package org.jdesktop.wonderland.modules.securitysession.auth.web;

import java.io.IOException;
import java.net.URLEncoder;
import java.security.Principal;
import javax.persistence.EntityManagerFactory;
import javax.persistence.PersistenceUnit;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jdesktop.wonderland.modules.securitysession.auth.weblib.db.UserDAO;
import org.jdesktop.wonderland.modules.securitysession.auth.weblib.db.UserEntity;

/* loaded from: input_file:web/security-session-auth.war:WEB-INF/classes/org/jdesktop/wonderland/modules/securitysession/auth/web/UserManagerServlet.class */
public class UserManagerServlet extends HttpServlet {

    @PersistenceUnit(unitName = "WonderlandUserPU")
    private EntityManagerFactory emf;

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        UserDAO userDAO = new UserDAO(this.emf);
        boolean isUserInRole = httpServletRequest.isUserInRole("admin");
        String parameter = httpServletRequest.getParameter("action");
        if (parameter == null) {
            parameter = isUserInRole ? "view" : "edit";
        }
        String parameter2 = httpServletRequest.getParameter("id");
        UserEntity userEntity = null;
        if (parameter2 == null && !isUserInRole && httpServletRequest.getUserPrincipal() != null) {
            parameter2 = httpServletRequest.getUserPrincipal().getName();
        }
        if (parameter2 != null) {
            userEntity = userDAO.getUser(parameter2);
        }
        if (parameter.equalsIgnoreCase("edit")) {
            doEdit(httpServletRequest, httpServletResponse, userEntity, false);
            return;
        }
        if (parameter.equalsIgnoreCase("create")) {
            doEdit(httpServletRequest, httpServletResponse, null, true);
            return;
        }
        if (parameter.equalsIgnoreCase("remove")) {
            doRemove(httpServletRequest, httpServletResponse, userEntity, userDAO);
        } else if (parameter.equalsIgnoreCase("save")) {
            doSave(httpServletRequest, httpServletResponse, userEntity, userDAO);
        } else {
            doView(httpServletRequest, httpServletResponse, userDAO);
        }
    }

    protected void doView(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserDAO userDAO) throws ServletException, IOException {
        if (checkAdmin(httpServletRequest, httpServletResponse)) {
            httpServletRequest.setAttribute("users", userDAO.getUsers());
            getServletContext().getRequestDispatcher("/view.jsp").forward(httpServletRequest, httpServletResponse);
        }
    }

    protected void doEdit(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserEntity userEntity, boolean z) throws ServletException, IOException {
        if (z) {
            if (!checkAdmin(httpServletRequest, httpServletResponse)) {
                return;
            } else {
                httpServletRequest.setAttribute("create", "true");
            }
        }
        if (userEntity == null) {
            userEntity = new UserEntity();
        }
        httpServletRequest.setAttribute("user", userEntity);
        getServletContext().getRequestDispatcher("/edit.jsp").forward(httpServletRequest, httpServletResponse);
    }

    protected void doSave(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserEntity userEntity, UserDAO userDAO) throws ServletException, IOException {
        boolean equalsIgnoreCase = httpServletRequest.getParameter("create").equalsIgnoreCase("true");
        try {
            UserEntity user = getUser(httpServletRequest);
            if (checkOwner(httpServletRequest, httpServletResponse, user.getId())) {
                if (!equalsIgnoreCase || userEntity == null) {
                    userDAO.updateUser(user);
                    redirectToView(httpServletResponse);
                } else {
                    httpServletRequest.setAttribute("error", "Duplicate user id: " + user.getId());
                    doEdit(httpServletRequest, httpServletResponse, user, true);
                }
            }
        } catch (IllegalArgumentException e) {
            httpServletRequest.setAttribute("error", e.getMessage());
            doEdit(httpServletRequest, httpServletResponse, userEntity, equalsIgnoreCase);
        }
    }

    protected void doRemove(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UserEntity userEntity, UserDAO userDAO) throws ServletException, IOException {
        if (userEntity == null) {
            httpServletRequest.setAttribute("error", "Unknown user " + httpServletRequest.getParameter("id"));
            doView(httpServletRequest, httpServletResponse, userDAO);
        } else if (checkOwner(httpServletRequest, httpServletResponse, userEntity.getId())) {
            userDAO.removeUser(userEntity.getId());
            redirectToView(httpServletResponse);
        }
    }

    protected UserEntity getUser(HttpServletRequest httpServletRequest) throws IllegalArgumentException {
        UserEntity userEntity = new UserEntity();
        userEntity.setId(httpServletRequest.getParameter("id"));
        userEntity.setFullname(httpServletRequest.getParameter("fullname"));
        userEntity.setEmail(httpServletRequest.getParameter("email"));
        String parameter = httpServletRequest.getParameter("password");
        String parameter2 = httpServletRequest.getParameter("confirmPassword");
        if (parameter2 != null && parameter2.length() > 0) {
            if (!parameter2.equals(parameter)) {
                throw new IllegalArgumentException("Passwords don't match.");
            }
            userEntity.setPassword(parameter);
        }
        return userEntity;
    }

    protected void redirectToView(HttpServletResponse httpServletResponse) throws IOException {
        redirectTo(httpServletResponse, "/security-session-auth/security-session-auth/users");
    }

    protected void redirectTo(HttpServletResponse httpServletResponse, String str) throws IOException {
        String str2 = "/wonderland-web-front/admin?pageURL=" + URLEncoder.encode(str, "utf-8");
        httpServletResponse.getWriter().println("<script>");
        httpServletResponse.getWriter().println("parent.location.replace('" + str2 + "');");
        httpServletResponse.getWriter().println("</script>");
        httpServletResponse.getWriter().close();
    }

    protected boolean checkAdmin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (httpServletRequest.isUserInRole("admin")) {
            return true;
        }
        httpServletResponse.sendError(401, "Admin access is required.");
        return false;
    }

    protected boolean checkOwner(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        if (httpServletRequest.isUserInRole("admin")) {
            return true;
        }
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal != null && userPrincipal.getName().equals(str)) {
            return true;
        }
        httpServletResponse.sendError(401, "Only the owner is allowed to edit user " + str);
        return false;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    public String getServletInfo() {
        return "Short description";
    }
}
