package com.atlassian.connect.spring.internal.auth;

import com.atlassian.connect.spring.AtlassianHostUser;
import com.atlassian.connect.spring.IgnoreJwt;
import com.atlassian.connect.spring.internal.descriptor.AddonDescriptorLoader;
import java.lang.annotation.Annotation;
import javax.servlet.DispatcherType;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:com/atlassian/connect/spring/internal/auth/RequireAuthenticationHandlerInterceptor.class */
public class RequireAuthenticationHandlerInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = LoggerFactory.getLogger(RequireAuthenticationHandlerInterceptor.class);

    @Autowired
    private AddonDescriptorLoader addonDescriptorLoader;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!isApplicableDispatcherType(httpServletRequest) || !handlerRequiresJwtAuthentication(obj) || requestIsSigned()) {
            return true;
        }
        log.info("Rejected incoming request for controller requiring JWT authentication ({} {})", httpServletRequest.getMethod(), httpServletRequest.getRequestURI());
        httpServletResponse.addHeader("WWW-Authenticate", String.format("JWT realm=\"%s\"", this.addonDescriptorLoader.getDescriptor().getKey()));
        httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value());
        return false;
    }

    private boolean handlerRequiresJwtAuthentication(Object obj) {
        return (obj instanceof HandlerMethod) && !handlerHasAnnotation((HandlerMethod) obj, IgnoreJwt.class);
    }

    private <T extends Annotation> boolean handlerHasAnnotation(HandlerMethod handlerMethod, Class<T> cls) {
        return handlerMethod.getMethod().isAnnotationPresent(cls) || handlerMethod.getBeanType().isAnnotationPresent(cls);
    }

    private boolean requestIsSigned() {
        boolean z = false;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null) {
            z = authentication.isAuthenticated() && (authentication.getPrincipal() instanceof AtlassianHostUser);
        }
        return z;
    }

    private boolean isApplicableDispatcherType(HttpServletRequest httpServletRequest) {
        DispatcherType dispatcherType = httpServletRequest.getDispatcherType();
        return (dispatcherType.equals(DispatcherType.ASYNC) || dispatcherType.equals(DispatcherType.ERROR)) ? false : true;
    }
}
