package jetbrains.youtrack.webapp.filters;

import com.intellij.hub.auth.OAuthException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.List;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.UriInfo;
import jetbrains.charisma.authentication.LoginContext;
import jetbrains.charisma.user.XdApiKey;
import jetbrains.charisma.user.apiKey.ApiKeyImpl;
import jetbrains.exodus.database.TransientEntityStore;
import jetbrains.exodus.database.TransientStoreSession;
import jetbrains.exodus.entitystore.Entity;
import jetbrains.exodus.entitystore.QueryCancellingPolicy;
import jetbrains.mps.webr.rpc.rest.provider.exception.UnauthorizedException;
import jetbrains.teamsys.dnq.runtime.util.DnqUtils;
import jetbrains.youtrack.api.l10n.BeansKt;
import jetbrains.youtrack.persistent.XdUser;
import jetbrains.youtrack.rest.AuthIgnoredResourceAnalyzer;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.text.StringsKt;
import kotlinx.dnq.XdExtensionsKt;
import mu.KLogging;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import webr.framework.controller.BaseApplication;

/* compiled from: RESTLoginRequestFilter.kt */
@PreMatching
@Metadata(mv = {1, 1, 13}, bv = {1, 0, 3}, k = 1, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0007\u0018�� \r2\u00020\u0001:\u0001\rB\u0005¢\u0006\u0002\u0010\u0002J\u0012\u0010\t\u001a\u00020\n2\b\u0010\u000b\u001a\u0004\u0018\u00010\fH\u0016R\u001e\u0010\u0003\u001a\u00020\u00048\u0006@\u0006X\u0087.¢\u0006\u000e\n��\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\b¨\u0006\u000e"}, d2 = {"Ljetbrains/youtrack/webapp/filters/RESTLoginRequestFilter;", "Ljavax/ws/rs/container/ContainerRequestFilter;", "()V", "authIgnoredResourceAnalyzer", "Ljetbrains/youtrack/rest/AuthIgnoredResourceAnalyzer;", "getAuthIgnoredResourceAnalyzer", "()Ljetbrains/youtrack/rest/AuthIgnoredResourceAnalyzer;", "setAuthIgnoredResourceAnalyzer", "(Ljetbrains/youtrack/rest/AuthIgnoredResourceAnalyzer;)V", "filter", "", "req", "Ljavax/ws/rs/container/ContainerRequestContext;", "Companion", "youtrack-webapp"})
@Service("restLoginFilter")
/* loaded from: input_file:jetbrains/youtrack/webapp/filters/RESTLoginRequestFilter.class */
public final class RESTLoginRequestFilter implements ContainerRequestFilter {

    @Autowired
    @NotNull
    public AuthIgnoredResourceAnalyzer authIgnoredResourceAnalyzer;

    @NotNull
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String API_KEY_HEADER = "X-YouTrack-ApiKey";
    private static final String API_KEY_PARAM = "apiKey";
    public static final Companion Companion = new Companion(null);

    /* compiled from: RESTLoginRequestFilter.kt */
    @Metadata(mv = {1, 1, 13}, bv = {1, 0, 3}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0012\u0010\u0007\u001a\u0004\u0018\u00010\u00042\u0006\u0010\b\u001a\u00020\tH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��¨\u0006\n"}, d2 = {"Ljetbrains/youtrack/webapp/filters/RESTLoginRequestFilter$Companion;", "Lmu/KLogging;", "()V", "API_KEY_HEADER", "", "API_KEY_PARAM", "AUTHORIZATION_HEADER", "getApiKey", "req", "Ljavax/ws/rs/container/ContainerRequestContext;", "youtrack-webapp"})
    /* loaded from: input_file:jetbrains/youtrack/webapp/filters/RESTLoginRequestFilter$Companion.class */
    public static final class Companion extends KLogging {
        /* JADX INFO: Access modifiers changed from: private */
        public final String getApiKey(ContainerRequestContext containerRequestContext) {
            String headerString = containerRequestContext.getHeaderString(RESTLoginRequestFilter.API_KEY_HEADER);
            if (headerString != null) {
                return headerString;
            }
            UriInfo uriInfo = containerRequestContext.getUriInfo();
            Intrinsics.checkExpressionValueIsNotNull(uriInfo, "req.uriInfo");
            return (String) uriInfo.getQueryParameters().getFirst(RESTLoginRequestFilter.API_KEY_PARAM);
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @NotNull
    public final AuthIgnoredResourceAnalyzer getAuthIgnoredResourceAnalyzer() {
        AuthIgnoredResourceAnalyzer authIgnoredResourceAnalyzer = this.authIgnoredResourceAnalyzer;
        if (authIgnoredResourceAnalyzer == null) {
            Intrinsics.throwUninitializedPropertyAccessException("authIgnoredResourceAnalyzer");
        }
        return authIgnoredResourceAnalyzer;
    }

    public final void setAuthIgnoredResourceAnalyzer(@NotNull AuthIgnoredResourceAnalyzer authIgnoredResourceAnalyzer) {
        Intrinsics.checkParameterIsNotNull(authIgnoredResourceAnalyzer, "<set-?>");
        this.authIgnoredResourceAnalyzer = authIgnoredResourceAnalyzer;
    }

    public void filter(@Nullable final ContainerRequestContext containerRequestContext) {
        if (containerRequestContext != null && !StringsKt.equals("OPTIONS", containerRequestContext.getMethod(), true)) {
            final String apiKey = Companion.getApiKey(containerRequestContext);
            final Ref.ObjectRef objectRef = new Ref.ObjectRef();
            objectRef.element = (XdUser) null;
            final String headerString = containerRequestContext.getHeaderString(AUTHORIZATION_HEADER);
            if (apiKey != null) {
                TransientEntityStore.DefaultImpls.transactional$default(DnqUtils.getTransientStore(), false, (QueryCancellingPolicy) null, false, new Function1<TransientStoreSession, String>() { // from class: jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$filter$$inlined$transactional$1
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(1);
                    }

                    public final String invoke(@NotNull TransientStoreSession transientStoreSession) {
                        XdApiKey xd;
                        Intrinsics.checkParameterIsNotNull(transientStoreSession, "it");
                        UriInfo uriInfo = containerRequestContext.getUriInfo();
                        Intrinsics.checkExpressionValueIsNotNull(uriInfo, "req.uriInfo");
                        String path = uriInfo.getPath();
                        String str = path;
                        if ((str == null || StringsKt.isBlank(str)) || !StringsKt.startsWith(path, "vcshooksreceiver", true)) {
                            throw new ForbiddenException(BeansKt.getLocalizer().localizedMsg("YouTrackCorsContainerResponseFilter.An_API_key_can_only_be_used_for_VCS_hooks", new Object[0]));
                        }
                        Entity find = ApiKeyImpl.find(apiKey);
                        if (find == null || (xd = XdExtensionsKt.toXd(find)) == null) {
                            throw new ForbiddenException(BeansKt.getLocalizer().localizedMsg("RESTLoginRequestFilter.Unknown_api_key", new Object[0]));
                        }
                        objectRef.element = xd.getOwner();
                        return (String) BaseApplication.setSessionField("SessionOrigin", "API key");
                    }
                }, 7, (Object) null);
            } else {
                try {
                    final Entity resolveUserByAuthHeader = jetbrains.charisma.persistent.BeansKt.getHubUuidResolver().resolveUserByAuthHeader(headerString);
                    if (resolveUserByAuthHeader != null) {
                    }
                } catch (OAuthException e) {
                    String str = "Got invalid Hub token: " + headerString + ". Error: " + e.getOAuthError().getDeveloperMessage();
                    Companion.getLogger().warn(str);
                    throw new NotAuthorizedException(str, new Object[0]);
                }
            }
            TransientEntityStore.DefaultImpls.transactional$default(DnqUtils.getTransientStore(), false, (QueryCancellingPolicy) null, false, new Function1<TransientStoreSession, Unit>() { // from class: jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$filter$$inlined$transactional$2
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                public final Unit invoke(@NotNull TransientStoreSession transientStoreSession) {
                    Intrinsics.checkParameterIsNotNull(transientStoreSession, "it");
                    if (((XdUser) objectRef.element) == null && headerString != null && StringsKt.startsWith$default(headerString, "Basic ", false, 2, (Object) null)) {
                        String str2 = headerString;
                        int length = "Basic ".length();
                        if (str2 == null) {
                            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
                        }
                        String substring = str2.substring(length);
                        Intrinsics.checkExpressionValueIsNotNull(substring, "(this as java.lang.String).substring(startIndex)");
                        byte[] decode = Base64.getDecoder().decode(substring);
                        Intrinsics.checkExpressionValueIsNotNull(decode, "Base64.getDecoder().decode(authString)");
                        Charset charset = StandardCharsets.UTF_8;
                        Intrinsics.checkExpressionValueIsNotNull(charset, "StandardCharsets.UTF_8");
                        List split$default = StringsKt.split$default(new String(decode, charset), new String[]{":"}, false, 0, 6, (Object) null);
                        if (split$default.size() == 2) {
                            LoginContext loginContext = new LoginContext((String) CollectionsKt.first(split$default), (String) CollectionsKt.last(split$default));
                            Ref.ObjectRef objectRef2 = objectRef;
                            Entity authorize = jetbrains.charisma.persistent.BeansKt.getAuthenticationManager().authorize(loginContext);
                            objectRef2.element = authorize != null ? (XdUser) XdExtensionsKt.toXd(authorize) : null;
                        }
                    }
                    return Unit.INSTANCE;
                }
            }, 7, (Object) null);
            TransientEntityStore.DefaultImpls.transactional$default(DnqUtils.getTransientStore(), false, (QueryCancellingPolicy) null, false, new Function1<TransientStoreSession, Unit>() { // from class: jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$filter$$inlined$transactional$3
                /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                {
                    super(1);
                }

                public final Unit invoke(@NotNull TransientStoreSession transientStoreSession) {
                    Entity loggedInUserOrNull;
                    Intrinsics.checkParameterIsNotNull(transientStoreSession, "it");
                    if (((XdUser) objectRef.element) == null) {
                        Ref.ObjectRef objectRef2 = objectRef;
                        UriInfo uriInfo = containerRequestContext.getUriInfo();
                        Intrinsics.checkExpressionValueIsNotNull(uriInfo, "req.uriInfo");
                        String path = uriInfo.getPath();
                        Intrinsics.checkExpressionValueIsNotNull(path, "req.uriInfo.path");
                        if (StringsKt.endsWith$default(path, "/workflows/import", false, 2, (Object) null)) {
                            loggedInUserOrNull = jetbrains.charisma.service.BeansKt.getUserService().getGuest();
                        } else {
                            loggedInUserOrNull = jetbrains.charisma.persistent.BeansKt.getLoggedInUserOrNull();
                            if (loggedInUserOrNull == null) {
                                loggedInUserOrNull = jetbrains.charisma.service.BeansKt.getUserService().getGuest();
                            }
                        }
                        Intrinsics.checkExpressionValueIsNotNull(loggedInUserOrNull, "if (req.uriInfo.path.end…est\n                    }");
                        objectRef2.element = XdExtensionsKt.toXd(loggedInUserOrNull);
                    }
                    XdUser xdUser = (XdUser) objectRef.element;
                    if (xdUser == null) {
                        return null;
                    }
                    if (!xdUser.getBanned() || RESTLoginRequestFilter.this.getAuthIgnoredResourceAnalyzer().isAnonymousAccessAllowed(containerRequestContext)) {
                        jetbrains.charisma.main.BeansKt.getSecurityNavigator().login(xdUser.getEntity(), false);
                        return Unit.INSTANCE;
                    }
                    if (xdUser.isGuest()) {
                        throw new UnauthorizedException("You are not logged in.");
                    }
                    throw new ForbiddenException(BeansKt.getLocalizer().localizedMsg("User_is_banned", new Object[0]));
                }
            }, 7, (Object) null);
        }
        Companion.getLogger().debug(new Function0<String>() { // from class: jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$filter$5
            /* JADX WARN: Removed duplicated region for block: B:8:0x0036  */
            @org.jetbrains.annotations.NotNull
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public final java.lang.String invoke() {
                /*
                    r4 = this;
                    java.lang.StringBuilder r0 = new java.lang.StringBuilder
                    r1 = r0
                    java.lang.String r2 = "Rest request: "
                    r1.<init>(r2)
                    r1 = r4
                    javax.ws.rs.container.ContainerRequestContext r1 = r4
                    r2 = r1
                    if (r2 == 0) goto L22
                    javax.ws.rs.core.UriInfo r1 = r1.getUriInfo()
                    r2 = r1
                    if (r2 == 0) goto L22
                    java.net.URI r1 = r1.getRequestUri()
                    goto L24
                L22:
                    r1 = 0
                L24:
                    java.lang.StringBuilder r0 = r0.append(r1)
                    r5 = r0
                    jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$Companion r0 = jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter.Companion
                    mu.KLogger r0 = r0.getLogger()
                    boolean r0 = r0.isTraceEnabled()
                    if (r0 == 0) goto L56
                    r0 = r5
                    r1 = r0
                    java.lang.String r2 = "builder"
                    kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r1, r2)
                    java.lang.StringBuilder r0 = kotlin.text.StringsKt.appendln(r0)
                    r1 = r4
                    javax.ws.rs.container.ContainerRequestContext r1 = r4
                    r2 = r1
                    if (r2 == 0) goto L50
                    javax.ws.rs.core.MultivaluedMap r1 = r1.getHeaders()
                    goto L52
                L50:
                    r1 = 0
                L52:
                    java.lang.StringBuilder r0 = r0.append(r1)
                L56:
                    r0 = r5
                    java.lang.String r0 = r0.toString()
                    return r0
                */
                throw new UnsupportedOperationException("Method not decompiled: jetbrains.youtrack.webapp.filters.RESTLoginRequestFilter$filter$5.invoke():java.lang.String");
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }
        });
    }
}
