package org.apache.archiva.web.rss;

import com.sun.syndication.feed.synd.SyndFeed;
import com.sun.syndication.io.FeedException;
import com.sun.syndication.io.SyndFeedOutput;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.archiva.metadata.repository.RepositorySession;
import org.apache.archiva.metadata.repository.RepositorySessionFactory;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.AuthorizationException;
import org.apache.archiva.redback.authorization.UnauthorizedException;
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticator;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.archiva.rss.processor.RssFeedProcessor;
import org.apache.archiva.security.AccessDeniedException;
import org.apache.archiva.security.ArchivaSecurityException;
import org.apache.archiva.security.PrincipalNotFoundException;
import org.apache.archiva.security.ServletAuthenticator;
import org.apache.archiva.security.UserRepositories;
import org.apache.archiva.security.common.ArchivaRoleConstants;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:WEB-INF/lib/archiva-web-common-2.0.1.jar:org/apache/archiva/web/rss/RssFeedServlet.class */
public class RssFeedServlet extends HttpServlet {
    public static final String MIME_TYPE = "application/rss+xml; charset=UTF-8";
    private static final String COULD_NOT_GENERATE_FEED_ERROR = "Could not generate feed";
    private static final String COULD_NOT_AUTHENTICATE_USER = "Could not authenticate user";
    private static final String USER_NOT_AUTHORIZED = "User not authorized to access feed.";
    private Logger log = LoggerFactory.getLogger(RssFeedServlet.class);
    private RssFeedProcessor processor;
    private WebApplicationContext wac;
    private UserRepositories userRepositories;
    private ServletAuthenticator servletAuth;
    private HttpAuthenticator httpAuth;
    private RepositorySessionFactory repositorySessionFactory;

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.wac = WebApplicationContextUtils.getRequiredWebApplicationContext(servletConfig.getServletContext());
        this.userRepositories = (UserRepositories) this.wac.getBean(UserRepositories.class);
        this.servletAuth = (ServletAuthenticator) this.wac.getBean(ServletAuthenticator.class);
        this.httpAuth = (HttpAuthenticator) this.wac.getBean("httpAuthenticator#basic", HttpAuthenticator.class);
        this.repositorySessionFactory = (RepositorySessionFactory) this.wac.getBean("repositorySessionFactory", RepositorySessionFactory.class);
    }

    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = null;
        String str2 = null;
        String str3 = null;
        String removeEnd = StringUtils.removeEnd(httpServletRequest.getRequestURL().toString(), "/");
        if (StringUtils.countMatches(StringUtils.substringAfter(removeEnd, "feeds/"), "/") > 0) {
            str3 = StringUtils.substringAfterLast(removeEnd, "/");
            str2 = StringUtils.replaceChars(StringUtils.substringBeforeLast(StringUtils.substringAfter(removeEnd, "feeds/"), "/"), '/', '.');
        } else {
            if (StringUtils.countMatches(StringUtils.substringAfter(removeEnd, "feeds/"), "/") != 0) {
                httpServletResponse.sendError(400, "Invalid request url.");
                return;
            }
            str = StringUtils.substringAfterLast(removeEnd, "/");
        }
        try {
            HashMap hashMap = new HashMap();
            if (!isAllowed(httpServletRequest, str, str2, str3)) {
                httpServletResponse.sendError(401, USER_NOT_AUTHORIZED);
                return;
            }
            if (str != null) {
                this.processor = (RssFeedProcessor) this.wac.getBean("rssFeedProcessor#new-artifacts", RssFeedProcessor.class);
                hashMap.put(RssFeedProcessor.KEY_REPO_ID, str);
            } else if (str2 != null && str3 != null) {
                this.processor = (RssFeedProcessor) this.wac.getBean("rssFeedProcessor#new-versions", RssFeedProcessor.class);
                hashMap.put(RssFeedProcessor.KEY_GROUP_ID, str2);
                hashMap.put(RssFeedProcessor.KEY_ARTIFACT_ID, str3);
            }
            RepositorySession createSession = this.repositorySessionFactory.createSession();
            try {
                SyndFeed process = this.processor.process(hashMap, createSession.getRepository());
                createSession.close();
                if (process == null) {
                    httpServletResponse.sendError(204, "No information available.");
                    return;
                }
                httpServletResponse.setContentType(MIME_TYPE);
                if (str != null) {
                    process.setLink(httpServletRequest.getRequestURL().toString());
                } else if (str2 != null && str3 != null) {
                    process.setLink(httpServletRequest.getRequestURL().toString());
                }
                new SyndFeedOutput().output(process, httpServletResponse.getWriter());
            } catch (Throwable th) {
                createSession.close();
                throw th;
            }
        } catch (FeedException e) {
            this.log.debug(COULD_NOT_GENERATE_FEED_ERROR, (Throwable) e);
            httpServletResponse.sendError(500, COULD_NOT_GENERATE_FEED_ERROR);
        } catch (AuthenticationException e2) {
            this.log.debug(COULD_NOT_AUTHENTICATE_USER, (Throwable) e2);
            httpServletResponse.sendError(401, COULD_NOT_AUTHENTICATE_USER);
        } catch (UnauthorizedException e3) {
            this.log.debug(e3.getMessage());
            if (str != null) {
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Repository Archiva Managed " + str + " Repository");
            } else {
                httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Artifact " + str2 + ":" + str3);
            }
            httpServletResponse.sendError(401, USER_NOT_AUTHORIZED);
        } catch (AccountLockedException e4) {
            httpServletResponse.sendError(401, COULD_NOT_AUTHENTICATE_USER);
        } catch (MustChangePasswordException e5) {
            httpServletResponse.sendError(401, COULD_NOT_AUTHENTICATE_USER);
        } catch (UserNotFoundException e6) {
            this.log.debug(COULD_NOT_AUTHENTICATE_USER, (Throwable) e6);
            httpServletResponse.sendError(401, COULD_NOT_AUTHENTICATE_USER);
        }
    }

    private boolean isAllowed(HttpServletRequest httpServletRequest, String str, String str2, String str3) throws UserNotFoundException, AccountLockedException, AuthenticationException, MustChangePasswordException, UnauthorizedException {
        String header = httpServletRequest.getHeader("Authorization");
        List<String> arrayList = new ArrayList();
        if (str != null) {
            arrayList.add(str);
        } else {
            if (str3 == null || str2 == null) {
                return false;
            }
            if (header == null) {
                arrayList = getObservableRepos(UserManager.GUEST_USERNAME);
            } else {
                if (!header.toUpperCase().startsWith("BASIC ")) {
                    return false;
                }
                String str4 = "";
                try {
                    str4 = new String((byte[]) new Base64().decode((Object) header.substring(6).getBytes()));
                } catch (DecoderException e) {
                    this.log.warn("Error decoding username and password: {}", e.getMessage());
                }
                arrayList = (str4 == null || str4.trim().equals("")) ? getObservableRepos(UserManager.GUEST_USERNAME) : getObservableRepos(str4.split(":")[0]);
            }
        }
        for (String str5 : arrayList) {
            try {
                AuthenticationResult authenticationResult = this.httpAuth.getAuthenticationResult(httpServletRequest, null);
                SecuritySession securitySession = this.httpAuth.getSecuritySession(httpServletRequest.getSession(true));
                if (this.servletAuth.isAuthenticated(httpServletRequest, authenticationResult) && this.servletAuth.isAuthorized(httpServletRequest, securitySession, str5, ArchivaRoleConstants.OPERATION_REPOSITORY_ACCESS)) {
                    return true;
                }
            } catch (AuthorizationException e2) {
            } catch (UnauthorizedException e3) {
            }
        }
        throw new UnauthorizedException("Access denied.");
    }

    private List<String> getObservableRepos(String str) {
        try {
            return this.userRepositories.getObservableRepositoryIds(str);
        } catch (AccessDeniedException e) {
            this.log.warn(e.getMessage(), (Throwable) e);
            return Collections.emptyList();
        } catch (PrincipalNotFoundException e2) {
            this.log.warn(e2.getMessage(), (Throwable) e2);
            return Collections.emptyList();
        } catch (ArchivaSecurityException e3) {
            this.log.warn(e3.getMessage(), (Throwable) e3);
            return Collections.emptyList();
        }
    }
}
