package org.sakaiproject.lessonbuildertool.service;

import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.cookie.CookieSpec;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.SecurityAdvisor;
import org.sakaiproject.authz.api.SecurityService;
import org.sakaiproject.component.cover.ServerConfigurationService;
import org.sakaiproject.content.api.ContentCollection;
import org.sakaiproject.content.api.ContentEntity;
import org.sakaiproject.content.api.ContentHostingService;
import org.sakaiproject.content.api.ContentResource;
import org.sakaiproject.entity.api.HttpAccess;
import org.sakaiproject.event.api.EventTrackingService;
import org.sakaiproject.exception.ServerOverloadException;
import org.sakaiproject.lessonbuildertool.LessonBuilderAccessAPI;
import org.sakaiproject.lessonbuildertool.SimplePageProperty;
import org.sakaiproject.lessonbuildertool.model.SimplePageToolDao;
import org.sakaiproject.memory.api.Cache;
import org.sakaiproject.memory.api.MemoryService;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.time.api.Time;
import org.sakaiproject.time.cover.TimeService;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.tool.api.ToolManager;
import org.springframework.web.servlet.tags.MessageTag;
import uk.org.ponder.messageutil.MessageLocator;
import uk.org.ponder.rsf.templateresolver.support.CRITemplateResolverStrategy;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/lessonbuildertool/service/LessonBuilderAccessService.class */
public class LessonBuilderAccessService {
    public static final String ATTR_SESSION = "sakai.session";
    public MessageLocator messageLocator;
    private ToolManager toolManager;
    private SiteService siteService;
    protected static final long MAX_URL_LENGTH = 8192;
    protected static final int STREAM_BUFFER_SIZE = 102400;
    public static final String INLINEHTML = "lessonbuilder.inlinehtml";
    protected static final String MIME_SEPARATOR = "SAKAI_MIME_BOUNDARY";
    protected static final int DEFAULT_EXPIRATION = 600;
    private static Log M_log = LogFactory.getLog(LessonBuilderAccessService.class);
    static MemoryService memoryService = null;
    private static Cache accessCache = null;
    LessonBuilderAccessAPI lessonBuilderAccessAPI = null;
    SimplePageToolDao simplePageToolDao = null;
    SecurityService securityService = null;
    ContentHostingService contentHostingService = null;
    EventTrackingService eventTrackingService = null;
    SessionManager sessionManager = null;
    LessonEntity forumEntity = null;
    LessonEntity quizEntity = null;
    LessonEntity assignmentEntity = null;
    LessonEntity bltiEntity = null;
    private GradebookIfc gradebookIfc = null;
    private boolean inlineHtml = ServerConfigurationService.getBoolean(INLINEHTML, true);
    private SecretKey sessionKey = null;
    SecurityAdvisor allowReadAdvisor = new SecurityAdvisor() { // from class: org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.1
        public SecurityAdvisor.SecurityAdvice isAllowed(String str, String str2, String str3) {
            return ("content.read".equals(str2) || "content.hidden".equals(str2)) ? SecurityAdvisor.SecurityAdvice.ALLOWED : SecurityAdvisor.SecurityAdvice.PASS;
        }
    };

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/classes/org/sakaiproject/lessonbuildertool/service/LessonBuilderAccessService$Range.class */
    public class Range {
        public long start;
        public long end;
        public long length;

        protected Range() {
        }

        public boolean validate() {
            if (this.end >= this.length) {
                this.end = this.length - 1;
            }
            return this.start >= 0 && this.end >= 0 && this.start <= this.end && this.length > 0;
        }

        public void recycle() {
            this.start = 0L;
            this.end = 0L;
            this.length = 0L;
        }
    }

    public void setLessonBuilderAccessAPI(LessonBuilderAccessAPI lessonBuilderAccessAPI) {
        this.lessonBuilderAccessAPI = lessonBuilderAccessAPI;
    }

    public void setSimplePageToolDao(SimplePageToolDao simplePageToolDao) {
        this.simplePageToolDao = simplePageToolDao;
    }

    public void setSecurityService(SecurityService securityService) {
        this.securityService = securityService;
    }

    public void setContentHostingService(ContentHostingService contentHostingService) {
        this.contentHostingService = contentHostingService;
    }

    public void setEventTrackingService(EventTrackingService eventTrackingService) {
        this.eventTrackingService = eventTrackingService;
    }

    public void setSessionManager(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
    }

    public void setMessageLocator(MessageLocator messageLocator) {
        this.messageLocator = messageLocator;
    }

    public void setToolManager(ToolManager toolManager) {
        this.toolManager = toolManager;
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void setForumEntity(Object obj) {
        this.forumEntity = (LessonEntity) obj;
    }

    public void setQuizEntity(Object obj) {
        this.quizEntity = (LessonEntity) obj;
    }

    public void setAssignmentEntity(Object obj) {
        this.assignmentEntity = (LessonEntity) obj;
    }

    public void setBltiEntity(Object obj) {
        this.bltiEntity = (LessonEntity) obj;
    }

    public void setMemoryService(MemoryService memoryService2) {
        memoryService = memoryService2;
    }

    public void setGradebookIfc(GradebookIfc gradebookIfc) {
        this.gradebookIfc = gradebookIfc;
    }

    public SecretKey getSessionKey() {
        return this.sessionKey;
    }

    public void init() {
        this.lessonBuilderAccessAPI.setHttpAccess(getHttpAccess());
        accessCache = memoryService.newCache("org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.cache");
        SimplePageProperty findProperty = this.simplePageToolDao.findProperty("accessCryptoKey");
        if (findProperty == null) {
            try {
                this.sessionKey = KeyGenerator.getInstance("Blowfish").generateKey();
                findProperty = this.simplePageToolDao.makeProperty("accessCryptoKey", DatatypeConverter.printHexBinary(((SecretKeySpec) this.sessionKey).getEncoded()));
                this.simplePageToolDao.quickSaveItem(findProperty);
            } catch (Exception e) {
                System.out.println("unable to init cipher for session " + e);
                this.simplePageToolDao.flush();
                findProperty = this.simplePageToolDao.findProperty("accessCryptoKey");
            }
        }
        if (findProperty != null) {
            this.sessionKey = new SecretKeySpec(DatatypeConverter.parseHexBinary(findProperty.getValue()), "Blowfish");
        }
    }

    public void destroy() {
        accessCache.destroy();
        accessCache = null;
    }

    public HttpAccess getHttpAccess() {
        return new HttpAccess() { // from class: org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.2
            /* JADX WARN: Code restructure failed: missing block: B:128:0x0616, code lost:
            
                if (r38 != null) goto L146;
             */
            /*
                Code decompiled incorrectly, please refer to instructions dump.
                To view partially-correct add '--show-bad-code' argument
            */
            public void handleAccess(javax.servlet.http.HttpServletRequest r11, javax.servlet.http.HttpServletResponse r12, org.sakaiproject.entity.api.Reference r13, java.util.Collection r14) throws org.sakaiproject.entity.api.EntityPermissionException, org.sakaiproject.entity.api.EntityNotDefinedException, org.sakaiproject.entity.api.EntityAccessOverloadException, org.sakaiproject.entity.api.EntityCopyrightException {
                /*
                    Method dump skipped, instructions count: 2639
                    To view this dump add '--comments-level debug' option
                */
                throw new UnsupportedOperationException("Method not decompiled: org.sakaiproject.lessonbuildertool.service.LessonBuilderAccessService.AnonymousClass2.handleAccess(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.sakaiproject.entity.api.Reference, java.util.Collection):void");
            }
        };
    }

    protected ArrayList<Range> parseRange(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws IOException {
        String header;
        if (j == 0 || (header = httpServletRequest.getHeader("Range")) == null) {
            return null;
        }
        if (!header.startsWith("bytes")) {
            httpServletResponse.addHeader("Content-Range", "bytes */" + j);
            httpServletResponse.sendError(HttpStatus.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
            return null;
        }
        String substring = header.substring(6);
        ArrayList<Range> arrayList = new ArrayList<>();
        StringTokenizer stringTokenizer = new StringTokenizer(substring, MessageTag.DEFAULT_ARGUMENT_SEPARATOR);
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            Range range = new Range();
            range.length = j;
            int indexOf = trim.indexOf(45);
            if (indexOf == -1) {
                httpServletResponse.addHeader("Content-Range", "bytes */" + j);
                httpServletResponse.sendError(HttpStatus.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
                return null;
            }
            if (indexOf == 0) {
                try {
                    range.start = j + Long.parseLong(trim);
                    range.end = j - 1;
                } catch (NumberFormatException e) {
                    httpServletResponse.addHeader("Content-Range", "bytes */" + j);
                    httpServletResponse.sendError(HttpStatus.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
                    return null;
                }
            } else {
                try {
                    range.start = Long.parseLong(trim.substring(0, indexOf));
                    if (indexOf < trim.length() - 1) {
                        range.end = Long.parseLong(trim.substring(indexOf + 1, trim.length()));
                    } else {
                        range.end = j - 1;
                    }
                } catch (NumberFormatException e2) {
                    httpServletResponse.addHeader("Content-Range", "bytes */" + j);
                    httpServletResponse.sendError(HttpStatus.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
                    return null;
                }
            }
            if (!range.validate()) {
                httpServletResponse.addHeader("Content-Range", "bytes */" + j);
                httpServletResponse.sendError(HttpStatus.SC_REQUESTED_RANGE_NOT_SATISFIABLE);
                return null;
            }
            arrayList.add(range);
        }
        return arrayList;
    }

    protected IOException copyRange(InputStream inputStream, OutputStream outputStream, long j, long j2) {
        try {
            inputStream.skip(j);
            IOException iOException = null;
            long j3 = (j2 - j) + 1;
            byte[] bArr = new byte[STREAM_BUFFER_SIZE];
            int length = bArr.length;
            while (j3 > 0 && length >= bArr.length) {
                try {
                    length = inputStream.read(bArr);
                    if (j3 >= length) {
                        outputStream.write(bArr, 0, length);
                        j3 -= length;
                    } else {
                        outputStream.write(bArr, 0, (int) j3);
                        j3 = 0;
                    }
                } catch (IOException e) {
                    iOException = e;
                    length = -1;
                }
                if (length < bArr.length) {
                    break;
                }
            }
            return iOException;
        } catch (IOException e2) {
            return e2;
        }
    }

    protected void copyRanges(ContentResource contentResource, OutputStream outputStream, Iterator it, String str) throws IOException {
        IOException iOException = null;
        while (iOException == null && it.hasNext()) {
            Range range = (Range) it.next();
            IOUtils.write("\r\n--SAKAI_MIME_BOUNDARY\r\n", outputStream);
            if (str != null) {
                IOUtils.write("Content-Type: " + str + "\r\n", outputStream);
            }
            IOUtils.write("Content-Range: bytes " + range.start + CRITemplateResolverStrategy.CONSUMERTYPE_SEPARATOR + range.end + CookieSpec.PATH_DELIM + range.length + "\r\n", outputStream);
            IOUtils.write("\r\n", outputStream);
            InputStream inputStream = null;
            try {
                inputStream = contentResource.streamContent();
            } catch (ServerOverloadException e) {
                new IOException("ServerOverloadException reported getting inputstream");
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream, STREAM_BUFFER_SIZE);
            iOException = copyRange(bufferedInputStream, outputStream, range.start, range.end);
            try {
                bufferedInputStream.close();
            } catch (IOException e2) {
            }
        }
        IOUtils.write("\r\n--SAKAI_MIME_BOUNDARY--\r\n", outputStream);
        if (iOException != null) {
            throw iOException;
        }
    }

    public boolean allowGetResource(String str, String str2) {
        return unlockCheck("content.read", str, str2);
    }

    public String getReference(String str) {
        return "/content" + str;
    }

    protected boolean unlockCheck(String str, String str2, String str3) {
        boolean isSuperUser = this.securityService.isSuperUser();
        if (!isSuperUser) {
            String str4 = null;
            if (str2 != null) {
                str4 = getReference(str2);
            }
            isSuperUser = str4 != null && this.securityService.unlock(str, str4);
            if (isSuperUser) {
                if (canWritePage(str3) && str2.startsWith("/group/" + str3)) {
                    return true;
                }
                boolean z = false;
                try {
                    this.securityService.pushAdvisor(this.allowReadAdvisor);
                    isSuperUser = isAvailable(this.contentHostingService.getResource(str2));
                    this.securityService.popAdvisor();
                    z = false;
                    if (0 != 0) {
                        this.securityService.popAdvisor();
                    }
                } catch (Exception e) {
                    isSuperUser = false;
                    if (z) {
                        this.securityService.popAdvisor();
                    }
                } catch (Throwable th) {
                    if (z) {
                        this.securityService.popAdvisor();
                    }
                    throw th;
                }
            }
        }
        return isSuperUser;
    }

    protected boolean isAvailable(ContentEntity contentEntity) {
        Time newTime = TimeService.newTime();
        Time releaseDate = contentEntity.getReleaseDate();
        if (releaseDate != null && !releaseDate.before(newTime)) {
            return false;
        }
        Time retractDate = contentEntity.getRetractDate();
        if (retractDate != null && !retractDate.after(newTime)) {
            return false;
        }
        ContentCollection containingCollection = contentEntity.getContainingCollection();
        if (containingCollection != null) {
            return isAvailable(containingCollection);
        }
        return true;
    }

    public boolean canReadPage(String str) {
        return this.securityService.unlock("lessonbuilder.read", "/site/" + str);
    }

    public boolean canWritePage(String str) {
        return this.securityService.unlock("lessonbuilder.upd", "/site/" + str);
    }
}
