package net.bull.javamelody;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:net/bull/javamelody/JiraMonitoringFilter.class */
public class JiraMonitoringFilter extends MonitoringFilter {
    private static final int SYSTEM_ADMIN = 44;
    private static final String LOGGED_IN_KEY = "seraph_defaultauthenticator_user";
    private boolean jira = true;

    @Override // net.bull.javamelody.MonitoringFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            super.doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this.jira && httpServletRequest.getRequestURI().equals(getMonitoringUrl(httpServletRequest))) {
            try {
                Object user = getUser(httpServletRequest);
                if (user == null) {
                    ((HttpServletResponse) servletResponse).sendRedirect("login.jsp?os_destination=" + getMonitoringUrl(httpServletRequest).substring(httpServletRequest.getContextPath().length()));
                    return;
                } else if (!hasSystemAdminPermission(user)) {
                    ((HttpServletResponse) servletResponse).sendError(403, "Forbidden access");
                    return;
                }
            } catch (ClassNotFoundException e) {
                this.jira = false;
            }
        }
        super.doFilter(servletRequest, servletResponse, filterChain);
    }

    private static boolean hasSystemAdminPermission(Object obj) throws ClassNotFoundException {
        if (obj == null) {
            return false;
        }
        Class<?> cls = Class.forName("com.atlassian.jira.ManagerFactory");
        Class<?> cls2 = Class.forName("com.opensymphony.user.User");
        try {
            Object invoke = cls.getMethod("getPermissionManager", new Class[0]).invoke(null, new Object[0]);
            return ((Boolean) invoke.getClass().getMethod("hasPermission", Integer.TYPE, cls2).invoke(invoke, Integer.valueOf(SYSTEM_ADMIN), obj)).booleanValue();
        } catch (IllegalAccessException e) {
            throw new IllegalStateException(e);
        } catch (NoSuchMethodException e2) {
            throw new IllegalStateException(e2);
        } catch (SecurityException e3) {
            throw new IllegalStateException(e3);
        } catch (InvocationTargetException e4) {
            throw new IllegalStateException(e4);
        }
    }

    private static Object getUser(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        return session.getAttribute(LOGGED_IN_KEY);
    }
}
