package org.sonatype.nexus.security.filter.authz;

import java.io.IOException;
import java.util.regex.Matcher;
import javax.inject.Inject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.web.util.WebUtils;
import org.sonatype.nexus.proxy.AccessDeniedException;
import org.sonatype.nexus.proxy.ItemNotFoundException;
import org.sonatype.nexus.proxy.ResourceStoreRequest;
import org.sonatype.nexus.proxy.access.Action;
import org.sonatype.nexus.proxy.router.RepositoryRouter;

/* loaded from: input_file:org/sonatype/nexus/security/filter/authz/NexusTargetMappingAuthorizationFilter.class */
public class NexusTargetMappingAuthorizationFilter extends AbstractNexusAuthorizationFilter {

    @Inject
    private RepositoryRouter rootRouter;
    private String pathReplacement;

    public String getPathReplacement() {
        if (this.pathReplacement == null) {
            this.pathReplacement = "";
        }
        return this.pathReplacement;
    }

    public void setPathReplacement(String str) {
        this.pathReplacement = str;
    }

    public String getResourceStorePath(ServletRequest servletRequest) {
        String pathWithinApplication = WebUtils.getPathWithinApplication((HttpServletRequest) servletRequest);
        if (getPathPrefix() != null) {
            Matcher matcher = getPathPrefixPattern().matcher(pathWithinApplication);
            if (!matcher.matches()) {
                throw new IllegalArgumentException("The request path does not matches the incoming request? This is misconfiguration in web.xml!");
            }
            pathWithinApplication = getPathReplacement();
            if (pathWithinApplication.contains("@1")) {
                pathWithinApplication = pathWithinApplication.replaceAll("@1", Matcher.quoteReplacement(matcher.group(1)));
            }
            if (pathWithinApplication.contains("@2")) {
                pathWithinApplication = pathWithinApplication.replaceAll("@2", Matcher.quoteReplacement(matcher.group(2)));
            }
        }
        return pathWithinApplication;
    }

    protected ResourceStoreRequest getResourceStoreRequest(ServletRequest servletRequest, boolean z) {
        ResourceStoreRequest resourceStoreRequest = new ResourceStoreRequest(getResourceStorePath(servletRequest), z);
        resourceStoreRequest.getRequestContext().put("request.auth.check.only", true);
        return resourceStoreRequest;
    }

    protected String getHttpMethodAction(ServletRequest servletRequest) {
        String lowerCase = ((HttpServletRequest) servletRequest).getMethod().toLowerCase();
        if (!"put".equals(lowerCase)) {
            return super.getHttpMethodAction(servletRequest);
        }
        try {
            this.rootRouter.retrieveItem(getResourceStoreRequest(servletRequest, true));
        } catch (AccessDeniedException e) {
            lowerCase = "post";
        } catch (ItemNotFoundException e2) {
            lowerCase = "post";
        } catch (Exception e3) {
            throw new IllegalStateException("Got exception during target mapping!", e3);
        }
        return super.getHttpMethodAction(lowerCase);
    }

    public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws IOException {
        Action valueOf;
        if ((obj == null || super.isAccessAllowed(servletRequest, servletResponse, obj)) && null != (valueOf = Action.valueOf(getHttpMethodAction(servletRequest)))) {
            return this.rootRouter.authorizePath(getResourceStoreRequest(servletRequest, false), valueOf);
        }
        return false;
    }
}
