package com.zimbra.webClient.servlet;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.SoapProtocol;
import com.zimbra.common.util.FileUtil;
import com.zimbra.common.util.StringUtil;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.AuthTokenException;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZimbraAuthToken;
import com.zimbra.cs.account.Zimlet;
import com.zimbra.cs.account.accesscontrol.AdminRight;
import com.zimbra.cs.account.accesscontrol.PermissionCache;
import com.zimbra.cs.account.accesscontrol.RightManager;
import com.zimbra.cs.account.accesscontrol.Rights;
import com.zimbra.cs.ephemeral.EphemeralStore;
import com.zimbra.cs.extension.ExtensionUtil;
import com.zimbra.cs.service.admin.AdminAccessControl;
import com.zimbra.cs.util.SkinUtil;
import com.zimbra.cs.util.WebClientL10nUtil;
import com.zimbra.cs.zimlet.ZimletException;
import com.zimbra.cs.zimlet.ZimletFile;
import com.zimbra.cs.zimlet.ZimletUtil;
import com.zimbra.soap.ZimbraSoapContext;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Locale;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/zimbra/webClient/servlet/ServiceServlet.class */
public class ServiceServlet extends HttpServlet {
    private static final long serialVersionUID = 4025485927134616176L;

    public void init() throws ServletException {
        String[] split;
        try {
            RightManager.getInstance();
            String ephemeralBackendURL = Provisioning.getInstance().getConfig().getEphemeralBackendURL();
            if (ephemeralBackendURL != null && (split = ephemeralBackendURL.split(":")) != null && split.length > 0) {
                String str = split[0];
                if (str.equalsIgnoreCase("ldap")) {
                    ZimbraLog.webclient.info("Using LDAP backend. Will skip loading server extensions.");
                } else {
                    ZimbraLog.webclient.info("Will attempt to load server extensions to handle ephemeral backend %s", new Object[]{str});
                    ExtensionUtil.initAllMatching(new EphemeralStore.EphemeralStoreMatcher(str));
                }
            }
        } catch (Exception e) {
            ZimbraLog.webclient.error("Failed to initialize ServiceServlet. Ignoring", e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("authtoken");
        if (header == null || header.isEmpty()) {
            ZimbraLog.webclient.warn("AuthToken is missing");
            httpServletResponse.sendError(401);
            return;
        }
        try {
            AuthToken authToken = ZimbraAuthToken.getAuthToken(header);
            if (authToken == null || !authToken.isRegistered() || authToken.isExpired()) {
                ZimbraLog.webclient.warn("AuthToken is not valid");
                httpServletResponse.sendError(401);
                return;
            }
            String pathInfo = httpServletRequest.getPathInfo();
            if ("/loadskins".equals(pathInfo)) {
                doLoadSkins(httpServletRequest, httpServletResponse);
            } else if ("/flushskins".equals(pathInfo)) {
                checkAdminRight(httpServletRequest, authToken, Rights.Admin.R_flushCache);
                doFlushSkins(httpServletRequest, httpServletResponse);
            } else if ("/loadlocales".equals(pathInfo)) {
                doLoadLocales(httpServletRequest, httpServletResponse);
            } else if ("/flushuistrings".equals(pathInfo)) {
                checkAdminRight(httpServletRequest, authToken, Rights.Admin.R_flushCache);
                doFlushUistrings(httpServletRequest, httpServletResponse);
            } else if ("/flushzimlets".equals(pathInfo)) {
                checkAdminRight(httpServletRequest, authToken, Rights.Admin.R_flushCache);
                doFlushZimlets(httpServletRequest, httpServletResponse);
            } else if ("/extuserprov".equals(pathInfo)) {
                doExtUserProv(httpServletRequest, httpServletResponse);
            } else if ("/publiclogin".equals(pathInfo)) {
                doPublicLoginProv(httpServletRequest, httpServletResponse);
            } else if (!"/flushacl".equals(pathInfo)) {
                ZimbraLog.webclient.warn("Unrecognized request %s", new Object[]{pathInfo});
                httpServletResponse.sendError(400);
                return;
            } else {
                if (!authToken.isAdmin()) {
                    ZimbraLog.webclient.warn("Only global admin is allowed to access %s", new Object[]{pathInfo});
                    httpServletResponse.sendError(401);
                    return;
                }
                PermissionCache.invalidateAllCache();
            }
            httpServletResponse.setStatus(200);
        } catch (ServiceException e) {
            if ("service.PERM_DENIED".equals(e.getCode())) {
                ZimbraLog.webclient.error(e);
                httpServletResponse.sendError(401);
            } else {
                httpServletResponse.sendError(500);
                ZimbraLog.webclient.error("Unexpected ServiceException while processing GET request: %s. %s", e.getCode(), e.getMessage(), e);
            }
        } catch (Exception e2) {
            httpServletResponse.sendError(500);
            ZimbraLog.webclient.error("Encountered an unexpected exception while processing GET request", e2);
        } catch (AuthTokenException e3) {
            ZimbraLog.webclient.error(e3);
            httpServletResponse.sendError(401);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            AuthToken authToken = ZimbraAuthToken.getAuthToken(httpServletRequest.getHeader("authtoken"));
            if (!authToken.isRegistered() || authToken.isExpired()) {
                ZimbraLog.webclient.warn("AuthToken is not valid");
                httpServletResponse.sendError(401);
                return;
            }
            String pathInfo = httpServletRequest.getPathInfo();
            if ("/deployzimlet".equals(pathInfo)) {
                if (!authToken.isAdmin()) {
                    checkAdminRight(httpServletRequest, authToken, Rights.Admin.R_deployZimlet);
                }
                doDeployZimlet(httpServletRequest, httpServletResponse, authToken);
            } else if (!"/undeployzimlet".equals(pathInfo)) {
                httpServletResponse.sendError(400);
                return;
            } else {
                if (!authToken.isAdmin()) {
                    checkAdminRight(httpServletRequest, authToken, Rights.Admin.R_deployZimlet);
                }
                doUndeployZimlet(httpServletRequest, httpServletResponse, authToken);
            }
            httpServletResponse.setStatus(200);
        } catch (ServiceException e) {
            if ("service.PERM_DENIED".equals(e.getCode())) {
                ZimbraLog.webclient.error(e);
                httpServletResponse.sendError(401);
            } else {
                httpServletResponse.sendError(500);
                ZimbraLog.webclient.error("Unexpected ServiceException while processing POST request: %s. %s", e.getCode(), e.getMessage(), e);
            }
        } catch (ZimletException e2) {
            ZimbraLog.webclient.error(e2);
            httpServletResponse.sendError(400);
        } catch (Exception e3) {
            httpServletResponse.sendError(500);
            ZimbraLog.webclient.error("Encountered an unexpected exception while processing POST request", e3);
        } catch (AuthTokenException e4) {
            ZimbraLog.webclient.error(e4);
            httpServletResponse.sendError(401);
        }
    }

    private void checkAdminRight(HttpServletRequest httpServletRequest, AuthToken authToken, AdminRight adminRight) throws ServiceException {
        if (adminRight == null) {
            ZimbraLog.webclient.error("cannot check null permission");
            throw ServiceException.FAILURE("permission object is NULL", (Throwable) null);
        }
        ZimbraLog.webclient.info("checking %s admin permission on local server", new Object[]{adminRight.getName()});
        AdminAccessControl.getAdminAccessControl(new ZimbraSoapContext(authToken, authToken.getAccountId(), SoapProtocol.SoapJS, SoapProtocol.SoapJS)).checkRight(Provisioning.getInstance().getLocalServer(), adminRight);
    }

    private void doFlushUistrings(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException, ServletException, IOException {
        RequestDispatcher requestDispatcher = getServletContext().getContext(Provisioning.getInstance().getLocalServer().getMailURL()).getRequestDispatcher("/res/AjxMsg.js");
        ZimbraLog.webclient.debug("flushCache: sending flush request");
        httpServletRequest.setAttribute("flushCache", Boolean.TRUE);
        requestDispatcher.include(httpServletRequest, httpServletResponse);
        RequestDispatcher requestDispatcher2 = getServletContext().getContext("/zimbraAdmin").getRequestDispatcher("/res/AjxMsg.js");
        ZimbraLog.webclient.debug("flushCache: sending flush request to zimbraAdmin");
        httpServletRequest.setAttribute("flushCache", Boolean.TRUE);
        requestDispatcher2.include(httpServletRequest, httpServletResponse);
    }

    private void doLoadSkins(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException, IOException {
        ArrayList arrayList = new ArrayList();
        SkinUtil.loadSkinsByDiskScan(arrayList);
        String[] strArr = (String[]) arrayList.toArray(new String[arrayList.size()]);
        Arrays.sort(strArr);
        httpServletResponse.getOutputStream().write(StringUtil.join(",", strArr).getBytes());
    }

    private void doFlushSkins(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, ServiceException {
        RequestDispatcher requestDispatcher = getServletContext().getContext(Provisioning.getInstance().getLocalServer().getMailURL()).getRequestDispatcher("/js/skin.js");
        ZimbraLog.webclient.debug("flushCache: sending flush request");
        httpServletRequest.setAttribute("flushCache", Boolean.TRUE);
        requestDispatcher.include(httpServletRequest, httpServletResponse);
    }

    private void doLoadLocales(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException, IOException {
        WebClientL10nUtil.loadBundlesByDiskScan();
        boolean z = true;
        for (Locale locale : WebClientL10nUtil.getAvailableLocales()) {
            if (!z) {
                httpServletResponse.getOutputStream().write(",".getBytes());
            }
            httpServletResponse.getOutputStream().write(locale.toString().getBytes());
            z = false;
        }
    }

    private void doFlushZimlets(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ZimletUtil.flushAllZimletsCache();
    }

    private void doDeployZimlet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthToken authToken) throws Exception {
        String header = httpServletRequest.getHeader("Zimlet");
        ZimbraLog.zimlet.info("deploying zimlet %s", new Object[]{header});
        ZimletFile zimletFile = new ZimletFile(header, httpServletRequest.getInputStream());
        if (zimletFile.getZimletDescription().isExtension() && !authToken.isAdmin()) {
            throw ServiceException.PERM_DENIED("Only global admins are allowed to deploy extensions for Zimbra Admin UI");
        }
        ZimletUtil.deployZimletLocally(zimletFile);
        ZimbraLog.zimlet.info("deployed zimlet %s", new Object[]{header});
    }

    private void doUndeployZimlet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthToken authToken) throws IOException, ZimletException, ServiceException {
        String header = httpServletRequest.getHeader("Zimlet");
        Zimlet zimlet = Provisioning.getInstance().getZimlet(header);
        if (zimlet != null && zimlet.isExtension() && !authToken.isAdmin()) {
            throw ServiceException.PERM_DENIED("Only global admins are allowed to undeploy extensions for Zimbra Admin UI");
        }
        if (zimlet == null) {
            ZimbraLog.zimlet.info("%s has already been deleted from LDAP. Cleaning up.", new Object[]{header});
        }
        ZimbraLog.zimlet.info("deleting zimlet %s from disk", new Object[]{header});
        File zimletRootDir = ZimletUtil.getZimletRootDir(header);
        FileUtil.deleteDir(zimletRootDir);
        ZimbraLog.zimlet.info("zimlet directory %s is deleted", new Object[]{zimletRootDir.getName()});
    }

    private void doExtUserProv(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException, ServletException, IOException {
        String header = httpServletRequest.getHeader("extuseremail");
        httpServletResponse.addCookie(new Cookie("ZM_PRELIM_AUTH_TOKEN", httpServletRequest.getHeader("ZM_PRELIM_AUTH_TOKEN")));
        httpServletRequest.setAttribute("extuseremail", header);
        RequestDispatcher requestDispatcher = getServletContext().getContext(Provisioning.getInstance().getLocalServer().getMailURL()).getRequestDispatcher("/public/extuserprov.jsp");
        ZimbraLog.webclient.debug("ExternalUserProvServlet: sending extuserprov request");
        requestDispatcher.forward(httpServletRequest, httpServletResponse);
    }

    private void doPublicLoginProv(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServiceException, ServletException, IOException {
        String mailURL = Provisioning.getInstance().getLocalServer().getMailURL();
        httpServletRequest.setAttribute("virtualacctdomain", httpServletRequest.getHeader("virtualacctdomain"));
        RequestDispatcher requestDispatcher = getServletContext().getContext(mailURL).getRequestDispatcher(Forward.DEFAULT_FORWARD_URL);
        ZimbraLog.webclient.debug("ExternalUserProvServlet: sending publc login request");
        requestDispatcher.forward(httpServletRequest, httpServletResponse);
    }
}
