package ca.nrc.cadc.rest;

import ca.nrc.cadc.auth.AuthMethod;
import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.HttpPrincipal;
import ca.nrc.cadc.auth.NotAuthenticatedException;
import ca.nrc.cadc.log.ServletLogInfo;
import ca.nrc.cadc.log.WebServiceLogInfo;
import ca.nrc.cadc.net.ResourceNotFoundException;
import ca.nrc.cadc.reg.Interface;
import ca.nrc.cadc.reg.Standards;
import ca.nrc.cadc.reg.client.LocalAuthority;
import ca.nrc.cadc.reg.client.RegistryClient;
import ca.nrc.cadc.util.Enumerator;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.URI;
import java.net.URL;
import java.security.Principal;
import java.security.PrivilegedActionException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.TreeMap;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:ca/nrc/cadc/rest/RestServlet.class */
public class RestServlet extends HttpServlet {
    private static final long serialVersionUID = 201211071520L;
    private static final Logger log = Logger.getLogger(RestServlet.class);
    private static final List<String> CITEMS = new ArrayList();
    static final String AUGMENT_SUBJECT_PARAM = "augmentSubject";
    static final String AUTH_HEADERS_PARAM = "authHeaders";
    private Class<RestAction> getAction;
    private Class<RestAction> postAction;
    private Class<RestAction> putAction;
    private Class<RestAction> deleteAction;
    private Class<RestAction> headAction;
    private InitAction initAction;
    protected String appName;
    protected String componentID;
    private final Map<String, String> initParams = new TreeMap();
    protected boolean augmentSubject = true;
    protected boolean setAuthHeaders = true;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.getAction = loadAction(servletConfig, "get");
        this.postAction = loadAction(servletConfig, "post");
        this.putAction = loadAction(servletConfig, "put");
        this.deleteAction = loadAction(servletConfig, "delete");
        this.headAction = loadAction(servletConfig, "head");
        this.appName = servletConfig.getServletContext().getServletContextName();
        this.componentID = this.appName + "." + servletConfig.getServletName();
        String initParameter = servletConfig.getInitParameter(AUGMENT_SUBJECT_PARAM);
        if (initParameter != null && initParameter.equalsIgnoreCase(Boolean.FALSE.toString())) {
            this.augmentSubject = false;
        }
        String initParameter2 = servletConfig.getInitParameter(AUTH_HEADERS_PARAM);
        if (initParameter2 != null && initParameter2.equalsIgnoreCase(Boolean.FALSE.toString())) {
            this.setAuthHeaders = false;
        }
        Iterator it = new Enumerator(servletConfig.getInitParameterNames()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (!CITEMS.contains(str)) {
                this.initParams.put(str, servletConfig.getInitParameter(str));
            }
        }
        try {
            Class loadAction = loadAction(servletConfig, "init");
            if (loadAction != null) {
                this.initAction = (InitAction) loadAction.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
                this.initAction.setServletContext(getServletContext());
                this.initAction.setAppName(this.appName);
                this.initAction.setComponentID(this.componentID);
                this.initAction.setInitParams(this.initParams);
                this.initAction.doInit();
            }
        } catch (Exception e) {
            log.error("init failed", e);
            throw new ServletException("init failed", e);
        }
    }

    public void destroy() {
        if (this.initAction != null) {
            try {
                this.initAction.doShutdown();
            } catch (Throwable th) {
                log.error("Exception during shutdown: " + th.getMessage());
            }
        }
    }

    private <T> Class<T> loadAction(ServletConfig servletConfig, String str) {
        String initParameter = servletConfig.getInitParameter(str);
        if (initParameter != null) {
            try {
                Class<T> cls = (Class<T>) Class.forName(initParameter);
                log.info(str + ": " + initParameter + " [loaded]");
                return cls;
            } catch (Exception e) {
                log.error(str + ": " + initParameter + " [FAILED]", e);
            }
        }
        log.debug(str + ": [not configured]");
        return null;
    }

    protected void handleUnsupportedAction(String str, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(400);
        httpServletResponse.setHeader("Content-Type", "text/plain");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("unsupported: HTTP " + str);
        writer.flush();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.getAction == null) {
            handleUnsupportedAction("GET", httpServletResponse);
        } else {
            log.debug("doGet: " + httpServletRequest.getPathInfo());
            doit(httpServletRequest, httpServletResponse, this.getAction);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.postAction == null) {
            handleUnsupportedAction("POST", httpServletResponse);
        } else {
            log.debug("doPost: " + httpServletRequest.getPathInfo());
            doit(httpServletRequest, httpServletResponse, this.postAction);
        }
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.putAction == null) {
            handleUnsupportedAction("PUT", httpServletResponse);
        } else {
            log.debug("doPut: " + httpServletRequest.getPathInfo());
            doit(httpServletRequest, httpServletResponse, this.putAction);
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.deleteAction == null) {
            handleUnsupportedAction("DELETE", httpServletResponse);
        } else {
            log.debug("doDelete: " + httpServletRequest.getPathInfo());
            doit(httpServletRequest, httpServletResponse, this.deleteAction);
        }
    }

    protected void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (this.headAction == null) {
            handleUnsupportedAction("HEAD", httpServletResponse);
        } else {
            log.debug("doHead: " + httpServletRequest.getPathInfo());
            doit(httpServletRequest, httpServletResponse, this.headAction);
        }
    }

    protected void doit(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Class<RestAction> cls) throws IOException {
        WebServiceLogInfo servletLogInfo = new ServletLogInfo(httpServletRequest);
        long currentTimeMillis = System.currentTimeMillis();
        try {
            Subject subject = null;
            Throwable th = null;
            try {
                try {
                    subject = AuthenticationUtil.getSubject(httpServletRequest, this.augmentSubject);
                    servletLogInfo.setSubject(subject);
                } catch (NotAuthenticatedException e) {
                    th = e;
                }
                RestAction newInstance = cls.newInstance();
                newInstance.setServletContext(getServletContext());
                newInstance.setAppName(this.appName);
                newInstance.setComponentID(this.componentID);
                newInstance.setInitParams(this.initParams);
                SyncInput syncInput = new SyncInput(httpServletRequest, newInstance.getInlineContentHandler());
                StringBuilder sb = new StringBuilder(syncInput.getContextPath());
                if (syncInput.getComponentPath() != null) {
                    sb.append(syncInput.getComponentPath());
                }
                if (syncInput.getPath() != null) {
                    sb.append("/").append(syncInput.getPath());
                }
                servletLogInfo.setPath(sb.toString());
                SyncOutput syncOutput = new SyncOutput(httpServletResponse);
                newInstance.setSyncInput(syncInput);
                newInstance.setSyncOutput(syncOutput);
                newInstance.setLogInfo(servletLogInfo);
                log.info(servletLogInfo.start());
                if (th != null) {
                    log.debug(th);
                    servletLogInfo.setSuccess(true);
                    servletLogInfo.setMessage(th.getMessage());
                    if (this.setAuthHeaders) {
                        setAuthenticateHeaders(null, syncOutput, th, new RegistryClient());
                    }
                    handleException(syncOutput, httpServletResponse, th, 401, th.getMessage(), false);
                } else {
                    doit(subject, newInstance);
                }
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            } catch (IllegalAccessException | InstantiationException e2) {
                log.debug(e2);
                servletLogInfo.setSuccess(false);
                String str = "[BUG] failed to instantiate " + cls + " cause: " + e2.getMessage();
                servletLogInfo.setMessage(str);
                handleException(null, httpServletResponse, e2, 500, str, true);
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            } catch (Throwable th2) {
                log.debug(th2);
                servletLogInfo.setSuccess(false);
                servletLogInfo.setMessage(th2.getMessage());
                handleUnexpected(null, httpServletResponse, th2);
                servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
                log.info(servletLogInfo.end());
            }
        } catch (Throwable th3) {
            servletLogInfo.setElapsedTime(Long.valueOf(System.currentTimeMillis() - currentTimeMillis));
            log.info(servletLogInfo.end());
            throw th3;
        }
    }

    private void doit(Subject subject, RestAction restAction) throws Exception {
        if (subject == null) {
            restAction.run();
            return;
        }
        try {
            Subject.doAs(subject, restAction);
        } catch (PrivilegedActionException e) {
            if (e.getCause() instanceof ServletException) {
                throw e.getCause();
            }
            if (e.getCause() instanceof IOException) {
                throw ((IOException) e.getCause());
            }
            if (!(e.getCause() instanceof RuntimeException)) {
                throw new RuntimeException(e.getCause());
            }
            throw ((RuntimeException) e.getCause());
        }
    }

    protected void handleException(SyncOutput syncOutput, HttpServletResponse httpServletResponse, Throwable th, int i, String str, boolean z) throws IOException {
        log.debug(str, th);
        if (syncOutput == null) {
            syncOutput = new SyncOutput(httpServletResponse);
        }
        if (syncOutput.isOpen()) {
            log.error("unexpected situation: SyncOutput is open", th);
            return;
        }
        syncOutput.setCode(i);
        syncOutput.setHeader("Content-Type", "text/plain");
        OutputStream outputStream = syncOutput.getOutputStream();
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        if (z) {
            sb.append(th.toString()).append("\n");
            Throwable cause = th.getCause();
            while (true) {
                Throwable th2 = cause;
                if (th2 == null) {
                    break;
                }
                sb.append("cause: ");
                sb.append(th2.toString()).append("\n");
                cause = th2.getCause();
            }
        }
        outputStream.write(sb.toString().getBytes());
    }

    private void handleUnexpected(SyncOutput syncOutput, HttpServletResponse httpServletResponse, Throwable th) throws IOException {
        if (syncOutput == null) {
            syncOutput = new SyncOutput(httpServletResponse);
        }
        log.error("unexpected exception (SyncOutput.isOpen: " + syncOutput.isOpen() + ")", th);
        if (syncOutput.isOpen()) {
            return;
        }
        syncOutput.setCode(500);
        syncOutput.setHeader("Content-Type", "text/plain");
        syncOutput.getOutputStream().write(("unexpected exception: " + th).getBytes());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setAuthenticateHeaders(Subject subject, SyncOutput syncOutput, NotAuthenticatedException notAuthenticatedException, RegistryClient registryClient) {
        if (syncOutput.isOpen()) {
            log.debug("SyncOutput already open, can't set auth headers");
            return;
        }
        if (subject != null && !subject.getPrincipals().isEmpty()) {
            log.debug("Setting x-vo-authenticated header");
            Principal principal = null;
            Set principals = subject.getPrincipals(HttpPrincipal.class);
            if (principals.isEmpty()) {
                Set principals2 = subject.getPrincipals(X500Principal.class);
                if (!principals2.isEmpty()) {
                    principal = (Principal) principals2.iterator().next();
                }
            } else {
                principal = (Principal) principals.iterator().next();
            }
            if (principal == null) {
                principal = subject.getPrincipals().iterator().next();
            }
            syncOutput.addHeader("x-vo-authenticated", principal.getName());
            return;
        }
        log.debug("Setting WWW-Authenticate header");
        try {
            URL serviceURL = registryClient.getServiceURL(getLocalServiceURI(Standards.SECURITY_METHOD_PASSWORD), Standards.SECURITY_METHOD_PASSWORD, AuthMethod.ANON);
            StringBuilder sb = new StringBuilder();
            sb.append("ivoa_bearer").append(" standard_id=\"").append(Standards.SECURITY_METHOD_PASSWORD.toString()).append("\", ");
            sb.append("access_url=\"").append(serviceURL).append("\"");
            appendAuthenticateErrorInfo("ivoa_bearer", sb, notAuthenticatedException, false);
            syncOutput.addHeader("WWW-Authenticate", sb.toString());
        } catch (NoSuchElementException e) {
            log.debug("LocalAuthority -- not found: " + Standards.SECURITY_METHOD_PASSWORD, e);
        }
        try {
            URL serviceURL2 = registryClient.getServiceURL(getLocalServiceURI(Standards.SECURITY_METHOD_OPENID), Standards.SECURITY_METHOD_OPENID, AuthMethod.ANON);
            StringBuilder sb2 = new StringBuilder();
            sb2.append("ivoa_bearer").append(" standard_id=\"").append(Standards.SECURITY_METHOD_OPENID.toString()).append("\", ");
            sb2.append("access_url=\"").append(serviceURL2).append("\"");
            appendAuthenticateErrorInfo("ivoa_bearer", sb2, notAuthenticatedException, false);
            syncOutput.addHeader("WWW-Authenticate", sb2.toString());
            StringBuilder sb3 = new StringBuilder();
            sb3.append("Bearer");
            appendAuthenticateErrorInfo("Bearer", sb3, notAuthenticatedException, true);
            syncOutput.addHeader("WWW-Authenticate", sb3.toString());
        } catch (NoSuchElementException e2) {
            log.debug("LocalAuthority -- not found: " + Standards.SECURITY_METHOD_OAUTH, e2);
        }
        try {
            for (Interface r0 : registryClient.getCapabilities(getLocalServiceURI(Standards.CRED_PROXY_10)).findCapability(Standards.CRED_PROXY_10).getInterfaces()) {
                for (URI uri : r0.getSecurityMethods()) {
                    if (uri.equals(Standards.SECURITY_METHOD_HTTP_BASIC) || uri.equals(Standards.SECURITY_METHOD_PASSWORD)) {
                        StringBuilder sb4 = new StringBuilder();
                        sb4.append("ivoa_x509").append(" standard_id=\"").append(uri.toASCIIString()).append("\", ");
                        sb4.append("access_url=\"").append(r0.getAccessURL().getURL()).append("\"");
                        syncOutput.addHeader("WWW-Authenticate", sb4.toString());
                    }
                }
            }
        } catch (NoSuchElementException | ResourceNotFoundException | IOException e3) {
            log.debug("LocalAuthority -- not found: " + Standards.CRED_PROXY_10, e3);
        }
        syncOutput.addHeader("WWW-Authenticate", "ivoa_x509");
    }

    private static void appendAuthenticateErrorInfo(String str, StringBuilder sb, NotAuthenticatedException notAuthenticatedException, boolean z) {
        if (notAuthenticatedException == null || notAuthenticatedException.getChallenge() == null || notAuthenticatedException.getAuthError() == null || !notAuthenticatedException.getChallenge().equalsIgnoreCase(str)) {
            return;
        }
        if (!z) {
            sb.append(",");
        }
        sb.append(" error=\"").append(notAuthenticatedException.getAuthError().getValue()).append("\"");
        if (notAuthenticatedException.getMessage() != null) {
            sb.append(", error_description=\"").append(notAuthenticatedException.getMessage()).append("\"");
        }
    }

    private static URI getLocalServiceURI(URI uri) {
        return new LocalAuthority().getServiceURI(uri.toString());
    }

    static {
        CITEMS.add("init");
        CITEMS.add("head");
        CITEMS.add("get");
        CITEMS.add("post");
        CITEMS.add("put");
        CITEMS.add("delete");
    }
}
