package com.zimbra.soap;

import com.zimbra.common.service.ServiceException;
import com.zimbra.common.soap.Element;
import com.zimbra.common.soap.SoapFaultException;
import com.zimbra.common.util.Pair;
import com.zimbra.common.util.ZimbraLog;
import com.zimbra.cs.account.AccessManager;
import com.zimbra.cs.account.Account;
import com.zimbra.cs.account.AccountServiceException;
import com.zimbra.cs.account.AuthToken;
import com.zimbra.cs.account.GuestAccount;
import com.zimbra.cs.account.Provisioning;
import com.zimbra.cs.account.Server;
import com.zimbra.cs.account.ZAttrProvisioning;
import com.zimbra.cs.mailbox.Mailbox;
import com.zimbra.cs.mailbox.MailboxManager;
import com.zimbra.cs.mailbox.OperationContext;
import com.zimbra.cs.mailbox.OperationContextData;
import com.zimbra.cs.session.AdminSession;
import com.zimbra.cs.session.Session;
import com.zimbra.cs.session.SessionCache;
import com.zimbra.cs.session.SoapSession;
import com.zimbra.cs.util.Zimbra;
import com.zimbra.soap.ZimbraSoapContext;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.dom4j.QName;

/* loaded from: input_file:com/zimbra/soap/DocumentHandler.class */
public abstract class DocumentHandler {
    private QName mResponseQName;
    private static String LOCAL_HOST = OperationContextData.GranteeNames.EMPTY_NAME;
    private static String LOCAL_HOST_ID = OperationContextData.GranteeNames.EMPTY_NAME;

    /* JADX INFO: Access modifiers changed from: protected */
    public void setResponseQName(QName qName) {
        this.mResponseQName = qName;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element getResponseElement(ZimbraSoapContext zimbraSoapContext) {
        return zimbraSoapContext.createElement(this.mResponseQName);
    }

    public static String getLocalHost() {
        synchronized (LOCAL_HOST) {
            if (LOCAL_HOST.length() == 0) {
                try {
                    Server localServer = Provisioning.getInstance().getLocalServer();
                    LOCAL_HOST = localServer.getAttr(ZAttrProvisioning.A_zimbraServiceHostname);
                    LOCAL_HOST_ID = localServer.getId();
                } catch (Exception e) {
                    Zimbra.halt("could not fetch local server name from LDAP for request proxying");
                }
            }
        }
        return LOCAL_HOST;
    }

    public static String getLocalHostId() {
        if (LOCAL_HOST_ID.length() == 0) {
            getLocalHost();
        }
        return LOCAL_HOST_ID;
    }

    public void preProxy(Element element, Map<String, Object> map) throws ServiceException {
    }

    public void postProxy(Element element, Element element2, Map<String, Object> map) throws ServiceException {
    }

    public abstract Element handle(Element element, Map<String, Object> map) throws ServiceException;

    public static ZimbraSoapContext getZimbraSoapContext(Map<String, Object> map) {
        return (ZimbraSoapContext) map.get(SoapEngine.ZIMBRA_CONTEXT);
    }

    public static OperationContext getOperationContext(ZimbraSoapContext zimbraSoapContext, Map<String, Object> map) throws ServiceException {
        return getOperationContext(zimbraSoapContext, map == null ? null : (Session) map.get(SoapEngine.ZIMBRA_SESSION));
    }

    public static OperationContext getOperationContext(ZimbraSoapContext zimbraSoapContext, Session session) throws ServiceException {
        OperationContext operationContext = new OperationContext(zimbraSoapContext.getAuthToken());
        operationContext.setChangeConstraint(zimbraSoapContext.getChangeConstraintType(), zimbraSoapContext.getChangeConstraintLimit());
        operationContext.setRequestIP(zimbraSoapContext.getRequestIP()).setSession(session);
        operationContext.setUserAgent(zimbraSoapContext.getUserAgent());
        return operationContext;
    }

    public static Account getAuthenticatedAccount(ZimbraSoapContext zimbraSoapContext) throws ServiceException {
        String authtokenAccountId = zimbraSoapContext.getAuthtokenAccountId();
        AuthToken authToken = zimbraSoapContext.getAuthToken();
        if ("99999999-9999-9999-9999-999999999999".equals(authtokenAccountId) || !(authToken == null || authToken.isZimbraUser())) {
            return new GuestAccount(authToken);
        }
        Account account = Provisioning.getInstance().get(Provisioning.AccountBy.id, authtokenAccountId, zimbraSoapContext.getAuthToken());
        if (account == null) {
            throw ServiceException.AUTH_REQUIRED();
        }
        return account;
    }

    public static Account getRequestedAccount(ZimbraSoapContext zimbraSoapContext) throws ServiceException {
        String requestedAccountId = zimbraSoapContext.getRequestedAccountId();
        Account account = Provisioning.getInstance().get(Provisioning.AccountBy.id, requestedAccountId, zimbraSoapContext.getAuthToken());
        if (account != null) {
            return account;
        }
        if (zimbraSoapContext.isDelegatedRequest()) {
            throw ServiceException.DEFEND_ACCOUNT_HARVEST(requestedAccountId);
        }
        throw ServiceException.AUTH_EXPIRED();
    }

    public static Mailbox getRequestedMailbox(ZimbraSoapContext zimbraSoapContext) throws ServiceException {
        Mailbox mailboxByAccountId = MailboxManager.getInstance().getMailboxByAccountId(zimbraSoapContext.getRequestedAccountId());
        if (mailboxByAccountId != null) {
            ZimbraLog.addMboxToContext(mailboxByAccountId.getId());
        }
        return mailboxByAccountId;
    }

    private static boolean isRequestLocal(ZimbraSoapContext zimbraSoapContext) {
        try {
            Account authenticatedAccount = getAuthenticatedAccount(zimbraSoapContext);
            if (authenticatedAccount != null) {
                if (Provisioning.onLocalServer(authenticatedAccount)) {
                    return true;
                }
            }
            return false;
        } catch (ServiceException e) {
            ZimbraLog.session.info("error determining whether authenticated account is local", e);
            return false;
        }
    }

    public boolean needsAuth(Map<String, Object> map) {
        return true;
    }

    public boolean needsAdminAuth(Map<String, Object> map) {
        return false;
    }

    public Boolean canAccessAccountCommon(ZimbraSoapContext zimbraSoapContext, Account account, boolean z) throws ServiceException {
        if (zimbraSoapContext.getAuthtokenAccountId() == null || account == null) {
            return Boolean.FALSE;
        }
        if (z && account.getId().equals(zimbraSoapContext.getAuthtokenAccountId())) {
            return Boolean.TRUE;
        }
        if (zimbraSoapContext.getAuthToken().isDelegatedAuth() || zimbraSoapContext.isDelegatedRequest()) {
            return null;
        }
        logAuditAccess(null, zimbraSoapContext.getAuthtokenAccountId(), account.getId());
        return null;
    }

    public boolean canAccessAccount(ZimbraSoapContext zimbraSoapContext, Account account) throws ServiceException {
        Boolean canAccessAccountCommon = canAccessAccountCommon(zimbraSoapContext, account, true);
        return canAccessAccountCommon != null ? canAccessAccountCommon.booleanValue() : AccessManager.getInstance().canAccessAccount(zimbraSoapContext.getAuthToken(), account);
    }

    public boolean canModifyOptions(ZimbraSoapContext zimbraSoapContext, Account account) throws ServiceException {
        return zimbraSoapContext.isDelegatedRequest() ? canAccessAccount(zimbraSoapContext, account) && getAuthenticatedAccount(zimbraSoapContext).getBooleanAttr(ZAttrProvisioning.A_zimbraFeatureOptionsEnabled, true) : account.getBooleanAttr(ZAttrProvisioning.A_zimbraFeatureOptionsEnabled, true);
    }

    public boolean domainAuthSufficient(Map<String, Object> map) {
        return false;
    }

    public boolean isAdminCommand() {
        return false;
    }

    public boolean isReadOnly() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean clientIsLocal(Map<String, Object> map) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) map.get(SoapServlet.SERVLET_REQUEST);
        if (httpServletRequest == null) {
            return true;
        }
        return "127.0.0.1".equals(httpServletRequest.getRemoteAddr());
    }

    public Session updateAuthenticatedAccount(ZimbraSoapContext zimbraSoapContext, AuthToken authToken, Map<String, Object> map, boolean z) {
        String authtokenAccountId = zimbraSoapContext.getAuthtokenAccountId();
        String accountId = authToken.getAccountId();
        if (accountId != null && !accountId.equals(authtokenAccountId)) {
            zimbraSoapContext.clearSessionInfo();
        }
        zimbraSoapContext.setAuthToken(authToken);
        Session session = z ? getSession(zimbraSoapContext) : null;
        if (map != null) {
            map.put(SoapEngine.ZIMBRA_SESSION, session);
        }
        return session;
    }

    public static Session getReferencedSession(ZimbraSoapContext zimbraSoapContext) {
        ZimbraSoapContext.SessionInfo sessionInfo;
        if (zimbraSoapContext == null || (sessionInfo = zimbraSoapContext.getSessionInfo()) == null) {
            return null;
        }
        return SessionCache.lookup(sessionInfo.sessionId, zimbraSoapContext.getAuthtokenAccountId());
    }

    public Session.Type getDefaultSessionType() {
        return Session.Type.SOAP;
    }

    protected final Session getSession(ZimbraSoapContext zimbraSoapContext, Map<String, Object> map) {
        Session session = (Session) map.get(SoapEngine.ZIMBRA_SESSION);
        return session != null ? session : getSession(zimbraSoapContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final Session getSession(ZimbraSoapContext zimbraSoapContext) {
        return getSession(zimbraSoapContext, getDefaultSessionType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getSession(ZimbraSoapContext zimbraSoapContext, Session.Type type) {
        String authtokenAccountId;
        Session delegateSession;
        if (zimbraSoapContext == null || type == null || !zimbraSoapContext.isNotificationEnabled() || (authtokenAccountId = zimbraSoapContext.getAuthtokenAccountId()) == null) {
            return null;
        }
        boolean isRequestLocal = isRequestLocal(zimbraSoapContext);
        if (type == Session.Type.SOAP && !isRequestLocal && !zimbraSoapContext.isSessionProxied()) {
            return null;
        }
        Session session = null;
        ZimbraSoapContext.SessionInfo sessionInfo = zimbraSoapContext.getSessionInfo();
        if (sessionInfo != null) {
            session = SessionCache.lookup(sessionInfo.sessionId, authtokenAccountId);
            if (session == null) {
                ZimbraLog.session.info("requested session no longer exists: " + sessionInfo.sessionId);
                zimbraSoapContext.clearSessionInfo();
            } else if (session.getSessionType() != type) {
                session = null;
            }
        }
        if (session == null) {
            try {
                if (type == Session.Type.SOAP) {
                    session = SoapSessionFactory.getInstance().getSoapSession(authtokenAccountId, isRequestLocal, zimbraSoapContext.isUsingAdminPrivileges()).register();
                } else if (type == Session.Type.ADMIN) {
                    session = new AdminSession(authtokenAccountId).register();
                }
            } catch (ServiceException e) {
                ZimbraLog.session.info("exception while creating session", e);
            }
            if (session != null) {
                zimbraSoapContext.recordNewSession(session.getSessionId());
            }
        }
        if ((session instanceof SoapSession) && zimbraSoapContext.isDelegatedRequest() && (delegateSession = ((SoapSession) session).getDelegateSession(zimbraSoapContext.getRequestedAccountId())) != null) {
            session = delegateSession;
        }
        return session;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void endSession(Session session) {
        SessionCache.clearSession(session);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Server getServer(String str) throws ServiceException {
        Account account = Provisioning.getInstance().get(Provisioning.AccountBy.id, str);
        if (account == null) {
            throw AccountServiceException.NO_SUCH_ACCOUNT(str);
        }
        String attr = account.getAttr(ZAttrProvisioning.A_zimbraMailHost);
        if (attr == null) {
            throw ServiceException.PROXY_ERROR(AccountServiceException.NO_SUCH_SERVER(OperationContextData.GranteeNames.EMPTY_NAME), OperationContextData.GranteeNames.EMPTY_NAME);
        }
        Server server = Provisioning.getInstance().get(Provisioning.ServerBy.name, attr);
        if (server == null) {
            throw ServiceException.PROXY_ERROR(AccountServiceException.NO_SUCH_SERVER(attr), OperationContextData.GranteeNames.EMPTY_NAME);
        }
        return server;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getXPath(Element element, String[] strArr) {
        int i = 0;
        while (i < strArr.length - 1 && element != null) {
            int i2 = i;
            i++;
            element = element.getOptionalElement(strArr[i2]);
        }
        if (element == null) {
            return null;
        }
        return element.getAttribute(strArr[i], (String) null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Element getXPathElement(Element element, String[] strArr) {
        int i = 0;
        while (i < strArr.length && element != null) {
            int i2 = i;
            i++;
            element = element.getOptionalElement(strArr[i2]);
        }
        return element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void setXPath(Element element, String[] strArr, String str) throws ServiceException {
        if (strArr == null || strArr.length == 0) {
            return;
        }
        int i = 0;
        while (i < strArr.length - 1 && element != null) {
            int i2 = i;
            i++;
            element = element.getOptionalElement(strArr[i2]);
        }
        if (element == null) {
            throw ServiceException.INVALID_REQUEST("could not find path", (Throwable) null);
        }
        element.addAttribute(strArr[i], str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element proxyIfNecessary(Element element, Map<String, Object> map) throws ServiceException {
        ZimbraSoapContext zimbraSoapContext = getZimbraSoapContext(map);
        String requestedAccountId = zimbraSoapContext.getRequestedAccountId();
        if (requestedAccountId == null || zimbraSoapContext.getProxyTarget() != null || isAdminCommand() || Provisioning.onLocalServer(getRequestedAccount(zimbraSoapContext))) {
            return null;
        }
        return proxyRequest(element, map, requestedAccountId);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element proxyRequest(Element element, Map<String, Object> map, String str) throws ServiceException {
        return proxyRequest(element, map, getServer(str), new ZimbraSoapContext(getZimbraSoapContext(map), str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element proxyRequest(Element element, Map<String, Object> map, AuthToken authToken, String str) throws ServiceException {
        return proxyRequest(element, map, getServer(str), new ZimbraSoapContext(getZimbraSoapContext(map), authToken, str, (Session) null));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element proxyRequest(Element element, Map<String, Object> map, Server server) throws ServiceException {
        return proxyRequest(element, map, server, new ZimbraSoapContext(getZimbraSoapContext(map)));
    }

    protected String getProxyAuthToken(String str, Map<String, Object> map) throws ServiceException {
        return Provisioning.getInstance().getProxyAuthToken(str, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element proxyRequest(Element element, Map<String, Object> map, Server server, ZimbraSoapContext zimbraSoapContext) throws ServiceException {
        Element proxyWithNotification;
        SoapEngine soapEngine = (SoapEngine) map.get(SoapEngine.ZIMBRA_ENGINE);
        boolean equalsIgnoreCase = getLocalHostId().equalsIgnoreCase(server.getId());
        if (equalsIgnoreCase) {
            zimbraSoapContext.resetProxyAuthToken();
        }
        if (zimbraSoapContext.getRequestedAccountId() != null) {
            try {
                AuthToken authToken = zimbraSoapContext.getAuthToken();
                String proxyAuthToken = getProxyAuthToken(zimbraSoapContext.getRequestedAccountId(), map);
                if (authToken != null && (authToken.getProxyAuthToken() == null || !authToken.getProxyAuthToken().equals(proxyAuthToken))) {
                    authToken.setProxyAuthToken(proxyAuthToken);
                }
            } catch (ServiceException e) {
                ZimbraLog.soap.warn("failed to set proxy auth token", e);
            }
        }
        element.detach();
        if (!equalsIgnoreCase || soapEngine == null) {
            preProxy(element, map);
            proxyWithNotification = proxyWithNotification(element, new ProxyTarget(server.getId(), zimbraSoapContext.getAuthToken(), (HttpServletRequest) map.get(SoapServlet.SERVLET_REQUEST)), zimbraSoapContext, (Session) map.get(SoapEngine.ZIMBRA_SESSION));
            postProxy(element, proxyWithNotification, map);
        } else {
            HashMap hashMap = new HashMap(map);
            hashMap.put(SoapEngine.ZIMBRA_ENGINE, soapEngine);
            hashMap.put(SoapEngine.ZIMBRA_CONTEXT, zimbraSoapContext);
            proxyWithNotification = soapEngine.dispatchRequest(element, hashMap, zimbraSoapContext);
            if (zimbraSoapContext.getResponseProtocol().isFault(proxyWithNotification)) {
                zimbraSoapContext.getResponseProtocol().updateArgumentsForRemoteFault(proxyWithNotification, zimbraSoapContext.getRequestedAccountId());
                throw new SoapFaultException("error in proxied request", true, proxyWithNotification);
            }
        }
        return proxyWithNotification;
    }

    public static Element proxyWithNotification(Element element, ProxyTarget proxyTarget, ZimbraSoapContext zimbraSoapContext, ZimbraSoapContext zimbraSoapContext2) throws ServiceException {
        return proxyWithNotification(element, proxyTarget, zimbraSoapContext, getReferencedSession(zimbraSoapContext2));
    }

    public static Element proxyWithNotification(Element element, ProxyTarget proxyTarget, ZimbraSoapContext zimbraSoapContext, Session session) throws ServiceException {
        Server server = proxyTarget.getServer();
        boolean equalsIgnoreCase = getLocalHostId().equalsIgnoreCase(server.getId());
        if (equalsIgnoreCase) {
            zimbraSoapContext.resetProxyAuthToken();
        }
        if (zimbraSoapContext.isNotificationEnabled()) {
            if (session instanceof SoapSession.DelegateSession) {
                session = ((SoapSession.DelegateSession) session).getParentSession();
            }
            if (!(session instanceof SoapSession) || session.getMailbox() == null) {
                zimbraSoapContext.disableNotifications();
            } else if (equalsIgnoreCase) {
                zimbraSoapContext.setProxySession(session.getSessionId());
            } else {
                zimbraSoapContext.setProxySession(((SoapSession) session).getRemoteSessionId(server));
            }
        }
        Pair<Element, Element> execute = proxyTarget.execute(element, zimbraSoapContext);
        if ((session instanceof SoapSession) && zimbraSoapContext.isNotificationEnabled()) {
            ((SoapSession) session).handleRemoteNotifications(server, (Element) execute.getFirst());
        }
        return ((Element) execute.getSecond()).detach();
    }

    private String getAccountLogName(Provisioning provisioning, String str) {
        if (str == null) {
            return OperationContextData.GranteeNames.EMPTY_NAME;
        }
        try {
            Account account = provisioning.get(Provisioning.AccountBy.id, str);
            if (account != null) {
                return account.getName();
            }
        } catch (ServiceException e) {
        }
        return str;
    }

    public void logAuditAccess(String str, String str2, String str3) {
        if (ZimbraLog.misc.isInfoEnabled()) {
            String substring = this.mResponseQName.getQualifiedName().substring(0, this.mResponseQName.getQualifiedName().length() - 8);
            Provisioning provisioning = Provisioning.getInstance();
            String accountLogName = getAccountLogName(provisioning, str);
            ZimbraLog.misc.info("delegated access: doc=" + substring + (str == null ? OperationContextData.GranteeNames.EMPTY_NAME : ", delegating account=" + accountLogName) + ", authenticated account=" + getAccountLogName(provisioning, str2) + ", target account=" + getAccountLogName(provisioning, str3));
        }
    }
}
