package org.apache.kerby.has.server.web.rest;

import java.io.File;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.hadoop.security.authentication.server.AuthenticationToken;
import org.apache.kerby.has.server.HasServer;
import org.apache.kerby.has.server.web.WebServer;
import org.apache.kerby.has.server.web.rest.param.PasswordParam;
import org.apache.kerby.has.server.web.rest.param.PrincipalParam;
import org.apache.kerby.kerberos.kerb.KrbException;
import org.apache.kerby.kerberos.kerb.admin.kadmin.local.LocalKadminImpl;
import org.apache.kerby.kerberos.kerb.common.KrbUtil;
import org.apache.kerby.kerberos.kerb.request.KrbIdentity;
import org.apache.kerby.kerberos.kerb.type.base.EncryptionType;
import org.codehaus.jettison.json.JSONArray;
import org.codehaus.jettison.json.JSONObject;

@Path("/kadmin")
/* loaded from: input_file:org/apache/kerby/has/server/web/rest/KadminApi.class */
public class KadminApi {

    @Context
    private ServletContext context;

    @Context
    private HttpServletRequest httpRequest;

    @GET
    @Produces({"text/plain"})
    @Path("/exportkeytab")
    public Response exportKeytab(@QueryParam("principal") String str, @QueryParam("global") @DefaultValue("false") String str2) {
        boolean z = false;
        if ("true".equals(str2)) {
            z = true;
        }
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Exporting keytab file for " + str + "...");
        try {
            LocalKadminImpl localKadminImpl = new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting());
            if (str != null) {
                if (z) {
                    try {
                        List principals = localKadminImpl.getPrincipals(str);
                        WebServer.LOG.info("Success to get principals with JSON.");
                        if (principals.size() == 0) {
                            WebServer.LOG.error("No matched principals.");
                            return Response.status(Response.Status.BAD_REQUEST).entity("No matched principals.").build();
                        }
                        WebServer.LOG.info("Exporting keytab file for " + str + "...");
                        File file = new File("/tmp/" + System.currentTimeMillis());
                        if (file.mkdirs()) {
                            File file2 = new File(file, str.replace('/', '-').replace('*', '-').replace('?', '-') + ".keytab");
                            try {
                                localKadminImpl.exportKeytab(file2, principals);
                                WebServer.LOG.info("Create keytab file for principals successfully.");
                                return Response.ok(file2).header("Content-Disposition", "attachment; filename=" + file2.getName()).build();
                            } catch (KrbException e) {
                                String str3 = "Failed to export keytab. " + e.toString();
                                WebServer.LOG.error(str3);
                                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str3).build();
                            }
                        }
                    } catch (Exception e2) {
                        String str4 = "Failed to get principals,because : " + e2.getMessage();
                        WebServer.LOG.error(str4);
                        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str4).build();
                    }
                } else {
                    File file3 = new File("/tmp/" + System.currentTimeMillis());
                    if (file3.mkdirs()) {
                        File file4 = new File(file3, str.replace('/', '-') + ".keytab");
                        try {
                            localKadminImpl.exportKeytab(file4, str);
                            WebServer.LOG.info("Create keytab file for " + str + " successfully.");
                            return Response.ok(file4).header("Content-Disposition", "attachment; filename=" + file4.getName()).build();
                        } catch (KrbException e3) {
                            String str5 = "Failed to export keytab. " + e3.toString();
                            WebServer.LOG.error(str5);
                            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str5).build();
                        }
                    }
                }
            }
            return Response.serverError().build();
        } catch (KrbException e4) {
            String str6 = "Failed to create local kadmin." + e4.getMessage();
            WebServer.LOG.info(str6);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str6).build();
        }
    }

    @GET
    @Produces({"application/json"})
    @Path("/listprincipals")
    public Response listPrincipals(@QueryParam("exp") String str) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to get principals.");
        try {
            LocalKadminImpl localKadminImpl = new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting());
            try {
                JSONArray jSONArray = new JSONArray();
                Iterator it = localKadminImpl.getPrincipals(str).iterator();
                while (it.hasNext()) {
                    jSONArray.put((String) it.next());
                }
                WebServer.LOG.info("Success to get principals with JSON.");
                return Response.ok(jSONArray.toString()).build();
            } catch (Exception e) {
                String str2 = "Failed to get principals,because : " + e.getMessage();
                WebServer.LOG.error(str2);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str2).build();
            }
        } catch (KrbException e2) {
            String str3 = "Failed to create local kadmin." + e2.getMessage();
            WebServer.LOG.error(str3);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str3).build();
        }
    }

    @POST
    @Produces({"text/plain"})
    @Path("/addprincipal")
    public Response addPrincipal(@QueryParam("principal") @DefaultValue("") PrincipalParam principalParam, @QueryParam("password") @DefaultValue("") PasswordParam passwordParam) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to add the principal named " + principalParam.getValue());
        try {
            LocalKadminImpl localKadminImpl = new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting());
            if (principalParam.getValue() == null) {
                WebServer.LOG.error("Value of principal is null.");
                return Response.status(Response.Status.BAD_REQUEST).entity("Value of principal is null.").build();
            }
            if (passwordParam.getValue() == null || passwordParam.getValue().equals("")) {
                try {
                    localKadminImpl.addPrincipal(principalParam.getValue());
                    return Response.ok("Add principal successfully.").build();
                } catch (KrbException e) {
                    String str = "Failed to add " + principalParam + " principal, because: " + e.getMessage();
                    WebServer.LOG.error(str);
                    return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str).build();
                }
            }
            try {
                localKadminImpl.addPrincipal(principalParam.getValue(), passwordParam.getValue());
                return Response.ok("Add principal successfully.").build();
            } catch (KrbException e2) {
                String str2 = "Failed to add " + principalParam + " principal, because: " + e2.getMessage();
                WebServer.LOG.error(str2);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str2).build();
            }
        } catch (KrbException e3) {
            String str3 = "Failed to create local kadmin." + e3.getMessage();
            WebServer.LOG.error(str3);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str3).build();
        }
    }

    @POST
    @Produces({"text/plain"})
    @Path("/renameprincipal")
    public Response renamePrincipal(@QueryParam("oldprincipal") String str, @QueryParam("newprincipal") String str2) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to rename " + str + " to " + str2);
        if (str == null || str2 == null) {
            WebServer.LOG.error("Value of old or new principal is null.");
            return Response.status(Response.Status.NOT_FOUND).entity("Value of old or new principal is null.").build();
        }
        try {
            try {
                new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting()).renamePrincipal(str, str2);
                return Response.ok("Rename principal successfully.").build();
            } catch (Exception e) {
                String str3 = "Failed to rename principal " + str + " to " + str2 + ",because: " + e.getMessage();
                WebServer.LOG.error(str3);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str3).build();
            }
        } catch (KrbException e2) {
            String str4 = "Failed to create local kadmin." + e2.getMessage();
            WebServer.LOG.info(str4);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str4).build();
        }
    }

    @Produces({"text/plain"})
    @Path("/deleteprincipal")
    @DELETE
    public Response deletePrincipal(@QueryParam("principal") @DefaultValue("") PrincipalParam principalParam) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to delete the principal named " + principalParam.getValue());
        try {
            try {
                new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting()).deletePrincipal(principalParam.getValue());
                return Response.ok("Delete principal successfully.").build();
            } catch (Exception e) {
                String str = "Failed to delete the principal named " + principalParam.getValue() + ",because : " + e.getMessage();
                WebServer.LOG.error(str);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str).build();
            }
        } catch (KrbException e2) {
            String str2 = "Failed to create local kadmin." + e2.getMessage();
            WebServer.LOG.info(str2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str2).build();
        }
    }

    @POST
    @Produces({"text/plain"})
    @Path("/changepassword")
    public Response changePassword(@QueryParam("principal") @DefaultValue("") PrincipalParam principalParam, @QueryParam("password") @DefaultValue("") PasswordParam passwordParam) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to add the principal named " + principalParam.getValue());
        try {
            LocalKadminImpl localKadminImpl = new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting());
            if (principalParam.getValue() == null || principalParam.getValue().isEmpty()) {
                WebServer.LOG.error("Value of principal is null.");
                return Response.status(Response.Status.BAD_REQUEST).entity("Value of principal is null.").build();
            }
            if (passwordParam.getValue() == null || passwordParam.getValue().isEmpty()) {
                WebServer.LOG.error("Value of new password is null.");
                return Response.status(Response.Status.BAD_REQUEST).entity("Value of new password is null.").build();
            }
            try {
                localKadminImpl.changePassword(principalParam.getValue(), passwordParam.getValue());
                return Response.ok("Change password successfully.").build();
            } catch (KrbException e) {
                String str = "Failed to change the password of " + principalParam.getValue() + " , because: " + e.getMessage();
                WebServer.LOG.error(str);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str).build();
            }
        } catch (KrbException e2) {
            String str2 = "Failed to create local kadmin." + e2.getMessage();
            WebServer.LOG.error(str2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str2).build();
        }
    }

    @Path("/getprincipal")
    @Consumes({"application/json"})
    @POST
    @Produces({"application/json"})
    public Response getPrincipal(@QueryParam("principal") @DefaultValue("") PrincipalParam principalParam) {
        if (!isAdminPrincipal()) {
            return Response.status(Response.Status.FORBIDDEN).entity("kadmin principal required.\n").build();
        }
        if (!this.httpRequest.isSecure()) {
            return Response.status(Response.Status.FORBIDDEN).entity("HTTPS required.\n").build();
        }
        WebServer.LOG.info("Request to get a principal named " + principalParam.getValue());
        try {
            try {
                KrbIdentity principal = new LocalKadminImpl(WebServer.getHasServerFromContext(this.context).getKdcServer().getKdcSetting()).getPrincipal(principalParam.getValue());
                JSONObject jSONObject = new JSONObject();
                Map keys = principal.getKeys();
                jSONObject.put("Name", principal.getPrincipalName());
                jSONObject.put("Expiration date", principal.getExpireTime());
                jSONObject.put("Created time", principal.getCreatedTime());
                jSONObject.put("KDC flags", principal.getKdcFlags());
                jSONObject.put("Key version", principal.getKeyVersion());
                jSONObject.put("Number of keys", keys.size());
                JSONObject jSONObject2 = new JSONObject();
                int i = 0;
                Iterator it = keys.keySet().iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    jSONObject2.put(String.valueOf(i2), (EncryptionType) it.next());
                }
                jSONObject.put("Keys", jSONObject2);
                WebServer.LOG.info("Success to get principal with JSON.");
                return Response.ok(jSONObject).build();
            } catch (Exception e) {
                String str = "Failed to get principal,because : " + e.getMessage();
                WebServer.LOG.error(str);
                return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str).build();
            }
        } catch (KrbException e2) {
            String str2 = "Failed to create local kadmin. " + e2.getMessage();
            WebServer.LOG.error(str2);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(str2).build();
        }
    }

    private boolean isAdminPrincipal() {
        HasServer hasServerFromContext = WebServer.getHasServerFromContext(this.context);
        if (!hasServerFromContext.getWebServer().getConf().getFilterAuthType().equals("kerberos")) {
            return true;
        }
        Principal userPrincipal = this.httpRequest.getUserPrincipal();
        if (userPrincipal == null) {
            WebServer.LOG.warn("Request principal is null.");
            return false;
        }
        if (!(userPrincipal instanceof AuthenticationToken)) {
            WebServer.LOG.warn("Abnormal authentication token " + userPrincipal.getClass().getCanonicalName());
            return false;
        }
        boolean equals = KrbUtil.makeKadminPrincipal(hasServerFromContext.getKdcServer().getKdcSetting().getKdcRealm()).getName().equals(userPrincipal.getName());
        if (!equals) {
            WebServer.LOG.warn("Client tries to pass the authentication using principal " + userPrincipal.getName());
        }
        return equals;
    }
}
