package org.deegree.services.controller.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.apache.axiom.attachments.IncomingAttachmentInputStream;
import org.apache.axiom.soap.SOAP12Constants;
import org.deegree.commons.utils.io.LoggingInputStream;
import org.deegree.commons.utils.kvp.KVPUtils;
import org.deegree.commons.utils.net.HttpUtils;
import org.deegree.commons.xml.stax.XMLInputFactoryUtils;
import org.deegree.services.controller.Credentials;
import org.deegree.services.controller.CredentialsProvider;
import org.deegree.services.controller.OGCFrontController;
import org.deegree.services.controller.OwsGlobalConfigLoader;
import org.deegree.services.controller.RequestLogger;
import org.deegree.workspace.ResourceInitException;
import org.deegree.workspace.Workspace;
import org.deegree.workspace.standard.DefaultWorkspace;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/deegree-services-commons-3.5.5.jar:org/deegree/services/controller/security/SecureProxy.class */
public class SecureProxy extends HttpServlet {
    static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecureProxy.class);
    private static final long serialVersionUID = 6154340524804958669L;
    transient String proxiedUrl;
    private transient CredentialsProvider credentialsProvider;
    transient XMLInputFactory inFac = XMLInputFactoryUtils.newSafeInstance();
    transient XMLOutputFactory outFac = XMLOutputFactory.newInstance();
    private transient SecurityConfiguration securityConfiguration;
    private transient Workspace workspace;
    private transient RequestLogger requestLogger;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            this.workspace = new DefaultWorkspace(new File(OGCFrontController.resolveFileLocation("WEB-INF/conf", getServletContext()).toURI()));
            Enumeration initParameterNames = servletConfig.getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                if (str.equalsIgnoreCase("proxied_url")) {
                    this.proxiedUrl = servletConfig.getInitParameter(str);
                }
            }
            if (this.proxiedUrl == null) {
                LOG.info("Secure Proxy was NOT started:");
                LOG.info("You need to define the 'proxied_url' init parameter in the web.xml.");
                throw new ServletException("You need to define the 'proxied_url' init parameter in the web.xml.");
            }
            this.proxiedUrl = this.proxiedUrl.replace(":80", "");
            try {
                this.workspace.initAll();
                this.securityConfiguration = SecurityConfiguration.getInstance();
                this.credentialsProvider = this.securityConfiguration.getCredentialsProvider();
                if (this.credentialsProvider == null) {
                    LOG.info("Secure Proxy was NOT started:");
                    LOG.info("You need to provide an WEB-INF/conf/services/security/security.xml which defines at least one credentials provider.");
                    throw new ServletException("You need to provide an WEB-INF/conf/services/security/security.xml which defines at least one credentials provider.");
                }
                this.requestLogger = ((OwsGlobalConfigLoader) this.workspace.getInitializable(OwsGlobalConfigLoader.class)).getRequestLogger();
                LOG.info("deegree 3 secure proxy initialized.");
                LOG.info("Secured service is '{}'", this.proxiedUrl);
            } catch (ResourceInitException e) {
                LOG.error("Initialization of secure proxy failed: {}", e.getLocalizedMessage());
                LOG.trace("Stack trace: ", initParameterNames);
            }
        } catch (MalformedURLException e2) {
            LOG.error("Secure Proxy was NOT started, since the configuration could not be loaded.");
            throw new ServletException("Secure Proxy was NOT started, since the configuration could not be loaded.");
        } catch (URISyntaxException e3) {
            LOG.error("Secure Proxy was NOT started, since the configuration could not be loaded.");
            throw new ServletException("Secure Proxy was NOT started, since the configuration could not be loaded.");
        }
    }

    protected void doPost(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            File file = null;
            OwsGlobalConfigLoader owsGlobalConfigLoader = (OwsGlobalConfigLoader) this.workspace.getInitializable(OwsGlobalConfigLoader.class);
            if (owsGlobalConfigLoader.getRequestLogger() != null) {
                String outputDirectory = owsGlobalConfigLoader.getMainConfig().getRequestLogging().getOutputDirectory();
                if (outputDirectory == null) {
                    file = File.createTempFile("request", ".body");
                } else {
                    File file2 = new File(outputDirectory);
                    if (!file2.exists()) {
                        file2.mkdirs();
                    }
                    file = File.createTempFile("request", ".body", file2);
                }
            }
            LoggingInputStream inputStream = httpServletRequest.getInputStream();
            if (file != null) {
                inputStream = new LoggingInputStream(inputStream, new FileOutputStream(file));
            }
            final XMLStreamReader createXMLStreamReader = this.inFac.createXMLStreamReader(inputStream, httpServletRequest.getCharacterEncoding());
            createXMLStreamReader.next();
            Credentials doXML = this.credentialsProvider.doXML(createXMLStreamReader, httpServletRequest, httpServletResponse);
            boolean checkCredentials = this.securityConfiguration.checkCredentials(doXML);
            boolean verifyAddress = this.securityConfiguration.verifyAddress(doXML, this.proxiedUrl);
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            if (checkCredentials && verifyAddress) {
                final PipedOutputStream pipedOutputStream = new PipedOutputStream();
                PipedInputStream pipedInputStream = new PipedInputStream(pipedOutputStream);
                new Thread() { // from class: org.deegree.services.controller.security.SecureProxy.1
                    @Override // java.lang.Thread, java.lang.Runnable
                    public void run() {
                        try {
                            SecureProxy.this.copyXML(createXMLStreamReader, SecureProxy.this.outFac.createXMLStreamWriter(pipedOutputStream), httpServletRequest.getRequestURL().toString());
                            pipedOutputStream.close();
                        } catch (IOException e) {
                            SecureProxy.LOG.debug("IO-error occurred while proxying: '{}'", e.getLocalizedMessage());
                            SecureProxy.LOG.trace("Stack trace:", (Throwable) e);
                        } catch (XMLStreamException e2) {
                            SecureProxy.LOG.debug("IO-error occurred while proxying: '{}'", e2.getLocalizedMessage());
                            SecureProxy.LOG.trace("Stack trace:", (Throwable) e2);
                        }
                    }
                }.start();
                HashMap hashMap = new HashMap();
                Enumeration headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    String str = (String) headerNames.nextElement();
                    if (!str.equalsIgnoreCase(IncomingAttachmentInputStream.HEADER_CONTENT_LENGTH)) {
                        hashMap.put(str, httpServletRequest.getHeader(str));
                    }
                }
                InputStream inputStream2 = (InputStream) HttpUtils.post(HttpUtils.STREAM, this.proxiedUrl, pipedInputStream, hashMap);
                pipedInputStream.close();
                OutputStream outputStream = httpServletResponse.getOutputStream();
                XMLStreamReader createXMLStreamReader2 = this.inFac.createXMLStreamReader(inputStream2);
                createXMLStreamReader2.next();
                boolean z = copyXML(createXMLStreamReader2, this.outFac.createXMLStreamWriter(outputStream), stringBuffer) || !owsGlobalConfigLoader.isLogOnlySuccessful();
                if (this.requestLogger != null && z) {
                    this.requestLogger.logXML(this.proxiedUrl + "?" + httpServletRequest.getRequestURL(), file, currentTimeMillis, System.currentTimeMillis(), doXML);
                } else if (file != null && !file.delete()) {
                    LOG.warn("Could not delete temporary file {}.", file);
                }
            } else {
                writeUnauthorized(httpServletResponse, checkCredentials);
            }
        } catch (UnsupportedEncodingException e) {
            LOG.trace("Stack trace:", (Throwable) e);
        } catch (IOException e2) {
            LOG.debug("IO-error occurred while proxying: '{}'", e2.getLocalizedMessage());
            LOG.trace("Stack trace:", (Throwable) e2);
        } catch (XMLStreamException e3) {
            LOG.debug("Error while writing 'not authorized' response: '{}'", e3.getLocalizedMessage());
            LOG.trace("Stack trace:", (Throwable) e3);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            Map<String, String> normalizedKVPMap = KVPUtils.getNormalizedKVPMap(httpServletRequest.getQueryString(), null);
            Credentials doKVP = this.credentialsProvider.doKVP(normalizedKVPMap, httpServletRequest, httpServletResponse);
            boolean checkCredentials = this.securityConfiguration.checkCredentials(doKVP);
            boolean verifyAddress = this.securityConfiguration.verifyAddress(doKVP, this.proxiedUrl);
            if (checkCredentials && verifyAddress) {
                normalizedKVPMap.remove("USER");
                normalizedKVPMap.remove("PASSWORD");
                InputStream inputStream = (InputStream) HttpUtils.retrieve(HttpUtils.STREAM, this.proxiedUrl, normalizedKVPMap);
                OutputStream outputStream = httpServletResponse.getOutputStream();
                boolean z = false;
                String str = normalizedKVPMap.get("REQUEST");
                if (str.equalsIgnoreCase("GetCapabilities") || str.equalsIgnoreCase("GetFeature") || str.equalsIgnoreCase("DescribeFeatureType")) {
                    XMLStreamReader createXMLStreamReader = this.inFac.createXMLStreamReader(inputStream);
                    createXMLStreamReader.next();
                    z = copyXML(createXMLStreamReader, this.outFac.createXMLStreamWriter(outputStream), httpServletRequest.getRequestURL().toString());
                } else {
                    copy(inputStream, outputStream);
                }
                boolean z2 = z || !((OwsGlobalConfigLoader) this.workspace.getInitializable(OwsGlobalConfigLoader.class)).isLogOnlySuccessful();
                if (this.requestLogger != null && z2) {
                    this.requestLogger.logKVP(this.proxiedUrl + "?" + httpServletRequest.getRequestURL(), KVPUtils.toQueryString(normalizedKVPMap), currentTimeMillis, System.currentTimeMillis(), doKVP);
                }
            } else {
                writeUnauthorized(httpServletResponse, checkCredentials);
            }
        } catch (UnsupportedEncodingException e) {
            LOG.trace("Stack trace:", (Throwable) e);
        } catch (IOException e2) {
            LOG.debug("IO-error occurred while proxying: '{}'", e2.getLocalizedMessage());
            LOG.trace("Stack trace:", (Throwable) e2);
        } catch (XMLStreamException e3) {
            LOG.debug("Error while writing 'not authorized' response: '{}'", e3.getLocalizedMessage());
            LOG.trace("Stack trace:", (Throwable) e3);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:85:0x0290 A[SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:89:0x0009 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean copyXML(javax.xml.stream.XMLStreamReader r7, javax.xml.stream.XMLStreamWriter r8, java.lang.String r9) throws javax.xml.stream.XMLStreamException {
        /*
            Method dump skipped, instructions count: 681
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.deegree.services.controller.security.SecureProxy.copyXML(javax.xml.stream.XMLStreamReader, javax.xml.stream.XMLStreamWriter, java.lang.String):boolean");
    }

    void copy(InputStream inputStream, OutputStream outputStream) throws IOException {
        try {
            byte[] bArr = new byte[65536];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    break;
                } else {
                    outputStream.write(bArr, 0, read);
                }
            }
        } finally {
            try {
                inputStream.close();
            } catch (IOException e) {
                LOG.trace("Stack trace:", (Throwable) e);
            }
            try {
                outputStream.close();
            } catch (IOException e2) {
                LOG.trace("Stack trace:", (Throwable) e2);
            }
        }
    }

    private void writeUnauthorized(HttpServletResponse httpServletResponse, boolean z) throws XMLStreamException, IOException {
        XMLStreamWriter createXMLStreamWriter = this.outFac.createXMLStreamWriter((OutputStream) httpServletResponse.getOutputStream());
        createXMLStreamWriter.writeStartDocument();
        createXMLStreamWriter.writeStartElement("SecureProxyResponse");
        createXMLStreamWriter.writeStartElement(SOAP12Constants.SOAP_FAULT_REASON_LOCAL_NAME);
        if (z) {
            createXMLStreamWriter.writeCharacters("User has no right to access the secured service.");
        } else {
            createXMLStreamWriter.writeCharacters("Username/Password could not be verified.");
        }
        createXMLStreamWriter.writeEndElement();
        createXMLStreamWriter.writeEndElement();
        createXMLStreamWriter.close();
    }

    public void destroy() {
        this.workspace.destroy();
    }
}
