package org.deegree.security.owsproxy;

import java.awt.Color;
import java.awt.Font;
import java.awt.Graphics;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import java.util.Properties;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.deegree.enterprise.servlet.ServletRequestWrapper;
import org.deegree.enterprise.servlet.ServletResponseWrapper;
import org.deegree.framework.log.ILogger;
import org.deegree.framework.log.LoggerFactory;
import org.deegree.framework.mail.MailMessage;
import org.deegree.framework.util.ImageUtils;
import org.deegree.framework.util.MimeTypeMapper;
import org.deegree.framework.util.StringTools;
import org.deegree.framework.xml.NamespaceContext;
import org.deegree.framework.xml.XMLParsingException;
import org.deegree.framework.xml.XMLTools;
import org.deegree.model.filterencoding.OperationDefines;
import org.deegree.model.spatialschema.Envelope;
import org.deegree.ogcbase.CommonNamespaces;
import org.deegree.ogcwebservices.InvalidParameterValueException;
import org.deegree.ogcwebservices.OGCRequestFactory;
import org.deegree.ogcwebservices.OGCWebServiceException;
import org.deegree.ogcwebservices.OGCWebServiceRequest;
import org.deegree.ogcwebservices.wcs.getcoverage.GetCoverage;
import org.deegree.ogcwebservices.wms.operation.GetMap;
import org.deegree.portal.portlet.modules.actions.IGeoPortalPortletPerform;
import org.deegree.portal.standard.security.control.ClientHelper;
import org.deegree.security.SecurityConfigurationException;
import org.deegree.security.UnauthorizedException;
import org.deegree.security.drm.SecurityAccessManager;
import org.deegree.security.drm.model.User;
import org.deegree.security.owsrequestvalidator.OWSValidator;
import org.deegree.security.owsrequestvalidator.Policy;
import org.deegree.security.owsrequestvalidator.PolicyDocument;
import org.w3c.dom.Document;

@Deprecated
/* loaded from: input_file:org/deegree/security/owsproxy/OWSProxyServletFilter.class */
public class OWSProxyServletFilter implements Filter {
    private static final ILogger LOG = LoggerFactory.getLogger((Class<?>) OWSProxyServletFilter.class);
    private static final NamespaceContext nsContext = CommonNamespaces.getNamespaceContext();
    private FilterConfig config;
    private OWSProxyPolicyFilter pFilter;
    private SecurityConfig secConfig;
    private String altRequestPage;
    private String altResponsePage;
    private boolean imageExpected = false;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.config = filterConfig;
        Properties properties = new Properties();
        try {
            InputStream resourceAsStream = OWSProxyServletFilter.class.getResourceAsStream("validators.properties");
            properties.load(resourceAsStream);
            resourceAsStream.close();
            this.pFilter = new OWSProxyPolicyFilter();
            String initParameter = filterConfig.getInitParameter("PROXYURL") != null ? filterConfig.getInitParameter("PROXYURL") : "http://127.0.0.1/owsproxy/proxy";
            Enumeration initParameterNames = filterConfig.getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                String initParameter2 = filterConfig.getInitParameter(str);
                if (str.endsWith("POLICY")) {
                    String realPath = filterConfig.getServletContext().getRealPath(initParameter2);
                    try {
                        URL url = new File(realPath).toURI().toURL();
                        if (url != null) {
                            LOG.logDebug("OWSProxyFilter: reading configuration file from : " + url.toExternalForm());
                            initValidator(initParameter, str, url, properties);
                        }
                    } catch (MalformedURLException e) {
                        LOG.logError("Couldn't create an url from the configured POLICY parameter: " + realPath + " because: " + e.getMessage());
                        throw new ServletException(e);
                    }
                }
            }
            LOG.logInfo("OWSProxyServlet intitialized successfully");
            LOG.logWarning("You are running a deprecated version of OWSProxy!");
            LOG.logWarning("Please use the ConfigurableOWSProxyServletFilter instead.");
            this.altRequestPage = filterConfig.getInitParameter("ALTREQUESTPAGE");
            this.altResponsePage = filterConfig.getInitParameter("ALTRESPONSEPAGE");
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
    }

    private void initValidator(String str, String str2, URL url, Properties properties) throws ServletException {
        try {
            Policy policy = new PolicyDocument(url).getPolicy();
            if (this.secConfig == null && policy.getSecurityConfig() != null) {
                this.secConfig = policy.getSecurityConfig();
            }
            String substring = str2.substring(0, str2.indexOf(58));
            this.pFilter.addValidator(substring, (OWSValidator) Class.forName(properties.getProperty(substring)).getConstructor(Policy.class, String.class).newInstance(policy, str));
        } catch (ClassNotFoundException e) {
            LOG.logError("The classloader couldn't find an appropriate class  for the configured service, because" + e.getMessage());
            throw new ServletException(e);
        } catch (IllegalAccessException e2) {
            LOG.logError("The classloader couldn't instantiate the configured service, because" + e2.getMessage());
            throw new ServletException(e2);
        } catch (InstantiationException e3) {
            LOG.logError("The classloader couldn't instantiate the configured service, because" + e3.getMessage());
            throw new ServletException(e3);
        } catch (NoSuchMethodException e4) {
            LOG.logError("The classloader couldn't find a constructor for the configured service, because" + e4.getMessage());
            throw new ServletException(e4);
        } catch (InvocationTargetException e5) {
            LOG.logError("The classloader couldn't instantiate the configured service, because" + e5.getMessage());
            throw new ServletException(e5);
        } catch (XMLParsingException e6) {
            LOG.logError("Couldn't create a policy from given value: " + url + ", because : " + e6.getMessage());
            throw new ServletException(e6);
        } catch (SecurityConfigurationException e7) {
            LOG.logError("Couldn't create a policy document from given value: " + url + ", because : " + e7.getMessage());
            throw new ServletException(e7);
        }
    }

    public void destroy() {
        this.config = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletRequestWrapper servletRequestWrapper;
        if (servletRequest instanceof ServletRequestWrapper) {
            LOG.logDebug("OWSProxySerlvetFilter: the incoming request is actually an org.deegree.enterprise.servlet.RequestWrapper, so not creating new instance.");
            servletRequestWrapper = (ServletRequestWrapper) servletRequest;
        } else {
            servletRequestWrapper = new ServletRequestWrapper((HttpServletRequest) servletRequest);
        }
        LOG.logDebug("OWSProxySerlvetFilter: GetContentype(): " + servletRequestWrapper.getContentType());
        try {
            OGCWebServiceRequest create = OGCRequestFactory.create(servletRequestWrapper);
            this.imageExpected = isImageRequested(create);
            try {
                User user = getUser(servletRequestWrapper, create);
                try {
                    this.pFilter.validateGeneralConditions((HttpServletRequest) servletRequest, servletRequestWrapper.getContentLength(), user);
                    this.pFilter.validate(create, user);
                    ServletResponseWrapper servletResponseWrapper = new ServletResponseWrapper((HttpServletResponse) servletResponse);
                    logHttpRequest(servletRequestWrapper);
                    filterChain.doFilter(servletRequestWrapper, servletResponseWrapper);
                    byte[] byteArray = ((ServletResponseWrapper.ProxyServletOutputStream) servletResponseWrapper.getOutputStream()).toByteArray();
                    if (!this.imageExpected) {
                        LOG.logDebug(new String(byteArray));
                    }
                    try {
                        String contentType = servletResponseWrapper.getContentType();
                        LOG.logDebug("mime type raw: " + contentType);
                        String str = contentType != null ? StringTools.toArray(contentType, ";", false)[0] : this.imageExpected ? "image/jpeg" : MailMessage.TEXT_XML;
                        LOG.logDebug("mime type: " + str);
                        byte[] validate = this.pFilter.validate(create, byteArray, str, user);
                        servletResponse.setContentType(servletResponseWrapper.getContentType());
                        ServletOutputStream outputStream = servletResponse.getOutputStream();
                        outputStream.write(validate);
                        outputStream.close();
                    } catch (InvalidParameterValueException e) {
                        LOG.logError(e.getMessage(), e);
                        handleResponseMissingAutorization((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, create, e.getMessage());
                    } catch (UnauthorizedException e2) {
                        LOG.logError(e2.getMessage(), e2);
                        handleResponseMissingAutorization((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, create, e2.getMessage());
                    }
                } catch (InvalidParameterValueException e3) {
                    handleRequestMissingAutorization((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, create, e3.getMessage());
                } catch (UnauthorizedException e4) {
                    handleRequestMissingAutorization((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, create, e4.getMessage());
                } catch (Exception e5) {
                    LOG.logError(e5.getMessage(), e5);
                    servletRequest.setAttribute("MESSAGE", e5.getMessage());
                    this.config.getServletContext().getRequestDispatcher(this.altResponsePage).forward(servletRequest, servletResponse);
                }
            } catch (Exception e6) {
                handleResponseMissingAutorization((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, create, e6.getMessage());
            }
        } catch (OGCWebServiceException e7) {
            LOG.logError("OWSProxyServletFilter: Couln't create an OGCWebserviceRequest because: " + e7.getMessage(), e7);
            throw new ServletException(e7.getMessage());
        }
    }

    private void logHttpRequest(ServletRequestWrapper servletRequestWrapper) {
        if (LOG.getLevel() == 0) {
            LOG.logDebug("getRemoteAddr " + servletRequestWrapper.getRemoteAddr());
            LOG.logDebug("getRemotePort " + servletRequestWrapper.getRemotePort());
            LOG.logDebug("getLocalPort " + servletRequestWrapper.getLocalPort());
            LOG.logDebug("getMethod " + servletRequestWrapper.getMethod());
            LOG.logDebug("getQueryString " + servletRequestWrapper.getQueryString());
            LOG.logDebug("getPathInfo " + servletRequestWrapper.getPathInfo());
            LOG.logDebug("getRequestURI " + servletRequestWrapper.getRequestURI());
            LOG.logDebug("getServerName " + servletRequestWrapper.getServerName());
            LOG.logDebug("getServerPort " + servletRequestWrapper.getServerPort());
            LOG.logDebug("getServletPath " + servletRequestWrapper.getServletPath());
        }
    }

    private void handleRequestMissingAutorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OGCWebServiceRequest oGCWebServiceRequest, String str) throws IOException, ServletException {
        if (str == null) {
            str = "missing authorization";
        }
        if (!this.imageExpected) {
            httpServletRequest.setAttribute("MESSAGE", str);
            this.config.getServletContext().getRequestDispatcher(this.altRequestPage).forward(httpServletRequest, httpServletResponse);
            return;
        }
        int i = 500;
        int i2 = 500;
        if (oGCWebServiceRequest != null && (oGCWebServiceRequest instanceof GetMap)) {
            i = ((GetMap) oGCWebServiceRequest).getWidth();
            i2 = ((GetMap) oGCWebServiceRequest).getHeight();
        } else if (oGCWebServiceRequest != null && (oGCWebServiceRequest instanceof GetCoverage)) {
            Envelope envelope = (Envelope) ((GetCoverage) oGCWebServiceRequest).getDomainSubset().getSpatialSubset().getGrid();
            i = (int) envelope.getWidth();
            i2 = (int) envelope.getHeight();
        }
        httpServletResponse.setContentType("image/jpeg");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        BufferedImage bufferedImage = new BufferedImage(i, i2, 1);
        Graphics graphics = bufferedImage.getGraphics();
        graphics.setColor(Color.WHITE);
        graphics.fillRect(0, 0, i, i2);
        graphics.setColor(Color.BLACK);
        graphics.setFont(new Font("DIALOG", 0, 14));
        graphics.drawString(Messages.getString("MISSINGAUTHORIZATION"), 5, 60);
        int i3 = 100;
        for (String str2 : StringTools.toArray(str, ":|", false)) {
            graphics.drawString(str2, 5, i3);
            i3 += 30;
        }
        graphics.dispose();
        try {
            ImageUtils.saveImage(bufferedImage, outputStream, "jpeg", 0.95f);
        } catch (Exception e) {
            e.printStackTrace();
        }
        outputStream.close();
    }

    private void handleResponseMissingAutorization(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, OGCWebServiceRequest oGCWebServiceRequest, String str) throws IOException, ServletException {
        if (!this.imageExpected) {
            httpServletRequest.setAttribute("MESSAGE", str);
            this.config.getServletContext().getRequestDispatcher(this.altResponsePage).forward(httpServletRequest, httpServletResponse);
            return;
        }
        int i = 500;
        int i2 = 500;
        if (oGCWebServiceRequest != null && (oGCWebServiceRequest instanceof GetMap)) {
            i = ((GetMap) oGCWebServiceRequest).getWidth();
            i2 = ((GetMap) oGCWebServiceRequest).getHeight();
        } else if (oGCWebServiceRequest != null && (oGCWebServiceRequest instanceof GetCoverage)) {
            Envelope envelope = (Envelope) ((GetCoverage) oGCWebServiceRequest).getDomainSubset().getSpatialSubset().getGrid();
            i = (int) envelope.getWidth();
            i2 = (int) envelope.getHeight();
        }
        httpServletResponse.setContentType("image/jpeg");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        BufferedImage bufferedImage = new BufferedImage(i, i2, 1);
        Graphics graphics = bufferedImage.getGraphics();
        graphics.setColor(Color.WHITE);
        graphics.fillRect(0, 0, i, i2);
        graphics.setColor(Color.BLACK);
        graphics.setFont(new Font("DIALOG", 0, 14));
        int i3 = 100;
        for (String str2 : StringTools.toArray(str, ":|", false)) {
            graphics.drawString(str2, 5, i3);
            i3 += 30;
        }
        graphics.dispose();
        try {
            ImageUtils.saveImage(bufferedImage, outputStream, "jpeg", 0.95f);
        } catch (Exception e) {
            LOG.logError(e.getMessage(), e);
        }
        outputStream.write(str.getBytes());
        outputStream.close();
    }

    private User getUser(HttpServletRequest httpServletRequest, OGCWebServiceRequest oGCWebServiceRequest) throws UnauthorizedException, IOException, InvalidParameterValueException {
        String vendorSpecificParameter = oGCWebServiceRequest.getVendorSpecificParameter(IGeoPortalPortletPerform.PARAM_SESSIONID);
        String vendorSpecificParameter2 = oGCWebServiceRequest.getVendorSpecificParameter("USER");
        String str = null;
        if (vendorSpecificParameter2 != null) {
            LOG.logDebug("get user from user/password parameter");
            return authentificateFromUserPw(oGCWebServiceRequest);
        }
        if (vendorSpecificParameter == null && httpServletRequest.getUserPrincipal() != null) {
            LOG.logDebug("get user from UserPrinicipal");
            vendorSpecificParameter2 = httpServletRequest.getUserPrincipal().getName();
            if (vendorSpecificParameter2.indexOf("\\") > 1) {
                String[] array = StringTools.toArray(vendorSpecificParameter2, "\\", false);
                vendorSpecificParameter2 = array[array.length - 1];
            }
        } else if (this.secConfig == null || vendorSpecificParameter == null) {
            LOG.logDebug("get user as source IP address because wether USER, SESSIONID nor Userprincipal are available");
            vendorSpecificParameter2 = httpServletRequest.getRemoteAddr();
        } else {
            LOG.logDebug("get user from WAS/sessionID");
            AuthentificationSettings authsettings = this.secConfig.getAuthsettings();
            if (authsettings != null) {
                String[] userFromWAS = getUserFromWAS(authsettings.getAuthentificationURL().getOnlineResource().toExternalForm(), vendorSpecificParameter);
                vendorSpecificParameter2 = userFromWAS[0];
                str = userFromWAS[1];
            }
        }
        LOG.logDebug(StringTools.concat(100, "USER: ", vendorSpecificParameter2, "/", str));
        User user = null;
        if (vendorSpecificParameter2 != null) {
            try {
                if (SecurityAccessManager.isInitialized()) {
                    SecurityAccessManager securityAccessManager = SecurityAccessManager.getInstance();
                    user = securityAccessManager.getUserByName(vendorSpecificParameter2);
                    if (httpServletRequest.getUserPrincipal() == null) {
                        user.authenticate(str);
                    } else {
                        user.authenticate(securityAccessManager.getUserByName(vendorSpecificParameter2).getPassword());
                    }
                }
            } catch (Exception e) {
                LOG.logError(e.getMessage(), e);
                throw new UnauthorizedException(Messages.format("OWSProxyServletFilter.USERERROR", vendorSpecificParameter2));
            }
        }
        return user;
    }

    private User authentificateFromUserPw(OGCWebServiceRequest oGCWebServiceRequest) throws UnauthorizedException, InvalidParameterValueException {
        String vendorSpecificParameter = oGCWebServiceRequest.getVendorSpecificParameter("USER");
        String vendorSpecificParameter2 = oGCWebServiceRequest.getVendorSpecificParameter(ClientHelper.KEY_PASSWORD);
        LOG.logDebug("USER: ", vendorSpecificParameter);
        LOG.logDebug("PASSWORD: ", vendorSpecificParameter2);
        if (vendorSpecificParameter2 == null) {
            throw new InvalidParameterValueException(Messages.getString("PASSWORDMISSING"));
        }
        User user = null;
        try {
            user = SecurityAccessManager.getInstance().getUserByName(vendorSpecificParameter);
            user.authenticate(vendorSpecificParameter2);
        } catch (Exception e) {
            LOG.logError(e.getMessage(), e);
            if (!vendorSpecificParameter.equals("anonymous")) {
                throw new UnauthorizedException(Messages.format("OWSProxyServletFilter.USERERROR", vendorSpecificParameter));
            }
        }
        return user;
    }

    private String[] getUserFromWAS(String str, String str2) throws IOException {
        String[] strArr = new String[3];
        try {
            StringBuffer stringBuffer = new StringBuffer(OperationDefines.AND);
            stringBuffer.append(str).append("?REQUEST=DescribeUser&Service=WAS&");
            stringBuffer.append("SESSIONID=").append(str2).append("&version=1.0.0");
            Document parse = XMLTools.parse(new InputStreamReader(new URL(stringBuffer.toString()).openStream()));
            strArr[0] = XMLTools.getNodeAsString(parse, "/User/UserName", nsContext, null);
            strArr[1] = XMLTools.getNodeAsString(parse, "/User/Password", nsContext, null);
            return strArr;
        } catch (Exception e) {
            LOG.logError(e.getMessage(), e);
            throw new IOException(Messages.getString("OWSProxyServletFilter.WASACCESS"));
        }
    }

    private boolean isImageRequested(OGCWebServiceRequest oGCWebServiceRequest) {
        boolean z = false;
        if (oGCWebServiceRequest instanceof GetMap) {
            z = ((GetMap) oGCWebServiceRequest).getExceptions().indexOf("image") > -1;
        } else if (oGCWebServiceRequest instanceof GetCoverage) {
            z = MimeTypeMapper.isKnownImageType("image/" + ((GetCoverage) oGCWebServiceRequest).getOutput().getFormat().getCode());
        }
        LOG.logDebug("authorization problems expected to be returned as image: ", Boolean.valueOf(z));
        return z;
    }
}
