package com.atlassian.confluence.plugins.crowdproxy;

import com.atlassian.confluence.security.Permission;
import com.atlassian.confluence.security.PermissionManager;
import com.atlassian.confluence.user.AuthenticatedUserThreadLocal;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicHttpEntityEnclosingRequest;
import org.apache.http.message.BasicHttpRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/plugins/crowdproxy/CrowdProxyServlet.class */
public class CrowdProxyServlet extends HttpServlet {
    protected static final String AUTHORIZATION_HTTP_HEADER_KEY = "Authorization";
    protected static final String CROWD_CREDENTIALS = "Basic Y29uZmx1ZW5jZTpmb29iYXI=";
    protected static final String HTTP_REQUEST_HEADER_CONTENT_LENGTH = "Content-Length";
    private static final String CROWD_PROXY_CONTEXT_PATH = "/plugins/servlet/crowdproxy";
    private static final Set<String> IGNORE_REQ_HEADERS;
    private static final Set<String> IGNORE_RESP_HEADERS;
    private static final String CROWD_CONTEXT_PATH = "/crowd";
    private static final int CROWD_PORT = 4990;
    private final Logger log = LoggerFactory.getLogger(CrowdProxyServlet.class);
    private PermissionManager permissionManager;

    public CrowdProxyServlet(PermissionManager permissionManager) {
        this.permissionManager = permissionManager;
    }

    public String getServletInfo() {
        return "Acts as a proxy for accessing crowd in OnDemand. For testing purposes only.";
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            if (isSysAdminAuthenticated()) {
                buildResponse(executeCrowdRequest(buildCrowdRequest(httpServletRequest)), httpServletResponse);
            } else {
                httpServletResponse.setStatus(403);
            }
        } catch (Exception e) {
            this.log.debug("Exception when calling Crowd", e);
            httpServletResponse.setStatus(500);
        }
    }

    private boolean isSysAdminAuthenticated() {
        return this.permissionManager.hasPermission(AuthenticatedUserThreadLocal.get(), Permission.ADMINISTER, PermissionManager.TARGET_SYSTEM);
    }

    protected HttpRequest buildCrowdRequest(HttpServletRequest httpServletRequest) throws IOException {
        this.log.debug("Request to Crowd proxy: " + httpServletRequest.getRequestURI());
        String str = CROWD_CONTEXT_PATH + StringUtils.removeStart(httpServletRequest.getRequestURI(), httpServletRequest.getContextPath() + CROWD_PROXY_CONTEXT_PATH);
        String queryString = httpServletRequest.getQueryString();
        if (StringUtils.isNotBlank(queryString)) {
            str = str + "?" + queryString;
        }
        HttpRequest createCrowdRequest = createCrowdRequest(httpServletRequest, str);
        this.log.debug("Request to Crowd: " + createCrowdRequest);
        setCrowdRequestHeaders(httpServletRequest, createCrowdRequest);
        return createCrowdRequest;
    }

    protected HttpRequest createCrowdRequest(HttpServletRequest httpServletRequest, String str) throws IOException {
        if (httpServletRequest.getContentLength() <= 0) {
            return new BasicHttpRequest(httpServletRequest.getMethod(), str);
        }
        BasicHttpEntityEnclosingRequest basicHttpEntityEnclosingRequest = new BasicHttpEntityEnclosingRequest(httpServletRequest.getMethod(), str);
        ByteArrayEntity byteArrayEntity = new ByteArrayEntity(IOUtils.toByteArray(httpServletRequest.getInputStream()));
        basicHttpEntityEnclosingRequest.setEntity(byteArrayEntity);
        this.log.debug("Crowd Request entity body:\n" + new String(IOUtils.toByteArray(byteArrayEntity.getContent()), Charset.forName("UTF-8")));
        return basicHttpEntityEnclosingRequest;
    }

    protected void setCrowdRequestHeaders(HttpServletRequest httpServletRequest, HttpRequest httpRequest) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (!IGNORE_REQ_HEADERS.contains(str.toLowerCase())) {
                Enumeration headers = httpServletRequest.getHeaders(str);
                while (headers.hasMoreElements()) {
                    String str2 = (String) headers.nextElement();
                    httpRequest.addHeader(str, str2);
                    this.log.debug("Crowd Request HTTP Header: [" + str + " = " + str2 + "]");
                }
            }
        }
        this.log.debug("Crowd Request HTTP Header: [Authorization = Basic Y29uZmx1ZW5jZTpmb29iYXI=]");
        httpRequest.setHeader(AUTHORIZATION_HTTP_HEADER_KEY, CROWD_CREDENTIALS);
    }

    protected HttpResponse executeCrowdRequest(HttpRequest httpRequest) throws IOException {
        return new DefaultHttpClient().execute(new HttpHost("localhost", CROWD_PORT, "http"), httpRequest);
    }

    protected void buildResponse(HttpResponse httpResponse, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(httpResponse.getStatusLine().getStatusCode());
        setResponseHeaders(httpResponse, httpServletResponse);
        if (httpResponse.getEntity() != null) {
            byte[] byteArray = IOUtils.toByteArray(httpResponse.getEntity().getContent());
            this.log.debug("Crowd Proxy Response: " + new String(IOUtils.toByteArray(new ByteArrayEntity(byteArray).getContent()), Charset.forName("UTF-8")));
            httpServletResponse.getOutputStream().write(byteArray);
        }
    }

    protected void setResponseHeaders(HttpResponse httpResponse, HttpServletResponse httpServletResponse) {
        for (Header header : httpResponse.getAllHeaders()) {
            if (!IGNORE_RESP_HEADERS.contains(header.getName().toLowerCase())) {
                this.log.debug("Crowd Proxy Response HTTP Header: [" + header.getName() + " = " + header.getValue() + "]");
                httpServletResponse.setHeader(header.getName(), header.getValue());
            }
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(HTTP_REQUEST_HEADER_CONTENT_LENGTH.toLowerCase());
        hashSet.add(AUTHORIZATION_HTTP_HEADER_KEY.toLowerCase());
        HashSet hashSet2 = new HashSet();
        hashSet2.add(HTTP_REQUEST_HEADER_CONTENT_LENGTH.toLowerCase());
        IGNORE_REQ_HEADERS = hashSet;
        IGNORE_RESP_HEADERS = hashSet2;
    }
}
