package annis.service.internal;

import annis.administration.AdministrationDao;
import annis.security.ANNISSecurityManager;
import annis.security.ANNISUserConfigurationManager;
import annis.security.ANNISUserRealm;
import annis.security.Group;
import annis.security.User;
import annis.security.UserConfig;
import annis.service.objects.AnnisCorpus;
import annis.service.objects.ImportJob;
import annis.utils.ANNISFormatHelper;
import com.google.common.base.Joiner;
import com.google.common.io.ByteStreams;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Configuration;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.xml.bind.JAXBElement;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Path("annis/admin")
/* loaded from: input_file:annis/service/internal/AdminService.class */
public class AdminService {
    private static final Logger log = LoggerFactory.getLogger(AdminService.class);

    @Context
    Configuration config;

    @Context
    HttpServletRequest request;

    @GET
    @Produces({"text/plain"})
    @Path("is-authenticated")
    public Response isAuthenticated() {
        Subject subject = SecurityUtils.getSubject();
        Object principal = subject.getPrincipal();
        return (!(principal instanceof String) || subject.hasRole((String) principal)) ? Response.ok(Boolean.toString(subject.isAuthenticated())).build() : Response.status(Response.Status.FORBIDDEN).entity("Account expired").build();
    }

    @GET
    @Produces({"application/xml"})
    @Path("userconfig")
    public UserConfig getUserConfig() {
        Subject subject = SecurityUtils.getSubject();
        subject.checkPermission("admin:read:userconfig");
        return getAdminDao().retrieveUserConfig((String) subject.getPrincipal());
    }

    @POST
    @Path("userconfig")
    @Consumes({"application/xml"})
    public Response setUserConfig(JAXBElement<UserConfig> jAXBElement) {
        Subject subject = SecurityUtils.getSubject();
        subject.checkPermission("admin:write:userconfig");
        getAdminDao().storeUserConfig((String) subject.getPrincipal(), (UserConfig) jAXBElement.getValue());
        return Response.ok().build();
    }

    @GET
    @Produces({"application/xml"})
    @Path("users")
    public List<User> listUsers() {
        ANNISUserConfigurationManager confManager;
        SecurityUtils.getSubject().checkPermission("admin:read:user");
        return (!(SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) || (confManager = getConfManager()) == null) ? new LinkedList() : confManager.listAllUsers();
    }

    @Path("users/{userName}")
    @PUT
    @Consumes({"application/xml"})
    public Response updateOrCreateUser(User user, @PathParam("userName") String str) {
        Subject subject = SecurityUtils.getSubject();
        subject.checkPermission("admin:write:user");
        if (!str.equals(user.getName())) {
            return Response.status(Response.Status.BAD_REQUEST).entity("Username in object is not the same as in path").build();
        }
        Iterator it = user.getPermissions().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((String) it.next()).startsWith("admin:")) {
                subject.checkPermission("admin:write:adminuser");
                break;
            }
        }
        ANNISUserRealm userRealm = getUserRealm();
        return (userRealm == null || !userRealm.updateUser(user)) ? Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not update/create user").build() : Response.ok().build();
    }

    @GET
    @Produces({"application/xml"})
    @Path("users/{userName}")
    public User getUser(@PathParam("userName") String str) {
        SecurityUtils.getSubject().checkPermission("admin:read:user");
        ANNISUserConfigurationManager confManager = getConfManager();
        if (confManager == null) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
        User user = confManager.getUser(str);
        if (user == null) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        user.setPasswordHash("");
        return user;
    }

    @Path("users/{userName}")
    @DELETE
    public Response deleteUser(@PathParam("userName") String str) {
        ANNISUserConfigurationManager confManager;
        SecurityUtils.getSubject().checkPermission("admin:write:user");
        if (!(SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) || (confManager = getConfManager()) == null || !confManager.deleteUser(str)) {
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not delete user").build();
        }
        getAdminDao().deleteUserConfig(str);
        return Response.ok().build();
    }

    @Path("users/{userName}/password")
    @Consumes({"text/plain"})
    @POST
    @Produces({"application/xml"})
    public Response changePassword(String str, @PathParam("userName") String str2) {
        SecurityUtils.getSubject().checkPermission("admin:write:user");
        ANNISUserConfigurationManager confManager = getConfManager();
        ANNISUserRealm userRealm = getUserRealm();
        if (confManager != null && userRealm != null) {
            User user = confManager.getUser(str2);
            if (user == null) {
                return Response.status(Response.Status.NOT_FOUND).build();
            }
            user.setPasswordHash(new Shiro1CryptFormat().format(new Sha256Hash(str, new SecureRandomNumberGenerator().nextBytes(16), 1)));
            if (userRealm.updateUser(user)) {
                return Response.ok().entity(user).build();
            }
        }
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not change password").build();
    }

    @GET
    @Produces({"application/xml"})
    @Path("groups")
    public List<Group> listGroups() {
        ANNISUserConfigurationManager confManager;
        SecurityUtils.getSubject().checkPermission("admin:read:group");
        return (!(SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) || (confManager = getConfManager()) == null) ? new LinkedList() : new LinkedList(confManager.getGroups().values());
    }

    @Path("groups/{groupName}")
    @PUT
    @Consumes({"application/xml"})
    public Response updateOrCreateGroup(Group group, @PathParam("groupName") String str) {
        ANNISUserConfigurationManager confManager;
        SecurityUtils.getSubject().checkPermission("admin:write:group");
        return !str.equals(group.getName()) ? Response.status(Response.Status.BAD_REQUEST).entity("Group name in object is not the same as in path").build() : ((SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) && (confManager = getConfManager()) != null && confManager.writeGroup(group)) ? Response.ok().build() : Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not update/create group").build();
    }

    @Path("groups/{groupName}")
    @DELETE
    public Response deleteGroup(@PathParam("groupName") String str) {
        ANNISUserConfigurationManager confManager;
        SecurityUtils.getSubject().checkPermission("admin:write:group");
        return ((SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) && (confManager = getConfManager()) != null && confManager.deleteGroup(str)) ? Response.ok().build() : Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Could not delete group").build();
    }

    @Path("corpora/{corpusName}")
    @DELETE
    public Response deleteCorpus(@PathParam("corpusName") String str) {
        SecurityUtils.getSubject().checkPermission("admin:write:corpus");
        try {
            getAdminDao().getDeleteCorpusDao().deleteCorpora(Arrays.asList(str));
            return Response.status(Response.Status.OK).build();
        } catch (IllegalArgumentException e) {
            return Response.status(Response.Status.NOT_FOUND).build();
        }
    }

    @GET
    @Path("import/status")
    public List<ImportJob> currentImports() {
        SecurityUtils.getSubject().checkPermission("admin:query-import:running");
        LinkedList linkedList = new LinkedList();
        ImportJob currentJob = getImportWorker().getCurrentJob();
        if (currentJob != null && currentJob.getStatus() != ImportJob.Status.SUCCESS && currentJob.getStatus() != ImportJob.Status.ERROR) {
            linkedList.add(currentJob);
        }
        linkedList.addAll(getImportWorker().getImportQueue());
        return linkedList;
    }

    @GET
    @Path("import/status/finished/{uuid}")
    public ImportJob finishedImport(@PathParam("uuid") String str) {
        SecurityUtils.getSubject().checkPermission("admin:query-import:finished");
        ImportJob finishedJob = getImportWorker().getFinishedJob(str);
        if (finishedJob == null) {
            throw new WebApplicationException(404);
        }
        return finishedJob;
    }

    @POST
    @Path("import")
    @Consumes({"application/zip"})
    public Response importCorpus(@QueryParam("overwrite") String str, @QueryParam("statusMail") String str2, @QueryParam("alias") String str3) {
        Subject subject = SecurityUtils.getSubject();
        boolean parseBoolean = Boolean.parseBoolean(str);
        try {
            File createTempFile = File.createTempFile("annis-import", ".zip");
            createTempFile.deleteOnExit();
            FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
            Throwable th = null;
            try {
                try {
                    ByteStreams.copy(this.request.getInputStream(), fileOutputStream);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                    Set<String> keySet = ANNISFormatHelper.corporaInZipfile(createTempFile).keySet();
                    if (keySet.isEmpty()) {
                        return Response.status(Response.Status.BAD_REQUEST).entity("no corpus.tab file found in upload").build();
                    }
                    Iterator<String> it = keySet.iterator();
                    while (it.hasNext()) {
                        subject.checkPermission("admin:import:" + it.next());
                    }
                    String join = Joiner.on(", ").join(keySet);
                    List<AnnisCorpus> listCorpora = getAdminDao().getQueryDao().listCorpora(new LinkedList(keySet));
                    if (!parseBoolean && listCorpora != null && !listCorpora.isEmpty()) {
                        return Response.status(Response.Status.BAD_REQUEST).entity("The corpus already exists").build();
                    }
                    ImportJob importJob = new ImportJob();
                    UUID randomUUID = UUID.randomUUID();
                    importJob.setUuid(randomUUID.toString());
                    importJob.setCaption(join);
                    importJob.setImportRootDirectory(createTempFile);
                    importJob.setStatus(ImportJob.Status.WAITING);
                    importJob.setOverwrite(parseBoolean);
                    importJob.setStatusEmail(str2);
                    importJob.setAlias(str3);
                    getAdminDao().sendImportStatusMail(str2, join, ImportJob.Status.WAITING, null);
                    try {
                        getImportWorker().getImportQueue().put(importJob);
                        return Response.status(Response.Status.ACCEPTED).header("Location", this.request.getContextPath() + "/annis/admin/import/status/finished/" + randomUUID.toString()).build();
                    } catch (InterruptedException e) {
                        log.error("Could not add job to import queue", e);
                        return Response.serverError().entity("Could not add job to import queue. There might be more information in the server log files. Contact the administrator if necessary.").build();
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException e2) {
            log.error((String) null, e2);
            return Response.serverError().build();
        }
    }

    private ANNISUserConfigurationManager getConfManager() {
        if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
            return SecurityUtils.getSecurityManager().getConfManager();
        }
        return null;
    }

    private ANNISUserRealm getUserRealm() {
        if (SecurityUtils.getSecurityManager() instanceof ANNISSecurityManager) {
            return SecurityUtils.getSecurityManager().getANNISUserRealm();
        }
        return null;
    }

    public ImportWorker getImportWorker() {
        Object property = this.config.getProperty("importWorker");
        if (property instanceof ImportWorker) {
            return (ImportWorker) property;
        }
        return null;
    }

    public AdministrationDao getAdminDao() {
        Object property = this.config.getProperty("adminDao");
        if (property instanceof AdministrationDao) {
            return (AdministrationDao) property;
        }
        return null;
    }
}
