package org.mycore.mir.authorization.accesskeys;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jdom2.Document;
import org.jdom2.Element;
import org.mycore.access.MCRAccessException;
import org.mycore.access.MCRAccessManager;
import org.mycore.common.MCRSessionMgr;
import org.mycore.common.MCRSystemUserInformation;
import org.mycore.datamodel.metadata.MCRObjectID;
import org.mycore.frontend.servlets.MCRServlet;
import org.mycore.frontend.servlets.MCRServletJob;

/* loaded from: input_file:org/mycore/mir/authorization/accesskeys/MIRAccessKeyServlet.class */
public class MIRAccessKeyServlet extends MCRServlet {
    private static final long serialVersionUID = 1;
    private static final String REDIRECT_URL_PARAMETER = "url";

    protected void doGetPost(MCRServletJob mCRServletJob) throws Exception {
        HttpServletRequest request = mCRServletJob.getRequest();
        HttpServletResponse response = mCRServletJob.getResponse();
        if (MCRSessionMgr.getCurrentSession().getUserInformation().equals(MCRSystemUserInformation.getGuestInstance())) {
            response.sendError(403, "Access can only be granted to personalized users");
            return;
        }
        Document document = (Document) mCRServletJob.getRequest().getAttribute("MCRXEditorSubmission");
        if (document == null) {
            response.sendError(400);
            return;
        }
        String parameter = request.getParameter("action");
        Element rootElement = document.getRootElement();
        MCRObjectID mCRObjectID = MCRObjectID.getInstance(rootElement.getAttributeValue("objId"));
        if (parameter == null) {
            String textTrim = rootElement.getTextTrim();
            String checkAccessKey = checkAccessKey(mCRObjectID, textTrim);
            if (checkAccessKey != null) {
                response.sendError(400, checkAccessKey);
                return;
            }
            MIRAccessKeyPair keyPair = MIRAccessKeyManager.getKeyPair(mCRObjectID);
            if (textTrim.equals(keyPair.getReadKey())) {
                MIRAccessKeyManager.addAccessKey(mCRObjectID, textTrim);
            } else if (textTrim.equals(keyPair.getWriteKey())) {
                MIRAccessKeyManager.addAccessKey(mCRObjectID, textTrim);
            }
        } else if ("create".equals(parameter)) {
            if (!MCRAccessManager.checkPermission(mCRObjectID, "writedb")) {
                throw MCRAccessException.missingPermission("Add access key to object.", mCRObjectID.toString(), "writedb");
            }
            MIRAccessKeyManager.createKeyPair(MIRAccessKeyPairTransformer.buildAccessKeyPair(rootElement));
        } else if ("edit".equals(parameter)) {
            if (!MCRAccessManager.checkPermission(mCRObjectID, "writedb")) {
                throw MCRAccessException.missingPermission("Update access key on object.", mCRObjectID.toString(), "writedb");
            }
            MIRAccessKeyManager.updateKeyPair(MIRAccessKeyPairTransformer.buildAccessKeyPair(rootElement));
        } else if (!"delete".equals(parameter)) {
            response.sendError(400);
            return;
        } else {
            if (!MCRAccessManager.checkPermission(mCRObjectID, "writedb")) {
                throw MCRAccessException.missingPermission("Delete access key on object.", mCRObjectID.toString(), "writedb");
            }
            MIRAccessKeyManager.deleteKeyPair(mCRObjectID);
        }
        response.sendRedirect(getReturnURL(request));
    }

    private static String checkAccessKey(MCRObjectID mCRObjectID, String str) {
        if (str == null || str.length() == 0) {
            return "Missing documentID or accessKey parameter";
        }
        MIRAccessKeyPair keyPair = MIRAccessKeyManager.getKeyPair(mCRObjectID);
        if (keyPair == null) {
            return "No access keys defined for MCRObject " + mCRObjectID;
        }
        if (str.equals(keyPair.getReadKey()) || str.equals(keyPair.getWriteKey())) {
            return null;
        }
        return "Access key does not match";
    }

    private static String getReturnURL(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(REDIRECT_URL_PARAMETER);
        if (parameter == null) {
            String header = httpServletRequest.getHeader("Referer");
            parameter = header != null ? header : httpServletRequest.getContextPath() + "/";
        }
        return parameter;
    }
}
