package com.gitblit.servlet;

import com.gitblit.manager.IRepositoryManager;
import com.gitblit.manager.IRuntimeManager;
import com.gitblit.models.RepositoryModel;
import com.gitblit.models.UserModel;
import com.gitblit.servlet.AuthenticationFilter;
import com.gitblit.utils.StringUtils;
import dagger.ObjectGraph;
import java.io.IOException;
import java.text.MessageFormat;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* JADX WARN: Classes with same name are omitted:
  input_file:com/gitblit/servlet/AccessRestrictionFilter.class
 */
/* loaded from: input_file:gitblit-1.4.1-wso2v1.jar:com/gitblit/servlet/AccessRestrictionFilter.class */
public abstract class AccessRestrictionFilter extends AuthenticationFilter {
    protected IRuntimeManager runtimeManager;
    protected IRepositoryManager repositoryManager;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.gitblit.servlet.AuthenticationFilter, com.gitblit.dagger.DaggerFilter
    public void inject(ObjectGraph objectGraph) {
        super.inject(objectGraph);
        this.runtimeManager = (IRuntimeManager) objectGraph.get(IRuntimeManager.class);
        this.repositoryManager = (IRepositoryManager) objectGraph.get(IRepositoryManager.class);
    }

    protected abstract String extractRepositoryName(String str);

    protected abstract String getUrlRequestAction(String str);

    protected abstract boolean isCreationAllowed();

    protected abstract boolean isActionAllowed(RepositoryModel repositoryModel, String str);

    protected abstract boolean requiresAuthentication(RepositoryModel repositoryModel, String str);

    protected abstract boolean canAccess(RepositoryModel repositoryModel, UserModel userModel, String str);

    protected RepositoryModel createRepository(UserModel userModel, String str, String str2) {
        return null;
    }

    @Override // com.gitblit.servlet.AuthenticationFilter, javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String fullUrl = getFullUrl(httpServletRequest);
        String extractRepositoryName = extractRepositoryName(fullUrl);
        if (this.repositoryManager.isCollectingGarbage(extractRepositoryName)) {
            this.logger.info(MessageFormat.format("ARF: Rejecting request for {0}, busy collecting garbage!", extractRepositoryName));
            httpServletResponse.sendError(403);
            return;
        }
        String urlRequestAction = getUrlRequestAction(fullUrl.substring(extractRepositoryName.length()));
        UserModel user = getUser(httpServletRequest);
        RepositoryModel repositoryModel = this.repositoryManager.getRepositoryModel(extractRepositoryName);
        if (repositoryModel == null) {
            if (isCreationAllowed()) {
                if (user == null) {
                    if (this.runtimeManager.isDebugMode()) {
                        this.logger.info(MessageFormat.format("ARF: CREATE CHALLENGE {0}", fullUrl));
                    }
                    httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Gitblit\"");
                    httpServletResponse.sendError(401);
                    return;
                }
                repositoryModel = createRepository(user, extractRepositoryName, urlRequestAction);
            }
            if (repositoryModel == null) {
                this.logger.info(MessageFormat.format("ARF: {0} ({1})", fullUrl, 404));
                httpServletResponse.sendError(404);
                return;
            }
        }
        if (!isActionAllowed(repositoryModel, urlRequestAction)) {
            this.logger.info(MessageFormat.format("ARF: action {0} on {1} forbidden ({2})", urlRequestAction, repositoryModel, 403));
            httpServletResponse.sendError(403);
            return;
        }
        AuthenticationFilter.AuthenticatedRequest authenticatedRequest = new AuthenticationFilter.AuthenticatedRequest(httpServletRequest);
        if (user != null) {
            authenticatedRequest.setUser(user);
        }
        if (StringUtils.isEmpty(urlRequestAction) || !requiresAuthentication(repositoryModel, urlRequestAction)) {
            if (this.runtimeManager.isDebugMode()) {
                this.logger.info(MessageFormat.format("ARF: {0} ({1}) unauthenticated", fullUrl, 100));
            }
            filterChain.doFilter(authenticatedRequest, httpServletResponse);
            return;
        }
        if (user == null) {
            if (this.runtimeManager.isDebugMode()) {
                this.logger.info(MessageFormat.format("ARF: CHALLENGE {0}", fullUrl));
            }
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Gitblit\"");
            httpServletResponse.sendError(401);
            return;
        }
        if (user.canAdmin() || canAccess(repositoryModel, user, urlRequestAction)) {
            newSession(authenticatedRequest, httpServletResponse);
            this.logger.info(MessageFormat.format("ARF: {0} ({1}) authenticated", fullUrl, 100));
            filterChain.doFilter(authenticatedRequest, httpServletResponse);
        } else {
            if (this.runtimeManager.isDebugMode()) {
                this.logger.info(MessageFormat.format("ARF: {0} forbidden to access {1}", user.username, fullUrl));
            }
            httpServletResponse.sendError(403);
        }
    }
}
