package org.gatein.web.security.impersonation;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.exoplatform.container.web.AbstractHttpServlet;
import org.exoplatform.portal.config.UserACL;
import org.exoplatform.services.organization.OrganizationService;
import org.exoplatform.services.organization.User;
import org.exoplatform.services.organization.UserStatus;
import org.exoplatform.services.security.Authenticator;
import org.exoplatform.services.security.ConversationRegistry;
import org.exoplatform.services.security.ConversationState;
import org.exoplatform.services.security.Identity;
import org.exoplatform.services.security.IdentityRegistry;
import org.exoplatform.services.security.web.HttpSessionStateKey;
import org.gatein.common.logging.Logger;
import org.gatein.common.logging.LoggerFactory;
import org.gatein.wci.ServletContainerFactory;
import org.gatein.wci.session.SessionTask;
import org.gatein.wci.session.SessionTaskVisitor;

/* loaded from: input_file:org/gatein/web/security/impersonation/ImpersonationServlet.class */
public class ImpersonationServlet extends AbstractHttpServlet {
    public static final String PARAM_ACTION = "_impersonationAction";
    public static final String PARAM_ACTION_START_IMPERSONATION = "startImpersonation";
    public static final String PARAM_ACTION_STOP_IMPERSONATION = "stopImpersonation";
    public static final String PARAM_USERNAME = "_impersonationUsername";
    public static final String PARAM_RETURN_IMPERSONATION_URI = "_returnImpersonationURI";
    public static final String ATTR_RETURN_IMPERSONATION_URI = "_returnImpersonationURI";
    public static final String IMPERSONATE_URL_SUFIX = "/impersonate";
    private static final String BACKUP_ATTR = "_impersonation.bck";
    private static final Logger log = LoggerFactory.getLogger(ImpersonationServlet.class);

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            httpServletRequest.setCharacterEncoding("UTF-8");
        } catch (UnsupportedEncodingException e) {
            log.error("Encoding not supported", e);
        }
        String parameter = httpServletRequest.getParameter(PARAM_ACTION);
        if (parameter == null) {
            log.error("Parameter '_impersonationAction' not provided");
            httpServletResponse.sendError(400);
        } else if (PARAM_ACTION_START_IMPERSONATION.equals(parameter)) {
            startImpersonation(httpServletRequest, httpServletResponse);
        } else if (PARAM_ACTION_STOP_IMPERSONATION.equals(parameter)) {
            stopImpersonation(httpServletRequest, httpServletResponse);
        } else {
            log.error("Unknown impersonation action: " + parameter);
            httpServletResponse.sendError(400);
        }
    }

    protected void startImpersonation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter(PARAM_USERNAME);
        if (parameter == null) {
            log.error("Parameter '_impersonationUsername' not provided");
            httpServletResponse.sendError(400);
            return;
        }
        try {
            User findUserByName = ((OrganizationService) getContainer().getComponentInstanceOfType(OrganizationService.class)).getUserHandler().findUserByName(parameter, UserStatus.ANY);
            if (findUserByName == null) {
                log.error("User '" + parameter + "' not found!");
                httpServletResponse.sendError(400);
                return;
            }
            ConversationState current = ConversationState.getCurrent();
            Identity identity = current.getIdentity();
            if (identity instanceof ImpersonatedIdentity) {
                log.error("Already impersonated as identity: " + identity);
                httpServletResponse.sendError(400);
                return;
            }
            if (!checkPermission(findUserByName)) {
                log.error("Current user represented by identity " + identity.getUserId() + " doesn't have permission to impersonate as " + findUserByName);
                httpServletResponse.sendError(403);
                return;
            }
            log.debug("Going to impersonate as user: " + parameter);
            backupAndClearCurrentSession(httpServletRequest);
            String parameter2 = httpServletRequest.getParameter("_returnImpersonationURI");
            if (parameter2 == null) {
                parameter2 = httpServletRequest.getContextPath();
            }
            httpServletRequest.getSession().setAttribute("_returnImpersonationURI", parameter2);
            if (log.isTraceEnabled()) {
                log.trace("Saved URI " + parameter2 + " which will be used after finish of impersonation");
            }
            if (impersonate(httpServletRequest, current, parameter)) {
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath());
            } else {
                httpServletResponse.sendError(503);
            }
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    protected boolean checkPermission(User user) {
        return ((UserACL) getContainer().getComponentInstanceOfType(UserACL.class)).hasImpersonateUserPermission(user);
    }

    protected void backupAndClearCurrentSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            ServletContainerFactory.getServletContainer().visit(new SessionTaskVisitor(session.getId(), new SessionTask() { // from class: org.gatein.web.security.impersonation.ImpersonationServlet.1
                public boolean executeTask(HttpSession httpSession) {
                    if (ImpersonationServlet.log.isTraceEnabled()) {
                        ImpersonationServlet.log.trace("Starting with backup attributes for context: " + httpSession.getServletContext().getContextPath());
                    }
                    List<String> offlineCopy = ImpersonationServlet.this.offlineCopy(httpSession.getAttributeNames());
                    HashMap hashMap = new HashMap();
                    for (String str : offlineCopy) {
                        Object attribute = httpSession.getAttribute(str);
                        httpSession.removeAttribute(str);
                        hashMap.put(str, attribute);
                        if (ImpersonationServlet.log.isTraceEnabled()) {
                            ImpersonationServlet.log.trace("Finished backup of attribute: " + str);
                        }
                    }
                    httpSession.setAttribute(ImpersonationServlet.BACKUP_ATTR, hashMap);
                    return true;
                }
            }));
        }
    }

    protected boolean impersonate(HttpServletRequest httpServletRequest, ConversationState conversationState, String str) {
        Identity createIdentity = createIdentity(str);
        if (createIdentity == null) {
            return false;
        }
        ImpersonatedIdentity impersonatedIdentity = new ImpersonatedIdentity(createIdentity, conversationState);
        log.debug("Set ConversationState with current session. Admin user " + impersonatedIdentity.getParentConversationState().getIdentity().getUserId() + " will use identity of user " + impersonatedIdentity.getUserId());
        registerConversationState(httpServletRequest, new ConversationState(impersonatedIdentity));
        return true;
    }

    protected void stopImpersonation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Identity identity = ConversationState.getCurrent().getIdentity();
        if (!(identity instanceof ImpersonatedIdentity)) {
            log.error("Can't stop impersonation session. Current identity is not instance of Impersonated Identity! Current identity: " + identity);
            httpServletResponse.sendError(400);
            return;
        }
        ImpersonatedIdentity impersonatedIdentity = (ImpersonatedIdentity) identity;
        log.debug("Cancel impersonation session. Impersonated user was: " + impersonatedIdentity.getUserId() + ", Admin user is: " + impersonatedIdentity.getParentConversationState().getIdentity().getUserId());
        restoreConversationState(httpServletRequest, impersonatedIdentity);
        String returnURI = getReturnURI(httpServletRequest);
        restoreOldSessionAttributes(httpServletRequest);
        if (log.isTraceEnabled()) {
            log.trace("Impersonation finished. Redirecting to " + returnURI);
        }
        httpServletResponse.sendRedirect(returnURI);
    }

    protected void restoreConversationState(HttpServletRequest httpServletRequest, ImpersonatedIdentity impersonatedIdentity) {
        ConversationState parentConversationState = impersonatedIdentity.getParentConversationState();
        registerConversationState(httpServletRequest, parentConversationState);
        IdentityRegistry identityRegistry = (IdentityRegistry) getContainer().getComponentInstanceOfType(IdentityRegistry.class);
        String userId = parentConversationState.getIdentity().getUserId();
        if (identityRegistry.getIdentity(userId) == null) {
            log.debug("Restore of identity of user " + userId + " in IdentityRegistry");
            identityRegistry.register(createIdentity(userId));
        }
    }

    protected void restoreOldSessionAttributes(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            ServletContainerFactory.getServletContainer().visit(new SessionTaskVisitor(session.getId(), new SessionTask() { // from class: org.gatein.web.security.impersonation.ImpersonationServlet.2
                public boolean executeTask(HttpSession httpSession) {
                    if (ImpersonationServlet.log.isTraceEnabled()) {
                        ImpersonationServlet.log.trace("Starting with restoring attributes for context: " + httpSession.getServletContext().getContextPath());
                    }
                    Map map = (Map) httpSession.getAttribute(ImpersonationServlet.BACKUP_ATTR);
                    for (String str : ImpersonationServlet.this.offlineCopy(httpSession.getAttributeNames())) {
                        httpSession.removeAttribute(str);
                        if (ImpersonationServlet.log.isTraceEnabled()) {
                            ImpersonationServlet.log.trace("Removed attribute: " + str);
                        }
                    }
                    if (map == null) {
                        if (!ImpersonationServlet.log.isTraceEnabled()) {
                            return true;
                        }
                        ImpersonationServlet.log.trace("No session attributes found in previous impersonated session. Ignoring");
                        return true;
                    }
                    for (Map.Entry entry : map.entrySet()) {
                        httpSession.setAttribute((String) entry.getKey(), entry.getValue());
                        if (ImpersonationServlet.log.isTraceEnabled()) {
                            ImpersonationServlet.log.trace("Finished restore of attribute: " + ((String) entry.getKey()));
                        }
                    }
                    return true;
                }
            }));
        }
    }

    private void registerConversationState(HttpServletRequest httpServletRequest, ConversationState conversationState) {
        ((ConversationRegistry) getContainer().getComponentInstanceOfType(ConversationRegistry.class)).register(new HttpSessionStateKey(httpServletRequest.getSession()), conversationState);
    }

    private Identity createIdentity(String str) {
        try {
            return ((Authenticator) getContainer().getComponentInstanceOfType(Authenticator.class)).createIdentity(str);
        } catch (Exception e) {
            log.error("New identity for user: " + str + " not created.", e);
            return null;
        }
    }

    private String getReturnURI(HttpServletRequest httpServletRequest) {
        String str = null;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            str = (String) session.getAttribute("_returnImpersonationURI");
        }
        if (str == null) {
            str = httpServletRequest.getContextPath();
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> offlineCopy(Enumeration<String> enumeration) {
        LinkedList linkedList = new LinkedList();
        while (enumeration.hasMoreElements()) {
            linkedList.add(enumeration.nextElement());
        }
        return linkedList;
    }
}
