletRequest);
        String repositorySlug = getRepositorySlug(httpServletRequest);
        try {
            try {
                Repository repository = getRepository(projectKey, repositorySlug);
                RequestType requestType = getRequestType(httpServletRequest);
                RequestError validateRequest = validateRequest(repository, requestType);
                if (validateRequest != null) {
                    handleError(httpServletRequest, unwrap, requestType, repository, validateRequest);
                    String header = httpServletRequest.getHeader("authorization");
                    if (header == null || !header.toLowerCase().startsWith("basic") || (session4 = httpServletRequest.getSession(false)) == null) {
                        return;
                    }
                    session4.invalidate();
                    return;
                }
                invokeScmProcess(httpServletRequest, unwrap, repository);
                if (isOperationComplete(requestType, httpServletRequest, unwrap)) {
                    switch (requestType) {
                        case PUSH:
                            this.eventPublisher.publish(new RepositoryPushEvent(this, repository));
                            break;
                        case PULL:
                            this.eventPublisher.publish(new RepositoryPullEvent(this, repository));
                            break;
                    }
                }
                String header2 = httpServletRequest.getHeader("authorization");
                if (header2 == null || !header2.toLowerCase().startsWith("basic") || (session3 = httpServletRequest.getSession(false)) == null) {
                    return;
                }
                session3.invalidate();
            } catch (ProcessException e) {
                if (!unwrap.isCommitted()) {
                    unwrap.sendError(500);
                }
                LOG.error(String.format("Request for repo '%s' of project '%s' from '%s' failed: %s", repositorySlug, projectKey, RequestUtils.getRemoteHost(httpServletRequest), e.getMessage()));
                LOG.debug("process error: ", e);
                String header3 = httpServletRequest.getHeader("authorization");
                if (header3 == null || !header3.toLowerCase().startsWith("basic") || (session2 = httpServletRequest.getSession(false)) == null) {
                    return;
                }
                session2.invalidate();
            }
        } catch (Throwable th) {
            String header4 = httpServletRequest.getHeader("authorization");
            if (header4 != null && header4.toLowerCase().startsWith("basic") && (session = httpServletRequest.getSession(false)) != null) {
                session.invalidate();
            }
            throw th;
        }
    }

    protected final RequestError validateRequest(Repository repository, RequestType requestType) throws IOException {
        if (requestType == RequestType.UNSUPPORTED) {
            return RequestError.UNSUPPORTED;
        }
        if (repository == null) {
            return this.authenticationContext.getCurrentUser() == null ? RequestError.NO_AUTHENTICATION : RequestError.NO_REPOSITORY;
        }
        RequestError isAuthorised = isAuthorised(repository, requestType);
        if (isAuthorised == null) {
            if (repository.getScmType() != getType()) {
                isAuthorised = RequestError.WRONG_TYPE;
            } else if (!requestType.isWrite() || this.licenseService.getLicenseStatus() == null) {
                try {
                    this.throttleService.acquireTicket("scm-servlet");
                } catch (ResourceBusyException e) {
                    isAuthorised = RequestError.THROTTLED;
                }
            } else {
                isAuthorised = RequestError.LICENSE_LIMIT;
            }
        }
        return isAuthorised;
    }

    protected final void handleError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository, RequestError requestError) throws IOException {
        if (requestType == RequestType.UNSUPPORTED && RequestUtils.isUserAgentBrowser(httpServletRequest)) {
            handleBrowser(httpServletResponse, requestType, repository);
            return;
        }
        switch (requestError) {
            case INSUFFICIENT_PERMISSIONS:
                handleInsufficientPermissions(httpServletRequest, httpServletResponse, requestType, repository);
                return;
            case LICENSE_LIMIT:
                handleLicenseLimit(httpServletRequest, httpServletResponse, requestType, repository);
                return;
            case NO_AUTHENTICATION:
                handleNoAuthentication(httpServletRequest, httpServletResponse, requestType, repository);
                return;
            case NO_REPOSITORY:
                handleNoRepository(httpServletRequest, httpServletResponse, requestType);
                return;
            case THROTTLED:
                handleThrottledRequest(httpServletRequest, httpServletResponse, requestType, repository);
                return;
            case UNSUPPORTED:
                handleUnsupportedProtocol(httpServletRequest, httpServletResponse, requestType, repository);
                return;
            case WRONG_TYPE:
                handleWrongType(httpServletRequest, httpServletResponse, requestType, repository);
                break;
        }
        throw new IllegalArgumentException("Unknown error: " + requestError);
    }

    private void handleBrowser(HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        RequestError isAuthorised = isAuthorised(repository, requestType);
        if (isAuthorised == RequestError.NO_REPOSITORY || isAuthorised == RequestError.NO_AUTHENTICATION) {
            httpServletResponse.sendRedirect(this.navBuilder.buildRelative());
        } else {
            httpServletResponse.sendRedirect(this.navBuilder.repo(repository).buildRelative());
        }
    }

    protected void handleNoRepository(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType) throws IOException {
        httpServletResponse.setStatus(404);
        httpServletResponse.getWriter().write("The requested repository does not exist.");
    }

    protected void handleInsufficientPermissions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        httpServletResponse.setStatus(403);
        Object[] objArr = new Object[3];
        objArr[0] = requestType.isWrite() ? "write" : "read";
        objArr[1] = repository.getName();
        objArr[2] = repository.getProject().getName();
        httpServletResponse.getWriter().write(String.format("You have insufficient permissions to %s to repo '%s' of project '%s'", objArr));
    }

    protected void handleNoAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Atlassian Stash\"");
        httpServletResponse.setStatus(401);
        httpServletResponse.getWriter().write("You must be authenticated to use this service.");
    }

    protected void handleLicenseLimit(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        KeyedMessage licenseStatus = this.licenseService.getLicenseStatus();
        StashUser currentUser = this.authenticationContext.getCurrentUser();
        String displayName = currentUser == null ? "<anonymous>" : currentUser.getDisplayName();
        Object[] objArr = new Object[4];
        objArr[0] = repository.getName();
        objArr[1] = repository.getProject().getName();
        objArr[2] = displayName;
        objArr[3] = licenseStatus == null ? "" : licenseStatus.getRootMessage();
        LOG.error(String.format("Push to repo '%s' of project '%s' by '%s' rejected due to license status: %s", objArr));
        httpServletResponse.setStatus(402);
    }

    protected void handleThrottledRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        LOG.warn("Resource limits are being reached. A push, pull or clone command has been rejected. Consider configuring the limits: " + this.helpPathService.getHelpPageUrl("stash.help.scaling"));
        httpServletResponse.setStatus(503);
        httpServletResponse.setIntHeader("Retry-After", 60);
        httpServletResponse.flushBuffer();
    }

    protected abstract void handleUnsupportedProtocol(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException;

    protected void handleWrongType(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RequestType requestType, Repository repository) throws IOException {
        LOG.warn("{}: Repository {} is of type {}. This servlet only supports {}", new Object[]{getClass().getSimpleName(), repository.getName(), repository.getScmType(), getType()});
        httpServletResponse.setStatus(400);
        httpServletResponse.getWriter().write("Repository " + repository.getName() + " cannot be accessed via this URL");
    }

    private void invokeScmProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Repository repository) throws ProcessException {
        createScmProcess(httpServletRequest, httpServletResponse, repository, extractPathInfo(httpServletRequest, repository), this.propertiesService.getRepositoryDirectory(repository));
    }

    private void cleanupDebugging(HttpServletRequest httpServletRequest) {
        cleanupOutputStream(httpServletRequest, "git.http.backend.debug.stream.req");
        cleanupOutputStream(httpServletRequest, "git.http.backend.debug.stream.resp");
    }

    private void cleanupOutputStream(HttpServletRequest httpServletRequest, String str) {
        FileOutputStream fileOutputStream = (FileOutputStream) httpServletRequest.getAttribute(str);
        if (fileOutputStream != null) {
            try {
                fileOutputStream.close();
                httpServletRequest.removeAttribute(str);
            } catch (IOException e) {
                LOG.debug("Failed to close output stream to git-http-backend log file.", e);
            }
        }
    }

    private RequestError isAuthorised(Repository repository, RequestType requestType) {
        if (this.permissionService.hasRepositoryPermission(repository, requestType.isWrite() ? Permission.REPO_WRITE : Permission.REPO_READ)) {
            return null;
        }
        return this.authenticationContext.getCurrentUser() == null ? RequestError.NO_AUTHENTICATION : (requestType.isWrite() && this.permissionService.hasRepositoryPermission(repository, Permission.REPO_READ)) ? RequestError.INSUFFICIENT_PERMISSIONS : RequestError.NO_REPOSITORY;
    }

    private void setupStandardCgiEnv(ExternalProcessBuilder externalProcessBuilder, HttpServletRequest httpServletRequest, String str) {
        int contentLength = httpServletRequest.getContentLength();
        if (contentLength < 0) {
            contentLength = 0;
        }
        externalProcessBuilder.env("AUTH_TYPE", StringUtils.defaultString(httpServletRequest.getAuthType()));
        externalProcessBuilder.env("CONTENT_LENGTH", StringUtils.defaultString(Integer.toString(contentLength)));
        externalProcessBuilder.env("CONTENT_TYPE", StringUtils.defaultString(httpServletRequest.getContentType()));
        externalProcessBuilder.env("GATEWAY_INTERFACE", "CGI/1.1");
        if (str != null && str.length() > 0) {
            externalProcessBuilder.env("PATH_INFO", StringUtils.defaultString(str));
            externalProcessBuilder.env("SCRIPT_NAME", StringUtils.defaultString(str));
        }
        externalProcessBuilder.env("QUERY_STRING", StringUtils.defaultString(httpServletRequest.getQueryString()));
        externalProcessBuilder.env("REMOTE_ADDR", StringUtils.defaultString(httpServletRequest.getRemoteAddr()));
        externalProcessBuilder.env("REMOTE_HOST", StringUtils.defaultString(httpServletRequest.getRemoteHost()));
        externalProcessBuilder.env("REMOTE_USER", "");
        externalProcessBuilder.env("REQUEST_METHOD", StringUtils.defaultString(httpServletRequest.getMethod()));
        externalProcessBuilder.env("SERVER_NAME", StringUtils.defaultString(httpServletRequest.getServerName()));
        externalProcessBuilder.env("SERVER_PORT", StringUtils.defaultString(Integer.toString(httpServletRequest.getServerPort())));
        externalProcessBuilder.env("SERVER_PROTOCOL", StringUtils.defaultString(httpServletRequest.getProtocol()));
        externalProcessBuilder.env("SERVER_SOFTWARE", StringUtils.defaultString(getServletContext().getServerInfo()));
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str2 = (String) headerNames.nextElement();
            externalProcessBuilder.env("HTTP_" + str2.toUpperCase().replace('-', '_'), StringUtils.defaultString(httpServletRequest.getHeader(str2)));
        }
        externalProcessBuilder.env("HTTPS", httpServletRequest.isSecure() ? "ON" : "OFF");
    }
}
