package com.zimbra.cs.zimlet;

import com.zimbra.common.account.Key;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.TemplateCompiler;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Zimlet;
import com.zimbra.cs.service.admin.AdminAccessControl;
import com.zimbra.cs.servlet.ZimbraServlet;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/zimbra/cs/zimlet/ZimletFilter.class */
public class ZimletFilter extends ZimbraServlet implements Filter {
    public static final String ALL_ZIMLETS = "com.zimbra.cs.zimlet.All";
    public static final String ALLOWED_ZIMLETS = "com.zimbra.cs.zimlet.Allowed";
    private static final String ZIMLET_URL = "^/service/zimlet/(?:_dev/)?([^/\\?]+)([/\\?]?)(.*)$";
    private static final String ZIMLET_RES_URL_PREFIX = "/service/zimlet/res/";
    private Pattern mPattern;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.mPattern = Pattern.compile(ZIMLET_URL);
    }

    private boolean isHttpReq(ServletRequest servletRequest, ServletResponse servletResponse) {
        return (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse);
    }

    private AuthToken getAuthTokenForApp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws IOException, ServiceException {
        return Provisioning.getInstance().getConfig().getIntAttr("zimbraAdminPort", 0) == httpServletRequest.getLocalPort() ? getAdminAuthTokenFromCookie(httpServletRequest, httpServletResponse, z) : getAuthTokenFromCookie(httpServletRequest, httpServletResponse, z);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isHttpReq(servletRequest, servletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            try {
                AuthToken authTokenForApp = getAuthTokenForApp(httpServletRequest, httpServletResponse, false);
                if (authTokenForApp == null) {
                    return;
                }
                Provisioning provisioning = Provisioning.getInstance();
                LinkedList linkedList = new LinkedList();
                List<Zimlet> linkedList2 = new LinkedList();
                try {
                    boolean isSufficientAdminForZimletFilterServlet = AdminAccessControl.getAdminAccessControl(authTokenForApp).isSufficientAdminForZimletFilterServlet();
                    if (isSufficientAdminForZimletFilterServlet) {
                        linkedList2 = provisioning.listAllZimlets();
                        for (Zimlet zimlet : linkedList2) {
                            if (zimlet.isExtension() && zimlet.isEnabled()) {
                                linkedList.add(zimlet);
                            }
                        }
                    } else {
                        for (String str : ZimletUtil.getAvailableZimlets(provisioning.get(Key.AccountBy.id, authTokenForApp.getAccountId(), authTokenForApp)).getZimletNamesAsArray()) {
                            Zimlet zimlet2 = provisioning.getZimlet(str);
                            if (zimlet2 != null) {
                                if (zimlet2.isEnabled()) {
                                    linkedList.add(zimlet2);
                                }
                                linkedList2.add(zimlet2);
                            }
                        }
                    }
                    Set<String> zimletNames = getZimletNames(ZimletUtil.orderZimletsByPriority(linkedList));
                    Set<String> zimletNames2 = getZimletNames(linkedList2);
                    LinkedHashSet linkedHashSet = new LinkedHashSet();
                    String requestURI = httpServletRequest.getRequestURI();
                    boolean startsWith = requestURI.startsWith(ZIMLET_RES_URL_PREFIX);
                    if (startsWith) {
                        linkedHashSet.addAll(zimletNames);
                    } else {
                        Matcher matcher = this.mPattern.matcher(requestURI);
                        if (!matcher.matches()) {
                            ZimbraLog.zimlet.info("no zimlet specified in request");
                            httpServletResponse.sendError(403);
                            return;
                        }
                        linkedHashSet.add(matcher.group(1));
                    }
                    File file = new File(LC.zimlet_directory.value());
                    File file2 = new File(file, ZimletUtil.ZIMLET_DEV_DIR);
                    Iterator it = linkedHashSet.iterator();
                    while (it.hasNext()) {
                        String str2 = (String) it.next();
                        try {
                            if (!new File(file2, str2).exists()) {
                                Zimlet zimlet3 = provisioning.getZimlet(str2);
                                if (zimlet3 == null) {
                                    ZimbraLog.zimlet.info("no such zimlet: " + str2);
                                    it.remove();
                                    linkedList2.remove(zimlet3);
                                } else if (!zimletNames.contains(str2)) {
                                    ZimbraLog.zimlet.info("unauthorized request to zimlet " + str2 + " from user " + authTokenForApp.getAccountId());
                                    it.remove();
                                    linkedList2.remove(zimlet3);
                                } else if (zimlet3.isExtension() && !isSufficientAdminForZimletFilterServlet) {
                                    it.remove();
                                    linkedList2.remove(zimlet3);
                                }
                            }
                        } catch (ServiceException e) {
                            ZimbraLog.zimlet.info("service exception to zimlet " + str2 + " from user " + authTokenForApp.getAccountId() + ": " + e.getMessage());
                            it.remove();
                        }
                    }
                    if (!startsWith) {
                        Matcher matcher2 = this.mPattern.matcher(requestURI);
                        if (matcher2.matches() && !linkedHashSet.contains(matcher2.group(1))) {
                            httpServletResponse.sendError(403);
                            return;
                        }
                    }
                    if (requestURI.endsWith(".template.js")) {
                        Matcher matcher3 = this.mPattern.matcher(requestURI);
                        if (matcher3.matches()) {
                            String group = matcher3.group(1);
                            String group2 = matcher3.group(3);
                            String replaceAll = group2.replaceAll(".js$", "");
                            File file3 = new File(requestURI.indexOf(ZimletUtil.ZIMLET_DEV_DIR) != -1 ? file2 : file, group);
                            File file4 = new File(file3, replaceAll);
                            File file5 = new File(file3, group2);
                            if (!file5.exists() || (file4.exists() && file4.lastModified() > file5.lastModified())) {
                                try {
                                    TemplateCompiler.compile(file3, file3, group + ".", new String[]{replaceAll}, true, true);
                                } catch (IOException e2) {
                                }
                            }
                        }
                    }
                    httpServletRequest.setAttribute(ALLOWED_ZIMLETS, linkedHashSet);
                    httpServletRequest.setAttribute(ALL_ZIMLETS, zimletNames2);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } catch (ServiceException e3) {
                    ZimbraLog.zimlet.info("unable to get list of zimlets");
                    httpServletResponse.sendError(403);
                }
            } catch (ServiceException e4) {
                ZimbraLog.zimlet.info("can't get authToken: " + e4.getMessage());
                httpServletResponse.sendError(403);
            }
        }
    }

    public void destroy() {
    }

    private static Set<String> getZimletNames(List<Zimlet> list) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator<Zimlet> it = list.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(it.next().getName());
        }
        return linkedHashSet;
    }
}
