package org.apache.qpid.server.management.plugin;

import jakarta.servlet.ServletContext;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import jakarta.servlet.http.HttpSessionBindingEvent;
import jakarta.servlet.http.HttpSessionBindingListener;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.zip.GZIPOutputStream;
import javax.security.auth.Subject;
import org.apache.qpid.server.management.plugin.preferences.QueryPreferenceValue;
import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal;
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.model.port.HttpPort;
import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.Action;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagementUtil.class */
public class HttpManagementUtil {
    public static final String ATTR_BROKER = "Qpid.broker";
    public static final String ATTR_MANAGEMENT_CONFIGURATION = "Qpid.managementConfiguration";
    private static final String ATTR_LOGIN_LOGOUT_REPORTER = "Qpid.loginLogoutReporter";
    private static final String ATTR_SUBJECT = "Qpid.subject";
    private static final String ATTR_INVALIDATE_FUTURE = "Qpid.invalidateFuture";
    private static final String ATTR_LOG_ACTOR = "Qpid.logActor";
    private static final String ATTR_PORT = "org.apache.qpid.server.model.Port";
    public static final String ACCEPT_ENCODING_HEADER = "Accept-Encoding";
    public static final String CONTENT_ENCODING_HEADER = "Content-Encoding";
    public static final String GZIP_CONTENT_ENCODING = "gzip";
    private static final Collection<HttpRequestPreemptiveAuthenticator> AUTHENTICATORS;
    private static final Operation MANAGE_ACTION = Operation.PERFORM_ACTION("manage");

    public static String getRequestSpecificAttributeName(String str, HttpServletRequest httpServletRequest) {
        return str + "." + getPort(httpServletRequest).getId();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Action<HttpServletRequest> getPortAttributeAction(Port<?> port) {
        return httpServletRequest -> {
            httpServletRequest.setAttribute(ATTR_PORT, port);
        };
    }

    public static HttpPort<?> getPort(HttpServletRequest httpServletRequest) {
        return (HttpPort) httpServletRequest.getAttribute(ATTR_PORT);
    }

    public static Broker<?> getBroker(ServletContext servletContext) {
        return (Broker) servletContext.getAttribute(ATTR_BROKER);
    }

    public static HttpManagementConfiguration getManagementConfiguration(ServletContext servletContext) {
        return (HttpManagementConfiguration) servletContext.getAttribute(ATTR_MANAGEMENT_CONFIGURATION);
    }

    public static Subject getAuthorisedSubject(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return null;
        }
        try {
            return (Subject) session.getAttribute(getRequestSpecificAttributeName(ATTR_SUBJECT, httpServletRequest));
        } catch (IllegalStateException e) {
            return null;
        }
    }

    public static Subject createServletConnectionSubject(HttpServletRequest httpServletRequest, Subject subject) {
        Subject subject2 = new Subject(false, subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials());
        subject2.getPrincipals().add(new ServletConnectionPrincipal(httpServletRequest));
        subject2.setReadOnly();
        return subject2;
    }

    public static void assertManagementAccess(Broker<?> broker, Subject subject) {
        Subject.doAs(subject, () -> {
            broker.authorise(MANAGE_ACTION);
            return null;
        });
    }

    public static void saveAuthorisedSubject(HttpServletRequest httpServletRequest, Subject subject) {
        HttpSession session = httpServletRequest.getSession();
        Broker<?> broker = getBroker(session.getServletContext());
        HttpPort<?> port = getPort(httpServletRequest);
        setSessionAttribute(ATTR_SUBJECT, subject, session, httpServletRequest);
        setSessionAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(subject, broker), session, httpServletRequest);
        long absoluteSessionTimeout = port.getAbsoluteSessionTimeout();
        if (absoluteSessionTimeout > 0) {
            scheduleAbsoluteSessionTimeout(httpServletRequest, session, broker, absoluteSessionTimeout);
        }
    }

    private static void scheduleAbsoluteSessionTimeout(HttpServletRequest httpServletRequest, HttpSession httpSession, Broker<?> broker, long j) {
        final ScheduledFuture scheduleTask = broker.scheduleTask(j, TimeUnit.MILLISECONDS, () -> {
            invalidateSession(httpSession);
        });
        setSessionAttribute(ATTR_INVALIDATE_FUTURE, new HttpSessionBindingListener() { // from class: org.apache.qpid.server.management.plugin.HttpManagementUtil.1
            public void valueBound(HttpSessionBindingEvent httpSessionBindingEvent) {
            }

            public void valueUnbound(HttpSessionBindingEvent httpSessionBindingEvent) {
                scheduleTask.cancel(false);
            }
        }, httpSession, httpServletRequest);
    }

    public static Subject tryToAuthenticate(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        Subject subject = null;
        Iterator<HttpRequestPreemptiveAuthenticator> it = AUTHENTICATORS.iterator();
        while (it.hasNext()) {
            subject = it.next().attemptAuthentication(httpServletRequest, httpManagementConfiguration);
            if (subject != null) {
                break;
            }
        }
        return subject;
    }

    public static OutputStream getOutputStream(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return getOutputStream(httpServletRequest, httpServletResponse, getManagementConfiguration(httpServletRequest.getServletContext()));
    }

    public static OutputStream getOutputStream(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpManagementConfiguration httpManagementConfiguration) throws IOException {
        GZIPOutputStream outputStream;
        if (isCompressingAccepted(httpServletRequest, httpManagementConfiguration)) {
            outputStream = new GZIPOutputStream(httpServletResponse.getOutputStream());
            httpServletResponse.setHeader(CONTENT_ENCODING_HEADER, GZIP_CONTENT_ENCODING);
        } else {
            outputStream = httpServletResponse.getOutputStream();
        }
        return outputStream;
    }

    public static boolean isCompressingAccepted(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        return httpManagementConfiguration.isCompressResponses() && Collections.list(httpServletRequest.getHeaderNames()).contains(ACCEPT_ENCODING_HEADER) && httpServletRequest.getHeader(ACCEPT_ENCODING_HEADER).contains(GZIP_CONTENT_ENCODING);
    }

    public static String ensureFilenameIsRfc2183(String str) {
        return str.replaceAll("[\\P{InBasic_Latin}\\\\:/\\p{Cntrl}]", QueryPreferenceValue.DEFAULT_SCOPE);
    }

    public static List<String> getPathInfoElements(String str, String str2) {
        if (str2 == null || str2.length() == 0) {
            return List.of();
        }
        String[] split = str2.substring(1).split("/");
        for (int i = 0; i < split.length; i++) {
            split[i] = URLDecoder.decode(split[i], StandardCharsets.UTF_8);
        }
        return Arrays.asList(split);
    }

    public static String getRequestURL(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURL());
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            sb.append('?').append(queryString);
        }
        return sb.toString();
    }

    public static String getRequestPrincipals(HttpServletRequest httpServletRequest) {
        Subject authorisedSubject;
        if (httpServletRequest.getSession(false) == null || (authorisedSubject = getAuthorisedSubject(httpServletRequest)) == null) {
            return null;
        }
        Set<Principal> principals = authorisedSubject.getPrincipals();
        if (principals.isEmpty()) {
            return null;
        }
        TreeSet treeSet = new TreeSet();
        Iterator<Principal> it = principals.iterator();
        while (it.hasNext()) {
            treeSet.add(it.next().getName());
        }
        return treeSet.toString();
    }

    public static void invalidateSession(HttpSession httpSession) {
        try {
            httpSession.invalidate();
        } catch (IllegalStateException e) {
        }
    }

    public static Object getSessionAttribute(String str, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        try {
            return httpSession.getAttribute(getRequestSpecificAttributeName(str, httpServletRequest));
        } catch (IllegalStateException e) {
            throw new SessionInvalidatedException();
        }
    }

    public static void setSessionAttribute(String str, Object obj, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        try {
            httpSession.setAttribute(getRequestSpecificAttributeName(str, httpServletRequest), obj);
        } catch (IllegalStateException e) {
            throw new SessionInvalidatedException();
        }
    }

    public static void removeAttribute(String str, HttpSession httpSession, HttpServletRequest httpServletRequest) {
        try {
            httpSession.removeAttribute(getRequestSpecificAttributeName(str, httpServletRequest));
        } catch (IllegalStateException e) {
        }
    }

    public static void createServletConnectionSubjectAssertManagementAccessAndSave(Broker broker, HttpServletRequest httpServletRequest, Subject subject) {
        Subject createServletConnectionSubject = createServletConnectionSubject(httpServletRequest, subject);
        assertManagementAccess(broker, createServletConnectionSubject);
        saveAuthorisedSubject(httpServletRequest, createServletConnectionSubject);
    }

    static {
        ArrayList arrayList = new ArrayList();
        Iterator it = new QpidServiceLoader().instancesOf(HttpRequestPreemptiveAuthenticator.class).iterator();
        while (it.hasNext()) {
            arrayList.add((HttpRequestPreemptiveAuthenticator) it.next());
        }
        AUTHENTICATORS = Collections.unmodifiableList(arrayList);
    }
}
