package org.apache.qpid.server.management.plugin;

import java.io.IOException;
import java.io.OutputStream;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.zip.GZIPOutputStream;
import javax.security.auth.Subject;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.qpid.server.management.plugin.servlet.ServletConnectionPrincipal;
import org.apache.qpid.server.management.plugin.session.LoginLogoutReporter;
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.plugin.QpidServiceLoader;
import org.apache.qpid.server.security.SecurityManager;

/* loaded from: input_file:org/apache/qpid/server/management/plugin/HttpManagementUtil.class */
public class HttpManagementUtil {
    public static final String ATTR_BROKER = "Qpid.broker";
    public static final String ATTR_MANAGEMENT_CONFIGURATION = "Qpid.managementConfiguration";
    private static final String ATTR_LOGIN_LOGOUT_REPORTER = "Qpid.loginLogoutReporter";
    private static final String ATTR_SUBJECT = "Qpid.subject";
    private static final String ATTR_LOG_ACTOR = "Qpid.logActor";
    private static final String ACCEPT_ENCODING_HEADER = "Accept-Encoding";
    private static final String CONTENT_ENCODING_HEADER = "Content-Encoding";
    private static final String GZIP_CONTENT_ENCODING = "gzip";
    private static final Collection<HttpRequestPreemptiveAuthenticator> AUTHENTICATORS;

    public static Broker<?> getBroker(ServletContext servletContext) {
        return (Broker) servletContext.getAttribute(ATTR_BROKER);
    }

    public static HttpManagementConfiguration getManagementConfiguration(ServletContext servletContext) {
        return (HttpManagementConfiguration) servletContext.getAttribute(ATTR_MANAGEMENT_CONFIGURATION);
    }

    public static Subject getAuthorisedSubject(HttpSession httpSession) {
        return (Subject) httpSession.getAttribute(ATTR_SUBJECT);
    }

    public static void checkRequestAuthenticatedAndAccessAuthorized(HttpServletRequest httpServletRequest, Broker broker, HttpManagementConfiguration httpManagementConfiguration) {
        HttpSession session = httpServletRequest.getSession();
        if (getAuthorisedSubject(session) == null) {
            Subject tryToAuthenticate = tryToAuthenticate(httpServletRequest, httpManagementConfiguration);
            if (tryToAuthenticate == null) {
                throw new SecurityException("Only authenticated users can access the management interface");
            }
            Subject subject = new Subject(false, tryToAuthenticate.getPrincipals(), tryToAuthenticate.getPublicCredentials(), tryToAuthenticate.getPrivateCredentials());
            subject.getPrincipals().add(new ServletConnectionPrincipal(httpServletRequest));
            subject.setReadOnly();
            assertManagementAccess(broker.getSecurityManager(), subject);
            saveAuthorisedSubject(session, subject);
        }
    }

    public static void assertManagementAccess(final SecurityManager securityManager, Subject subject) {
        Subject.doAs(subject, new PrivilegedAction<Void>() { // from class: org.apache.qpid.server.management.plugin.HttpManagementUtil.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Void run() {
                securityManager.accessManagement();
                return null;
            }
        });
    }

    public static void saveAuthorisedSubject(HttpSession httpSession, Subject subject) {
        httpSession.setAttribute(ATTR_SUBJECT, subject);
        httpSession.setAttribute(ATTR_LOGIN_LOGOUT_REPORTER, new LoginLogoutReporter(subject, getBroker(httpSession.getServletContext())));
    }

    public static Subject tryToAuthenticate(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        Subject subject = null;
        Iterator<HttpRequestPreemptiveAuthenticator> it = AUTHENTICATORS.iterator();
        while (it.hasNext()) {
            subject = it.next().attemptAuthentication(httpServletRequest, httpManagementConfiguration);
            if (subject != null) {
                break;
            }
        }
        return subject;
    }

    public static OutputStream getOutputStream(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        return getOutputStream(httpServletRequest, httpServletResponse, getManagementConfiguration(httpServletRequest.getServletContext()));
    }

    public static OutputStream getOutputStream(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpManagementConfiguration httpManagementConfiguration) throws IOException {
        GZIPOutputStream outputStream;
        if (httpManagementConfiguration.isCompressResponses() && Collections.list(httpServletRequest.getHeaderNames()).contains(ACCEPT_ENCODING_HEADER) && httpServletRequest.getHeader(ACCEPT_ENCODING_HEADER).contains(GZIP_CONTENT_ENCODING)) {
            outputStream = new GZIPOutputStream(httpServletResponse.getOutputStream());
            httpServletResponse.setHeader(CONTENT_ENCODING_HEADER, GZIP_CONTENT_ENCODING);
        } else {
            outputStream = httpServletResponse.getOutputStream();
        }
        return outputStream;
    }

    public static String ensureFilenameIsRfc2183(String str) {
        return str.replaceAll("[\\P{InBasic_Latin}\\\\:/\\p{Cntrl}]", "");
    }

    static {
        ArrayList arrayList = new ArrayList();
        Iterator it = new QpidServiceLoader().instancesOf(HttpRequestPreemptiveAuthenticator.class).iterator();
        while (it.hasNext()) {
            arrayList.add((HttpRequestPreemptiveAuthenticator) it.next());
        }
        AUTHENTICATORS = Collections.unmodifiableList(arrayList);
    }
}
