package org.exist.http.servlets;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.xmlrpc.Base64;
import org.exist.EXistException;
import org.exist.http.BadRequestException;
import org.exist.http.NotFoundException;
import org.exist.http.RESTServer;
import org.exist.http.Response;
import org.exist.security.PermissionDeniedException;
import org.exist.security.User;
import org.exist.security.XmldbPrincipal;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.util.Configuration;
import org.exist.util.DatabaseConfigurationException;
import org.xmldb.api.DatabaseManager;
import org.xmldb.api.base.Database;
import org.xmldb.api.base.XMLDBException;

/* loaded from: input_file:WEB-INF/lib/exist-optional-1_0b2_build_1107.jar:org/exist/http/servlets/EXistServlet.class */
public class EXistServlet extends HttpServlet {
    private BrokerPool pool = null;
    private User defaultUser = null;
    private RESTServer server = new RESTServer();

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            if (BrokerPool.isConfigured()) {
                log("Database already started. Skipping configuration ...");
            } else {
                String initParameter = servletConfig.getInitParameter("configuration");
                String initParameter2 = servletConfig.getInitParameter("basedir");
                String initParameter3 = servletConfig.getInitParameter("start");
                if (initParameter == null) {
                    initParameter = "conf.xml";
                }
                String realPath = initParameter2 == null ? servletConfig.getServletContext().getRealPath(".") : servletConfig.getServletContext().getRealPath(initParameter2);
                log(new StringBuffer().append("EXistServlet: exist.home=").append(realPath).toString());
                System.setProperty("exist.home", realPath);
                File file = new File(new StringBuffer().append(realPath).append(File.separator).append(initParameter).toString());
                log(new StringBuffer().append("reading configuration from ").append(file.getAbsolutePath()).toString());
                if (!file.canRead()) {
                    throw new ServletException(new StringBuffer().append("configuration file ").append(initParameter).append(" not found or not readable").toString());
                }
                Configuration configuration = new Configuration(initParameter, realPath);
                if (initParameter3 != null && initParameter3.equals("true")) {
                    startup(configuration);
                }
            }
            this.pool = BrokerPool.getInstance();
            this.defaultUser = this.pool.getSecurityManager().getUser("guest");
        } catch (EXistException e) {
            throw new ServletException("No database instance available");
        } catch (DatabaseConfigurationException e2) {
            throw new ServletException(new StringBuffer().append("Unable to configure database instance: ").append(e2.getMessage()).toString(), e2);
        }
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        User authenticate = authenticate(httpServletRequest);
        if (authenticate == null) {
            httpServletResponse.sendError(403, "Permission denied: unknown user or password");
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        int lastIndexOf = pathInfo.lastIndexOf(59);
        if (lastIndexOf > -1) {
            pathInfo = pathInfo.substring(0, lastIndexOf);
        }
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        int contentLength = httpServletRequest.getContentLength();
        File createTempFile = File.createTempFile(BrokerPool.DEFAULT_INSTANCE, ".tmp");
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        byte[] bArr = new byte[4096];
        int i = 0;
        do {
            int read = inputStream.read(bArr);
            if (read > 0) {
                fileOutputStream.write(bArr, 0, read);
            }
            i += read;
        } while (i < contentLength);
        fileOutputStream.close();
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    dBBroker = this.pool.get(authenticate);
                    writeResponse(this.server.doPut(dBBroker, createTempFile, httpServletRequest.getContentType(), pathInfo), httpServletResponse);
                    this.pool.release(dBBroker);
                } catch (BadRequestException e) {
                    httpServletResponse.sendError(400, e.getMessage());
                    this.pool.release(dBBroker);
                }
            } catch (EXistException e2) {
                httpServletResponse.sendError(500, e2.getMessage());
                this.pool.release(dBBroker);
            } catch (PermissionDeniedException e3) {
                httpServletResponse.sendError(403, e3.getMessage());
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        User authenticate = authenticate(httpServletRequest);
        if (authenticate == null) {
            httpServletResponse.sendError(403, "Permission denied: unknown user or password");
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        int lastIndexOf = pathInfo.lastIndexOf(59);
        if (lastIndexOf > -1) {
            pathInfo = pathInfo.substring(0, lastIndexOf);
        }
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    dBBroker = this.pool.get(authenticate);
                    writeResponse(this.server.doGet(dBBroker, getParameters(httpServletRequest), pathInfo), httpServletResponse);
                    this.pool.release(dBBroker);
                } catch (EXistException e) {
                    httpServletResponse.sendError(500, e.getMessage());
                    this.pool.release(dBBroker);
                } catch (BadRequestException e2) {
                    httpServletResponse.sendError(400, e2.getMessage());
                    this.pool.release(dBBroker);
                }
            } catch (NotFoundException e3) {
                httpServletResponse.sendError(404, e3.getMessage());
                this.pool.release(dBBroker);
            } catch (PermissionDeniedException e4) {
                httpServletResponse.sendError(403, e4.getMessage());
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        User authenticate = authenticate(httpServletRequest);
        if (authenticate == null) {
            httpServletResponse.sendError(403, "Permission denied: unknown user or password");
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        int lastIndexOf = pathInfo.lastIndexOf(59);
        if (lastIndexOf > -1) {
            pathInfo = pathInfo.substring(0, lastIndexOf);
        }
        DBBroker dBBroker = null;
        try {
            try {
                dBBroker = this.pool.get(authenticate);
                writeResponse(this.server.doDelete(dBBroker, pathInfo), httpServletResponse);
                this.pool.release(dBBroker);
            } catch (EXistException e) {
                httpServletResponse.sendError(500, e.getMessage());
                this.pool.release(dBBroker);
            } catch (NotFoundException e2) {
                httpServletResponse.sendError(404, e2.getMessage());
                this.pool.release(dBBroker);
            } catch (PermissionDeniedException e3) {
                httpServletResponse.sendError(403, e3.getMessage());
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        User authenticate = authenticate(httpServletRequest);
        if (authenticate == null) {
            httpServletResponse.sendError(403, "Permission denied: unknown user or password");
            return;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            pathInfo = "";
        } else {
            int lastIndexOf = pathInfo.lastIndexOf(59);
            if (lastIndexOf > -1) {
                pathInfo = pathInfo.substring(0, lastIndexOf);
            }
        }
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            characterEncoding = "UTF-8";
        }
        InputStreamReader inputStreamReader = new InputStreamReader((InputStream) httpServletRequest.getInputStream(), characterEncoding);
        StringWriter stringWriter = new StringWriter();
        char[] cArr = new char[4096];
        while (true) {
            int read = inputStreamReader.read(cArr);
            if (read <= -1) {
                break;
            } else {
                stringWriter.write(cArr, 0, read);
            }
        }
        String stringWriter2 = stringWriter.toString();
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    try {
                        dBBroker = this.pool.get(authenticate);
                        writeResponse(this.server.doPost(dBBroker, stringWriter2, pathInfo), httpServletResponse);
                        this.pool.release(dBBroker);
                    } catch (EXistException e) {
                        httpServletResponse.sendError(500, e.getMessage());
                        this.pool.release(dBBroker);
                    }
                } catch (PermissionDeniedException e2) {
                    httpServletResponse.sendError(403, e2.getMessage());
                    this.pool.release(dBBroker);
                }
            } catch (BadRequestException e3) {
                httpServletResponse.sendError(400, e3.getMessage());
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    public void destroy() {
        super.destroy();
        BrokerPool.stopAll(false);
    }

    private User authenticate(HttpServletRequest httpServletRequest) {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal instanceof XmldbPrincipal) {
            String name = ((XmldbPrincipal) userPrincipal).getName();
            String password = ((XmldbPrincipal) userPrincipal).getPassword();
            log(new StringBuffer().append("Validating Principle: ").append(userPrincipal.getName()).toString());
            User user = this.pool.getSecurityManager().getUser(name);
            if (user != null) {
                if (password.equalsIgnoreCase(user.getPassword())) {
                    log(new StringBuffer().append("Valid User: ").append(user.getName()).toString());
                    return user;
                }
                log(new StringBuffer().append("Password invalid for user: ").append(name).toString());
                log(new StringBuffer().append("User not found: ").append(userPrincipal.getName()).toString());
            }
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return this.defaultUser;
        }
        String str = new String(Base64.decode(header.substring(6).getBytes()));
        int indexOf = str.indexOf(58);
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        User user2 = this.pool.getSecurityManager().getUser(substring);
        if (user2 != null && user2.validate(substring2)) {
            return user2;
        }
        return null;
    }

    private Map getParameters(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            hashMap.put(str, httpServletRequest.getParameter(str));
        }
        return hashMap;
    }

    private void writeResponse(Response response, HttpServletResponse httpServletResponse) throws IOException {
        if (response.getResponseCode() != 200) {
            httpServletResponse.sendError(response.getResponseCode(), response.getDescription());
            return;
        }
        httpServletResponse.setContentType(new StringBuffer().append(response.getContentType()).append("; charset=").append(response.getEncoding()).toString());
        if (response.getContent() == null) {
            if (response.getDescription() != null) {
                response.setContent(response.getDescription());
            } else {
                response.setContent("OK");
            }
        }
        httpServletResponse.getOutputStream().write(response.getContent());
    }

    private void startup(Configuration configuration) throws ServletException {
        if (configuration == null) {
            throw new ServletException("database has not been configured");
        }
        log("configuring eXist instance");
        try {
            if (!BrokerPool.isConfigured()) {
                BrokerPool.configure(1, 5, configuration);
            }
            try {
                log("registering XMLDB driver");
                DatabaseManager.registerDatabase((Database) Class.forName("org.exist.xmldb.DatabaseImpl").newInstance());
            } catch (ClassNotFoundException e) {
                log("ERROR", e);
            } catch (IllegalAccessException e2) {
                log("ERROR", e2);
            } catch (InstantiationException e3) {
                log("ERROR", e3);
            } catch (XMLDBException e4) {
                log("ERROR", e4);
            }
        } catch (EXistException e5) {
            throw new ServletException(e5.getMessage());
        }
    }
}
