package com.atlassian.plugins.rest.common.security.jersey;

import com.atlassian.annotations.VisibleForTesting;
import com.atlassian.plugins.rest.common.security.AdminOnly;
import com.atlassian.plugins.rest.common.security.AnonymousAllowed;
import com.atlassian.plugins.rest.common.security.AnonymousSiteAccess;
import com.atlassian.plugins.rest.common.security.AuthenticationRequiredException;
import com.atlassian.plugins.rest.common.security.LicensedOnly;
import com.atlassian.plugins.rest.common.security.SystemAdminOnly;
import com.atlassian.plugins.rest.common.security.UnlicensedSiteAccess;
import com.atlassian.plugins.rest.common.security.UnrestrictedAccess;
import com.atlassian.plugins.rest.common.util.AnnotationUtils;
import com.atlassian.sal.api.features.DarkFeatureManager;
import com.atlassian.sal.api.user.UserKey;
import com.atlassian.sal.api.user.UserManager;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import java.lang.annotation.Annotation;
import java.util.Objects;

/* loaded from: input_file:com/atlassian/plugins/rest/common/security/jersey/AuthenticatedResourceFilter.class */
class AuthenticatedResourceFilter implements ResourceFilter, ContainerRequestFilter {

    @VisibleForTesting
    static final String DEFAULT_TO_LICENSED_ACCESS_FEATURE_KEY = "atlassian.rest.default.to.licensed.access.enabled";
    private final AnnotationUtils annotationUtils;
    private final UserManager userManager;
    private final DarkFeatureManager darkFeatureManager;

    public AuthenticatedResourceFilter(AnnotationUtils annotationUtils, UserManager userManager, DarkFeatureManager darkFeatureManager) {
        this.annotationUtils = (AnnotationUtils) Objects.requireNonNull(annotationUtils, "annotationUtils can't be null");
        this.userManager = (UserManager) Objects.requireNonNull(userManager, "userManager can't be null");
        this.darkFeatureManager = (DarkFeatureManager) Objects.requireNonNull(darkFeatureManager, "featureFlagManager can't be null");
    }

    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    public ContainerResponseFilter getResponseFilter() {
        return null;
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        Class<Annotation> annotation = this.annotationUtils.getAnnotation();
        UserKey remoteUserKey = this.userManager.getRemoteUserKey();
        if (annotation == null) {
            boolean isFeatureEnabledForAllUsers = this.darkFeatureManager.isFeatureEnabledForAllUsers(DEFAULT_TO_LICENSED_ACCESS_FEATURE_KEY);
            if ((isFeatureEnabledForAllUsers && remoteUserKey != null && this.userManager.isLicensed(remoteUserKey)) || (!isFeatureEnabledForAllUsers && remoteUserKey != null)) {
                return containerRequest;
            }
        } else if (SystemAdminOnly.class.equals(annotation)) {
            if (remoteUserKey != null && this.userManager.isSystemAdmin(remoteUserKey)) {
                return containerRequest;
            }
        } else if (AdminOnly.class.equals(annotation)) {
            if (remoteUserKey != null && (this.userManager.isSystemAdmin(remoteUserKey) || this.userManager.isAdmin(remoteUserKey))) {
                return containerRequest;
            }
        } else if (LicensedOnly.class.equals(annotation)) {
            if (remoteUserKey != null && this.userManager.isLicensed(remoteUserKey)) {
                return containerRequest;
            }
        } else if (UnlicensedSiteAccess.class.equals(annotation)) {
            if (remoteUserKey != null && (this.userManager.isLicensed(remoteUserKey) || this.userManager.isLimitedUnlicensedUser(remoteUserKey))) {
                return containerRequest;
            }
        } else if (AnonymousSiteAccess.class.equals(annotation)) {
            if (this.userManager.isAnonymousAccessEnabled() || (remoteUserKey != null && (this.userManager.isLicensed(remoteUserKey) || this.userManager.isLimitedUnlicensedUser(remoteUserKey)))) {
                return containerRequest;
            }
        } else {
            if (UnrestrictedAccess.class.equals(annotation)) {
                return containerRequest;
            }
            if (AnonymousAllowed.class.equals(annotation)) {
                return containerRequest;
            }
        }
        throw new AuthenticationRequiredException();
    }
}
