package com.atlassian.templaterenderer.velocity.resource;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.plugin.internal.util.PluginUtils;
import com.atlassian.plugin.osgi.util.BundleClassLoaderAccessor;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.util.List;
import java.util.Objects;
import org.apache.commons.collections.ExtendedProperties;
import org.apache.velocity.exception.ResourceNotFoundException;
import org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader;
import org.apache.velocity.runtime.resource.loader.util.FileAllowlistHelper;
import org.apache.velocity.runtime.resource.loader.util.FileTypeAllowlistHelper;
import org.apache.velocity.runtime.util.ConfigUtil;
import org.apache.velocity.util.ClassUtils;
import org.apache.velocity.util.ExceptionUtils;
import org.osgi.framework.Bundle;

/* loaded from: input_file:META-INF/lib/atlassian-template-renderer-velocity-common-6.1.0.jar:com/atlassian/templaterenderer/velocity/resource/AtlassianClasspathResourceLoader.class */
public class AtlassianClasspathResourceLoader extends ClasspathResourceLoader {
    private FileAllowlistHelper fileAllowlistHelper = null;
    private FileTypeAllowlistHelper fileTypeAllowlistHelper = null;
    private List<String> trustedResourceProtocols = null;

    public void init(ExtendedProperties extendedProperties) {
        this.fileAllowlistHelper = new FileAllowlistHelper(this.rsvc);
        this.fileTypeAllowlistHelper = new FileTypeAllowlistHelper(this.rsvc, "classpath.resource.loader.filetype.allowlist");
        this.trustedResourceProtocols = ConfigUtil.getStrings(this.rsvc, "resource.loader.trusted.protocols");
        if (this.log.isTraceEnabled()) {
            this.log.trace("AtlassianClasspathResourceLoader : initialization complete.");
        }
    }

    public InputStream getResourceStream(String str) throws ResourceNotFoundException {
        if (Objects.isNull(str) || str.isBlank()) {
            throw new ResourceNotFoundException("No template name provided");
        }
        try {
            if (!this.trustedResourceProtocols.contains(ClassUtils.getResource(getClass(), str).getProtocol())) {
                if (!this.fileTypeAllowlistHelper.isValidFileType(str)) {
                    throw new ResourceNotFoundException("AtlassianClasspathResourceLoader : banned file type on template " + str);
                }
                if (!this.fileAllowlistHelper.isAllowed(str)) {
                    if (!PluginUtils.isAtlassianDevMode()) {
                        throw new ResourceNotFoundException("AtlassianClasspathResourceLoader : This template is not allowed: " + str);
                    }
                    if (!templateExistsInAOsgiPlugin(str, Thread.currentThread().getContextClassLoader())) {
                        this.log.error("Template is not on the allowlist, but it was asked to be loaded. If you just added the file, first re-install the plugin. The template was: " + str);
                        throw new ResourceNotFoundException("AtlassianClasspathResourceLoader : This template is not allowed: " + str);
                    }
                    this.log.debug("This template is not in the allowlist, but it exists inside of the plugin so we'll let it slide in dev mode, template is " + str);
                }
            }
            InputStream resourceAsStream = ClassUtils.getResourceAsStream(getClass(), str);
            if (Objects.isNull(resourceAsStream)) {
                throw new ResourceNotFoundException("AtlassianClasspathResourceLoader Error: cannot find resource " + str);
            }
            return resourceAsStream;
        } catch (Exception e) {
            throw ExceptionUtils.createWithCause(ResourceNotFoundException.class, "problem with template: " + str, e);
        }
    }

    @VisibleForTesting
    static boolean templateExistsInAOsgiPlugin(String str, ClassLoader classLoader) {
        if (!(classLoader.getClass().getCanonicalName().startsWith(BundleClassLoaderAccessor.class.getCanonicalName()) || classLoader.getClass().getCanonicalName().startsWith("com.atlassian.templaterenderer.BundleClassLoaderAccessor"))) {
            return false;
        }
        try {
            Field declaredField = classLoader.getClass().getDeclaredField("bundle");
            declaredField.setAccessible(true);
            Bundle bundle = (Bundle) declaredField.get(classLoader);
            if (bundle.getBundleId() == 0) {
                return false;
            }
            return !Objects.isNull(bundle.getResource(str));
        } catch (IllegalAccessException | NoSuchFieldException e) {
            throw new RuntimeException(e);
        }
    }
}
