package org.apache.qpid.server.management.plugin.servlet.rest;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.Principal;
import java.util.Collections;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.class */
public abstract class AbstractServlet extends HttpServlet {
    private final Broker _broker;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServlet() {
        this._broker = ApplicationRegistry.getInstance().getBroker();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServlet(Broker broker) {
        this._broker = broker;
    }

    protected final void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        setAuthorizedSubject(httpServletRequest);
        try {
            onGet(httpServletRequest, httpServletResponse);
            clearAuthorizedSubject();
        } catch (Throwable th) {
            clearAuthorizedSubject();
            throw th;
        }
    }

    protected void onGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        super.doGet(httpServletRequest, httpServletResponse);
    }

    private void clearAuthorizedSubject() {
        SecurityManager.setThreadSubject((Subject) null);
    }

    private void setAuthorizedSubject(HttpServletRequest httpServletRequest) {
        Subject subject = (Subject) httpServletRequest.getSession(true).getAttribute("subject");
        if (subject == null) {
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            if (userPrincipal != null) {
                subject = new Subject(false, Collections.singleton(userPrincipal), Collections.emptySet(), Collections.emptySet());
            } else {
                String header = httpServletRequest.getHeader("Authorization");
                if (header != null) {
                    String[] split = header.split("\\s");
                    if (split.length >= 2 && "BASIC".equalsIgnoreCase(split[0])) {
                        String[] split2 = new String(Base64.decodeBase64(split[1].getBytes())).split(":", 2);
                        if (split2.length == 2) {
                            subject = ApplicationRegistry.getInstance().getAuthenticationManager(getSocketAddress(httpServletRequest)).authenticate(split2[0], split2[1]).getSubject();
                        }
                    }
                }
            }
        }
        if (subject == null) {
            subject = AnonymousAuthenticationManager.ANONYMOUS_SUBJECT;
        }
        SecurityManager.setThreadSubject(subject);
    }

    protected Subject getSubject(HttpSession httpSession) {
        return (Subject) httpSession.getAttribute("subject");
    }

    protected final void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        setAuthorizedSubject(httpServletRequest);
        try {
            onPost(httpServletRequest, httpServletResponse);
            clearAuthorizedSubject();
        } catch (Throwable th) {
            clearAuthorizedSubject();
            throw th;
        }
    }

    protected void onPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        super.doPost(httpServletRequest, httpServletResponse);
    }

    protected final void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        setAuthorizedSubject(httpServletRequest);
        try {
            onPut(httpServletRequest, httpServletResponse);
            clearAuthorizedSubject();
        } catch (Throwable th) {
            clearAuthorizedSubject();
            throw th;
        }
    }

    protected void onPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        super.doPut(httpServletRequest, httpServletResponse);
    }

    protected final void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        setAuthorizedSubject(httpServletRequest);
        try {
            onDelete(httpServletRequest, httpServletResponse);
            clearAuthorizedSubject();
        } catch (Throwable th) {
            clearAuthorizedSubject();
            throw th;
        }
    }

    protected void onDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        super.doDelete(httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Broker getBroker() {
        return this._broker;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SocketAddress getSocketAddress(HttpServletRequest httpServletRequest) {
        return InetSocketAddress.createUnresolved(httpServletRequest.getServerName(), httpServletRequest.getServerPort());
    }
}
