package com.mirth.connect.server.api;

import com.mirth.connect.client.core.ControllerException;
import com.mirth.connect.client.core.ExtensionOperation;
import com.mirth.connect.client.core.Operation;
import com.mirth.connect.client.core.api.MirthApiException;
import com.mirth.connect.model.Channel;
import com.mirth.connect.model.ChannelSummary;
import com.mirth.connect.model.LoginStatus;
import com.mirth.connect.model.ServerEvent;
import com.mirth.connect.model.ServerEventContext;
import com.mirth.connect.model.ServerSettings;
import com.mirth.connect.model.User;
import com.mirth.connect.server.controllers.AuthorizationController;
import com.mirth.connect.server.controllers.ChannelAuthorizer;
import com.mirth.connect.server.controllers.ConfigurationController;
import com.mirth.connect.server.controllers.ControllerFactory;
import com.mirth.connect.server.controllers.UserController;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/mirth/connect/server/api/MirthServlet.class */
public abstract class MirthServlet {
    public static final String BYPASS_USERNAME = "bypass";
    protected static final String SESSION_USER = "user";
    protected static final String SESSION_AUTHORIZED = "authorized";
    protected HttpServletRequest request;
    protected ContainerRequestContext containerRequestContext;
    protected SecurityContext sc;
    protected ServerEventContext context;
    protected Operation operation;
    protected Map<String, Object> parameterMap;
    private boolean channelRestrictionsInitialized;
    private boolean userHasChannelRestrictions;
    private ChannelAuthorizer channelAuthorizer;
    protected ControllerFactory controllerFactory;
    private static UserController userController;
    private static AuthorizationController authorizationController;
    private static ConfigurationController configurationController;
    private String extensionName;
    private boolean bypassUser;
    private int currentUserId;

    public MirthServlet(HttpServletRequest httpServletRequest, SecurityContext securityContext) {
        this(httpServletRequest, (ContainerRequestContext) null, securityContext);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, SecurityContext securityContext, ControllerFactory controllerFactory) {
        this(httpServletRequest, (ContainerRequestContext) null, securityContext, controllerFactory);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext) {
        this(httpServletRequest, containerRequestContext, securityContext, true);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, ControllerFactory controllerFactory) {
        this(httpServletRequest, containerRequestContext, securityContext, true, controllerFactory);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, SecurityContext securityContext, boolean z) {
        this(httpServletRequest, (ContainerRequestContext) null, securityContext, z);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, boolean z) {
        this(httpServletRequest, containerRequestContext, securityContext, (String) null, z);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, boolean z, ControllerFactory controllerFactory) {
        this(httpServletRequest, containerRequestContext, securityContext, null, z, controllerFactory);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, SecurityContext securityContext, String str) {
        this(httpServletRequest, (ContainerRequestContext) null, securityContext, str);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, String str) {
        this(httpServletRequest, containerRequestContext, securityContext, str, true);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, SecurityContext securityContext, String str, boolean z) {
        this(httpServletRequest, (ContainerRequestContext) null, securityContext, str, z);
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, String str, boolean z) {
        this(httpServletRequest, containerRequestContext, securityContext, str, z, ControllerFactory.getFactory());
    }

    public MirthServlet(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext, SecurityContext securityContext, String str, boolean z, ControllerFactory controllerFactory) {
        this.controllerFactory = controllerFactory;
        initializeControllers();
        this.request = httpServletRequest;
        this.containerRequestContext = containerRequestContext;
        this.sc = securityContext;
        this.extensionName = str;
        this.parameterMap = new HashMap();
        if (z) {
            initLogin();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeControllers() {
        userController = this.controllerFactory.createUserController();
        authorizationController = this.controllerFactory.createAuthorizationController();
        configurationController = this.controllerFactory.createConfigurationController();
    }

    protected void initLogin() {
        boolean z = false;
        if (isUserLoggedIn()) {
            this.currentUserId = Integer.parseInt(this.request.getSession().getAttribute(SESSION_USER).toString());
            setContext();
            z = true;
        } else {
            String header = this.request.getHeader("Authorization");
            if (StringUtils.startsWith(header, "Basic ")) {
                String str = null;
                String str2 = null;
                try {
                    String str3 = new String(Base64.decodeBase64(StringUtils.removeStartIgnoreCase(header, "Basic ").trim()), "US-ASCII");
                    int indexOf = StringUtils.indexOf(str3, 58);
                    if (indexOf > 0) {
                        str = StringUtils.substring(str3, 0, indexOf);
                        str2 = StringUtils.substring(str3, indexOf + 1);
                    }
                } catch (Exception e) {
                }
                if (str != null && str2 != null) {
                    if (!StringUtils.equals(str, BYPASS_USERNAME)) {
                        try {
                            int status = configurationController.getStatus(false);
                            if (status != 3 && status != 0) {
                                throw new MirthApiException(Response.status(Response.Status.SERVICE_UNAVAILABLE).entity(new LoginStatus(LoginStatus.Status.FAIL, "Server is still starting or otherwise unavailable. Please try again shortly.")).build());
                            }
                            LoginStatus authorizeUser = userController.authorizeUser(str, str2);
                            if (authorizeUser.getStatus() != LoginStatus.Status.SUCCESS && authorizeUser.getStatus() != LoginStatus.Status.SUCCESS_GRACE_PERIOD) {
                                throw new MirthApiException(Response.status(Response.Status.UNAUTHORIZED).entity(authorizeUser).build());
                            }
                            User user = userController.getUser(null, str);
                            if (user == null) {
                                throw new MirthApiException(Response.status(Response.Status.UNAUTHORIZED).entity(new LoginStatus(LoginStatus.Status.FAIL, "Could not find a valid user with username: " + str)).build());
                            }
                            this.currentUserId = user.getId().intValue();
                            setContext();
                            z = true;
                        } catch (ControllerException e2) {
                            throw new MirthApiException(e2);
                        }
                    } else if (configurationController.isBypasswordEnabled() && isRequestLocal() && configurationController.checkBypassword(str2)) {
                        this.context = ServerEventContext.SYSTEM_USER_EVENT_CONTEXT;
                        this.currentUserId = this.context.getUserId().intValue();
                        this.bypassUser = true;
                        z = true;
                    }
                }
            }
        }
        if (!z) {
            throw new MirthApiException(Response.Status.UNAUTHORIZED);
        }
    }

    private void setContext() {
        this.context = new ServerEventContext(Integer.valueOf(this.currentUserId));
    }

    public void setOperation(Operation operation) {
        if (this.extensionName != null) {
            operation = new ExtensionOperation(this.extensionName, operation);
        }
        this.operation = operation;
    }

    public void addToParameterMap(String str, Object obj) {
        this.parameterMap.put(str, obj);
    }

    protected String getSessionId() {
        return this.request.getSession().getId();
    }

    protected boolean isUserLoggedIn() {
        HttpSession session = this.request.getSession();
        return session.getAttribute(SESSION_AUTHORIZED) != null && session.getAttribute(SESSION_AUTHORIZED).equals(true);
    }

    public void checkUserAuthorized() {
        if (!isUserAuthorized()) {
            throw new MirthApiException(Response.Status.FORBIDDEN);
        }
    }

    public void checkUserAuthorized(Integer num) {
        checkUserAuthorized(num, true);
    }

    public void checkUserAuthorized(Integer num, boolean z) {
        if (z) {
            if (!isUserAuthorized() && !isCurrentUser(num)) {
                throw new MirthApiException(Response.Status.FORBIDDEN);
            }
        } else if (!isCurrentUser(num) && !isUserAuthorized()) {
            throw new MirthApiException(Response.Status.FORBIDDEN);
        }
    }

    public void checkUserAuthorized(String str) {
        if (!isUserAuthorized() || isChannelRedacted(str)) {
            throw new MirthApiException(Response.Status.FORBIDDEN);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isUserAuthorized() {
        return isUserAuthorized(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isUserAuthorized(boolean z) {
        if (this.context == null) {
            initLogin();
        }
        if (this.operation == null) {
            throw new MirthApiException("Method operation not set.");
        }
        try {
            if (!this.bypassUser) {
                return authorizationController.isUserAuthorized(Integer.valueOf(getCurrentUserId()), this.operation, this.parameterMap, getRequestIpAddress(), z);
            }
            if (!z) {
                return true;
            }
            auditAuthorizationRequest(ServerEvent.Outcome.SUCCESS);
            return true;
        } catch (ControllerException e) {
            throw new MirthApiException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkUserAuthorizedForExtension(String str) {
        if (!isUserAuthorizedForExtension(str)) {
            throw new MirthApiException(Response.Status.FORBIDDEN);
        }
    }

    protected boolean isUserAuthorizedForExtension(String str) {
        return isUserAuthorizedForExtension(str, true);
    }

    protected boolean isUserAuthorizedForExtension(String str, boolean z) {
        if (this.operation == null) {
            throw new MirthApiException("Method operation not set.");
        }
        try {
            Operation extensionOperation = new ExtensionOperation(str, this.operation);
            if (!this.bypassUser) {
                return authorizationController.isUserAuthorized(Integer.valueOf(getCurrentUserId()), extensionOperation, this.parameterMap, getRequestIpAddress(), z);
            }
            if (!z) {
                return true;
            }
            auditAuthorizationRequest(ServerEvent.Outcome.SUCCESS, extensionOperation);
            return true;
        } catch (ControllerException e) {
            throw new MirthApiException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void auditAuthorizationRequest(ServerEvent.Outcome outcome) {
        auditAuthorizationRequest(outcome, this.operation);
    }

    protected void auditAuthorizationRequest(ServerEvent.Outcome outcome, Operation operation) {
        authorizationController.auditAuthorizationRequest(Integer.valueOf(getCurrentUserId()), operation, this.parameterMap, outcome, getRequestIpAddress());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getCurrentUserId() {
        return this.currentUserId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequestIpAddress() {
        String header = this.request.getHeader("x-forwarded-for");
        if (header == null) {
            header = this.request.getRemoteAddr();
        }
        return header;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Channel> redactChannels(List<Channel> list) {
        initChannelRestrictions();
        if (!this.userHasChannelRestrictions) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (Channel channel : list) {
            if (this.channelAuthorizer.isChannelAuthorized(channel.getId())) {
                arrayList.add(channel);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<String> redactChannelIds(Set<String> set) {
        initChannelRestrictions();
        if (!this.userHasChannelRestrictions) {
            return set;
        }
        HashSet hashSet = new HashSet();
        for (String str : set) {
            if (this.channelAuthorizer.isChannelAuthorized(str)) {
                hashSet.add(str);
            }
        }
        return hashSet;
    }

    protected <T> Map<String, T> redactChannelIds(Map<String, T> map) {
        initChannelRestrictions();
        if (!this.userHasChannelRestrictions) {
            return map;
        }
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, T> entry : map.entrySet()) {
            if (this.channelAuthorizer.isChannelAuthorized(entry.getKey())) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<ChannelSummary> redactChannelSummaries(List<ChannelSummary> list) {
        initChannelRestrictions();
        if (!this.userHasChannelRestrictions) {
            return list;
        }
        ArrayList arrayList = new ArrayList();
        for (ChannelSummary channelSummary : list) {
            if (this.channelAuthorizer.isChannelAuthorized(channelSummary.getChannelId())) {
                arrayList.add(channelSummary);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doesUserHaveChannelRestrictions() {
        initChannelRestrictions();
        return this.userHasChannelRestrictions;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isChannelRedacted(String str) {
        initChannelRestrictions();
        return this.userHasChannelRestrictions && !this.channelAuthorizer.isChannelAuthorized(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ChannelAuthorizer getChannelAuthorizer() {
        return this.channelAuthorizer;
    }

    private void initChannelRestrictions() {
        if (this.channelRestrictionsInitialized) {
            return;
        }
        try {
            this.userHasChannelRestrictions = !this.bypassUser && authorizationController.doesUserHaveChannelRestrictions(Integer.valueOf(this.currentUserId), this.operation);
            if (this.userHasChannelRestrictions) {
                this.channelAuthorizer = authorizationController.getChannelAuthorizer(Integer.valueOf(this.currentUserId), this.operation);
            }
            this.channelRestrictionsInitialized = true;
        } catch (ControllerException e) {
            throw new MirthApiException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isCurrentUser(Integer num) {
        return num.intValue() == getCurrentUserId();
    }

    protected boolean isRequestLocal() {
        String replace = this.request.getRemoteAddr().replace("[", ServerSettings.DEFAULT_LOGIN_NOTIFICATION_MESSAGE_VALUE).replace("]", ServerSettings.DEFAULT_LOGIN_NOTIFICATION_MESSAGE_VALUE);
        try {
            if (StringUtils.equals(InetAddress.getLocalHost().getHostAddress(), replace)) {
                return true;
            }
        } catch (UnknownHostException e) {
        }
        try {
            for (InetAddress inetAddress : InetAddress.getAllByName("localhost")) {
                if (StringUtils.equals(inetAddress.getHostAddress(), replace)) {
                    return true;
                }
            }
            return false;
        } catch (UnknownHostException e2) {
            return false;
        }
    }
}
