package org.exist.http.servlets;

import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.xalan.templates.Constants;
import org.exist.EXistException;
import org.exist.client.InteractiveClient;
import org.exist.http.BadRequestException;
import org.exist.http.Descriptor;
import org.exist.http.NotFoundException;
import org.exist.http.RESTServer;
import org.exist.http.SOAPServer;
import org.exist.security.PermissionDeniedException;
import org.exist.security.User;
import org.exist.security.XmldbPrincipal;
import org.exist.storage.BrokerPool;
import org.exist.storage.DBBroker;
import org.exist.util.Configuration;
import org.exist.util.DatabaseConfigurationException;
import org.exist.validation.XmlLibraryChecker;
import org.exist.xmldb.DatabaseImpl;
import org.exist.xmldb.XmldbURI;
import org.xmldb.api.DatabaseManager;
import org.xmldb.api.base.Database;
import org.xmldb.api.base.XMLDBException;

/* loaded from: input_file:lib/exist-optional.jar:org/exist/http/servlets/EXistServlet.class */
public class EXistServlet extends HttpServlet {
    public static final String DEFAULT_ENCODING = "UTF-8";
    protected static final Logger LOG;
    private RESTServer srvREST;
    private SOAPServer srvSOAP;
    private Authenticator authenticator;
    private User defaultUser;
    static Class class$org$exist$http$servlets$EXistServlet;
    private String formEncoding = null;
    private BrokerPool pool = null;
    private String defaultUsername = "guest";
    private String defaultPassword = "guest";

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        try {
            if (BrokerPool.isConfigured()) {
                LOG.info("Database already started. Skipping configuration ...");
            } else {
                String initParameter = servletConfig.getInitParameter(InteractiveClient.CONFIGURATION);
                String initParameter2 = servletConfig.getInitParameter("basedir");
                String initParameter3 = servletConfig.getInitParameter("start");
                if (initParameter == null) {
                    initParameter = DatabaseImpl.CONF_XML;
                }
                String realPath = initParameter2 == null ? servletConfig.getServletContext().getRealPath(Constants.ATTRVAL_THIS) : servletConfig.getServletContext().getRealPath(initParameter2);
                LOG.info(new StringBuffer().append("EXistServlet: exist.home=").append(realPath).toString());
                File file = new File(new StringBuffer().append(realPath).append(File.separator).append(initParameter).toString());
                LOG.info(new StringBuffer().append("reading configuration from ").append(file.getAbsolutePath()).toString());
                if (!file.canRead()) {
                    throw new ServletException(new StringBuffer().append("configuration file ").append(initParameter).append(" not found or not readable").toString());
                }
                Configuration configuration = new Configuration(initParameter, realPath);
                if (initParameter3 != null && initParameter3.equals("true")) {
                    startup(configuration);
                }
            }
            this.pool = BrokerPool.getInstance();
            String initParameter4 = servletConfig.getInitParameter("use-default-user");
            boolean z = true;
            if (initParameter4 != null) {
                z = initParameter4.trim().equals("true");
            }
            if (z) {
                String initParameter5 = servletConfig.getInitParameter("user");
                if (initParameter5 != null) {
                    this.defaultUsername = initParameter5;
                }
                String initParameter6 = servletConfig.getInitParameter("password");
                if (initParameter6 != null) {
                    this.defaultPassword = initParameter6;
                }
                this.defaultUser = getDefaultUser();
                if (this.defaultUser != null) {
                    LOG.info(new StringBuffer().append("Using default user ").append(this.defaultUsername).append(" for all unauthorized requests.").toString());
                } else {
                    LOG.error(new StringBuffer().append("Default user ").append(this.defaultUsername).append(" cannot be found.  A BASIC AUTH challenge will be the default.").toString());
                }
            } else {
                LOG.info("No default user.  All requires must be authorized or will result in a BASIC AUTH challenge.");
                this.defaultUser = null;
            }
            this.authenticator = new BasicAuthenticator(this.pool);
            this.formEncoding = servletConfig.getInitParameter("form-encoding");
            if (this.formEncoding == null) {
                this.formEncoding = "UTF-8";
            }
            String initParameter7 = servletConfig.getInitParameter("container-encoding");
            if (initParameter7 == null) {
                initParameter7 = "UTF-8";
            }
            String initParameter8 = servletConfig.getInitParameter("dynamic-content-type");
            if (initParameter8 == null) {
                initParameter8 = "no";
            }
            this.srvREST = new RESTServer(this.pool, this.formEncoding, initParameter7, initParameter8.equalsIgnoreCase("yes") || initParameter8.equalsIgnoreCase("true"));
            this.srvSOAP = new SOAPServer(this.formEncoding, initParameter7);
            XmlLibraryChecker.check();
        } catch (EXistException e) {
            throw new ServletException("No database instance available");
        } catch (DatabaseConfigurationException e2) {
            throw new ServletException(new StringBuffer().append("Unable to configure database instance: ").append(e2.getMessage()).toString(), e2);
        }
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String adjustPath = adjustPath(httpServletRequest);
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        if (descriptorSingleton != null) {
            adjustPath = descriptorSingleton.mapPath(adjustPath);
        }
        User authenticate = authenticate(httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            return;
        }
        File file = null;
        try {
            try {
                try {
                    XmldbURI create = XmldbURI.create(adjustPath);
                    DBBroker dBBroker = this.pool.get(authenticate);
                    if (dBBroker.getCollection(create) != null) {
                        httpServletResponse.sendError(400, "A PUT request is not allowed against a plain collection path.");
                        if (dBBroker != null) {
                            this.pool.release(dBBroker);
                        }
                        if (0 != 0) {
                            file.delete();
                            return;
                        }
                        return;
                    }
                    ServletInputStream inputStream = httpServletRequest.getInputStream();
                    int contentLength = httpServletRequest.getContentLength();
                    File createTempFile = File.createTempFile("existSRV", ".tmp");
                    BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(createTempFile));
                    byte[] bArr = new byte[4096];
                    int i = 0;
                    do {
                        int read = inputStream.read(bArr);
                        if (read > 0) {
                            bufferedOutputStream.write(bArr, 0, read);
                        }
                        i += read;
                    } while (i < contentLength);
                    bufferedOutputStream.close();
                    this.srvREST.doPut(dBBroker, createTempFile, create, httpServletRequest, httpServletResponse);
                    if (dBBroker != null) {
                        this.pool.release(dBBroker);
                    }
                    if (createTempFile != null) {
                        createTempFile.delete();
                    }
                } catch (EXistException e) {
                    httpServletResponse.sendError(500, e.getMessage());
                    if (0 != 0) {
                        this.pool.release(null);
                    }
                    if (0 != 0) {
                        file.delete();
                    }
                }
            } catch (BadRequestException e2) {
                httpServletResponse.sendError(400, e2.getMessage());
                if (0 != 0) {
                    this.pool.release(null);
                }
                if (0 != 0) {
                    file.delete();
                }
            } catch (PermissionDeniedException e3) {
                if (authenticate.equals(this.defaultUser)) {
                    this.authenticator.sendChallenge(httpServletRequest, httpServletResponse);
                } else {
                    httpServletResponse.sendError(403, e3.getMessage());
                }
                if (0 != 0) {
                    this.pool.release(null);
                }
                if (0 != 0) {
                    file.delete();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                this.pool.release(null);
            }
            if (0 != 0) {
                file.delete();
            }
            throw th;
        }
    }

    private String adjustPath(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            pathInfo = "";
        }
        int lastIndexOf = pathInfo.lastIndexOf(59);
        if (lastIndexOf != -1) {
            pathInfo = pathInfo.substring(0, lastIndexOf);
        }
        return pathInfo;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String adjustPath = adjustPath(httpServletRequest);
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        if (descriptorSingleton != null) {
            descriptorSingleton.doLogRequestInReplayLog(httpServletRequest);
            adjustPath = descriptorSingleton.mapPath(adjustPath);
        }
        User authenticate = authenticate(httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            return;
        }
        try {
            try {
                try {
                    try {
                        DBBroker dBBroker = this.pool.get(authenticate);
                        if (adjustPath.indexOf(SOAPServer.WEBSERVICE_MODULE_EXTENSION) > -1) {
                            this.srvSOAP.doGet(dBBroker, httpServletRequest, httpServletResponse, adjustPath);
                        } else {
                            this.srvREST.doGet(dBBroker, httpServletRequest, httpServletResponse, adjustPath);
                        }
                        this.pool.release(dBBroker);
                    } catch (EXistException e) {
                        httpServletResponse.sendError(500, e.getMessage());
                        this.pool.release(null);
                    }
                } catch (PermissionDeniedException e2) {
                    if (authenticate.equals(this.defaultUser)) {
                        this.authenticator.sendChallenge(httpServletRequest, httpServletResponse);
                    } else {
                        httpServletResponse.sendError(403, e2.getMessage());
                    }
                    this.pool.release(null);
                }
            } catch (BadRequestException e3) {
                httpServletResponse.sendError(400, e3.getMessage());
                this.pool.release(null);
            } catch (NotFoundException e4) {
                httpServletResponse.sendError(404, e4.getMessage());
                this.pool.release(null);
            }
        } catch (Throwable th) {
            this.pool.release(null);
            throw th;
        }
    }

    protected void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String adjustPath = adjustPath(httpServletRequest);
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        if (descriptorSingleton != null) {
            descriptorSingleton.doLogRequestInReplayLog(httpServletRequest);
            adjustPath = descriptorSingleton.mapPath(adjustPath);
        }
        User authenticate = authenticate(httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            return;
        }
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    try {
                        dBBroker = this.pool.get(authenticate);
                        this.srvREST.doHead(dBBroker, httpServletRequest, httpServletResponse, adjustPath);
                        this.pool.release(dBBroker);
                    } catch (EXistException e) {
                        httpServletResponse.sendError(500, e.getMessage());
                        this.pool.release(dBBroker);
                    }
                } catch (BadRequestException e2) {
                    httpServletResponse.sendError(400, e2.getMessage());
                    this.pool.release(dBBroker);
                }
            } catch (NotFoundException e3) {
                httpServletResponse.sendError(404, e3.getMessage());
                this.pool.release(dBBroker);
            } catch (PermissionDeniedException e4) {
                if (authenticate.equals(this.defaultUser)) {
                    this.authenticator.sendChallenge(httpServletRequest, httpServletResponse);
                } else {
                    httpServletResponse.sendError(403, e4.getMessage());
                }
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String adjustPath = adjustPath(httpServletRequest);
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        if (descriptorSingleton != null) {
            adjustPath = descriptorSingleton.mapPath(adjustPath);
        }
        User authenticate = authenticate(httpServletRequest, httpServletResponse);
        if (authenticate == null) {
            return;
        }
        DBBroker dBBroker = null;
        try {
            try {
                try {
                    dBBroker = this.pool.get(authenticate);
                    this.srvREST.doDelete(dBBroker, XmldbURI.create(adjustPath), httpServletResponse);
                    this.pool.release(dBBroker);
                } catch (EXistException e) {
                    httpServletResponse.sendError(500, e.getMessage());
                    this.pool.release(dBBroker);
                }
            } catch (NotFoundException e2) {
                httpServletResponse.sendError(404, e2.getMessage());
                this.pool.release(dBBroker);
            } catch (PermissionDeniedException e3) {
                if (authenticate.equals(this.defaultUser)) {
                    this.authenticator.sendChallenge(httpServletRequest, httpServletResponse);
                } else {
                    httpServletResponse.sendError(403, e3.getMessage());
                }
                this.pool.release(dBBroker);
            }
        } catch (Throwable th) {
            this.pool.release(dBBroker);
            throw th;
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        HttpServletRequest httpServletRequestWrapper = descriptorSingleton != null ? descriptorSingleton.allowRequestLogging() ? new HttpServletRequestWrapper(httpServletRequest, this.formEncoding) : httpServletRequest : httpServletRequest;
        String adjustPath = httpServletRequestWrapper.getPathInfo() == null ? "" : adjustPath(httpServletRequestWrapper);
        if (descriptorSingleton != null) {
            descriptorSingleton.doLogRequestInReplayLog(httpServletRequestWrapper);
            adjustPath = descriptorSingleton.mapPath(adjustPath);
        }
        User authenticate = authenticate(httpServletRequestWrapper, httpServletResponse);
        if (authenticate == null) {
            return;
        }
        try {
            try {
                try {
                    try {
                        DBBroker dBBroker = this.pool.get(authenticate);
                        if (adjustPath.indexOf(SOAPServer.WEBSERVICE_MODULE_EXTENSION) > -1) {
                            this.srvSOAP.doPost(dBBroker, httpServletRequestWrapper, httpServletResponse, adjustPath);
                        } else {
                            this.srvREST.doPost(dBBroker, httpServletRequestWrapper, httpServletResponse, adjustPath);
                        }
                        this.pool.release(dBBroker);
                    } catch (NotFoundException e) {
                        httpServletResponse.sendError(404, e.getMessage());
                        this.pool.release(null);
                    }
                } catch (EXistException e2) {
                    httpServletResponse.sendError(500, e2.getMessage());
                    this.pool.release(null);
                }
            } catch (BadRequestException e3) {
                httpServletResponse.sendError(400, e3.getMessage());
                this.pool.release(null);
            } catch (PermissionDeniedException e4) {
                if (authenticate.equals(this.defaultUser)) {
                    this.authenticator.sendChallenge(httpServletRequestWrapper, httpServletResponse);
                } else {
                    httpServletResponse.sendError(403, e4.getMessage());
                }
                this.pool.release(null);
            }
        } catch (Throwable th) {
            this.pool.release(null);
            throw th;
        }
    }

    public void destroy() {
        super.destroy();
        BrokerPool.stopAll(false);
    }

    private User authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal instanceof XmldbPrincipal) {
            String name = ((XmldbPrincipal) userPrincipal).getName();
            String password = ((XmldbPrincipal) userPrincipal).getPassword();
            LOG.info(new StringBuffer().append("Validating Principle: ").append(userPrincipal.getName()).toString());
            User user = this.pool.getSecurityManager().getUser(name);
            if (user != null) {
                if (password.equalsIgnoreCase(user.getPassword())) {
                    LOG.info(new StringBuffer().append("Valid User: ").append(user.getName()).toString());
                    return user;
                }
                LOG.info(new StringBuffer().append("Password invalid for user: ").append(name).toString());
                LOG.info(new StringBuffer().append("User not found: ").append(userPrincipal.getName()).toString());
            }
        }
        return (httpServletRequest.getHeader("Authorization") != null || this.defaultUser == null) ? this.authenticator.authenticate(httpServletRequest, httpServletResponse) : this.defaultUser;
    }

    private User getDefaultUser() {
        if (this.defaultUsername == null) {
            return null;
        }
        User user = this.pool.getSecurityManager().getUser(this.defaultUsername);
        if (user == null || user.validate(this.defaultPassword)) {
            return user;
        }
        return null;
    }

    private void startup(Configuration configuration) throws ServletException {
        if (configuration == null) {
            throw new ServletException("database has not been configured");
        }
        LOG.info("configuring eXist instance");
        try {
            if (!BrokerPool.isConfigured()) {
                BrokerPool.configure(1, 5, configuration);
            }
            try {
                LOG.info("registering XMLDB driver");
                DatabaseManager.registerDatabase((Database) Class.forName("org.exist.xmldb.DatabaseImpl").newInstance());
            } catch (ClassNotFoundException e) {
                LOG.info(org.quartz.impl.jdbcjobstore.Constants.STATE_ERROR, e);
            } catch (IllegalAccessException e2) {
                LOG.info(org.quartz.impl.jdbcjobstore.Constants.STATE_ERROR, e2);
            } catch (InstantiationException e3) {
                LOG.info(org.quartz.impl.jdbcjobstore.Constants.STATE_ERROR, e3);
            } catch (XMLDBException e4) {
                LOG.info(org.quartz.impl.jdbcjobstore.Constants.STATE_ERROR, e4);
            }
        } catch (EXistException e5) {
            throw new ServletException(e5.getMessage(), e5);
        } catch (DatabaseConfigurationException e6) {
            throw new ServletException(e6.getMessage(), e6);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$exist$http$servlets$EXistServlet == null) {
            cls = class$("org.exist.http.servlets.EXistServlet");
            class$org$exist$http$servlets$EXistServlet = cls;
        } else {
            cls = class$org$exist$http$servlets$EXistServlet;
        }
        LOG = Logger.getLogger(cls);
    }
}
