package org.apache.maven.archiva.web.repository;

import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.functors.IfClosure;
import org.apache.maven.archiva.configuration.ArchivaConfiguration;
import org.apache.maven.archiva.configuration.ConfigurationNames;
import org.apache.maven.archiva.configuration.RepositoryConfiguration;
import org.apache.maven.archiva.configuration.functors.LocalRepositoryPredicate;
import org.apache.maven.archiva.configuration.functors.RepositoryConfigurationToMapClosure;
import org.apache.maven.archiva.model.RepositoryURL;
import org.apache.maven.archiva.security.ArchivaRoleConstants;
import org.apache.tools.ant.taskdefs.optional.sitraka.bytecode.attributes.AttributeInfo;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.AuthorizationException;
import org.codehaus.plexus.redback.authorization.AuthorizationResult;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.system.SecuritySession;
import org.codehaus.plexus.redback.system.SecuritySystem;
import org.codehaus.plexus.redback.xwork.filter.authentication.HttpAuthenticator;
import org.codehaus.plexus.registry.Registry;
import org.codehaus.plexus.registry.RegistryListener;
import org.codehaus.plexus.webdav.DavServerException;
import org.codehaus.plexus.webdav.servlet.DavServerRequest;
import org.codehaus.plexus.webdav.servlet.multiplexed.MultiplexedWebDavServlet;
import org.codehaus.plexus.webdav.util.WebdavMethodUtil;

/* loaded from: input_file:lib/archiva-webapp-1.0-beta-1.war:WEB-INF/classes/org/apache/maven/archiva/web/repository/RepositoryServlet.class */
public class RepositoryServlet extends MultiplexedWebDavServlet implements RegistryListener {
    private SecuritySystem securitySystem;
    private HttpAuthenticator httpAuth;
    private AuditLog audit;
    private ArchivaConfiguration configuration;
    private Map repositoryMap = new HashMap();

    @Override // org.codehaus.plexus.webdav.servlet.AbstractWebDavServlet
    public void initComponents() throws ServletException {
        super.initComponents();
        this.securitySystem = (SecuritySystem) lookup(SecuritySystem.ROLE);
        this.httpAuth = (HttpAuthenticator) lookup(HttpAuthenticator.ROLE, "basic");
        this.audit = (AuditLog) lookup(AuditLog.ROLE);
        this.configuration = (ArchivaConfiguration) lookup(ArchivaConfiguration.class.getName());
        this.configuration.addChangeListener(this);
        updateRepositoryMap();
    }

    @Override // org.codehaus.plexus.webdav.servlet.multiplexed.MultiplexedWebDavServlet
    public void initServers(ServletConfig servletConfig) throws DavServerException {
        for (RepositoryConfiguration repositoryConfiguration : this.configuration.getConfiguration().getRepositories()) {
            if (repositoryConfiguration.isManaged()) {
                RepositoryURL repositoryURL = new RepositoryURL(repositoryConfiguration.getUrl());
                File file = new File(repositoryURL.getPath());
                if (file.exists() || file.mkdirs()) {
                    createServer(repositoryConfiguration.getId(), file, servletConfig).addListener(this.audit);
                } else {
                    log("Unable to create missing directory for " + repositoryURL.getPath());
                }
            }
        }
    }

    public RepositoryConfiguration getRepository(DavServerRequest davServerRequest) {
        RepositoryConfiguration repositoryConfiguration;
        synchronized (this.repositoryMap) {
            repositoryConfiguration = (RepositoryConfiguration) this.repositoryMap.get(davServerRequest.getPrefix());
        }
        return repositoryConfiguration;
    }

    public String getRepositoryName(DavServerRequest davServerRequest) {
        RepositoryConfiguration repository = getRepository(davServerRequest);
        return repository == null ? AttributeInfo.UNKNOWN : repository.getName();
    }

    private void updateRepositoryMap() {
        RepositoryConfigurationToMapClosure repositoryConfigurationToMapClosure = new RepositoryConfigurationToMapClosure();
        CollectionUtils.forAllDo(this.configuration.getConfiguration().getRepositories(), IfClosure.getInstance(LocalRepositoryPredicate.getInstance(), repositoryConfigurationToMapClosure));
        synchronized (this.repositoryMap) {
            this.repositoryMap.clear();
            this.repositoryMap.putAll(repositoryConfigurationToMapClosure.getMap());
        }
    }

    @Override // org.codehaus.plexus.webdav.servlet.AbstractWebDavServlet
    public boolean isAuthenticated(DavServerRequest davServerRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpServletRequest request = davServerRequest.getRequest();
        try {
            AuthenticationResult authenticationResult = this.httpAuth.getAuthenticationResult(request, httpServletResponse);
            if (authenticationResult == null || authenticationResult.isAuthenticated()) {
                return true;
            }
            this.httpAuth.challenge(request, httpServletResponse, "Repository " + getRepositoryName(davServerRequest), new AuthenticationException("User Credentials Invalid"));
            return false;
        } catch (AuthenticationException e) {
            log("Fatal Http Authentication Error.", e);
            throw new ServletException("Fatal Http Authentication Error.", e);
        } catch (AccountLockedException e2) {
            this.httpAuth.challenge(request, httpServletResponse, "Repository " + getRepositoryName(davServerRequest), new AuthenticationException("User account is locked"));
            return true;
        } catch (MustChangePasswordException e3) {
            this.httpAuth.challenge(request, httpServletResponse, "Repository " + getRepositoryName(davServerRequest), new AuthenticationException("You must change your password."));
            return true;
        }
    }

    @Override // org.codehaus.plexus.webdav.servlet.AbstractWebDavServlet
    public boolean isAuthorized(DavServerRequest davServerRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpServletRequest request = davServerRequest.getRequest();
        boolean isWriteMethod = WebdavMethodUtil.isWriteMethod(request.getMethod());
        SecuritySession securitySession = this.httpAuth.getSecuritySession();
        String str = ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS;
        if (isWriteMethod) {
            str = ArchivaRoleConstants.OPERATION_REPOSITORY_UPLOAD;
        }
        try {
            AuthorizationResult authorize = this.securitySystem.authorize(securitySession, str, davServerRequest.getPrefix());
            if (authorize.isAuthorized()) {
                return true;
            }
            if (authorize.getException() != null) {
                log("Authorization Denied [ip=" + request.getRemoteAddr() + ",isWriteRequest=" + isWriteMethod + ",permission=" + str + ",repo=" + davServerRequest.getPrefix() + "] : " + authorize.getException().getMessage());
            }
            this.httpAuth.challenge(request, httpServletResponse, "Repository " + getRepositoryName(davServerRequest), new AuthenticationException("Authorization Denied."));
            return false;
        } catch (AuthorizationException e) {
            throw new ServletException("Fatal Authorization Subsystem Error.");
        }
    }

    @Override // org.codehaus.plexus.registry.RegistryListener
    public void beforeConfigurationChange(Registry registry, String str, Object obj) {
    }

    @Override // org.codehaus.plexus.registry.RegistryListener
    public void afterConfigurationChange(Registry registry, String str, Object obj) {
        if (ConfigurationNames.isRepositories(str)) {
            if (str.endsWith(".id") || str.endsWith(".url")) {
                synchronized (this.repositoryMap) {
                    updateRepositoryMap();
                    getDavManager().removeAllServers();
                    try {
                        initServers(getServletConfig());
                    } catch (DavServerException e) {
                        log("Error restarting WebDAV server after configuration change - service disabled: " + e.getMessage(), e);
                    }
                }
            }
        }
    }
}
