package com.atlassian.xwork.interceptors;

import com.atlassian.xwork.HttpMethod;
import com.atlassian.xwork.PermittedMethods;
import com.opensymphony.webwork.ServletActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.Interceptor;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;

/* loaded from: input_file:META-INF/lib/atlassian-xwork-core-1.7.jar:com/atlassian/xwork/interceptors/RestrictHttpMethodInterceptor.class */
public abstract class RestrictHttpMethodInterceptor implements Interceptor {
    private static final Logger log = Logger.getLogger(RestrictHttpMethodInterceptor.class);
    public static final String INVALID_METHOD_RESULT = "invalidmethod";
    public static final String PERMITTED_METHODS_PARAM_NAME = "permittedMethods";

    /* loaded from: input_file:META-INF/lib/atlassian-xwork-core-1.7.jar:com/atlassian/xwork/interceptors/RestrictHttpMethodInterceptor$SecurityLevel.class */
    public enum SecurityLevel {
        NONE { // from class: com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel.1
            @Override // com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel
            public boolean isPermitted(String str, HttpMethod[] httpMethodArr, String str2) {
                return true;
            }
        },
        OPT_IN { // from class: com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel.2
            @Override // com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel
            public boolean isPermitted(String str, HttpMethod[] httpMethodArr, String str2) {
                if (httpMethodArr.length == 0) {
                    return true;
                }
                return SecurityLevel.methodMatches(str2, httpMethodArr);
            }
        },
        DEFAULT { // from class: com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel.3
            @Override // com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel
            public boolean isPermitted(String str, HttpMethod[] httpMethodArr, String str2) {
                return httpMethodArr.length == 0 ? str.equals("doDefault") ? SecurityLevel.methodMatches(str2, HttpMethod.GET, HttpMethod.POST) : SecurityLevel.methodMatches(str2, HttpMethod.POST) : SecurityLevel.methodMatches(str2, httpMethodArr);
            }
        },
        STRICT { // from class: com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel.4
            @Override // com.atlassian.xwork.interceptors.RestrictHttpMethodInterceptor.SecurityLevel
            public boolean isPermitted(String str, HttpMethod[] httpMethodArr, String str2) {
                return SecurityLevel.methodMatches(str2, httpMethodArr);
            }
        };

        /* JADX INFO: Access modifiers changed from: private */
        public static boolean methodMatches(String str, HttpMethod... httpMethodArr) {
            for (HttpMethod httpMethod : httpMethodArr) {
                if (httpMethod.matches(str)) {
                    return true;
                }
            }
            return false;
        }

        public abstract boolean isPermitted(String str, HttpMethod[] httpMethodArr, String str2);
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public final String intercept(ActionInvocation actionInvocation) throws Exception {
        Method method = actionInvocation.getProxy().getConfig().getMethod();
        HttpMethod[] permittedMethodArray = toPermittedMethodArray((String) actionInvocation.getProxy().getConfig().getParams().get(PERMITTED_METHODS_PARAM_NAME), (PermittedMethods) method.getAnnotation(PermittedMethods.class));
        String httpMethod = getHttpMethod();
        if (log.isDebugEnabled()) {
            log.debug("Checking HTTP method: " + getHttpMethod() + " permitted against " + fullMethodName(method));
        }
        if (getSecurityLevel().isPermitted(method.getName(), permittedMethodArray, httpMethod)) {
            log.debug("Invocation proceeding");
            return actionInvocation.invoke();
        }
        log.info("Refusing HTTP method: " + httpMethod + " against " + fullMethodName(method) + " (configured allowed methods: " + Arrays.toString(permittedMethodArray) + ")");
        return INVALID_METHOD_RESULT;
    }

    private HttpMethod[] toPermittedMethodArray(String str, PermittedMethods permittedMethods) {
        if (str == null || str.trim().length() <= 0) {
            return permittedMethods != null ? permittedMethods.value() : new HttpMethod[0];
        }
        String[] split = str.trim().split("\\s*,\\s*");
        ArrayList arrayList = new ArrayList(split.length);
        for (String str2 : split) {
            try {
                arrayList.add(HttpMethod.valueOf(str2));
            } catch (IllegalArgumentException e) {
                log.error("XWork configuration error: " + str2 + " is not a recognised HTTP method (method names are case sensitive).");
            }
        }
        return (HttpMethod[]) arrayList.toArray(new HttpMethod[arrayList.size()]);
    }

    private String fullMethodName(Method method) {
        return method.getDeclaringClass().getName() + "#" + method.getName();
    }

    private String getHttpMethod() {
        HttpServletRequest request = ServletActionContext.getRequest();
        return request == null ? "" : request.getMethod();
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public final void destroy() {
    }

    @Override // com.opensymphony.xwork.interceptor.Interceptor
    public final void init() {
    }

    protected SecurityLevel getSecurityLevel() {
        return SecurityLevel.DEFAULT;
    }
}
