package org.sakaiproject.tool.rutgers;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.sakaiproject.authz.api.AuthzGroup;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.cover.AuthzGroupService;
import org.sakaiproject.authz.cover.SecurityService;
import org.sakaiproject.component.cover.ServerConfigurationService;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.ToolConfiguration;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.tool.api.Placement;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.cover.SessionManager;
import org.sakaiproject.tool.cover.ToolManager;
import org.sakaiproject.util.Web;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/tool/rutgers/LinkTool.class */
public class LinkTool extends HttpServlet {
    private static final String headHtml = "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> \t\t<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">   <head>     <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />     <meta http-equiv=\"Content-Style-Type\" content=\"text/css\" />  <title>Link Tool</title>";
    private static final String headHtml1 = "<script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"";
    private static final String headHtml2 = "\";  }} </script> \t\t<script type=\"text/javascript\" language=\"JavaScript\" src=\"/library/htmlarea/htmlarea.js\"> \t\t</script> \t\t  </head><body onload=\"";
    private static final String headHtml3 = "\" style='margin:0;padding:0;'>";
    private static final String tailHtml = "</body></html>";
    private static final String stylesHtml = "<link href='/library/skin/tool_base.css' type='text/css' rel='stylesheet' media='all' /><link href='/library/skin/default/tool.css' type='text/css' rel='stylesheet' media='all' /><script type='text/javascript' language='JavaScript' src='/library/js/headscripts.js'></script>";
    private static final String OPTIONS_HELPER = "sakai.tool_config.helper";
    private static final String privkeyname = "sakai.rutgers.linktool.privkey";
    private static final String saltname = "sakai.rutgers.linktool.salt";
    private Set illegalParams;
    private Pattern legalKeys;
    private static Log M_log = LogFactory.getLog(LinkTool.class);
    private static String homedir = null;
    private static SecretKey secretKey = null;
    private static SecretKey salt = null;
    private static String ourUrl = null;
    private static char[] hexChars = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};

    public String getServletInfo() {
        return "Link Tool";
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        homedir = ServerConfigurationService.getSakaiHomePath();
        if (homedir == null) {
            homedir = "/etc/";
        }
        if (!new File(homedir + privkeyname).canRead()) {
            genkey(homedir);
        }
        secretKey = readSecretKey(homedir + privkeyname, "Blowfish");
        if (!new File(homedir + saltname).canRead()) {
            gensalt(homedir);
        }
        salt = readSecretKey(homedir + saltname, "HmacSHA1");
        ourUrl = ServerConfigurationService.getString("sakai.rutgers.linktool.serverUrl");
        if (ourUrl == null || ourUrl.equals("")) {
            ourUrl = ServerConfigurationService.getString("serverUrl");
        }
        if (ourUrl == null || ourUrl.equals("")) {
            ourUrl = "http://127.0.0.1:8080";
        }
        this.illegalParams = new HashSet();
        this.illegalParams.add("user");
        this.illegalParams.add("internaluser");
        this.illegalParams.add("site");
        this.illegalParams.add("role");
        this.illegalParams.add("session");
        this.illegalParams.add("serverurl");
        this.illegalParams.add("url");
        this.illegalParams.add("time");
        this.illegalParams.add("sign");
        this.legalKeys = Pattern.compile("^[a-zA-Z0-9]+$");
        M_log.info("init()");
    }

    public void destroy() {
        M_log.info("destroy()");
        super.destroy();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        Properties config = currentPlacement != null ? currentPlacement.getConfig() : null;
        PrintWriter writer = httpServletResponse.getWriter();
        httpServletResponse.setContentType("text/html");
        String str = null;
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        StringBuffer stringBuffer = new StringBuffer();
        if (currentPlacement != null) {
            str4 = Web.escapeJavascript("Main" + currentPlacement.getId());
            stringBuffer.append("setFrameHeight('" + str4 + "');");
        }
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession != null) {
            str = currentSession.getUserId();
            str2 = currentSession.getUserEid();
            str3 = currentSession.getId();
        }
        if (str != null && (str2 == null || str2.equals(""))) {
            str2 = str;
        }
        String context = currentPlacement != null ? currentPlacement.getContext() : null;
        if (context == null) {
            context = httpServletRequest.getParameter("site");
        }
        String parameter = httpServletRequest.getParameter("url");
        if (parameter == null && config != null) {
            parameter = config.getProperty("url", null);
        }
        AuthzGroup authzGroup = null;
        Role role = null;
        String siteReference = context != null ? SiteService.siteReference(context) : null;
        if (siteReference != null) {
            try {
                authzGroup = AuthzGroupService.getAuthzGroup(siteReference);
            } catch (Exception e) {
            }
        }
        if (authzGroup != null && str != null) {
            role = authzGroup.getUserRole(str);
        }
        String id = role != null ? role.getId() : null;
        if (str3 != null) {
            str3 = encrypt(str3);
        }
        if (parameter != null && str != null && context != null && id != null && str3 != null) {
            String str5 = "user=" + URLEncoder.encode(str2) + "&internaluser=" + URLEncoder.encode(str) + "&site=" + URLEncoder.encode(context) + "&role=" + URLEncoder.encode(id) + "&session=" + URLEncoder.encode(str3) + "&serverurl=" + URLEncoder.encode(ourUrl) + "&time=" + System.currentTimeMillis();
            for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
                String str6 = "";
                String str7 = "";
                try {
                    str6 = (String) entry.getKey();
                    str7 = ((String[]) entry.getValue())[0];
                } catch (Exception e2) {
                }
                if (!this.illegalParams.contains(str6.toLowerCase()) && this.legalKeys.matcher(str6).matches()) {
                    str5 = str5 + "&" + str6 + "=" + URLEncoder.encode(str7);
                }
            }
            try {
                parameter = parameter + "?" + str5 + "&sign=" + sign(str5) + "';";
                stringBuffer.append("window.location = '" + parameter);
            } catch (Exception e3) {
            }
        }
        int i = 600;
        if (config != null) {
            String safetrim = safetrim(config.getProperty("height", "600"));
            if (safetrim.endsWith("px")) {
                safetrim = safetrim(safetrim.substring(0, safetrim.length() - 2));
            }
            i = Integer.parseInt(safetrim);
        }
        if (queryString != null && queryString.equals("Setup") && writeSetupPage(writer, currentPlacement, str4, config, requestURI)) {
            return;
        }
        if (currentPlacement == null || config == null || !SiteService.allowUpdateSite(context) || !writeOwnerPage(writer, i, parameter, str4, requestURI)) {
            writer.println("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> \t\t<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">   <head>     <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />     <meta http-equiv=\"Content-Style-Type\" content=\"text/css\" />  <title>Link Tool</title><script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"" + i + "px" + headHtml2 + ((Object) stringBuffer) + headHtml3);
            writer.println(tailHtml);
        }
    }

    private boolean writeOwnerPage(PrintWriter printWriter, int i, String str, String str2, String str3) {
        if (str == null) {
            return false;
        }
        printWriter.println("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\"> \t\t<html xmlns=\"http://www.w3.org/1999/xhtml\" lang=\"en\" xml:lang=\"en\">   <head>     <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\" />     <meta http-equiv=\"Content-Style-Type\" content=\"text/css\" />  <title>Link Tool</title><script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"" + (i + 30) + "px" + headHtml2 + (str2 != null ? "setFrameHeight('" + str2 + "');" : "") + headHtml3);
        printWriter.println("<div><div style='color:#000;text-align:center;font-size:.9em;padding-bottom:5px;line-height:1.3em;background:#DDDDDD;height:22px;overflow:hidden'><a href='" + str3 + "?Setup' style='border-bottom:1px dashed #999999;color:black;text-decoration:none;font:80% Verdana,Arial,Helvetica,sans-serif'>Setup</a></div></div><iframe src='" + str + "' height='" + i + "px' width='100%' frameborder='0' marginwidth='0' marginheight='0'></iframe>");
        printWriter.println(tailHtml);
        return true;
    }

    private boolean writeSetupPage(PrintWriter printWriter, Placement placement, String str, Properties properties, String str2) {
        if (placement == null || properties == null) {
            return false;
        }
        String str3 = str != null ? "setMainFrameHeight('" + str + "');setFocus(focus_path);" : "";
        printWriter.println(headHtml);
        printWriter.println(stylesHtml);
        printWriter.println("<script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"300px\";  }} </script> \t\t<script type=\"text/javascript\" language=\"JavaScript\" src=\"/library/htmlarea/htmlarea.js\"> \t\t</script> \t\t  </head><body onload=\"" + str3 + headHtml3);
        printWriter.println("<div class='portletBody'><h2>Setup</h2>");
        printWriter.println("<form method='post' action='" + str2 + "?SetupForm'>");
        printWriter.println("URL: <input type=text name=url size=70 value='" + properties.getProperty("url") + "'><br>");
        printWriter.println("Height: <input type=text name=height value='" + properties.getProperty("height") + "'><br>");
        if (placement != null) {
            printWriter.println("Page title: <input type=text name=title><br>");
        }
        printWriter.println("<input type=submit value='Update Configuration'>");
        printWriter.println("</form>");
        printWriter.println("<p>NOTE: setting the Page title changes the title for the entire page (i.e. what is in the left margin). If there is more than one tool on the page, this may not be what you want to do. Admittedly, having more than one tool on the page is fairly rare.");
        printWriter.println("<h3>Session Access</h3>");
        printWriter.println("<p> This section allows you to request a cryptographically signed object that can be used to request access to a Sakai session ID. Session IDs are needed to access most of the web services. ");
        if (SecurityService.getInstance().isSuperUser()) {
            printWriter.println("<p>As a privileged user, you can request an object that will generate a session logged in as any user. For applications that just deal with a single site, and which need site owner privileges, you should ask for an object in the name of the site owner. For applications that need to create site or users, or deal with many sites, you should ask for an object in the name of a user with administrative privileges. If you generate an object in the name of an administrator, please be careful only to put it in sites whose security you trust.<p>You can also request a second kind of object. This one will generate a session for the current user. That is, when an end user accesses an application, this will return a session for that end user. Please be careful about what sites you put this in, because it will allow the owner of the site to compromise the privacy of any user using the site.");
            printWriter.println("<form method='post' action='" + str2 + "?SignForm'>");
            printWriter.println("Specific user: <input type=text name=user size=30> [an internal Sakai user, not the Enterprise ID]<br>");
            printWriter.println("The current user: <input type=checkbox name=current value=yes><br>");
            printWriter.println("<input type=submit value='Generate Signed Object'>");
            printWriter.println("</form>");
        } else {
            printWriter.println("<p>You can request an object that will generate a session logged with your userid. For applications that deal with sites that you own, such an object should be sufficient for most purposes.");
            printWriter.println("<p>For applications that need to create site or users, or deal with many sites, an administrator can generate objects with more privileges");
            printWriter.println("<form method='post' action='" + str2 + "?SignForm'>");
            printWriter.println("<input type=submit value='Generate Signed Object'>");
            printWriter.println("</form>");
        }
        printWriter.println("<h3>Exit</h3><p><form action='" + str2 + "?panel=Main' method='get'><input type=submit value='Exit Setup'></form>");
        printWriter.println("</div>");
        printWriter.println(tailHtml);
        return true;
    }

    private boolean writeErrorPage(PrintWriter printWriter, String str, String str2, String str3) {
        String str4 = str != null ? "setMainFrameHeight('" + str + "');setFocus(focus_path);" : "";
        printWriter.println(headHtml);
        printWriter.println(stylesHtml);
        printWriter.println("<script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"300px\";  }} </script> \t\t<script type=\"text/javascript\" language=\"JavaScript\" src=\"/library/htmlarea/htmlarea.js\"> \t\t</script> \t\t  </head><body onload=\"" + str4 + headHtml3);
        printWriter.println("<div class='portletBody'><h2>Error</h2>");
        printWriter.println("<p>" + str2);
        printWriter.println("<p><a href='" + str3 + "?panel=Main'>Return to tool</a>");
        printWriter.println("</div>");
        printWriter.println(tailHtml);
        return true;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest.getQueryString().equals("SignForm")) {
            doSignForm(httpServletRequest, httpServletResponse);
            return;
        }
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        Properties properties = null;
        PrintWriter writer = httpServletResponse.getWriter();
        String str = null;
        String str2 = null;
        String requestURI = httpServletRequest.getRequestURI();
        if (currentPlacement == null) {
            writeErrorPage(writer, null, "Unable to find the current tool", requestURI);
            return;
        }
        String context = currentPlacement.getContext();
        if (context == null) {
            writeErrorPage(writer, null, "Unable to find the current site", requestURI);
            return;
        }
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession != null) {
            str = currentSession.getUserId();
        }
        if (str == null) {
            writeErrorPage(writer, null, "Unable to figure out your userid", requestURI);
            return;
        }
        if (!SiteService.allowUpdateSite(context)) {
            writeErrorPage(writer, null, "You are not allowed to update this site", requestURI);
            return;
        }
        ToolConfiguration findTool = SiteService.findTool(currentPlacement.getId());
        currentPlacement.getPlacementConfig().setProperty("url", safetrim(httpServletRequest.getParameter("url")));
        currentPlacement.getPlacementConfig().setProperty("height", safetrim(httpServletRequest.getParameter("height")));
        String safetrim = safetrim(httpServletRequest.getParameter("title"));
        if (safetrim != null && safetrim.equals("")) {
            safetrim = null;
        }
        if (safetrim != null) {
            currentPlacement.setTitle(safetrim(httpServletRequest.getParameter("title")));
            if (findTool != null) {
                try {
                    Site site = SiteService.getSite(findTool.getSiteId());
                    site.getPage(findTool.getPageId()).setTitle(safetrim(httpServletRequest.getParameter("title")));
                    SiteService.save(site);
                } catch (Exception e) {
                }
            }
        }
        currentPlacement.save();
        if (currentPlacement != null) {
            str2 = Web.escapeJavascript("Main" + currentPlacement.getId());
        }
        if (currentPlacement != null) {
            properties = currentPlacement.getConfig();
        }
        writeSetupPage(writer, currentPlacement, str2, properties, requestURI);
    }

    private void doSignForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        Placement currentPlacement = ToolManager.getCurrentPlacement();
        PrintWriter writer = httpServletResponse.getWriter();
        String str2 = null;
        String requestURI = httpServletRequest.getRequestURI();
        String str3 = null;
        if (currentPlacement == null) {
            writeErrorPage(writer, null, "Unable to find the current tool", requestURI);
            return;
        }
        String escapeJavascript = Web.escapeJavascript("Main" + currentPlacement.getId());
        Session currentSession = SessionManager.getCurrentSession();
        if (currentSession != null) {
            str2 = currentSession.getUserId();
        }
        if (str2 == null) {
            writeErrorPage(writer, escapeJavascript, "Unable to figure out your userid", requestURI);
            return;
        }
        if (SecurityService.getInstance().isSuperUser()) {
            String safetrim = safetrim(httpServletRequest.getParameter("user"));
            String safetrim2 = safetrim(httpServletRequest.getParameter("current"));
            if (safetrim2 == null || !safetrim2.equals("yes")) {
                if (!(safetrim != null) || !(!safetrim.equals(""))) {
                    writeErrorPage(writer, escapeJavascript, "No username supplied", requestURI);
                    return;
                }
                str = "user=" + safetrim;
            } else {
                str = "currentuser";
            }
        } else {
            str = "user=" + str2;
        }
        if (str != null) {
            try {
                str3 = str + "&sign=" + sign(str);
            } catch (Exception e) {
            }
        }
        if (str3 == null) {
            writeErrorPage(writer, escapeJavascript, "Attempt to generate signed object failed", requestURI);
            return;
        }
        writer.println(headHtml);
        writer.println(stylesHtml);
        writer.println("<script type=\"text/javascript\" language=\"JavaScript\"> \t\tvar _editor_url = \"/library/htmlarea/\"; function setFrameHeight(id) { var frame = parent.document.getElementById(id); if (frame) {                var objToResize = (frame.style) ? frame.style : frame; objToResize.height = \"300px\";  }} </script> \t\t<script type=\"text/javascript\" language=\"JavaScript\" src=\"/library/htmlarea/htmlarea.js\"> \t\t</script> \t\t  </head><body onload=\"" + ("setMainFrameHeight('" + escapeJavascript + "');setFocus(focus_path);") + headHtml3);
        writer.println("<div class='portletBody'><h2>Your object</h2>");
        writer.println("<p>Here is your object. You should copy it and then paste it into a configuration file to be used in your application.");
        writer.println("<p>" + str3);
        writer.println("<p><a href='" + requestURI + "?panel=Main'>Return to tool</a>");
        writer.println("</div>");
        writer.println(tailHtml);
    }

    private static String sign(String str) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(salt);
        return byteArray2Hex(mac.doFinal(str.getBytes()));
    }

    private static SecretKey readSecretKey(String str, String str2) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            return new SecretKeySpec(bArr, str2);
        } catch (Exception e) {
            return null;
        }
    }

    private static String byteArray2Hex(byte[] bArr) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < bArr.length; i++) {
            stringBuffer.append("" + hexChars[(bArr[i] & 240) >> 4] + hexChars[bArr[i] & 15]);
        }
        return stringBuffer.toString();
    }

    private String safetrim(String str) {
        if (str == null) {
            return null;
        }
        return str.trim();
    }

    private void genkey(String str) {
        try {
            System.out.println("Generating key...");
            writeKey(KeyGenerator.getInstance("Blowfish").generateKey(), str + privkeyname);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static void writeKey(Key key, String str) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        fileOutputStream.write(key.getEncoded());
        fileOutputStream.close();
    }

    private void gensalt(String str) {
        try {
            writeKey(KeyGenerator.getInstance("HmacSHA1").generateKey(), str + saltname);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public String encrypt(String str) {
        try {
            Cipher cipher = Cipher.getInstance("Blowfish");
            cipher.init(1, secretKey);
            return byteArray2Hex(cipher.doFinal(str.getBytes("UTF8")));
        } catch (UnsupportedEncodingException e) {
            System.out.println("linktool encrypt unsupported encoding");
            return null;
        } catch (IOException e2) {
            System.out.println("linktool encrypted io exc");
            return null;
        } catch (InvalidKeyException e3) {
            System.out.println("linktool encrypt invalid key");
            return null;
        } catch (NoSuchAlgorithmException e4) {
            System.out.println("linktool encrypt no such algorithm");
            return null;
        } catch (BadPaddingException e5) {
            System.out.println("linktool encrypt bad padding");
            return null;
        } catch (IllegalBlockSizeException e6) {
            System.out.println("linktool encrypt illegal block size");
            return null;
        } catch (NoSuchPaddingException e7) {
            System.out.println("linktool encrypt no such padding");
            return null;
        }
    }
}
