package com.zimbra.cs.taglib;

import com.google.common.base.Charsets;
import com.zimbra.client.ZAuthResult;
import com.zimbra.client.ZFolder;
import com.zimbra.client.ZMailbox;
import com.zimbra.common.account.Key;
import com.zimbra.common.auth.ZAuthToken;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.BlobMetaData;
import com.zimbra.common.util.BlobMetaDataEncodingException;
import com.zimbra.common.util.HttpUtil;
import com.zimbra.common.util.RemoteIP;
import com.zimbra.common.util.WebSplitUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.common.util.ngxlookup.NginxAuthServer;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.taglib.bean.BeanUtils;
import com.zimbra.cs.taglib.memcached.RouteCache;
import com.zimbra.cs.taglib.ngxlookup.NginxRouteLookUpConnector;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.JspTagException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.jstl.core.Config;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

/* loaded from: input_file:com/zimbra/cs/taglib/ZJspSession.class */
public class ZJspSession {
    public static final String ATTR_SESSION;
    private static final String ATTR_TEMP_AUTHTOKEN;
    public static final String COOKIE_NAME = "ZM_AUTH_TOKEN";
    public static final String ZM_LAST_SERVER_COOKIE_NAME = "ZM_LAST_SERVER";
    private static final String C_ID = "id";
    private static final String CONFIG_ZIMBRA_SOAP_URL = "zimbra.soap.url";
    private static final String CONFIG_ZIMBRA_JSP_SESSION_TIMEOUT = "zimbra.jsp.session.timeout";
    private static final String CONFIG_ZIMBRA_SEARCH_USE_OFFSET = "zimbra.search.useoffset";
    public static final String Q_ZAUTHTOKEN = "zauthtoken";
    public static final String Q_ZINITMODE = "zinitmode";
    public static final String Q_ZREMBERME = "zrememberme";
    public static final String Q_ZLASTSERVER = "zlastserver";
    private ZMailbox mMbox;
    private ZAuthToken mAuthToken;
    private static String sSoapUrl;
    private static final String DEFAULT_HTTPS_PORT = "443";
    private static final String DEFAULT_HTTP_PORT = "80";
    private static final String RANDOM_HTTP_PORT = "0";
    private static final String PROTO_MIXED = "mixed";
    private static final String PROTO_HTTP = "http";
    private static final String PROTO_HTTPS = "https";
    private static final String HTTP_SSL = "httpssl";
    private static final String sProtocolMode;
    private static final boolean MODE_HTTP;
    private static final boolean MODE_MIXED;
    private static final boolean MODE_HTTPS;
    private static final String sHttpLocalBind;
    private static final boolean HTTP_LOCALBIND;
    private static final String sHttpsPort;
    private static final String sHttpPort;
    private static final String sLocalHost;
    private static final String sAdminUrl;
    private static final RemoteIP.TrustedIPs TRUSTED_IPS;
    private static int[] sAdminPorts;
    static final /* synthetic */ boolean $assertionsDisabled;

    public ZJspSession(ZAuthToken zAuthToken, ZMailbox zMailbox) {
        this.mAuthToken = zAuthToken;
        this.mMbox = zMailbox;
    }

    public ZMailbox getMailbox() {
        return this.mMbox;
    }

    public ZAuthToken getAuthToken() {
        return this.mAuthToken;
    }

    public static boolean secureAuthTokenCookie(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(Q_ZINITMODE);
        return MODE_HTTPS || (httpServletRequest.getScheme().equals(PROTO_HTTPS) && (parameter == null || parameter.equals(PROTO_HTTPS)));
    }

    public static boolean isProtocolModeHttps() {
        return MODE_HTTPS;
    }

    private static void addParam(StringBuilder sb, String str, String str2) {
        if (sb.length() > 0) {
            sb.append('&');
        }
        if (str2 == null) {
            str2 = "";
        }
        try {
            sb.append(str).append("=").append(URLEncoder.encode(str2, Charsets.UTF_8.name()));
        } catch (UnsupportedEncodingException e) {
            if (!$assertionsDisabled) {
                throw new AssertionError();
            }
        }
    }

    private static boolean isInQueryString(HttpServletRequest httpServletRequest, String str) {
        String queryString = httpServletRequest.getQueryString();
        return (queryString == null || queryString.length() == 0 || queryString.indexOf(new StringBuilder().append(str).append("=").toString()) == -1) ? false : true;
    }

    private static String generateQueryString(HttpServletRequest httpServletRequest, Map<String, String> map, Set<String> set) {
        String[] parameterValues;
        StringBuilder sb = new StringBuilder();
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (set != null && !set.contains(str) && isInQueryString(httpServletRequest, str) && (parameterValues = httpServletRequest.getParameterValues(str)) != null) {
                for (String str2 : parameterValues) {
                    addParam(sb, str, str2);
                }
            }
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                addParam(sb, entry.getKey(), entry.getValue());
            }
        }
        return sb.length() > 0 ? "?" + sb.toString() : "";
    }

    private static String getRedirect(HttpServletRequest httpServletRequest, String str, String str2, Map<String, String> map, Set<String> set) {
        if (str2 == null || str2.equals("")) {
            str2 = "/";
        }
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath.equals("/")) {
            contextPath = "";
        }
        return str + contextPath + str2 + generateQueryString(httpServletRequest, map, set);
    }

    private static String getRedirectToHostHeader(HttpServletRequest httpServletRequest, String str, String str2, Map<String, String> map, Set<String> set) {
        return getRedirect(httpServletRequest, str + "://" + httpServletRequest.getHeader("Host"), str2, map, set);
    }

    private static String getRedirect(HttpServletRequest httpServletRequest, String str, String str2, String str3, Map<String, String> map, Set<String> set) {
        String str4;
        if (str.equals(PROTO_HTTPS)) {
            str4 = (sHttpsPort == null || !sHttpsPort.equals(DEFAULT_HTTPS_PORT)) ? ":" + sHttpsPort : "";
        } else {
            if (!str.equals(PROTO_HTTP)) {
                return null;
            }
            if (sHttpPort.equals(RANDOM_HTTP_PORT)) {
                str4 = ":" + LC.zimbra_admin_service_port.value();
            } else {
                str4 = sHttpPort.equals(DEFAULT_HTTP_PORT) ? "" : ":" + sHttpPort;
            }
        }
        return getRedirect(httpServletRequest, str + "://" + str2 + str4, str3, map, set);
    }

    public static String getPostLoginRedirectUrl(PageContext pageContext, String str, ZAuthResult zAuthResult, boolean z, boolean z2) {
        String scheme;
        String serverName;
        HttpServletRequest request = pageContext.getRequest();
        HttpServletResponse response = pageContext.getResponse();
        String parameter = request.getParameter(Q_ZINITMODE);
        boolean z3 = parameter != null;
        boolean z4 = request.getParameter(Q_ZAUTHTOKEN) != null;
        if (!z2 && !z4 && !z3) {
            return null;
        }
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        if (!z3 || z2) {
            scheme = request.getScheme();
        } else {
            scheme = (MODE_MIXED && parameter.equals(PROTO_HTTP) && !request.getScheme().equals(PROTO_HTTP)) ? PROTO_HTTP : (MODE_MIXED && parameter.equals(PROTO_HTTPS) && !request.getScheme().equals(PROTO_HTTPS)) ? PROTO_HTTPS : MODE_HTTPS ? PROTO_HTTPS : PROTO_HTTP;
            hashSet.add(Q_ZINITMODE);
        }
        if (z2) {
            serverName = zAuthResult.getRefer();
            if (z) {
                hashMap.put(Q_ZREMBERME, "1");
                Cookie cookie = new Cookie(ZM_LAST_SERVER_COOKIE_NAME, serverName);
                long expires = zAuthResult.getExpires() - System.currentTimeMillis();
                if (expires > 0) {
                    cookie.setMaxAge((int) (expires / 1000));
                }
                cookie.setPath("/");
                response.addCookie(cookie);
            }
        } else {
            serverName = request.getServerName();
        }
        if (z4) {
            hashSet.add(Q_ZAUTHTOKEN);
            hashSet.add(Q_ZREMBERME);
        }
        return (!z4 || z3 || z2) ? getRedirect(request, scheme, serverName, str, hashMap, hashSet) : getRedirectToHostHeader(request, scheme, str, hashMap, hashSet);
    }

    public static String getChangePasswordUrl(PageContext pageContext, String str) {
        HttpServletRequest request = pageContext.getRequest();
        try {
            String publicURLBase = getZMailbox(pageContext).getAccountInfo(false).getPublicURLBase();
            if (publicURLBase != null) {
                return getRedirect(request, publicURLBase, str, null, null);
            }
        } catch (ServiceException e) {
        } catch (JspException e2) {
        }
        return getRedirectToHostHeader(request, MODE_HTTP ? PROTO_HTTP : PROTO_HTTPS, str, null, null);
    }

    private static synchronized boolean isAdminPort(int i, PageContext pageContext) {
        if (sAdminPorts == null) {
            String initParameter = pageContext.getServletContext().getInitParameter("admin.allowed.ports");
            String[] split = initParameter != null ? initParameter.split(",") : null;
            if (split != null) {
                sAdminPorts = new int[split.length];
                int i2 = 0;
                for (String str : split) {
                    try {
                        sAdminPorts[i2] = Integer.parseInt(str.trim());
                    } catch (NumberFormatException e) {
                        sAdminPorts[i2] = -1;
                    }
                    i2++;
                }
            } else {
                sAdminPorts = new int[0];
            }
        }
        for (int i3 : sAdminPorts) {
            if (i3 == i) {
                return true;
            }
        }
        return false;
    }

    public static String getAdminLoginRedirectUrl(PageContext pageContext, String str) {
        HttpServletRequest request = pageContext.getRequest();
        if (!isAdminPort(request.getServerPort(), pageContext)) {
            return null;
        }
        String queryString = request.getQueryString();
        String str2 = sAdminUrl != null ? sAdminUrl : str;
        if (queryString != null) {
            str2 = str2 + "?" + queryString;
        }
        return str2;
    }

    private static String getLastServer(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        if ("1".equals(httpServletRequest.getParameter(Q_ZLASTSERVER)) || (cookies = httpServletRequest.getCookies()) == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(ZM_LAST_SERVER_COOKIE_NAME)) {
                String value = cookie.getValue();
                if (value == null || httpServletRequest.getServerName().equalsIgnoreCase(value)) {
                    return null;
                }
                return value;
            }
        }
        return null;
    }

    public static String getPreLoginRedirectUrl(PageContext pageContext, String str) {
        HttpServletRequest request = pageContext.getRequest();
        String lastServer = getLastServer(request);
        boolean equals = request.getScheme().equals(PROTO_HTTP);
        if (lastServer != null) {
            HashMap hashMap = new HashMap();
            hashMap.put(Q_ZLASTSERVER, "1");
            return getRedirect(request, request.getScheme(), lastServer, str, hashMap, null);
        }
        if (((!MODE_MIXED && !MODE_HTTPS) || !equals) && (equals || !MODE_HTTP)) {
            return null;
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(Q_ZINITMODE, PROTO_HTTP);
        return getRedirect(request, PROTO_HTTPS, request.getServerName(), str, hashMap2, null);
    }

    public static boolean getSearchUseOffset(PageContext pageContext) {
        String str = (String) Config.find(pageContext, CONFIG_ZIMBRA_SEARCH_USE_OFFSET);
        return str != null && (str.equalsIgnoreCase("true") || str.equalsIgnoreCase("1"));
    }

    public static synchronized String getSoapURL(PageContext pageContext) throws ServiceException {
        String str;
        String upstreamMailServer;
        ZimbraLog.misc.debug("Getting SOAP URL");
        if (!WebSplitUtil.isZimbraWebClientSplitEnabled()) {
            if (sSoapUrl == null) {
                sSoapUrl = (String) Config.find(pageContext, CONFIG_ZIMBRA_SOAP_URL);
                if (sSoapUrl == null) {
                    if (!sProtocolMode.equalsIgnoreCase(PROTO_HTTPS) || HTTP_LOCALBIND) {
                        if (sHttpPort.equals(RANDOM_HTTP_PORT)) {
                            str = ":" + LC.zimbra_admin_service_port.value();
                        } else {
                            str = sHttpPort.equals(DEFAULT_HTTP_PORT) ? "" : ":" + sHttpPort;
                        }
                        sSoapUrl = "http://" + sLocalHost + str + "/service/soap";
                    } else {
                        sSoapUrl = "https://" + sLocalHost + ((sHttpsPort == null || !sHttpsPort.equals(DEFAULT_HTTPS_PORT)) ? ":" + sHttpsPort : "") + "/service/soap";
                    }
                }
            }
            return sSoapUrl;
        }
        ZimbraLog.misc.debug("Web split enabled");
        RouteCache routeCache = RouteCache.getInstance();
        try {
            String accountId = getAccountId(pageContext);
            ZimbraLog.misc.debug("got accountId");
            String str2 = MODE_HTTP ? PROTO_HTTP : HTTP_SSL;
            if (accountId.equals("99999999-9999-9999-9999-999999999999")) {
                upstreamMailServer = NginxRouteLookUpConnector.getClient().getUpstreamMailServer(str2);
            } else {
                upstreamMailServer = routeCache.get(accountId);
                if (upstreamMailServer == null) {
                    HttpServletRequest request = pageContext.getRequest();
                    NginxAuthServer routeforAccount = NginxRouteLookUpConnector.getClient().getRouteforAccount(accountId, "zimbraId", str2, HttpUtil.getVirtualHost(request), request.getRemoteAddr(), request.getHeader("Host"));
                    routeCache.put(routeforAccount.getNginxAuthUser(), routeforAccount.getNginxAuthServer());
                    upstreamMailServer = routeforAccount.getNginxAuthServer();
                }
            }
            ZimbraLog.misc.debug("got route %s", new Object[]{upstreamMailServer});
            return (MODE_HTTP ? PROTO_HTTP : PROTO_HTTPS) + "://" + upstreamMailServer + "/service/soap";
        } catch (AuthTokenException e) {
            throw ServiceException.AUTH_REQUIRED();
        }
    }

    private static String getAccountId(PageContext pageContext) throws AuthTokenException {
        ZAuthToken authToken = getAuthToken(pageContext);
        if (authToken == null) {
            authToken = new ZAuthToken((String) pageContext.getAttribute("zimbra_authToken", 2));
        }
        if (authToken.isEmpty()) {
            throw new AuthTokenException("invalid authtoken");
        }
        String value = authToken.getValue();
        int indexOf = value.indexOf(95);
        if (indexOf == -1) {
            throw new AuthTokenException("invalid authtoken format");
        }
        int indexOf2 = value.indexOf(95, indexOf + 1);
        if (indexOf2 == -1) {
            throw new AuthTokenException("invalid authtoken format");
        }
        try {
            return (String) BlobMetaData.decode(new String(Hex.decodeHex(value.substring(indexOf2 + 1).toCharArray()))).get(C_ID);
        } catch (DecoderException e) {
            throw new AuthTokenException("decoding exception", e);
        } catch (BlobMetaDataEncodingException e2) {
            throw new AuthTokenException("blob decoding exception", e2);
        }
    }

    public static ZMailbox getZMailbox(PageContext pageContext) throws JspException {
        try {
            ZJspSession session = getSession(pageContext);
            if (session == null) {
                throw ServiceException.AUTH_REQUIRED();
            }
            return session.getMailbox();
        } catch (ServiceException e) {
            throw new JspTagException("getMailbox", e);
        }
    }

    public static ZAuthToken getAuthToken(PageContext pageContext) {
        ZAuthToken zAuthToken = (ZAuthToken) pageContext.getAttribute(ATTR_TEMP_AUTHTOKEN, 2);
        if (zAuthToken != null) {
            return zAuthToken;
        }
        ZAuthToken zAuthToken2 = new ZAuthToken(pageContext.getRequest(), false);
        if (zAuthToken2.isEmpty()) {
            return null;
        }
        return zAuthToken2;
    }

    public static boolean hasSession(PageContext pageContext) {
        if (pageContext.getRequest().getSession(false) == null) {
            return false;
        }
        ZAuthToken authToken = getAuthToken(pageContext);
        ZJspSession zJspSession = (ZJspSession) pageContext.getAttribute(ATTR_SESSION, 3);
        return zJspSession != null && zJspSession.getAuthToken().equals(authToken);
    }

    public static ZJspSession getSession(PageContext pageContext) throws ServiceException {
        ZJspSession zJspSession = (ZJspSession) pageContext.getAttribute(ATTR_SESSION, 3);
        ZAuthToken authToken = getAuthToken(pageContext);
        if (zJspSession != null && zJspSession.getAuthToken().equals(authToken)) {
            return zJspSession;
        }
        if (authToken == null || authToken.isEmpty()) {
            return null;
        }
        ZMailbox.Options options = new ZMailbox.Options(authToken, getSoapURL(pageContext), true, "GET".equals(pageContext.getRequest().getMethod()));
        options.setClientIp(getRemoteAddr(pageContext));
        ZMailbox mailbox = ZMailbox.getMailbox(options);
        mailbox.getAccountInfo(false);
        return setSession(pageContext, mailbox);
    }

    public static ZMailbox getRestMailbox(PageContext pageContext, String str, String str2) throws ServiceException {
        return getRestMailbox(pageContext, str, false, str2);
    }

    public static ZMailbox getRestMailbox(PageContext pageContext, String str, boolean z, String str2) throws ServiceException {
        if (str == null || str.length() == 0) {
            return null;
        }
        ZMailbox.Options options = new ZMailbox.Options(str, getSoapURL(pageContext));
        options.setNoSession(true);
        options.setAuthAuthToken(z);
        if (z) {
            options.setCsrfSupported(true);
        }
        options.setTargetAccount(str2);
        options.setTargetAccountBy(Key.AccountBy.id);
        options.setClientIp(getRemoteAddr(pageContext));
        return ZMailbox.getMailbox(options);
    }

    public static ZMailbox getRestMailbox(PageContext pageContext, ZAuthToken zAuthToken, String str) throws ServiceException {
        if (zAuthToken == null) {
            return null;
        }
        ZMailbox.Options options = new ZMailbox.Options(zAuthToken, getSoapURL(pageContext));
        options.setNoSession(true);
        options.setAuthAuthToken(true);
        options.setCsrfSupported(true);
        options.setTargetAccount(str);
        options.setTargetAccountBy(Key.AccountBy.id);
        options.setClientIp(getRemoteAddr(pageContext));
        return ZMailbox.getMailbox(options);
    }

    public static void setCollapsed(ZFolder zFolder, HashMap<String, String> hashMap) {
        if (zFolder.getSubFolders().isEmpty()) {
            return;
        }
        hashMap.put(zFolder.getId(), "collapse");
        Iterator it = zFolder.getSubFolders().iterator();
        while (it.hasNext()) {
            setCollapsed((ZFolder) it.next(), hashMap);
        }
    }

    public static ZJspSession setSession(PageContext pageContext, ZMailbox zMailbox) throws ServiceException {
        ZJspSession zJspSession = new ZJspSession(zMailbox.getAuthToken(), zMailbox);
        pageContext.setAttribute(ATTR_TEMP_AUTHTOKEN, zMailbox.getAuthToken(), 2);
        pageContext.setAttribute(ATTR_SESSION, zJspSession, 3);
        HashMap hashMap = new HashMap();
        Iterator it = zMailbox.getUserRoot().getSubFolders().iterator();
        while (it.hasNext()) {
            setCollapsed((ZFolder) it.next(), hashMap);
        }
        pageContext.setAttribute("expanded", hashMap, 3);
        String str = (String) Config.find(pageContext, CONFIG_ZIMBRA_JSP_SESSION_TIMEOUT);
        if (str != null) {
            try {
                pageContext.getSession().setMaxInactiveInterval(Integer.parseInt(str));
            } catch (NumberFormatException e) {
            }
        }
        return zJspSession;
    }

    public static void clearSession(PageContext pageContext) {
    }

    public static String getRemoteAddr(PageContext pageContext) {
        RemoteIP remoteIP = new RemoteIP(pageContext.getRequest(), TRUSTED_IPS);
        if (ZimbraLog.misc.isDebugEnabled()) {
            ZimbraLog.misc.debug("getting remoteAddr from remoteIp [%s] with trustedIps [%s]", new Object[]{remoteIP, TRUSTED_IPS});
        }
        return remoteIP.getRequestIP();
    }

    static {
        $assertionsDisabled = !ZJspSession.class.desiredAssertionStatus();
        ATTR_SESSION = ZJspSession.class.getCanonicalName() + ".session";
        ATTR_TEMP_AUTHTOKEN = ZJspSession.class.getCanonicalName() + ".authToken";
        sSoapUrl = null;
        sProtocolMode = BeanUtils.getEnvString("protocolMode", PROTO_HTTP);
        MODE_HTTP = sProtocolMode.equals(PROTO_HTTP);
        MODE_MIXED = sProtocolMode.equals(PROTO_MIXED);
        MODE_HTTPS = sProtocolMode.equals(PROTO_HTTPS);
        sHttpLocalBind = BeanUtils.getEnvString("httpLocalBind", "false");
        HTTP_LOCALBIND = sHttpLocalBind.equalsIgnoreCase("true");
        sHttpsPort = BeanUtils.getEnvString("httpsPort", DEFAULT_HTTPS_PORT);
        sHttpPort = BeanUtils.getEnvString("httpPort", DEFAULT_HTTP_PORT);
        sLocalHost = BeanUtils.getEnvString("localHost", "localhost");
        sAdminUrl = BeanUtils.getEnvString("adminUrl", null);
        TRUSTED_IPS = new RemoteIP.TrustedIPs(BeanUtils.getEnvString("trustedIPs", "").split(" "));
        sAdminPorts = null;
    }
}
