package ca.nrc.cadc.ac.server.web;

import ca.nrc.cadc.ac.UserAlreadyExistsException;
import ca.nrc.cadc.ac.UserNotFoundException;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.AuthorizationToken;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NotAuthenticatedException;
import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.auth.SignedToken;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.net.TransientException;
import ca.nrc.cadc.util.StringUtil;
import java.io.IOException;
import java.net.URI;
import java.security.AccessControlException;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/ac/server/web/ResetPasswordServlet.class */
public class ResetPasswordServlet extends HttpServlet {
    private static final Logger log = Logger.getLogger(ResetPasswordServlet.class);
    public static final String RESET_PASSWORD_SCOPE = "/resetPassword";
    List<Subject> privilegedSubjects;
    UserPersistence userPersistence;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            String initParameter = servletConfig.getInitParameter(ResetPasswordServlet.class.getName() + ".PrivilegedX500Principals");
            log.debug("privilegedX500Users: " + initParameter);
            String initParameter2 = servletConfig.getInitParameter(ResetPasswordServlet.class.getName() + ".PrivilegedHttpPrincipals");
            log.debug("privilegedHttpUsers: " + initParameter2);
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (initParameter == null || initParameter2 == null) {
                log.warn("No Privileged users configured.");
            } else {
                Pattern compile = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
                Matcher matcher = compile.matcher(initParameter);
                Matcher matcher2 = compile.matcher(initParameter2);
                while (matcher.find()) {
                    arrayList.add(matcher.group(1).replace("\"", ""));
                }
                while (matcher2.find()) {
                    arrayList2.add(matcher2.group(1).replace("\"", ""));
                }
                if (arrayList.size() != arrayList2.size()) {
                    throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
                }
                this.privilegedSubjects = new ArrayList(initParameter.length());
                for (int i = 0; i < arrayList.size(); i++) {
                    Subject subject = new Subject();
                    subject.getPrincipals().add(new X500Principal((String) arrayList.get(i)));
                    subject.getPrincipals().add(new HttpPrincipal((String) arrayList2.get(i)));
                    this.privilegedSubjects.add(subject);
                }
            }
            this.userPersistence = getPluginFactory().createUserPersistence();
        } catch (Throwable th) {
            log.fatal("Error initializing group persistence", th);
            throw new ExceptionInInitializerError(th);
        }
    }

    protected PluginFactory getPluginFactory() {
        return new PluginFactory();
    }

    protected boolean isPrivilegedSubject(HttpServletRequest httpServletRequest) {
        if (this.privilegedSubjects == null || this.privilegedSubjects.isEmpty()) {
            return false;
        }
        for (Principal principal : new ServletPrincipalExtractor(httpServletRequest).getPrincipals()) {
            if (principal instanceof X500Principal) {
                Iterator<Subject> it = this.privilegedSubjects.iterator();
                while (it.hasNext()) {
                    Iterator it2 = it.next().getPrincipals(X500Principal.class).iterator();
                    while (it2.hasNext()) {
                        if (((X500Principal) it2.next()).getName().equalsIgnoreCase(principal.getName())) {
                            return true;
                        }
                    }
                }
            }
            if (principal instanceof HttpPrincipal) {
                Iterator<Subject> it3 = this.privilegedSubjects.iterator();
                while (it3.hasNext()) {
                    Iterator it4 = it3.next().getPrincipals(HttpPrincipal.class).iterator();
                    while (it4.hasNext()) {
                        if (((HttpPrincipal) it4.next()).getName().equalsIgnoreCase(principal.getName())) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }

    protected void doGet(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Exception exception;
        long currentTimeMillis = System.currentTimeMillis();
        ServletLogInfo servletLogInfo = new ServletLogInfo(httpServletRequest);
        log.info(servletLogInfo.start());
        try {
            try {
                Subject subject = getSubject(httpServletRequest);
                servletLogInfo.setSubject(subject);
                if (subject == null || subject.getPrincipals().isEmpty()) {
                    servletLogInfo.setMessage("Unauthorized subject");
                    httpServletResponse.setStatus(401);
                } else if (isPrivilegedSubject(httpServletRequest)) {
                    String str = (String) Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: ca.nrc.cadc.ac.server.web.ResetPasswordServlet.1
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            String parameter = httpServletRequest.getParameter("emailAddress");
                            if (!StringUtil.hasText(parameter)) {
                                throw new IllegalArgumentException("Missing email address");
                            }
                            HttpPrincipal httpPrincipal = ResetPasswordServlet.this.userPersistence.getUserByEmailAddress(parameter).getHttpPrincipal();
                            URI uri = new URI(ResetPasswordServlet.RESET_PASSWORD_SCOPE);
                            GregorianCalendar gregorianCalendar = new GregorianCalendar(TimeZone.getTimeZone("UTC"));
                            gregorianCalendar.add(10, 24);
                            return SignedToken.format(new SignedToken(httpPrincipal, uri, gregorianCalendar.getTime(), (List) null));
                        }
                    });
                    httpServletResponse.setContentType("text/plain");
                    httpServletResponse.setContentLength(str.length());
                    httpServletResponse.getWriter().write(str);
                } else {
                    servletLogInfo.setMessage("Permission denied subject");
                    httpServletResponse.setStatus(403);
                }
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            } catch (Throwable th) {
                try {
                    try {
                        try {
                            try {
                                try {
                                    if ((th instanceof PrivilegedActionException) && (exception = ((PrivilegedActionException) th).getException()) != null) {
                                        throw exception;
                                    }
                                    throw th;
                                } catch (Throwable th2) {
                                    String str2 = "Internal Server Error: " + th.getMessage();
                                    log.error(str2, th);
                                    servletLogInfo.setSuccess(false);
                                    servletLogInfo.setMessage(str2);
                                    httpServletResponse.setStatus(500);
                                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                                    log.info(servletLogInfo.end());
                                }
                            } catch (UserNotFoundException e) {
                                log.debug(e.getMessage(), e);
                                servletLogInfo.setMessage(e.getMessage());
                                httpServletResponse.setStatus(404);
                                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                                log.info(servletLogInfo.end());
                            }
                        } catch (IllegalArgumentException e2) {
                            log.debug(e2.getMessage(), e2);
                            servletLogInfo.setMessage(e2.getMessage());
                            httpServletResponse.setStatus(400);
                            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                            log.info(servletLogInfo.end());
                        }
                    } catch (UserAlreadyExistsException e3) {
                        log.debug(e3.getMessage(), e3);
                        servletLogInfo.setMessage(e3.getMessage());
                        httpServletResponse.setStatus(409);
                        servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                        log.info(servletLogInfo.end());
                    }
                } catch (TransientException e4) {
                    log.debug(e4.getMessage(), e4);
                    String message = e4.getMessage();
                    servletLogInfo.setMessage(message);
                    servletLogInfo.setSuccess(false);
                    httpServletResponse.setContentType("text/plain");
                    if (e4.getRetryDelay() > 0) {
                        httpServletResponse.setHeader("Retry-After", Integer.toString(e4.getRetryDelay()));
                    }
                    httpServletResponse.getWriter().write("Transient Error: " + message);
                    httpServletResponse.setStatus(503);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                } catch (AccessControlException | NotAuthenticatedException e5) {
                    log.debug(e5.getMessage(), e5);
                    servletLogInfo.setMessage(e5.getMessage());
                    httpServletResponse.setStatus(401);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                }
            }
        } catch (Throwable th3) {
            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(servletLogInfo.end());
            throw th3;
        }
    }

    public void doPost(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Exception exception;
        long currentTimeMillis = System.currentTimeMillis();
        ServletLogInfo servletLogInfo = new ServletLogInfo(httpServletRequest);
        log.info(servletLogInfo.start());
        try {
            try {
                final Subject subject = getSubject(httpServletRequest);
                servletLogInfo.setSubject(subject);
                if (subject == null || subject.getPrincipals().isEmpty()) {
                    servletLogInfo.setMessage("Unauthorized subject");
                    httpServletResponse.setStatus(401);
                } else {
                    if (!URI.create(RESET_PASSWORD_SCOPE).equals(SignedToken.parse(((AuthorizationToken) subject.getPublicCredentials(AuthorizationToken.class).iterator().next()).getCredentials()).getScope())) {
                        servletLogInfo.setMessage("Unauthorized subject, insufficient scope");
                        httpServletResponse.setStatus(401);
                    }
                    Subject.doAs(subject, new PrivilegedExceptionAction<Object>() { // from class: ca.nrc.cadc.ac.server.web.ResetPasswordServlet.2
                        @Override // java.security.PrivilegedExceptionAction
                        public Object run() throws Exception {
                            Set principals = subject.getPrincipals(HttpPrincipal.class);
                            if (principals.isEmpty()) {
                                throw new IllegalStateException("no HttpPrincipal in subject");
                            }
                            HttpPrincipal httpPrincipal = (HttpPrincipal) principals.iterator().next();
                            String parameter = httpServletRequest.getParameter("password");
                            if (!StringUtil.hasText(parameter)) {
                                throw new IllegalArgumentException("Missing password");
                            }
                            ResetPasswordServlet.this.userPersistence.resetPassword(httpPrincipal, parameter);
                            return null;
                        }
                    });
                }
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            } catch (Throwable th) {
                try {
                    try {
                        try {
                            try {
                                if ((th instanceof PrivilegedActionException) && (exception = ((PrivilegedActionException) th).getException()) != null) {
                                    throw exception;
                                }
                                throw th;
                            } catch (AccessControlException e) {
                                log.debug(e.getMessage(), e);
                                servletLogInfo.setMessage(e.getMessage());
                                addMessage(httpServletResponse, e);
                                httpServletResponse.setStatus(401);
                                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                                log.info(servletLogInfo.end());
                            }
                        } catch (IllegalArgumentException e2) {
                            log.debug(e2.getMessage(), e2);
                            servletLogInfo.setMessage(e2.getMessage());
                            addMessage(httpServletResponse, e2);
                            httpServletResponse.setStatus(400);
                            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                            log.info(servletLogInfo.end());
                        }
                    } catch (NotAuthenticatedException e3) {
                        log.debug(e3.getMessage(), e3);
                        httpServletResponse.setStatus(400);
                        addMessage(httpServletResponse, e3);
                        servletLogInfo.setMessage(e3.getMessage());
                        servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                        log.info(servletLogInfo.end());
                    }
                } catch (UserNotFoundException e4) {
                    log.debug(e4.getMessage(), e4);
                    servletLogInfo.setMessage(e4.getMessage());
                    addMessage(httpServletResponse, e4);
                    httpServletResponse.setStatus(404);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                } catch (Throwable th2) {
                    String str = "Internal Server Error: " + th.getMessage();
                    log.error(str, th);
                    servletLogInfo.setSuccess(false);
                    servletLogInfo.setMessage(str);
                    httpServletResponse.setStatus(500);
                    servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(servletLogInfo.end());
                }
            }
        } catch (Throwable th3) {
            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(servletLogInfo.end());
            throw th3;
        }
    }

    private void addMessage(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        StringBuilder sb = new StringBuilder();
        sb.append(exc.getMessage()).append("\n");
        byte[] bytes = sb.toString().getBytes();
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setContentLength(bytes.length);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.write(bytes);
        outputStream.flush();
        outputStream.close();
    }

    Subject getSubject(HttpServletRequest httpServletRequest) {
        return AuthenticationUtil.getSubject(httpServletRequest);
    }
}
