package com.atlassian.sal.jira.websudo;

import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.security.websudo.InternalWebSudoManager;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.oauth.util.RequestAnnotations;
import com.atlassian.sal.api.websudo.WebSudoManager;
import com.atlassian.sal.api.websudo.WebSudoSessionException;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/atlassian/sal/jira/websudo/JIRASalWebSudoManager.class */
public class JIRASalWebSudoManager implements WebSudoManager {
    private final InternalWebSudoManager internalWebSudoManager;
    private final ApplicationProperties applicationProperties;

    public JIRASalWebSudoManager(ApplicationProperties applicationProperties, InternalWebSudoManager internalWebSudoManager) {
        this.internalWebSudoManager = (InternalWebSudoManager) Assertions.notNull("internalWebSudoManager", internalWebSudoManager);
        this.applicationProperties = (ApplicationProperties) Assertions.notNull("applicationProperties", applicationProperties);
    }

    public boolean canExecuteRequest(HttpServletRequest httpServletRequest) {
        return !this.internalWebSudoManager.isEnabled() || RequestAnnotations.isOAuthRequest(httpServletRequest) || this.internalWebSudoManager.hasValidSession(httpServletRequest.getSession(false));
    }

    public void enforceWebSudoProtection(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String encoding = this.applicationProperties.getEncoding();
        try {
            String queryString = httpServletRequest.getQueryString();
            String pathInfo = httpServletRequest.getPathInfo();
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/secure/admin/WebSudoAuthenticate!default.jspa?webSudoDestination=" + URLEncoder.encode(httpServletRequest.getServletPath() + (null != pathInfo ? pathInfo : "") + (null != queryString ? "?" + queryString : ""), encoding));
        } catch (IOException e) {
            throw new IllegalStateException("Failed to redirect to /authenticate.action");
        }
    }

    public void willExecuteWebSudoRequest(HttpServletRequest httpServletRequest) throws WebSudoSessionException {
        if (!canExecuteRequest(httpServletRequest)) {
            throw new WebSudoSessionException("Invalid request: Not in a WebSudo session");
        }
        this.internalWebSudoManager.markWebSudoRequest(httpServletRequest);
    }
}
