package com.ibm.sbt.opensocial.domino.servlets;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.ibm.commons.util.io.json.JsonException;
import com.ibm.commons.util.io.json.JsonGenerator;
import com.ibm.commons.util.io.json.JsonJavaFactory;
import com.ibm.domino.osgi.core.context.ContextInfo;
import com.ibm.fiesta.commons.IdUtil;
import com.ibm.fiesta.commons.security.SimpleSecurityToken;
import com.ibm.sbt.opensocial.domino.internal.OpenSocialPlugin;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lotus.domino.Session;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AbstractSecurityToken;
import org.apache.shindig.auth.SecurityTokenCodec;
import org.apache.shindig.common.servlet.InjectedServlet;
import org.apache.shindig.config.ContainerConfig;

/* loaded from: input_file:com/ibm/sbt/opensocial/domino/servlets/SecurityTokenServlet.class */
public class SecurityTokenServlet extends InjectedServlet {
    private static final long serialVersionUID = 1;
    private static final String RESP_TTL_KEY = "ttl";
    private static final String RESP_TOKEN_KEY = "token";
    private static final String METHOD = "doGet";
    private static final String ANONYMOUS = "@anonymous";
    private static final String CLASSNAME = SecurityTokenServlet.class.getName();
    private final Logger logger = OpenSocialPlugin.getLogger();
    private SecurityTokenCodec codec;
    private ContainerConfig config;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/sbt/opensocial/domino/servlets/SecurityTokenServlet$DominoSecurityToken.class */
    public class DominoSecurityToken extends SimpleSecurityToken {
        private boolean isAnonymous;
        private ContainerConfig config;

        public DominoSecurityToken(Map<String, String> map, ContainerConfig containerConfig) {
            super(map);
            this.isAnonymous = false;
            if (SecurityTokenServlet.ANONYMOUS.equals(map.get(AbstractSecurityToken.Keys.VIEWER.getKey()))) {
                this.isAnonymous = true;
            }
            this.config = containerConfig;
        }

        public boolean isAnonymous() {
            return this.isAnonymous;
        }

        public int getTokenTTL() {
            return this.config.getInt(getContainer(), "gadgets.securityTokenTTL");
        }
    }

    @Inject
    public void setSecurityTokenCodec(SecurityTokenCodec securityTokenCodec) {
        checkInitialized();
        this.codec = securityTokenCodec;
    }

    @Inject
    public void setContainerConfig(ContainerConfig containerConfig) {
        this.config = containerConfig;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logRequestInfo(httpServletRequest);
        if (this.codec == null) {
            sendError(httpServletRequest, httpServletResponse, "The codec is null", 500);
            return;
        }
        try {
            try {
                String userId = getUserId();
                SimpleSecurityToken generateSecurityToken = generateSecurityToken(httpServletRequest, userId, userId);
                if (this.logger.isLoggable(Level.FINEST)) {
                    this.logger.finest("SecurityTokenServlet -  encoding values: " + generateSecurityToken);
                }
                String encodeToken = this.codec.encodeToken(generateSecurityToken);
                this.logger.finest("SecurityTokenServlet - encoded token: " + encodeToken);
                httpServletResponse.setContentType("application/json;charset=UTF-8");
                httpServletResponse.setHeader("Content-Disposition", "attachment;filename=foo.txt");
                httpServletResponse.setHeader("Pragma", "no-cache");
                httpServletResponse.setHeader("Cache-Control", "no-cache");
                String buildResponseString = buildResponseString(generateSecurityToken, encodeToken);
                httpServletResponse.setContentLength(buildResponseString.length());
                PrintWriter writer = httpServletResponse.getWriter();
                writer.print(buildResponseString);
                writer.flush();
            } catch (Throwable th) {
                sendError(httpServletRequest, httpServletResponse, "There was an error getting the user id.", 500, th);
            }
        } catch (Exception e) {
            sendError(httpServletRequest, httpServletResponse, e.getMessage(), 500);
        }
    }

    private String getUserId() throws Throwable {
        return (ContextInfo.isAnonymous() || ContextInfo.getUserSession() == null) ? ANONYMOUS : getUserIdFromSession(ContextInfo.getUserSession());
    }

    private String getUserIdFromSession(Session session) throws Throwable {
        String effectiveUserName = session.getEffectiveUserName();
        return StringUtils.containsIgnoreCase(effectiveUserName, "CN=") ? getCanonicalShindigId(effectiveUserName) : IdUtil.getShindigId(effectiveUserName);
    }

    private String getCanonicalShindigId(String str) {
        return str.replace("=", ".").replace("/", "_");
    }

    private String buildResponseString(SimpleSecurityToken simpleSecurityToken, String str) throws JsonException, IOException {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(RESP_TTL_KEY, Integer.valueOf(simpleSecurityToken.getTokenTTL()));
        newHashMap.put(RESP_TOKEN_KEY, str);
        return JsonGenerator.toJson(JsonJavaFactory.instance, newHashMap, true);
    }

    private void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, int i) throws IOException {
        this.logger.logp(Level.WARNING, CLASSNAME, METHOD, "warn.security.servlet.response", new Object[]{Integer.valueOf(i), str});
        httpServletResponse.sendError(i, str);
    }

    private void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, int i, Throwable th) throws IOException {
        sendError(httpServletRequest, httpServletResponse, str, i);
        this.logger.logp(Level.WARNING, CLASSNAME, METHOD, th.getMessage(), th);
    }

    private SimpleSecurityToken generateSecurityToken(HttpServletRequest httpServletRequest, String str, String str2) {
        HashMap newHashMap = Maps.newHashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        for (String str3 : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str3);
            if (strArr != null && strArr.length > 0) {
                newHashMap.put(str3, strArr[0]);
            }
        }
        newHashMap.put(AbstractSecurityToken.Keys.VIEWER.getKey(), str);
        newHashMap.put(AbstractSecurityToken.Keys.OWNER.getKey(), str2);
        return new DominoSecurityToken(newHashMap, this.config);
    }

    private void logRequestInfo(HttpServletRequest httpServletRequest) {
        this.logger.finest("SecurityTokenServlet - remote address: " + httpServletRequest.getRemoteAddr());
        this.logger.finest("SecurityTokenServlet - query string: " + httpServletRequest.getQueryString());
    }
}
