package ca.nrc.cadc.ac.server.web;

import ca.nrc.cadc.ac.server.IdentityManagerImpl;
import ca.nrc.cadc.ac.server.PluginFactory;
import ca.nrc.cadc.ac.server.UserPersistence;
import ca.nrc.cadc.ac.server.web.users.AbstractUserAction;
import ca.nrc.cadc.ac.server.web.users.CreateUserAction;
import ca.nrc.cadc.ac.server.web.users.GetUserAction;
import ca.nrc.cadc.ac.server.web.users.UserActionFactory;
import ca.nrc.cadc.ac.server.web.users.UserLogInfo;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.IdentityManager;
import ca.nrc.cadc.auth.NotAuthenticatedException;
import ca.nrc.cadc.auth.ServletPrincipalExtractor;
import ca.nrc.cadc.profiler.Profiler;
import ca.nrc.cadc.util.StringUtil;
import java.io.IOException;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/ac/server/web/UserServlet.class */
public class UserServlet extends HttpServlet {
    private static final long serialVersionUID = 5289130885807305288L;
    private static final Logger log = Logger.getLogger(UserServlet.class);
    protected List<Subject> privilegedSubjects;
    private UserPersistence userPersistence;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            String initParameter = servletConfig.getInitParameter(UserServlet.class.getName() + ".PrivilegedX500Principals");
            log.debug("PrivilegedX500Users: " + initParameter);
            String initParameter2 = servletConfig.getInitParameter(UserServlet.class.getName() + ".PrivilegedHttpPrincipals");
            log.debug("PrivilegedHttpUsers: " + initParameter2);
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            if (initParameter == null || initParameter2 == null) {
                log.warn("No Privileged users configured.");
            } else {
                Pattern compile = Pattern.compile("([^\"]\\S*|\".+?\")\\s*");
                Matcher matcher = compile.matcher(initParameter);
                Matcher matcher2 = compile.matcher(initParameter2);
                while (matcher.find()) {
                    arrayList.add(matcher.group(1).replace("\"", ""));
                }
                while (matcher2.find()) {
                    arrayList2.add(matcher2.group(1).replace("\"", ""));
                }
                if (arrayList.size() != arrayList2.size()) {
                    throw new RuntimeException("Init exception: Lists of augment subject principals not equivalent in length");
                }
                this.privilegedSubjects = new ArrayList(initParameter.length());
                for (int i = 0; i < arrayList.size(); i++) {
                    Subject subject = new Subject();
                    subject.getPrincipals().add(new X500Principal((String) arrayList.get(i)));
                    subject.getPrincipals().add(new HttpPrincipal((String) arrayList2.get(i)));
                    this.privilegedSubjects.add(subject);
                }
            }
            this.userPersistence = getPluginFactory().createUserPersistence();
        } catch (Throwable th) {
            log.fatal("Error initializing group persistence", th);
            throw new ExceptionInInitializerError(th);
        }
    }

    public void destroy() {
        this.userPersistence.destroy();
    }

    protected PluginFactory getPluginFactory() {
        return new PluginFactory();
    }

    private void doAction(UserActionFactory userActionFactory, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Subject subject;
        Profiler profiler = new Profiler(UserServlet.class);
        long currentTimeMillis = System.currentTimeMillis();
        UserLogInfo userLogInfo = new UserLogInfo(httpServletRequest);
        try {
            try {
                try {
                    log.info(userLogInfo.start());
                    AbstractUserAction createAction = userActionFactory.createAction(httpServletRequest);
                    log.debug("create action " + createAction.getClass().getSimpleName());
                    createAction.setAcceptedContentType(getAcceptedContentType(httpServletRequest));
                    log.debug("content-type: " + getAcceptedContentType(httpServletRequest));
                    Subject privilegedSubject = getPrivilegedSubject(httpServletRequest);
                    log.debug("privileged subject: " + privilegedSubject);
                    if (privilegedSubject != null) {
                        createAction.setIsPrivilegedUser(true);
                        createAction.setPrivilegedSubject(true);
                        userLogInfo.setSubject(privilegedSubject);
                    } else {
                        createAction.setIsPrivilegedUser(false);
                        createAction.setPrivilegedSubject(false);
                    }
                    if (createAction instanceof CreateUserAction) {
                        profiler.checkpoint("check non-privileged user");
                        if (privilegedSubject == null) {
                            subject = AuthenticationUtil.getSubject(httpServletRequest);
                            userLogInfo.setSubject(subject);
                            log.debug("augmented subject: " + subject);
                            profiler.checkpoint("augment subject");
                        } else {
                            log.debug("subject not augmented: " + privilegedSubject);
                            subject = privilegedSubject;
                            userLogInfo.setSubject(privilegedSubject);
                            profiler.checkpoint("set privileged user");
                        }
                    } else if (!(createAction instanceof GetUserAction) || privilegedSubject == null) {
                        subject = AuthenticationUtil.getSubject(httpServletRequest);
                        userLogInfo.setSubject(subject);
                        log.debug("augmented subject: " + subject);
                        profiler.checkpoint("augment subject");
                    } else {
                        subject = Subject.getSubject(AccessController.getContext());
                        log.debug("subject not augmented: " + subject);
                        profiler.checkpoint("set privileged user");
                    }
                    try {
                        SyncOutput syncOutput = new SyncOutput(httpServletResponse);
                        createAction.setLogInfo(userLogInfo);
                        createAction.setSyncOut(syncOutput);
                        createAction.setUserPersistence(this.userPersistence);
                        try {
                            if (subject == null) {
                                createAction.run();
                            } else {
                                Subject.doAs(subject, createAction);
                            }
                            profiler.checkpoint("Executed action");
                            profiler.checkpoint("Action complete");
                            userLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                            log.info(userLogInfo.end());
                        } catch (PrivilegedActionException e) {
                            Throwable cause = e.getCause();
                            if (cause != null) {
                                throw cause;
                            }
                            Exception exception = e.getException();
                            if (exception == null) {
                                throw e;
                            }
                            throw exception;
                        }
                    } catch (Throwable th) {
                        profiler.checkpoint("Executed action");
                        throw th;
                    }
                } catch (Throwable th2) {
                    profiler.checkpoint("Action complete");
                    userLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                    log.info(userLogInfo.end());
                    throw th2;
                }
            } catch (IllegalArgumentException e2) {
                log.debug(e2.getMessage(), e2);
                userLogInfo.setMessage(e2.getMessage());
                httpServletResponse.getWriter().write(e2.getMessage());
                httpServletResponse.setStatus(400);
                profiler.checkpoint("Action complete");
                userLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(userLogInfo.end());
            }
        } catch (NotAuthenticatedException e3) {
            log.debug(e3.getMessage(), e3);
            userLogInfo.setMessage(e3.getMessage());
            httpServletResponse.getWriter().write(e3.getMessage());
            httpServletResponse.setStatus(401);
            profiler.checkpoint("Action complete");
            userLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(userLogInfo.end());
        } catch (Throwable th3) {
            String str = "Internal Server Error: " + th3.getMessage();
            log.error(str, th3);
            userLogInfo.setSuccess(false);
            userLogInfo.setMessage(str);
            httpServletResponse.getWriter().write(str);
            httpServletResponse.setStatus(500);
            profiler.checkpoint("Action complete");
            userLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(userLogInfo.end());
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doAction(UserActionFactory.httpGetFactory(), httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doAction(UserActionFactory.httpPostFactory(), httpServletRequest, httpServletResponse);
    }

    public void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doAction(UserActionFactory.httpDeleteFactory(), httpServletRequest, httpServletResponse);
    }

    public void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doAction(UserActionFactory.httpPutFactory(), httpServletRequest, httpServletResponse);
    }

    public void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doAction(UserActionFactory.httpHeadFactory(), httpServletRequest, httpServletResponse);
    }

    String getAcceptedContentType(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Accept");
        return (StringUtil.hasText(header) && header.contains("application/json")) ? "application/json" : "text/xml";
    }

    protected Subject getPrivilegedSubject(HttpServletRequest httpServletRequest) {
        if (this.privilegedSubjects == null || this.privilegedSubjects.isEmpty()) {
            return null;
        }
        for (Principal principal : new ServletPrincipalExtractor(httpServletRequest).getPrincipals()) {
            if (principal instanceof X500Principal) {
                for (Subject subject : this.privilegedSubjects) {
                    Iterator it = subject.getPrincipals(X500Principal.class).iterator();
                    while (it.hasNext()) {
                        if (((X500Principal) it.next()).getName().equalsIgnoreCase(principal.getName())) {
                            return subject;
                        }
                    }
                }
            }
            if (principal instanceof HttpPrincipal) {
                for (Subject subject2 : this.privilegedSubjects) {
                    Iterator it2 = subject2.getPrincipals(HttpPrincipal.class).iterator();
                    while (it2.hasNext()) {
                        if (((HttpPrincipal) it2.next()).getName().equalsIgnoreCase(principal.getName())) {
                            return subject2;
                        }
                    }
                }
            }
        }
        return null;
    }

    static {
        System.setProperty(IdentityManager.class.getName(), IdentityManagerImpl.class.getName());
    }
}
