package com.gitblit.servlet;

import com.gitblit.Constants;
import com.gitblit.IStoredSettings;
import com.gitblit.Keys;
import com.gitblit.manager.IRuntimeManager;
import com.gitblit.models.UserModel;
import com.gitblit.servlet.AuthenticationFilter;
import com.gitblit.utils.JnaUtils;
import dagger.ObjectGraph;
import java.io.IOException;
import java.text.MessageFormat;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/gitblit/servlet/RpcFilter.class
 */
/* loaded from: input_file:gitblit-1.4.1-wso2v1.jar:com/gitblit/servlet/RpcFilter.class */
public class RpcFilter extends AuthenticationFilter {
    private IStoredSettings settings;
    private IRuntimeManager runtimeManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:com/gitblit/servlet/RpcFilter$1.class
     */
    /* renamed from: com.gitblit.servlet.RpcFilter$1, reason: invalid class name */
    /* loaded from: input_file:gitblit-1.4.1-wso2v1.jar:com/gitblit/servlet/RpcFilter$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$gitblit$Constants$RpcRequest = new int[Constants.RpcRequest.values().length];

        static {
            try {
                $SwitchMap$com$gitblit$Constants$RpcRequest[Constants.RpcRequest.GET_PROTOCOL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$gitblit$Constants$RpcRequest[Constants.RpcRequest.LIST_REPOSITORIES.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.gitblit.servlet.AuthenticationFilter, com.gitblit.dagger.DaggerFilter
    public void inject(ObjectGraph objectGraph) {
        super.inject(objectGraph);
        this.settings = (IStoredSettings) objectGraph.get(IStoredSettings.class);
        this.runtimeManager = (IRuntimeManager) objectGraph.get(IRuntimeManager.class);
    }

    @Override // com.gitblit.servlet.AuthenticationFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String fullUrl = getFullUrl(httpServletRequest);
        Constants.RpcRequest fromName = Constants.RpcRequest.fromName(httpServletRequest.getParameter("req"));
        if (fromName == null) {
            httpServletResponse.sendError(501);
            return;
        }
        boolean exceeds = fromName.exceeds(Constants.RpcRequest.LIST_SETTINGS);
        if (!this.settings.getBoolean(Keys.web.enableRpcServlet, true)) {
            this.logger.warn("web.enableRpcServlet must be set TRUE for rpc requests.");
            httpServletResponse.sendError(403);
            return;
        }
        boolean z = this.settings.getBoolean(Keys.web.authenticateViewPages, false);
        boolean z2 = this.settings.getBoolean(Keys.web.authenticateAdminPages, true);
        AuthenticationFilter.AuthenticatedRequest authenticatedRequest = new AuthenticationFilter.AuthenticatedRequest(httpServletRequest);
        UserModel user = getUser(httpServletRequest);
        if (user != null) {
            authenticatedRequest.setUser(user);
        }
        if (exceeds && !this.settings.getBoolean(Keys.web.enableRpcManagement, false)) {
            this.logger.warn(MessageFormat.format("{0} must be set TRUE for {1} rpc requests.", Keys.web.enableRpcManagement, fromName.toString()));
            httpServletResponse.sendError(403);
            return;
        }
        if (!(exceeds && z2) && (exceeds || !z)) {
            if (this.runtimeManager.isDebugMode()) {
                this.logger.info(MessageFormat.format("RPC: {0} ({1}) unauthenticated", fullUrl, 100));
            }
            filterChain.doFilter(authenticatedRequest, httpServletResponse);
        } else {
            if (user == null) {
                if (this.runtimeManager.isDebugMode()) {
                    this.logger.info(MessageFormat.format("RPC: CHALLENGE {0}", fullUrl));
                }
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Gitblit\"");
                httpServletResponse.sendError(401);
                return;
            }
            if (!user.canAdmin() && !canAccess(user, fromName)) {
                this.logger.warn(MessageFormat.format("RPC: {0} forbidden to access {1}", user.username, fullUrl));
                httpServletResponse.sendError(403);
            } else {
                newSession(authenticatedRequest, httpServletResponse);
                this.logger.info(MessageFormat.format("RPC: {0} ({1}) authenticated", fullUrl, 100));
                filterChain.doFilter(authenticatedRequest, httpServletResponse);
            }
        }
    }

    private boolean canAccess(UserModel userModel, Constants.RpcRequest rpcRequest) {
        switch (AnonymousClass1.$SwitchMap$com$gitblit$Constants$RpcRequest[rpcRequest.ordinal()]) {
            case JnaUtils.S_IXOTH /* 1 */:
                return true;
            case JnaUtils.S_IWOTH /* 2 */:
                return true;
            default:
                return userModel.canAdmin();
        }
    }
}
