package org.sonatype.nexus.rest;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.eventbus.Subscribe;
import com.sonatype.nexus.analytics.internal.EventHeaderFactory;
import com.thoughtworks.xstream.XStream;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.apache.shiro.util.AntPathMatcher;
import org.restlet.Restlet;
import org.restlet.Router;
import org.restlet.service.StatusService;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.proxy.events.NexusStartedEvent;
import org.sonatype.nexus.proxy.events.NexusStoppedEvent;
import org.sonatype.nexus.rest.model.XStreamConfigurator;
import org.sonatype.plexus.rest.PlexusRestletApplicationBridge;
import org.sonatype.plexus.rest.RetargetableRestlet;
import org.sonatype.plexus.rest.resource.ManagedPlexusResource;
import org.sonatype.plexus.rest.resource.PathProtectionDescriptor;
import org.sonatype.plexus.rest.resource.PlexusResource;
import org.sonatype.security.web.ProtectedPathManager;
import org.sonatype.sisu.goodies.eventbus.EventBus;

@Singleton
@Named(EventHeaderFactory.PRODUCT_PREFIX)
/* loaded from: input_file:WEB-INF/plugin-repository/nexus-restlet1x-plugin-2.14.5-02/nexus-restlet1x-plugin-2.14.5-02.jar:org/sonatype/nexus/rest/NexusApplication.class */
public class NexusApplication extends PlexusRestletApplicationBridge {
    private final EventBus eventBus;
    private final ProtectedPathManager protectedPathManager;
    private final ManagedPlexusResource statusPlexusResource;
    private final StatusService statusService;
    private final boolean useStrictChecking;
    private final AntPathMatcher shiroAntPathMatcher;

    @Inject
    public NexusApplication(EventBus eventBus, ProtectedPathManager protectedPathManager, @Named("StatusPlexusResource") ManagedPlexusResource managedPlexusResource, StatusService statusService) {
        this.shiroAntPathMatcher = new AntPathMatcher();
        this.eventBus = eventBus;
        this.protectedPathManager = protectedPathManager;
        this.statusPlexusResource = managedPlexusResource;
        this.statusService = statusService;
        this.useStrictChecking = System.getProperty("nexus.restlet.strict-uri-matching", "true").equals("true");
        LoggerFactory.getLogger(getClass().getName() + "_UriMatching").info("Strict URI matching: {}", Boolean.valueOf(this.useStrictChecking));
    }

    @VisibleForTesting
    public NexusApplication() {
        this(null, null, null, null);
    }

    @Subscribe
    public void onEvent(NexusStartedEvent nexusStartedEvent) {
        recreateRoot(true);
        afterCreateRoot((RetargetableRestlet) getRoot());
    }

    @Subscribe
    public void onEvent(NexusStoppedEvent nexusStoppedEvent) {
        recreateRoot(false);
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    protected void doConfigure() {
        getRangeService().setEnabled(false);
        this.eventBus.register(this);
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    public XStream doConfigureXstream(XStream xStream) {
        return XStreamConfigurator.configureXStream(xStream);
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    protected Router initializeRouter(Router router, boolean z) {
        if (this.useStrictChecking) {
            router.setDefaultMatchQuery(false);
            router.setDefaultMatchingMode(2);
        }
        return router;
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    protected void doCreateRoot(Router router, boolean z) {
        if (z) {
            setStatusService(this.statusService);
            attach(getApplicationRouter(), this.statusPlexusResource);
            this.protectedPathManager.addProtectedResource("/service/local/**", "noSessionCreation,authcBasic,perms[nexus:permToCatchAllUnprotecteds]");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    public void attach(Router router, boolean z, String str, Restlet restlet) {
        super.attach(router, this.useStrictChecking && z, str, restlet);
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    protected void handlePlexusResourceSecurity(PlexusResource plexusResource) {
        PathProtectionDescriptor resourceProtection = plexusResource.getResourceProtection();
        if (resourceProtection == null) {
            return;
        }
        if (!this.shiroAntPathMatcher.match(resourceProtection.getPathPattern(), plexusResource.getResourceUri())) {
            throw new IllegalStateException(String.format("Plexus resource %s would attach to URI=%s but protect path=%s that does not matches URI!", plexusResource.getClass().getName(), plexusResource.getResourceUri(), resourceProtection.getPathPattern()));
        }
        String filterExpression = resourceProtection.getFilterExpression();
        if (filterExpression != null && !filterExpression.contains("authcNxBasic")) {
            filterExpression = "noSessionCreation," + filterExpression;
        }
        this.protectedPathManager.addProtectedResource("/service/local" + resourceProtection.getPathPattern(), filterExpression);
    }

    @Override // org.sonatype.plexus.rest.PlexusRestletApplicationBridge
    protected void attach(Router router, PlexusResource plexusResource) {
        handlePlexusResourceSecurity(plexusResource);
        attach(router, plexusResource.requireStrictChecking(), plexusResource.getResourceUri(), new NexusPlexusResourceFinder(getContext(), plexusResource));
    }
}
