package org.apache.qpid.server.management.plugin.servlet.rest;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.AccessControlException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.apache.qpid.server.logging.RootMessageLogger;
import org.apache.qpid.server.logging.actors.CurrentActor;
import org.apache.qpid.server.logging.actors.HttpManagementActor;
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.registry.ApplicationRegistry;
import org.apache.qpid.server.security.SecurityManager;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.SubjectAuthenticationResult;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.class */
public abstract class AbstractServlet extends HttpServlet {
    private static final Logger LOGGER = Logger.getLogger(AbstractServlet.class);
    private static final String ATTR_LOGIN_LOGOUT_REPORTER = "AbstractServlet.loginLogoutReporter";
    private static final String ATTR_SUBJECT = "AbstractServlet.subject";
    private static final String ATTR_LOG_ACTOR = "AbstractServlet.logActor";
    private final Broker _broker;
    private RootMessageLogger _rootLogger;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServlet() {
        this._broker = ApplicationRegistry.getInstance().getBroker();
        this._rootLogger = ApplicationRegistry.getInstance().getRootMessageLogger();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractServlet(Broker broker) {
        this._broker = broker;
        this._rootLogger = ApplicationRegistry.getInstance().getRootMessageLogger();
    }

    protected final void doGet(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) {
        doWithSubjectAndActor(new PrivilegedExceptionAction<Void>() { // from class: org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                AbstractServlet.this.doGetWithSubjectAndActor(httpServletRequest, httpServletResponse);
                return null;
            }
        }, httpServletRequest, httpServletResponse);
    }

    protected void doGetWithSubjectAndActor(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        throw new UnsupportedOperationException("GET not supported by this servlet");
    }

    protected final void doPost(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) {
        doWithSubjectAndActor(new PrivilegedExceptionAction<Void>() { // from class: org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                AbstractServlet.this.doPostWithSubjectAndActor(httpServletRequest, httpServletResponse);
                return null;
            }
        }, httpServletRequest, httpServletResponse);
    }

    protected void doPostWithSubjectAndActor(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        throw new UnsupportedOperationException("POST not supported by this servlet");
    }

    protected final void doPut(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) {
        doWithSubjectAndActor(new PrivilegedExceptionAction<Void>() { // from class: org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                AbstractServlet.this.doPutWithSubjectAndActor(httpServletRequest, httpServletResponse);
                return null;
            }
        }, httpServletRequest, httpServletResponse);
    }

    protected void doPutWithSubjectAndActor(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        throw new UnsupportedOperationException("PUT not supported by this servlet");
    }

    protected final void doDelete(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doWithSubjectAndActor(new PrivilegedExceptionAction<Void>() { // from class: org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Void run() throws Exception {
                AbstractServlet.this.doDeleteWithSubjectAndActor(httpServletRequest, httpServletResponse);
                return null;
            }
        }, httpServletRequest, httpServletResponse);
    }

    protected void doDeleteWithSubjectAndActor(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        throw new UnsupportedOperationException("DELETE not supported by this servlet");
    }

    private void doWithSubjectAndActor(PrivilegedExceptionAction<Void> privilegedExceptionAction, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Subject andCacheAuthorizedSubject = getAndCacheAuthorizedSubject(httpServletRequest);
            SecurityManager.setThreadSubject(andCacheAuthorizedSubject);
            try {
                CurrentActor.set(getLogActorAndCacheInSession(httpServletRequest));
                try {
                    try {
                        Subject.doAs(andCacheAuthorizedSubject, privilegedExceptionAction);
                        CurrentActor.remove();
                        try {
                            SecurityManager.setThreadSubject((Subject) null);
                        } finally {
                        }
                    } catch (Throwable th) {
                        CurrentActor.remove();
                        throw th;
                    }
                } catch (RuntimeException e) {
                    LOGGER.error("Unable to perform action", e);
                    throw e;
                } catch (PrivilegedActionException e2) {
                    LOGGER.error("Unable to perform action", e2);
                    throw new RuntimeException(e2.getCause());
                }
            } catch (Throwable th2) {
                try {
                    SecurityManager.setThreadSubject((Subject) null);
                    throw th2;
                } finally {
                }
            }
        } catch (AccessControlException e3) {
            sendError(httpServletResponse, 403);
        }
    }

    private Subject getAndCacheAuthorizedSubject(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        Subject authorisedSubjectFromSession = getAuthorisedSubjectFromSession(session);
        if (authorisedSubjectFromSession != null) {
            return authorisedSubjectFromSession;
        }
        SubjectCreator subjectCreator = ApplicationRegistry.getInstance().getSubjectCreator(getSocketAddress(httpServletRequest));
        Subject authenticate = authenticate(httpServletRequest, subjectCreator);
        if (authenticate != null) {
            authoriseManagement(httpServletRequest, authenticate);
            setAuthorisedSubjectInSession(authenticate, httpServletRequest, session);
        } else {
            authenticate = subjectCreator.createSubjectWithGroups("ANONYMOUS");
        }
        return authenticate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authoriseManagement(HttpServletRequest httpServletRequest, Subject subject) {
        SecurityManager.setThreadSubject(subject);
        CurrentActor.set(createHttpManagementActor(httpServletRequest));
        try {
            try {
                Subject.doAs(subject, new PrivilegedExceptionAction<Void>() { // from class: org.apache.qpid.server.management.plugin.servlet.rest.AbstractServlet.5
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.security.PrivilegedExceptionAction
                    public Void run() throws Exception {
                        if (ApplicationRegistry.getInstance().getSecurityManager().accessManagement()) {
                            return null;
                        }
                        throw new AccessControlException("User is not authorised for management");
                    }
                });
                try {
                    CurrentActor.remove();
                    SecurityManager.setThreadSubject((Subject) null);
                } finally {
                }
            } catch (PrivilegedActionException e) {
                throw new RuntimeException("Unable to perform access check", e);
            }
        } catch (Throwable th) {
            try {
                CurrentActor.remove();
                SecurityManager.setThreadSubject((Subject) null);
                throw th;
            } finally {
            }
        }
    }

    private Subject authenticate(HttpServletRequest httpServletRequest, SubjectCreator subjectCreator) {
        Subject subject = null;
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser != null) {
            subject = authenticateUserAndGetSubject(subjectCreator, remoteUser, null);
        } else {
            String header = httpServletRequest.getHeader("Authorization");
            if (header != null) {
                String[] split = header.split("\\s");
                if (split.length >= 2 && "BASIC".equalsIgnoreCase(split[0])) {
                    if (!isBasicAuthSupported(httpServletRequest)) {
                        throw new IllegalArgumentException("BASIC Authorization is not enabled.");
                    }
                    subject = performBasicAuth(null, subjectCreator, split[1]);
                }
            }
        }
        return subject;
    }

    private Subject performBasicAuth(Subject subject, SubjectCreator subjectCreator, String str) {
        String[] split = new String(Base64.decodeBase64(str.getBytes())).split(":", 2);
        if (split.length == 2) {
            return authenticateUserAndGetSubject(subjectCreator, split[0], split[1]);
        }
        throw new AccessControlException("Invalid number of credentials supplied: " + split.length);
    }

    private Subject authenticateUserAndGetSubject(SubjectCreator subjectCreator, String str, String str2) {
        SubjectAuthenticationResult authenticate = subjectCreator.authenticate(str, str2);
        if (authenticate.getStatus() != AuthenticationResult.AuthenticationStatus.SUCCESS) {
            throw new AccessControlException("Incorrect username or password");
        }
        return authenticate.getSubject();
    }

    private boolean isBasicAuthSupported(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isSecure() ? ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementBasicAuth() : ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementBasicAuth();
    }

    private HttpManagementActor getLogActorAndCacheInSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        HttpManagementActor httpManagementActor = (HttpManagementActor) session.getAttribute(ATTR_LOG_ACTOR);
        if (httpManagementActor == null) {
            httpManagementActor = createHttpManagementActor(httpServletRequest);
            session.setAttribute(ATTR_LOG_ACTOR, httpManagementActor);
        }
        return httpManagementActor;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject getAuthorisedSubjectFromSession(HttpSession httpSession) {
        return (Subject) httpSession.getAttribute(ATTR_SUBJECT);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setAuthorisedSubjectInSession(Subject subject, HttpServletRequest httpServletRequest, HttpSession httpSession) {
        httpSession.setAttribute(ATTR_SUBJECT, subject);
        httpSession.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(createHttpManagementActor(httpServletRequest), subject));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Broker getBroker() {
        return this._broker;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SocketAddress getSocketAddress(HttpServletRequest httpServletRequest) {
        return InetSocketAddress.createUnresolved(httpServletRequest.getServerName(), httpServletRequest.getServerPort());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendError(HttpServletResponse httpServletResponse, int i) {
        try {
            httpServletResponse.sendError(i);
        } catch (IOException e) {
            throw new RuntimeException("Failed to send error response code " + i, e);
        }
    }

    private HttpManagementActor createHttpManagementActor(HttpServletRequest httpServletRequest) {
        return new HttpManagementActor(this._rootLogger, httpServletRequest.getRemoteAddr(), httpServletRequest.getRemotePort());
    }
}
