package com.zimbra.cs.zimlet;

import com.zimbra.common.httpclient.HttpClientUtil;
import com.zimbra.common.localconfig.LC;
import com.zimbra.common.mime.ContentDisposition;
import com.zimbra.common.mime.ContentType;
import com.zimbra.common.service.ServiceException;
import com.zimbra.common.util.ByteUtil;
import com.zimbra.common.util.ZimbraHttpConnectionManager;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.dav.DavProtocol;
import com.zimbra.cs.dav.service.method.Get;
import com.zimbra.cs.dav.service.method.Post;
import com.zimbra.cs.httpclient.HttpProxyUtil;
import com.zimbra.cs.mailbox.MailServiceException;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.mailclient.imap.ImapResponse;
import com.zimbra.cs.service.FileUploadServlet;
import com.zimbra.cs.servlet.ZimbraServlet;
import com.zimbra.cs.session.PendingModifications;
import com.zimbra.cs.zclient.ZFilterCondition;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.ByteArrayRequestEntity;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.PostMethod;

/* loaded from: input_file:com/zimbra/cs/zimlet/ProxyServlet.class */
public class ProxyServlet extends ZimbraServlet {
    private static final String TARGET_PARAM = "target";
    private static final String UPLOAD_PARAM = "upload";
    private static final String USER_PARAM = "user";
    private static final String PASS_PARAM = "pass";
    private static final String FORMAT_PARAM = "fmt";
    private static final String FILENAME_PARAM = "filename";
    private static final String AUTH_PARAM = "auth";
    private static final String AUTH_BASIC = "basic";
    private static final String DEFAULT_CTYPE = "text/xml";

    private Set<String> getAllowedDomains(AuthToken authToken) throws ServiceException {
        Provisioning provisioning = Provisioning.getInstance();
        Set<String> multiAttrSet = provisioning.getCOS(provisioning.get(Provisioning.AccountBy.id, authToken.getAccountId(), authToken)).getMultiAttrSet(ZAttrProvisioning.A_zimbraProxyAllowedDomains);
        ZimbraLog.zimlet.debug("get allowedDomains result: " + multiAttrSet);
        return multiAttrSet;
    }

    private boolean checkPermissionOnTarget(HttpServletRequest httpServletRequest, URL url, AuthToken authToken) {
        String lowerCase = url.getHost().toLowerCase();
        ZimbraLog.zimlet.debug("checking allowedDomains permission on target host: " + lowerCase);
        try {
            Iterator<String> it = getAllowedDomains(authToken).iterator();
            while (it.hasNext()) {
                String next = it.next();
                if (next.equals(ImapResponse.UNTAGGED)) {
                    return true;
                }
                if (next.charAt(0) == '*') {
                    next = next.substring(1);
                }
                if (lowerCase.endsWith(next)) {
                    return true;
                }
            }
            return false;
        } catch (ServiceException e) {
            ZimbraLog.zimlet.info("error getting allowedDomains: " + e.getMessage());
            return false;
        }
    }

    private boolean canProxyHeader(String str) {
        if (str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        return (lowerCase.startsWith("accept") || lowerCase.equals("content-length") || lowerCase.equals("connection") || lowerCase.equals("keep-alive") || lowerCase.equals("pragma") || lowerCase.equals(ZimletMeta.ZIMLET_TAG_HOST) || lowerCase.equals("cache-control") || lowerCase.equals("cookie") || lowerCase.equals("transfer-encoding")) ? false : true;
    }

    private byte[] copyPostedData(HttpServletRequest httpServletRequest) throws IOException {
        int contentLength = httpServletRequest.getContentLength();
        if (httpServletRequest.getMethod().equalsIgnoreCase(Get.GET) || contentLength <= 0) {
            return null;
        }
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        ByteArrayOutputStream byteArrayOutputStream = null;
        if (contentLength < 0) {
            contentLength = 0;
        }
        try {
            byteArrayOutputStream = new ByteArrayOutputStream(contentLength);
            byte[] bArr = new byte[PendingModifications.Change.MODIFIED_COLOR];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    ByteUtil.closeStream(byteArrayOutputStream);
                    return byteArray;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            ByteUtil.closeStream(byteArrayOutputStream);
            throw th;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doProxy(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doProxy(httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.zimbra.cs.servlet.ZimbraServlet
    public boolean isAdminRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getServerPort() == LC.zimbra_admin_service_port.intValue();
    }

    private void doProxy(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        ZimbraLog.clearContext();
        boolean isAdminRequest = isAdminRequest(httpServletRequest);
        AuthToken adminAuthTokenFromCookie = isAdminRequest ? getAdminAuthTokenFromCookie(httpServletRequest, httpServletResponse) : getAuthTokenFromCookie(httpServletRequest, httpServletResponse);
        if (adminAuthTokenFromCookie == null) {
            return;
        }
        byte[] copyPostedData = copyPostedData(httpServletRequest);
        String parameter = httpServletRequest.getParameter("target");
        if (parameter == null) {
            httpServletResponse.sendError(400);
            return;
        }
        URL url = new URL(parameter);
        if (!isAdminRequest && !checkPermissionOnTarget(httpServletRequest, url, adminAuthTokenFromCookie)) {
            httpServletResponse.sendError(403);
            return;
        }
        String parameter2 = httpServletRequest.getParameter(UPLOAD_PARAM);
        boolean z = parameter2 != null && (parameter2.equals("1") || parameter2.equalsIgnoreCase(ZFilterCondition.C_TRUE));
        HttpMethod httpMethod = null;
        try {
            HttpClient newHttpClient = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
            HttpProxyUtil.configureProxy(newHttpClient);
            String method = httpServletRequest.getMethod();
            if (method.equalsIgnoreCase(Get.GET)) {
                httpMethod = new GetMethod(parameter);
            } else {
                if (!method.equalsIgnoreCase(Post.POST)) {
                    ZimbraLog.zimlet.info("unsupported request method: " + method);
                    httpServletResponse.sendError(405);
                    if (0 != 0) {
                        httpMethod.releaseConnection();
                        return;
                    }
                    return;
                }
                HttpMethod postMethod = new PostMethod(parameter);
                if (copyPostedData != null) {
                    postMethod.setRequestEntity(new ByteArrayRequestEntity(copyPostedData, httpServletRequest.getContentType()));
                }
                httpMethod = postMethod;
            }
            String parameter3 = httpServletRequest.getParameter("auth");
            String parameter4 = httpServletRequest.getParameter(USER_PARAM);
            String parameter5 = httpServletRequest.getParameter(PASS_PARAM);
            if (parameter3 != null && parameter4 != null && parameter5 != null) {
                if (!parameter3.equals(AUTH_BASIC)) {
                    ZimbraLog.zimlet.info("unsupported auth type: " + parameter3);
                    httpServletResponse.sendError(400);
                    if (httpMethod != null) {
                        httpMethod.releaseConnection();
                        return;
                    }
                    return;
                }
                HttpState httpState = new HttpState();
                httpState.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(parameter4, parameter5));
                newHttpClient.setState(httpState);
                httpMethod.setDoAuthentication(true);
            }
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                ZimbraLog.zimlet.debug("incoming: " + str + ": " + httpServletRequest.getHeader(str));
                if (canProxyHeader(str)) {
                    ZimbraLog.zimlet.debug("outgoing: " + str + ": " + httpServletRequest.getHeader(str));
                    if (str.equalsIgnoreCase("x-host")) {
                        httpMethod.getParams().setVirtualHost(httpServletRequest.getHeader(str));
                    } else {
                        httpMethod.addRequestHeader(str, httpServletRequest.getHeader(str));
                    }
                }
            }
            try {
                HttpClientUtil.executeMethod(newHttpClient, httpMethod);
                int statusCode = httpMethod.getStatusLine() == null ? 500 : httpMethod.getStatusCode();
                Header responseHeader = httpMethod.getResponseHeader(DavProtocol.HEADER_CONTENT_TYPE);
                String value = (responseHeader == null || responseHeader.getValue() == null) ? "text/xml" : responseHeader.getValue();
                InputStream responseBodyAsStream = httpMethod.getResponseBodyAsStream();
                if (z) {
                    String parameter6 = httpServletRequest.getParameter("filename");
                    if (parameter6 == null || parameter6.equals(OperationContextData.GranteeNames.EMPTY_NAME)) {
                        parameter6 = new ContentType(value).getParameter("name");
                    }
                    if ((parameter6 == null || parameter6.equals(OperationContextData.GranteeNames.EMPTY_NAME)) && httpMethod.getResponseHeader("Content-Disposition") != null) {
                        parameter6 = new ContentDisposition(httpMethod.getResponseHeader("Content-Disposition").getValue()).getParameter("filename");
                    }
                    if (parameter6 == null || parameter6.equals(OperationContextData.GranteeNames.EMPTY_NAME)) {
                        parameter6 = "unknown";
                    }
                    List list = null;
                    if (responseBodyAsStream != null) {
                        try {
                            list = Arrays.asList(FileUploadServlet.saveUpload(responseBodyAsStream, parameter6, value, adminAuthTokenFromCookie.getAccountId()));
                        } catch (ServiceException e) {
                            statusCode = e.getCode().equals(MailServiceException.UPLOAD_REJECTED) ? 413 : 500;
                        }
                    }
                    httpServletResponse.setStatus(statusCode);
                    FileUploadServlet.sendResponse(httpServletResponse, statusCode, httpServletRequest.getParameter("fmt"), null, list, null);
                } else {
                    httpServletResponse.setStatus(statusCode);
                    httpServletResponse.setContentType(value);
                    for (Header header : httpMethod.getResponseHeaders()) {
                        if (canProxyHeader(header.getName())) {
                            httpServletResponse.addHeader(header.getName(), header.getValue());
                        }
                    }
                    if (responseBodyAsStream != null) {
                        ByteUtil.copy(responseBodyAsStream, true, httpServletResponse.getOutputStream(), true);
                    }
                }
                if (httpMethod != null) {
                    httpMethod.releaseConnection();
                }
            } catch (HttpException e2) {
                ZimbraLog.zimlet.info("exception while proxying " + parameter, e2);
                httpServletResponse.sendError(404);
                if (httpMethod != null) {
                    httpMethod.releaseConnection();
                }
            }
        } catch (Throwable th) {
            if (httpMethod != null) {
                httpMethod.releaseConnection();
            }
            throw th;
        }
    }
}
