package org.sonatype.nexus.security.filter.authz;

import ch.qos.logback.classic.spi.CallerData;
import com.google.common.base.Strings;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.sonatype.nexus.proxy.AccessDeniedException;
import org.sonatype.nexus.proxy.ItemNotFoundException;
import org.sonatype.nexus.proxy.RequestContext;
import org.sonatype.nexus.proxy.ResourceStoreRequest;
import org.sonatype.nexus.proxy.access.Action;
import org.sonatype.nexus.proxy.router.RepositoryRouter;
import org.sonatype.sisu.goodies.common.Loggers;

/* loaded from: input_file:WEB-INF/lib/nexus-core-2.14.18-01.jar:org/sonatype/nexus/security/filter/authz/NexusTargetMappingAuthorizationFilter.class */
public class NexusTargetMappingAuthorizationFilter extends AbstractNexusAuthorizationFilter {
    private static final String ACTION_KEY = NexusTargetMappingAuthorizationFilter.class.getName() + ".action";
    private static final Logger log = Loggers.getLogger(NexusTargetMappingAuthorizationFilter.class);

    @Inject
    private RepositoryRouter rootRouter;
    private String pathReplacement;

    public String getPathReplacement() {
        if (this.pathReplacement == null) {
            this.pathReplacement = "";
        }
        return this.pathReplacement;
    }

    public void setPathReplacement(String str) {
        this.pathReplacement = str;
    }

    @Nullable
    private String getResourceStorePath(ServletRequest servletRequest) {
        String pathWithinApplication = WebUtils.getPathWithinApplication((HttpServletRequest) servletRequest);
        if (getPathPrefix() != null) {
            Pattern pathPrefixPattern = getPathPrefixPattern();
            Matcher matcher = pathPrefixPattern.matcher(pathWithinApplication);
            if (!matcher.matches()) {
                log.warn(formatMessage(servletRequest, "Cannot translate request to Nexus repository path, expected pattern {}"), pathPrefixPattern);
                return null;
            }
            pathWithinApplication = getPathReplacement();
            if (pathWithinApplication.contains("@1")) {
                pathWithinApplication = pathWithinApplication.replaceAll("@1", Matcher.quoteReplacement(matcher.group(1)));
            }
            if (pathWithinApplication.contains("@2")) {
                pathWithinApplication = pathWithinApplication.replaceAll("@2", Matcher.quoteReplacement(matcher.group(2)));
            }
        }
        return pathWithinApplication;
    }

    @Nullable
    private ResourceStoreRequest getResourceStoreRequest(ServletRequest servletRequest, boolean z) {
        String resourceStorePath = getResourceStorePath(servletRequest);
        if (resourceStorePath == null) {
            return null;
        }
        ResourceStoreRequest resourceStoreRequest = new ResourceStoreRequest(resourceStorePath, z, false);
        resourceStoreRequest.getRequestContext().put(RequestContext.CTX_AUTH_CHECK_ONLY, (Object) true);
        return resourceStoreRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
    public String getHttpMethodAction(ServletRequest servletRequest) {
        if (servletRequest.getAttribute(ACTION_KEY) == null) {
            String lowerCase = ((HttpServletRequest) servletRequest).getMethod().toLowerCase();
            if ("put".equals(lowerCase)) {
                try {
                    ResourceStoreRequest resourceStoreRequest = getResourceStoreRequest(servletRequest, true);
                    if (resourceStoreRequest != null) {
                        this.rootRouter.retrieveItem(resourceStoreRequest);
                    }
                } catch (AccessDeniedException e) {
                    lowerCase = "post";
                } catch (ItemNotFoundException e2) {
                    lowerCase = "post";
                } catch (Exception e3) {
                    throw new IllegalStateException(formatMessage(servletRequest, "Cannot translate request to Nexus action"), e3);
                }
            }
            servletRequest.setAttribute(ACTION_KEY, super.getHttpMethodAction(lowerCase));
        }
        return (String) servletRequest.getAttribute(ACTION_KEY);
    }

    @Override // org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter, org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter, org.apache.shiro.web.filter.AccessControlFilter
    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws IOException {
        if (obj != null && !super.isAccessAllowed(servletRequest, servletResponse, obj)) {
            return false;
        }
        String httpMethodAction = getHttpMethodAction(servletRequest);
        try {
            Action valueOf = Action.valueOf(httpMethodAction);
            ResourceStoreRequest resourceStoreRequest = getResourceStoreRequest(servletRequest, false);
            if (resourceStoreRequest != null) {
                if (this.rootRouter.authorizePath(resourceStoreRequest, valueOf)) {
                    return true;
                }
            }
            return false;
        } catch (IllegalArgumentException e) {
            log.warn(formatMessage(servletRequest, "Cannot translate Shiro action '{}' to Nexus action"), httpMethodAction);
            return false;
        }
    }

    private String formatMessage(ServletRequest servletRequest, String str) {
        StringBuilder sb = new StringBuilder(str);
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            sb.append(", request: ").append(httpServletRequest.getMethod()).append(" ").append(httpServletRequest.getRequestURL());
            String queryString = httpServletRequest.getQueryString();
            if (!Strings.isNullOrEmpty(queryString)) {
                sb.append(CallerData.NA).append(queryString);
            }
        }
        return sb.toString();
    }
}
