package com.ibm.btools.collaboration.server.servlets;

import com.ibm.btools.collaboration.server.PubServerApp;
import com.ibm.btools.collaboration.server.actionHandler.ActionHandlerFactory;
import com.ibm.btools.collaboration.server.exception.ActionHandlerException;
import com.ibm.btools.collaboration.server.model.util.Actions;
import com.ibm.btools.collaboration.server.publish.svggen.calendar.TimeStringConverter;
import com.ibm.btools.collaboration.server.resource.Messages;
import com.ibm.btools.collaboration.server.resource.PEMessageKeys;
import com.ibm.btools.collaboration.server.security.UserRegistryManager;
import com.ibm.btools.collaboration.server.transaction.TransactionHandle;
import com.ibm.btools.collaboration.server.transaction.TransactionManager;
import com.ibm.btools.collaboration.server.util.FileUploadUtil;
import com.ibm.btools.collaboration.server.util.PredefConstants;
import com.ibm.btools.collaboration.server.util.SessionSecurityCacheData;
import com.ibm.btools.collaboration.server.util.SpaceDelegator;
import java.io.File;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.servlet.ServletFileUpload;

/* loaded from: input_file:WBMPubServerCore.jar:com/ibm/btools/collaboration/server/servlets/ControllerServlet.class */
public class ControllerServlet extends HttpServlet {
    private static final long serialVersionUID = 1258197258281099595L;
    public static final String copyright = "Licensed Material - Property of IBM  5724-M22, 5724-M23 (C) Copyright IBM Corporation 2008. All Rights Reserved. U.S. Government Users Restricted Rights - Use, duplication or disclosure " + "restricted by GSA ADP Schedule Contract with IBM Corp.".intern();
    private static final String CLASSNAME = ControllerServlet.class.getName();
    private static final Logger logger = Logger.getLogger(CLASSNAME);

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        Map handleRequest;
        String str;
        String name;
        String str2;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "service");
        }
        int i = 0;
        TransactionHandle transactionHandle = null;
        try {
            try {
                try {
                    handleRequest = handleRequest(httpServletRequest);
                    handleRequest.put(PredefConstants.SERVLET_REQUEST_OBJECT, httpServletRequest);
                    handleRequest.put(PredefConstants.SERVLET_RESPONSE_OBJECT, httpServletResponse);
                    handleRequest.put(PredefConstants.ICON_PATH, getServletContext().getRealPath("icons"));
                    str = "";
                    if (handleRequest.get(PredefConstants.ACTION_TYPE) instanceof String) {
                        str = (String) handleRequest.get(PredefConstants.ACTION_TYPE);
                    } else if (handleRequest.get(PredefConstants.ACTION_TYPE) instanceof String[]) {
                        str = ((String[]) handleRequest.get(PredefConstants.ACTION_TYPE))[0];
                    }
                    cleanupCache(httpServletRequest);
                    name = httpServletRequest.getUserPrincipal().getName();
                    str2 = (String) httpServletRequest.getSession().getAttribute("userID");
                    if (str2 == null) {
                        httpServletRequest.getSession().setAttribute(PredefConstants.AUTHOR, name);
                        str2 = UserRegistryManager.getManager().getUniqueUserId(name, true);
                        if (str2 != null) {
                            httpServletRequest.getSession().setAttribute("userID", str2);
                        }
                    }
                    String pubServerURL = getPubServerURL(httpServletRequest, httpServletResponse, handleRequest);
                    httpServletRequest.setAttribute(PredefConstants.PUB_SERVER_URL, pubServerURL);
                    httpServletRequest.setAttribute(PredefConstants.PUB_SERVER_CONTEXT_PATH, String.valueOf(pubServerURL) + httpServletRequest.getContextPath());
                } catch (ActionHandlerException e) {
                    if (logger.isLoggable(Level.SEVERE)) {
                        logger.logp(Level.SEVERE, CLASSNAME, "service", "userName=  ActionHandlerException: actionType=0 error message: " + e.getMessage());
                    }
                    e.printStackTrace();
                }
            } catch (Throwable th) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.logp(Level.SEVERE, CLASSNAME, "service", "userName=  Throwable: actionType=0 error message: " + th.getMessage());
                }
                th.printStackTrace();
            }
            if ("GetJSP".equalsIgnoreCase(str)) {
                String str3 = (String) handleRequest.get("JSPFile");
                String str4 = (String) handleRequest.get("isSpaceOwner");
                if (isAdminPage(str3) && !PredefConstants.TRUE.equals(str4)) {
                    String str5 = (String) handleRequest.get("spaceID");
                    if (!(str2 != null ? SpaceDelegator.isSpaceDelegatorDNName(str2, str5) : SpaceDelegator.isSpaceDelegator(name, str5))) {
                        str3 = "ACLError.jsp";
                    }
                }
                Iterator it = handleRequest.keySet().iterator();
                while (it.hasNext()) {
                    String obj = it.next().toString();
                    httpServletRequest.setAttribute(obj, handleRequest.get(obj));
                }
                httpServletRequest.setAttribute("isSpaceOwner", str4);
                getServletContext().getRequestDispatcher("/jsp/" + str3).forward(httpServletRequest, httpServletResponse);
                if (0 != 0) {
                    TransactionManager.rollback(null);
                    return;
                }
                return;
            }
            if (str.equalsIgnoreCase(Actions.CLEAN_DATABASE_REQUEST_TXT)) {
                str = "902";
            }
            try {
                i = Integer.parseInt(str);
                permissionCheckForAdmins(httpServletRequest, i);
                long currentTimeMillis = System.currentTimeMillis();
                if (runInTransaction(i)) {
                    transactionHandle = TransactionManager.begin();
                }
                ActionHandlerFactory.getInstance().getHandler(i).handle(handleRequest);
                if (runInTransaction(i)) {
                    TransactionManager.commit(transactionHandle);
                }
                transactionHandle = null;
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                if (logger.isLoggable(Level.FINEST)) {
                    logger.logp(Level.FINEST, CLASSNAME, "service", "userName=" + name + "  actionType " + i + " spent " + currentTimeMillis2);
                }
                if (transactionHandle != null) {
                    TransactionManager.rollback(transactionHandle);
                }
                if (logger.isLoggable(Level.FINER)) {
                    logger.exiting(CLASSNAME, "service", "actionType=" + i);
                }
            } catch (NumberFormatException e2) {
                throw new ActionHandlerException("Invalid or nonexistent ActionHandler id: " + str, e2);
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                TransactionManager.rollback(null);
            }
            throw th2;
        }
    }

    private boolean isAdminPage(String str) {
        String str2 = str == null ? "" : str;
        return str2.contains("adminACLViewContent.jsp") || str2.contains("adminDraftViewContent.jsp") || str2.contains("adminReleasedViewContent.jsp") || str2.contains("adminJobStatusViewContent.jsp");
    }

    protected String getPubServerURL(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) {
        String str;
        String str2 = (String) map.get(PredefConstants.PROXY_URL);
        if (str2 == null || str2.trim().length() == 0) {
            str = (String) httpServletRequest.getSession().getAttribute(PredefConstants.PUB_SERVER_URL);
            if (str == null) {
                str = String.valueOf(getProxyPathFromCookie(httpServletRequest)) + buildPubServerURL(httpServletRequest);
                httpServletRequest.getSession().setAttribute(PredefConstants.PUB_SERVER_URL, str);
            }
        } else {
            str = String.valueOf(str2) + buildPubServerURL(httpServletRequest);
            httpServletRequest.getSession().setAttribute(PredefConstants.PUB_SERVER_URL, str);
            setProxyPathToCookie(httpServletResponse, str2);
        }
        return str;
    }

    private String buildPubServerURL(HttpServletRequest httpServletRequest) {
        return String.valueOf(httpServletRequest.getScheme()) + "://" + httpServletRequest.getServerName() + TimeStringConverter.TIME_SEPARATOR + httpServletRequest.getServerPort();
    }

    private Map handleRequest(HttpServletRequest httpServletRequest) throws Exception {
        return ServletFileUpload.isMultipartContent(httpServletRequest) ? FileUploadUtil.processFileUploadRequest(httpServletRequest) : getMapData(httpServletRequest);
    }

    private Map getMapData(HttpServletRequest httpServletRequest) {
        Map parameterMap = httpServletRequest.getParameterMap();
        HashMap hashMap = new HashMap();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            Object nextElement = parameterNames.nextElement();
            if (((String[]) parameterMap.get(nextElement)).length > 1) {
                hashMap.put(nextElement, (String[]) parameterMap.get(nextElement));
            } else {
                hashMap.put(nextElement, ((String[]) parameterMap.get(nextElement))[0]);
            }
        }
        return hashMap;
    }

    public void init() throws ServletException {
        logger.logp(Level.INFO, CLASSNAME, "init", "entering");
        PubServerApp.init(getServletContext().getRealPath(File.separator), getServletContext());
        super.init();
        logger.logp(Level.INFO, CLASSNAME, "init", "exiting");
    }

    public void destroy() {
        logger.logp(Level.INFO, CLASSNAME, "destroy", "entering");
        PubServerApp.shutdown();
        super.destroy();
        logger.logp(Level.INFO, CLASSNAME, "destroy", "exiting");
    }

    private void permissionCheckForAdmins(HttpServletRequest httpServletRequest, int i) throws ActionHandlerException {
        boolean z;
        if (logger.isLoggable(Level.FINER)) {
            logger.entering(CLASSNAME, "permissionCheckForAdmins");
        }
        if (isAdminHandler(i)) {
            String str = "";
            if (httpServletRequest.getUserPrincipal() != null) {
                str = httpServletRequest.getUserPrincipal().getName();
            } else {
                logger.logp(Level.INFO, CLASSNAME, "permissionCheckForAdmins", "Can't retrieve user principal");
            }
            String parameter = httpServletRequest.getParameter(PredefConstants.SPACE_UUID);
            if (parameter.equals(PredefConstants.DEFAULT_SPACE_UUID)) {
                z = httpServletRequest.isUserInRole("Administrators");
            } else {
                if (logger.isLoggable(Level.FINE)) {
                    logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", " check isOwnerOrSuperUser userName : " + str + " space: " + parameter);
                }
                if (SpaceDelegator.isSpaceOwnerOrSuperUser(httpServletRequest)) {
                    z = true;
                } else {
                    if (logger.isLoggable(Level.FINE)) {
                        logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", " not isOwnerOrSuperUser, check pub server ACL -- userName : " + str + " space: " + parameter);
                    }
                    Throwable session = httpServletRequest.getSession();
                    Throwable th = session;
                    synchronized (th) {
                        SessionSecurityCacheData sessionSecurityCacheData = (SessionSecurityCacheData) httpServletRequest.getSession().getAttribute("spaceUUID_" + parameter);
                        th = th;
                        if (sessionSecurityCacheData == null) {
                            sessionSecurityCacheData = new SessionSecurityCacheData();
                        }
                        if (System.currentTimeMillis() - sessionSecurityCacheData.getLastTimeForPubACLChk() <= SessionSecurityCacheData.VALID_DURATION) {
                            z = sessionSecurityCacheData.isPubServerAdmin();
                            if (logger.isLoggable(Level.FINE)) {
                                logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", " cache valid: use cache for pub server ACL --- isAdmin:" + z + "  userName : " + str + " space: " + parameter);
                            }
                        } else {
                            if (logger.isLoggable(Level.FINE)) {
                                logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", "calling SpaceDelegator.isSpaceDelegatorDNName or SpaceDelegator.isSpaceDelegator -- userName : " + str + " space: " + parameter);
                            }
                            String parameter2 = httpServletRequest.getParameter(PredefConstants.SPACE_UUID);
                            String str2 = (String) httpServletRequest.getSession().getAttribute("userID");
                            z = str2 != null ? SpaceDelegator.isSpaceDelegatorDNName(str2, parameter2) : SpaceDelegator.isSpaceDelegator(str, parameter2);
                            if (logger.isLoggable(Level.FINE)) {
                                logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", " pub server ACL check return isAdmin: " + z + " userName : " + str + " space: " + parameter);
                            }
                            sessionSecurityCacheData.setLastTimeForPubACLChk(System.currentTimeMillis());
                            sessionSecurityCacheData.setPubServerAdmin(z);
                            Throwable th2 = session;
                            synchronized (th2) {
                                session.setAttribute("spaceUUID_" + parameter, sessionSecurityCacheData);
                                th2 = th2;
                            }
                        }
                    }
                }
            }
            if (logger.isLoggable(Level.FINE)) {
                logger.logp(Level.FINE, CLASSNAME, "permissionCheckForAdmins", String.valueOf(str) + " has Administrators role: " + z);
            }
            if (!z) {
                String message = Messages.getMessage(PEMessageKeys.E_NO_PERMISSION_FOR_ADMIN_RESOURCE, new Object[]{str});
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.logp(Level.SEVERE, CLASSNAME, "permissionCheckForAdmins", message);
                }
                throw new ActionHandlerException(message);
            }
        }
        if (logger.isLoggable(Level.FINER)) {
            logger.exiting(CLASSNAME, "permissionCheckForAdmins");
        }
    }

    private boolean isAdminHandler(int i) {
        return i == 29 || i == 1000 || i == 1001 || i == 1002 || i == 1004 || i == 1005 || i == 1003 || i == 27 || i == 35 || i == 28 || i == 101;
    }

    private String getProxyPathFromCookie(HttpServletRequest httpServletRequest) {
        String str = "";
        String str2 = null;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (PredefConstants.PROXY_URL.equals(cookies[i].getName())) {
                    str2 = cookies[i].getValue();
                    break;
                }
                i++;
            }
        }
        if (str2 != null) {
            try {
                str = URLDecoder.decode(str2, "UTF-8");
            } catch (Exception unused) {
                str = "";
            }
        }
        return str;
    }

    private void setProxyPathToCookie(HttpServletResponse httpServletResponse, String str) {
        try {
            Cookie cookie = new Cookie(PredefConstants.PROXY_URL, URLEncoder.encode(str, "UTF-8"));
            cookie.setMaxAge(-1);
            httpServletResponse.addCookie(cookie);
        } catch (Exception unused) {
        }
    }

    private void cleanupCache(HttpServletRequest httpServletRequest) {
        String name = httpServletRequest.getUserPrincipal().getName();
        String str = (String) httpServletRequest.getSession().getAttribute(PredefConstants.AUTHOR);
        if (str == null || name == null || str.equals(name)) {
            return;
        }
        httpServletRequest.getSession().removeAttribute(PredefConstants.AUTHOR);
        httpServletRequest.getSession().removeAttribute("userID");
        Enumeration attributeNames = httpServletRequest.getSession().getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            String str2 = (String) attributeNames.nextElement();
            if (str2.startsWith(PredefConstants.CLIENT_DATA) || str2.startsWith("GC_") || str2.startsWith("spaceUUID_")) {
                httpServletRequest.getSession().removeAttribute(str2);
            }
        }
    }

    private boolean runInTransaction(int i) {
        return (i == 29 || i == 28 || i == 27) ? false : true;
    }
}
