package com.openexchange.tools.webdav;

import com.openexchange.ajax.AJAXUtility;
import com.openexchange.ajax.fields.Header;
import com.openexchange.ajax.fields.LoginFields;
import com.openexchange.authentication.Cookie;
import com.openexchange.authentication.LoginExceptionCodes;
import com.openexchange.exception.Category;
import com.openexchange.exception.OXException;
import com.openexchange.groupware.container.CalendarObject;
import com.openexchange.java.util.UUIDs;
import com.openexchange.log.LogProperties;
import com.openexchange.login.Interface;
import com.openexchange.login.LoginRequest;
import com.openexchange.login.internal.LoginPerformer;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.session.Session;
import com.openexchange.sessiond.SessiondService;
import com.openexchange.tools.servlet.http.Authorization;
import com.openexchange.tools.servlet.http.Cookies;
import com.openexchange.tools.servlet.http.Tools;
import com.openexchange.tools.webdav.digest.DigestUtility;
import com.openexchange.webdav.WebdavExceptionCode;
import com.openexchange.xml.jdom.JDOMParser;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jdom2.Document;
import org.jdom2.JDOMException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/tools/webdav/OXServlet.class */
public abstract class OXServlet extends WebDavServlet {
    private static final long serialVersionUID = 301910346402779362L;
    private static final String basicRealm = "OX WebDAV";
    private static final String digestRealm = "Open-Xchange";
    protected static final String COOKIE_SESSIONID = "sessionid";
    private static final String DIGEST_AUTH = "digest";
    private static final transient Logger LOG = LoggerFactory.getLogger(OXServlet.class);
    private static final String SESSION = OXServlet.class.getName() + "SESSION";
    private static final LoginPerformer loginPerformer = LoginPerformer.getInstance();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/openexchange/tools/webdav/OXServlet$LoginRequestImpl.class */
    public static final class LoginRequestImpl implements LoginRequest {
        private final String login;
        private final HttpServletRequest req;
        private final String userAgent;
        private final String pass;
        private final String client;
        private final Interface interfaze;
        private final String version;

        public LoginRequestImpl(String str, String str2, Interface r7, HttpServletRequest httpServletRequest) {
            this.client = AJAXUtility.sanitizeParam(httpServletRequest.getParameter(LoginFields.CLIENT_PARAM));
            this.version = AJAXUtility.sanitizeParam(httpServletRequest.getParameter("version"));
            this.userAgent = AJAXUtility.sanitizeParam(httpServletRequest.getParameter("agent"));
            this.login = str;
            this.req = httpServletRequest;
            this.pass = str2;
            this.interfaze = r7;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getUserAgent() {
            return null == this.userAgent ? this.req.getHeader(Header.USER_AGENT) : this.userAgent;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getPassword() {
            return this.pass;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getLogin() {
            return this.login;
        }

        @Override // com.openexchange.login.LoginRequest
        public Interface getInterface() {
            return this.interfaze;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getClientIP() {
            return this.req.getRemoteAddr();
        }

        @Override // com.openexchange.login.LoginRequest
        public String getAuthId() {
            return UUIDs.getUnformattedString(UUID.randomUUID());
        }

        @Override // com.openexchange.login.LoginRequest
        public String getClient() {
            return this.client;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getVersion() {
            return this.version;
        }

        @Override // com.openexchange.login.LoginRequest
        public String getHash() {
            return null;
        }

        @Override // com.openexchange.login.LoginRequest
        public Map<String, List<String>> getHeaders() {
            return Tools.copyHeaders(this.req);
        }

        @Override // com.openexchange.login.LoginRequest
        public Cookie[] getCookies() {
            return Tools.getCookieFromHeader(this.req);
        }

        @Override // com.openexchange.login.LoginRequest
        public boolean isSecure() {
            return Tools.considerSecure(this.req);
        }

        @Override // com.openexchange.login.LoginRequest
        public String getServerName() {
            return this.req.getServerName();
        }

        @Override // com.openexchange.login.LoginRequest
        public int getServerPort() {
            return this.req.getServerPort();
        }

        @Override // com.openexchange.login.LoginRequest
        public String getHttpSessionID() {
            return this.req.getSession(true).getId();
        }

        @Override // com.openexchange.login.LoginRequest
        public String getClientToken() {
            return null;
        }

        @Override // com.openexchange.login.LoginRequest
        public boolean isTransient() {
            return OXServlet.isTransient(this.interfaze);
        }
    }

    protected boolean useHttpAuth() {
        return true;
    }

    protected boolean useCookies() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract Interface getInterface();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.tools.webdav.WebDavServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean useCookies = useCookies();
        if (useCookies) {
            httpServletRequest.getSession(true);
        }
        if ("TRACE".equals(httpServletRequest.getMethod()) || !useHttpAuth() || doAuth(httpServletRequest, httpServletResponse, getInterface(), getLoginCustomizer(), useCookies)) {
            try {
                Session session = getSession(httpServletRequest);
                if (session != null) {
                    LogProperties.putSessionProperties(session);
                    LOG.trace("Entering HTTP sub method. Session: {}", session);
                }
                super.service(httpServletRequest, httpServletResponse);
            } catch (IOException e) {
                throw e;
            } catch (ServletException e2) {
                throw e2;
            } catch (Exception e3) {
                LOG.error("", e3);
                throw new ServletException(e3.getMessage(), e3);
            }
        }
    }

    protected LoginCustomizer getLoginCustomizer() {
        return null;
    }

    public static boolean doAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Interface r7) throws IOException {
        return doAuth(httpServletRequest, httpServletResponse, r7, null);
    }

    public static boolean doAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Interface r8, LoginCustomizer loginCustomizer) throws IOException {
        return doAuth(httpServletRequest, httpServletResponse, r8, loginCustomizer, true);
    }

    public static boolean doAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Interface r9, LoginCustomizer loginCustomizer, boolean z) throws IOException {
        Session session = null;
        if (z) {
            try {
                session = findSessionByCookie(httpServletRequest, httpServletResponse);
            } catch (OXException e) {
                LOG.error("", e);
                httpServletResponse.sendError(500, e.getMessage());
                return false;
            }
        }
        if (null == session) {
            try {
                LoginRequest parseLogin = parseLogin(httpServletRequest, r9);
                if (loginCustomizer != null) {
                    parseLogin = loginCustomizer.modifyLogin(parseLogin);
                }
                try {
                    if (false == z) {
                        session = WebDAVSessionStore.getInstance().getSession(parseLogin);
                    } else {
                        session = addSession(parseLogin, new HashMap(1));
                        httpServletResponse.addCookie(new javax.servlet.http.Cookie(COOKIE_SESSIONID, session.getSessionID()));
                    }
                } catch (OXException e2) {
                    if (e2.getCategory() == Category.CATEGORY_USER_INPUT) {
                        addUnauthorizedHeader(httpServletRequest, httpServletResponse);
                        httpServletResponse.sendError(CalendarObject.FULL_TIME, "Authorization Required!");
                        return false;
                    }
                    if (LoginExceptionCodes.AUTHENTICATION_DISABLED.equals(e2)) {
                        httpServletResponse.sendError(403);
                        return false;
                    }
                    LOG.error("", e2);
                    httpServletResponse.sendError(500, e2.getMessage());
                    return false;
                }
            } catch (OXException e3) {
                LOG.debug("", e3);
                addUnauthorizedHeader(httpServletRequest, httpServletResponse);
                httpServletResponse.sendError(CalendarObject.FULL_TIME, "Authorization Required!");
                return false;
            }
        } else {
            String remoteAddr = httpServletRequest.getRemoteAddr();
            if (null == remoteAddr || !remoteAddr.equals(session.getLocalIp())) {
                LOG.info("Request to server denied for session: {}. in WebDAV XML interface. Client login IP changed from {} to {}{}", new Object[]{session.getSessionID(), session.getLocalIp(), remoteAddr, '.'});
                addUnauthorizedHeader(httpServletRequest, httpServletResponse);
                removeSession(session.getSessionID());
                removeCookie(httpServletRequest, httpServletResponse, COOKIE_SESSIONID);
                httpServletResponse.sendError(CalendarObject.FULL_TIME, "Authorization Required!");
                return false;
            }
        }
        httpServletRequest.setAttribute(SESSION, session);
        return true;
    }

    private static void removeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String... strArr) {
        Map<String, javax.servlet.http.Cookie> cookieMapFor = Cookies.cookieMapFor(httpServletRequest);
        if (cookieMapFor == null) {
            return;
        }
        for (String str : Arrays.asList(strArr)) {
            javax.servlet.http.Cookie cookie = cookieMapFor.get(str);
            if (null != cookie) {
                javax.servlet.http.Cookie cookie2 = new javax.servlet.http.Cookie(str, cookie.getValue());
                cookie2.setPath("/");
                cookie2.setMaxAge(0);
                httpServletResponse.addCookie(cookie2);
            }
        }
    }

    private static void removeSession(String str) {
        try {
            ((SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class, true)).removeSession(str);
        } catch (OXException e) {
        }
    }

    private static boolean checkForDigestAuthorization(String str) {
        return null != str && str.length() > DIGEST_AUTH.length() && str.substring(0, DIGEST_AUTH.length()).equalsIgnoreCase(DIGEST_AUTH);
    }

    protected static void addUnauthorizedHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        StringBuilder sb = new StringBuilder(64);
        sb.append("Basic realm=\"").append(basicRealm).append("\", encoding=\"UTF-8\"");
        httpServletResponse.setHeader("WWW-Authenticate", sb.toString());
        sb.setLength(0);
        sb.append("Digest realm=\"").append(digestRealm).append('\"').append(", ");
        sb.append("qop=\"auth,auth-int\"").append(", ");
        sb.append("nonce=\"").append(DigestUtility.getInstance().generateNOnce(httpServletRequest)).append('\"').append(", ");
        sb.append("opaque=\"").append(UUIDs.getUnformattedString(UUID.randomUUID())).append('\"').append(", ");
        sb.append("stale=\"false\"").append(", ");
        sb.append("algorithm=\"MD5\"");
    }

    private static LoginRequest parseLogin(HttpServletRequest httpServletRequest, Interface r8) throws OXException {
        String header = httpServletRequest.getHeader(Header.AUTH_HEADER);
        if (null == header) {
            LOG.debug("Authorization header missing.");
            throw WebdavExceptionCode.MISSING_HEADER_FIELD.create("Authorization");
        }
        if (Authorization.checkForBasicAuthorization(header)) {
            Authorization.Credentials decode = Authorization.decode(header);
            if (Authorization.checkLogin(decode.getPassword())) {
                return new LoginRequestImpl(decode.getLogin(), decode.getPassword(), r8, httpServletRequest);
            }
            throw WebdavExceptionCode.EMPTY_PASSWORD.create();
        }
        if (!checkForDigestAuthorization(header)) {
            int indexOf = header.indexOf(32);
            String substring = indexOf > 0 ? header.substring(0, indexOf) : header;
            LOG.debug("Unsupported Authentication header.");
            throw WebdavExceptionCode.UNSUPPORTED_AUTH_MECH.create(substring);
        }
        DigestUtility digestUtility = DigestUtility.getInstance();
        com.openexchange.tools.webdav.digest.Authorization parseDigestAuthorization = digestUtility.parseDigestAuthorization(header);
        String user = parseDigestAuthorization.getUser();
        String passwordByUserName = digestUtility.getPasswordByUserName(user);
        if (!Authorization.checkLogin(passwordByUserName)) {
            throw WebdavExceptionCode.UNSUPPORTED_AUTH_MECH.create("Digest");
        }
        if (digestUtility.generateServerDigest(httpServletRequest, passwordByUserName).equals(parseDigestAuthorization.getResponse())) {
            return new LoginRequestImpl(user, passwordByUserName, r8, httpServletRequest);
        }
        throw WebdavExceptionCode.AUTH_FAILED.create(user);
    }

    private static Session addSession(LoginRequest loginRequest, Map<String, Object> map) throws OXException {
        return loginPerformer.doLogin(loginRequest, map).getSession();
    }

    private static Session findSessionByCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException {
        javax.servlet.http.Cookie cookie;
        Map<String, javax.servlet.http.Cookie> cookieMapFor = Cookies.cookieMapFor(httpServletRequest);
        String str = null;
        if (null != cookieMapFor && null != (cookie = cookieMapFor.get(COOKIE_SESSIONID))) {
            str = cookie.getValue();
        }
        if (null == str) {
            return null;
        }
        Session session = ((SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class, true)).getSession(str);
        if (null == session && httpServletResponse != null) {
            javax.servlet.http.Cookie cookie2 = new javax.servlet.http.Cookie(COOKIE_SESSIONID, str);
            cookie2.setMaxAge(0);
            httpServletResponse.addCookie(cookie2);
        }
        return session;
    }

    public static Session getSession(HttpServletRequest httpServletRequest) {
        Session session = (Session) httpServletRequest.getAttribute(SESSION);
        if (null == session) {
            LOG.error("Somebody gets a null session.");
        }
        return session;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Document getJDOMDocument(HttpServletRequest httpServletRequest) throws JDOMException, IOException {
        Document document = null;
        if (httpServletRequest.getContentLength() > 0) {
            document = ((JDOMParser) ServerServiceRegistry.getInstance().getService(JDOMParser.class)).parse(httpServletRequest.getInputStream());
        }
        return document;
    }

    protected static boolean isTransient(Interface r3) {
        switch (r3) {
            case CALDAV:
            case CARDDAV:
            case WEBDAV_INFOSTORE:
            case WEBDAV_ICAL:
            case WEBDAV_VCARD:
            case OUTLOOK_UPDATER:
                return true;
            default:
                return false;
        }
    }
}
