package com.zimbra.cs.service;

import com.zimbra.common.account.Key;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ByteUtil;
import com.zimbra.common.util.Log;
import com.zimbra.common.util.LogFactory;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.Domain;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.auth.AuthContext;
import com.zimbra.cs.dav.DavElements;
import com.zimbra.cs.dav.DavProtocol;
import com.zimbra.cs.httpclient.URLUtil;
import com.zimbra.cs.servlet.ZimbraServlet;
import com.zimbra.cs.util.AccountUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.codec.binary.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;

/* loaded from: input_file:com/zimbra/cs/service/AutoDiscoverServlet.class */
public class AutoDiscoverServlet extends ZimbraServlet {
    private static final long serialVersionUID = 1921058393177879727L;
    private static final Log log = LogFactory.getLog(AutoDiscoverServlet.class);
    private static final String BASIC_AUTH_HEADER = "Authorization";
    private static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static final String WWW_AUTHENTICATE_VALUE = "BASIC realm=\"Zimbra\"";
    private static final String NTLM = "NTLM";
    private static final String NEGOTIATE = "Negotiate";
    private static final String MS_ACTIVESYNC_PATH = "/Microsoft-Server-ActiveSync";
    private static final String EWS_SERVICE_PATH = "/ews/Exchange.asmx";
    private static final String NS_MOBILE = "http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006";
    private static final String NS_OUTLOOK = "http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a";
    private static final String NS = "http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006";
    private static final String XSI_NS = "http://www.w3.org/2001/XMLSchema-instance";
    private static final String XSD_NS = "http://www.w3.org/2001/XMLSchema";

    @Override // com.zimbra.cs.servlet.ZimbraServlet
    public void init() throws ServletException {
        log.info("Starting up");
        super.init();
    }

    public void destroy() {
        log.info("Shutting down");
        super.destroy();
    }

    public static String getServiceUrl(Account account, String str) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        Server server = provisioning.getServer(account);
        Domain domain = provisioning.getDomain(account);
        String serviceURL = !isEwsClient(str) ? LC.zimbra_activesync_autodiscover_use_service_url.booleanValue() ? URLUtil.getServiceURL(server, MS_ACTIVESYNC_PATH, true) : URLUtil.getPublicURLForDomain(server, domain, MS_ACTIVESYNC_PATH, true) : LC.zimbra_ews_autodiscover_use_service_url.booleanValue() ? URLUtil.getServiceURL(server, EWS_SERVICE_PATH, true) : URLUtil.getPublicURLForDomain(server, domain, EWS_SERVICE_PATH, true);
        if (serviceURL.toLowerCase().startsWith(URLUtil.PROTO_HTTPS)) {
            serviceURL = serviceURL.replace(":" + URLUtil.DEFAULT_HTTPS_PORT + "/", "/");
        } else if (serviceURL.toLowerCase().startsWith(URLUtil.PROTO_HTTP)) {
            serviceURL = serviceURL.replace(":" + URLUtil.DEFAULT_HTTP_PORT + "/", "/");
        }
        return serviceURL;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header = httpServletRequest.getHeader(DavProtocol.HEADER_USER_AGENT);
        if (header != null) {
            if (header.contains("PocketPC") || header.contains("SmartPhone")) {
                if (log.isDebugEnabled()) {
                    Enumeration headerNames = httpServletRequest.getHeaderNames();
                    while (headerNames.hasMoreElements()) {
                        String str = (String) headerNames.nextElement();
                        log.debug("GET header: %s", new Object[]{str + ":" + httpServletRequest.getHeader(str)});
                    }
                }
                if (!httpServletRequest.isSecure()) {
                    httpServletResponse.sendRedirect(LC.zimbra_activesync_autodiscover_url.value());
                } else if (authenticate(httpServletRequest, httpServletResponse, NS_MOBILE) == null) {
                }
            }
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ZimbraLog.clearContext();
        addRemoteIpToLoggingContext(httpServletRequest);
        log.info("Handling autodiscover request...");
        byte[] content = ByteUtil.getContent(httpServletRequest.getInputStream(), httpServletRequest.getContentLength());
        if (content == null) {
            log.warn("No content found in the request");
            sendError(httpServletResponse, 600, "No content found in the request");
            return;
        }
        String str = new String(content, "UTF-8");
        log.debug("Request before auth: %s", new Object[]{str});
        if (log.isDebugEnabled()) {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str2 = (String) headerNames.nextElement();
                log.info("POST header: %s", new Object[]{str2 + ":" + httpServletRequest.getHeader(str2)});
            }
        }
        String str3 = null;
        String str4 = null;
        try {
            NodeList elementsByTagName = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(new StringReader(str))).getElementsByTagName("Request");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Node item = elementsByTagName.item(i);
                if (item.getNodeType() == 1) {
                    Element element = (Element) item;
                    str3 = getTagValue("EMailAddress", element);
                    str4 = getTagValue("AcceptableResponseSchema", element);
                    if (str3 != null) {
                        break;
                    }
                }
            }
            if (str3 == null || str3.length() == 0) {
                log.warn("No Email address is specified in the Request, %s", new Object[]{str});
                sendError(httpServletResponse, 400, "No Email address is specified in the Request");
                return;
            }
            if (str4 != null && str4.length() > 0 && !str4.equals(NS_MOBILE) && !str4.equals(NS_OUTLOOK)) {
                log.warn("Requested response schema not available " + str4);
                sendError(httpServletResponse, 503, "Requested response schema not available " + str4);
                return;
            }
            log.debug("Authenticating user");
            Account authenticate = authenticate(httpServletRequest, httpServletResponse, str4);
            if (authenticate == null) {
                return;
            }
            log.debug("Authentication finished successfully");
            log.debug("content length: %d, content type: %s", new Object[]{Integer.valueOf(httpServletRequest.getContentLength()), httpServletRequest.getContentType()});
            if (httpServletRequest.getContentLength() == 0 || httpServletRequest.getContentType() == null) {
                log.warn("No suitable content found in the request");
                sendError(httpServletResponse, 600, "No suitable content found in the request");
                return;
            }
            try {
                if (!AccountUtil.addressMatchesAccount(authenticate, str3) && !authenticate.isAvailabilityServiceProvider()) {
                    log.warn(str3 + " doesn't match account addresses for user " + authenticate.getName());
                    sendError(httpServletResponse, 500, str3 + " doesn't match account addresses");
                    return;
                }
                try {
                    String serviceUrl = getServiceUrl(authenticate, str4);
                    String displayName = authenticate.getDisplayName() == null ? str3 : authenticate.getDisplayName();
                    if (displayName.contains("@")) {
                        displayName = displayName.substring(0, displayName.indexOf("@"));
                    }
                    log.debug("displayName: %s, email: %s, serviceUrl: %s", new Object[]{displayName, str3, serviceUrl});
                    String createResponseDocForEws = isEwsClient(str4) ? createResponseDocForEws(displayName, str3, serviceUrl, authenticate) : createResponseDoc(displayName, str3, serviceUrl);
                    log.info("Response: %s", new Object[]{createResponseDocForEws});
                    log.debug("response length: %d", new Object[]{Integer.valueOf(createResponseDocForEws.length())});
                    try {
                        ByteUtil.copy(new ByteArrayInputStream(createResponseDocForEws.getBytes("UTF-8")), true, httpServletResponse.getOutputStream(), false);
                        log.debug("setting content type to text/xml");
                        httpServletResponse.setContentType(DavProtocol.XML_CONTENT_TYPE);
                        log.info("sending autodiscover response...");
                    } catch (IOException e) {
                        log.error("copy response error", e);
                        sendError(httpServletResponse, 500, e.getMessage());
                    }
                } catch (Exception e2) {
                    log.warn(e2);
                    sendError(httpServletResponse, 500, e2.getMessage());
                }
            } catch (ServiceException e3) {
                log.warn("Account access error; user=" + authenticate.getName(), e3);
                sendError(httpServletResponse, 500, "Account access error; user=" + authenticate.getName());
            }
        } catch (Exception e4) {
            log.warn("cannot parse body: %s", new Object[]{str});
            sendError(httpServletResponse, 400, "Body cannot be parsed");
        }
    }

    private Account authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Authorization");
        log.debug("auth header: %s", new Object[]{header});
        if (header == null || !header.toLowerCase().startsWith("basic ")) {
            log.warn("No basic auth header in the request");
            httpServletResponse.addHeader("WWW-Authenticate", WWW_AUTHENTICATE_VALUE);
            sendError(httpServletResponse, 401, "Unauthorized");
            return null;
        }
        String str2 = new String(Base64.decodeBase64(header.substring(6).getBytes()));
        int indexOf = str2.indexOf(92);
        int indexOf2 = str2.indexOf(58);
        if (indexOf2 == -1 || indexOf2 <= indexOf + 1) {
            log.warn("Invalid basic auth credentials");
            sendError(httpServletResponse, 400, "Invalid basic auth credentials");
            return null;
        }
        String substring = indexOf > 0 ? str2.substring(0, indexOf) : "";
        String substring2 = str2.substring(indexOf + 1, indexOf2);
        String substring3 = str2.substring(indexOf + 1, indexOf2);
        String substring4 = str2.substring(indexOf2 + 1);
        log.debug("user=%s, domain=%s", new Object[]{substring3, substring});
        if (substring4.length() == 0) {
            log.warn("Empty password");
            sendError(httpServletResponse, 400, "Empty password");
            return null;
        }
        if (substring.length() > 0 && substring3.indexOf(64) == -1) {
            if (substring.charAt(0) != '@') {
                substring3 = substring3 + '@';
            }
            substring3 = substring3 + substring;
        }
        try {
            Provisioning provisioning = Provisioning.getInstance();
            if (substring3.indexOf(64) == -1) {
                String attr = provisioning.getConfig().getAttr("zimbraDefaultDomainName", (String) null);
                if (attr == null) {
                    log.warn("Ldap access error; user=" + substring3);
                    sendError(httpServletResponse, 500, "ldap access error");
                    return null;
                }
                substring3 = substring3 + "@" + attr;
            }
            Account account = provisioning.get(Key.AccountBy.name, substring3);
            if (account == null) {
                log.warn("User not found; user=" + substring3);
                httpServletResponse.addHeader("WWW-Authenticate", WWW_AUTHENTICATE_VALUE);
                sendError(httpServletResponse, 401, "Invalid username or password");
                return null;
            }
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(AuthContext.AC_ORIGINATING_CLIENT_IP, ZimbraServlet.getOrigIp(httpServletRequest));
                hashMap.put(AuthContext.AC_REMOTE_IP, ZimbraServlet.getClientIp(httpServletRequest));
                hashMap.put(AuthContext.AC_ACCOUNT_NAME_PASSEDIN, substring2);
                hashMap.put("ua", httpServletRequest.getHeader(DavProtocol.HEADER_USER_AGENT));
                provisioning.authAccount(account, substring4, AuthContext.Protocol.zsync, hashMap);
                if (isEwsClient(str) && !account.getBooleanAttr("zimbraFeatureEwsEnabled", false)) {
                    log.info("User account not enabled for ZimbraEWS; user=" + substring3);
                    sendError(httpServletResponse, 403, "Account not enabled for ZimbraEWS");
                    return null;
                }
                if (isEwsClient(str) || account.getBooleanAttr("zimbraFeatureMobileSyncEnabled", false)) {
                    return account;
                }
                log.info("User account not enabled for ZimbraSync; user=" + substring3);
                sendError(httpServletResponse, 403, "Account not enabled for ZimbraSync");
                return null;
            } catch (ServiceException e) {
                log.warn("User password mismatch; user=" + substring3);
                httpServletResponse.addHeader("WWW-Authenticate", WWW_AUTHENTICATE_VALUE);
                sendError(httpServletResponse, 401, "Invalid username or password");
                return null;
            }
        } catch (ServiceException e2) {
            log.warn("Account access error; user=" + substring3, e2);
            sendError(httpServletResponse, 500, "Account access error; user=" + substring3);
            return null;
        }
    }

    private static List<Element> getChildren(Element element) {
        NodeList childNodes = element.getChildNodes();
        ArrayList arrayList = new ArrayList(childNodes.getLength());
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item instanceof Element) {
                arrayList.add((Element) item);
            }
        }
        return arrayList;
    }

    private static String getTagValue(String str, Element element) {
        return element.getElementsByTagName(str).item(0).getChildNodes().item(0).getNodeValue();
    }

    private static void sendError(HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        log.warn("HTTP/1.1 " + i + " " + str);
        httpServletResponse.sendError(i, str);
    }

    private static String createResponseDoc(String str, String str2, String str3) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        Element createElementNS = newDocument.createElementNS(NS, "Autodiscover");
        createElementNS.setAttribute("xmlns", NS);
        createElementNS.setAttribute("xmlns:xsi", XSI_NS);
        createElementNS.setAttribute("xmlns:xsd", XSD_NS);
        newDocument.appendChild(createElementNS);
        Element createElementNS2 = newDocument.createElementNS(NS_MOBILE, "Response");
        createElementNS.appendChild(createElementNS2);
        Element createElement = newDocument.createElement("Culture");
        createElement.appendChild(newDocument.createTextNode("en:en"));
        createElementNS2.appendChild(createElement);
        Element createElement2 = newDocument.createElement("User");
        Element createElement3 = newDocument.createElement("DisplayName");
        createElement3.appendChild(newDocument.createTextNode(str));
        createElement2.appendChild(createElement3);
        Element createElement4 = newDocument.createElement("EMailAddress");
        createElement4.appendChild(newDocument.createTextNode(str2));
        createElement2.appendChild(createElement4);
        createElementNS2.appendChild(createElement2);
        Element createElement5 = newDocument.createElement("Action");
        Element createElement6 = newDocument.createElement("Settings");
        Element createElement7 = newDocument.createElement("Server");
        Element createElement8 = newDocument.createElement("Type");
        createElement8.appendChild(newDocument.createTextNode("MobileSync"));
        createElement7.appendChild(createElement8);
        Element createElement9 = newDocument.createElement("Url");
        createElement9.appendChild(newDocument.createTextNode(str3));
        createElement7.appendChild(createElement9);
        Element createElement10 = newDocument.createElement("Name");
        createElement10.appendChild(newDocument.createTextNode(str3));
        createElement7.appendChild(createElement10);
        createElement6.appendChild(createElement7);
        createElement5.appendChild(createElement6);
        createElementNS2.appendChild(createElement5);
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", DavElements.YES);
        newTransformer.setOutputProperty("indent", DavElements.YES);
        DOMSource dOMSource = new DOMSource(newDocument);
        StringWriter stringWriter = new StringWriter();
        newTransformer.transform(dOMSource, new StreamResult(stringWriter));
        stringWriter.flush();
        String stringWriter2 = stringWriter.toString();
        stringWriter.close();
        return "<?xml version=\"1.0\"?>\n" + stringWriter2;
    }

    private static String createResponseDocForEws(String str, String str2, String str3, Account account) throws Exception {
        Server server = Provisioning.getInstance().getServer(account);
        server.getCn();
        server.getName();
        String id = account.getId();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        Element createElementNS = newDocument.createElementNS(NS, "Autodiscover");
        createElementNS.setAttribute("xmlns", NS);
        createElementNS.setAttribute("xmlns:xsi", XSI_NS);
        createElementNS.setAttribute("xmlns:xsd", XSD_NS);
        newDocument.appendChild(createElementNS);
        Element createElementNS2 = newDocument.createElementNS(NS_OUTLOOK, "Response");
        createElementNS.appendChild(createElementNS2);
        Element createElement = newDocument.createElement("User");
        Element createElement2 = newDocument.createElement("DisplayName");
        createElement2.appendChild(newDocument.createTextNode(str));
        createElement.appendChild(createElement2);
        Element createElement3 = newDocument.createElement("EmailAddress");
        createElement3.appendChild(newDocument.createTextNode(str2));
        createElement.appendChild(createElement3);
        Element createElement4 = newDocument.createElement("DeploymentId");
        createElement4.appendChild(newDocument.createTextNode(id));
        createElement.appendChild(createElement4);
        createElementNS2.appendChild(createElement);
        Element createElement5 = newDocument.createElement("Account");
        Element createElement6 = newDocument.createElement("AccountType");
        createElement6.appendChild(newDocument.createTextNode("email"));
        createElement5.appendChild(createElement6);
        createElementNS2.appendChild(createElement5);
        Element createElement7 = newDocument.createElement("Action");
        createElement7.appendChild(newDocument.createTextNode("settings"));
        createElement5.appendChild(createElement7);
        Element createElement8 = newDocument.createElement("Protocol");
        createElement5.appendChild(createElement8);
        Element createElement9 = newDocument.createElement("Type");
        createElement9.appendChild(newDocument.createTextNode("EXCH"));
        createElement8.appendChild(createElement9);
        Element createElement10 = newDocument.createElement("EwsUrl");
        createElement8.appendChild(createElement10);
        createElement10.appendChild(newDocument.createTextNode(str3));
        Element createElement11 = newDocument.createElement("ASUrl");
        createElement8.appendChild(createElement11);
        createElement11.appendChild(newDocument.createTextNode(str3));
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", DavElements.YES);
        newTransformer.setOutputProperty("indent", DavElements.YES);
        DOMSource dOMSource = new DOMSource(newDocument);
        StringWriter stringWriter = new StringWriter();
        newTransformer.transform(dOMSource, new StreamResult(stringWriter));
        stringWriter.flush();
        String stringWriter2 = stringWriter.toString();
        stringWriter.close();
        return "<?xml version=\"1.0\"?>\n" + stringWriter2;
    }

    public static void main(String[] strArr) throws Exception {
        System.out.println(createResponseDoc("test user", "b@c.com", "http://mail.com/MS-ActiveSync"));
    }

    public static boolean isEwsClient(String str) {
        boolean z = false;
        if (str.equals(NS_OUTLOOK)) {
            z = true;
        }
        return z;
    }
}
