package org.ow2.contrail.provider.vep;

import java.io.InputStream;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.ow2.contrail.provider.vep.SchedulerClient.SchedulerClient;
import org.restlet.data.Form;
import org.restlet.data.MediaType;
import org.restlet.ext.fileupload.RestletFileUpload;
import org.restlet.representation.Representation;
import org.restlet.representation.StringRepresentation;
import org.restlet.resource.Post;
import org.restlet.resource.ResourceException;
import org.restlet.resource.ServerResource;

/* loaded from: input_file:org/ow2/contrail/provider/vep/RestAdminUserManagement.class */
public class RestAdminUserManagement extends ServerResource {
    private Logger logger = Logger.getLogger("VEP.RestAdminUserManagement");
    private DBHandler db = new DBHandler("RestAdminUserAccount", VEPHelperMethods.getProperty("vepdb.choice", this.logger));

    @Post
    public Representation getResult(Representation representation) throws ResourceException {
        StringBuilder sb = new StringBuilder();
        sb.append(VEPHelperMethods.getRESTwebHeader(true, true, false));
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        String str = "";
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String str5 = (String) getRequest().getAttributes().get(SchedulerClient.ACTION);
        if (MediaType.MULTIPART_FORM_DATA.equals(representation.getMediaType(), true) && str5.equalsIgnoreCase("addcert")) {
            int i = -1;
            str = "addcert";
            z2 = false;
            z3 = false;
            DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
            diskFileItemFactory.setSizeThreshold(1000240);
            try {
                Iterator it = new RestletFileUpload(diskFileItemFactory).parseRequest(getRequest()).iterator();
                while (it.hasNext() && !z2) {
                    FileItem fileItem = (FileItem) it.next();
                    if (fileItem.isFormField()) {
                        if (fileItem.getFieldName().equals("userid")) {
                            i = Integer.parseInt(fileItem.getString());
                        }
                        if (fileItem.getFieldName().equals("username")) {
                            str2 = fileItem.getString().trim();
                        }
                        if (fileItem.getFieldName().equals("password")) {
                            str3 = fileItem.getString().trim();
                            try {
                                if (VEPHelperMethods.testDBconsistency()) {
                                    ResultSet query = this.db.query("select", "*", "user", "where username='" + str2 + "'");
                                    if (query.next() && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase(query.getString("password")) && query.getString("role").equalsIgnoreCase("administrator")) {
                                        z = true;
                                    }
                                } else if (str2.equalsIgnoreCase("admin") && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase("789b49606c321c8cf228d17942608eff0ccc4171")) {
                                    z = true;
                                }
                            } catch (Exception e) {
                                this.logger.warn("Admin authentication resulted in exception.");
                                this.logger.debug("Exception Caught: ", e);
                                z = false;
                            }
                        }
                    }
                    if (fileItem.getFieldName().equals("certfile") && i != -1 && z) {
                        this.logger.info("AddCert: trying to store certificate into table for userid = " + i);
                        try {
                            InputStream inputStream = fileItem.getInputStream();
                            if (inputStream.available() > 0) {
                                PreparedStatement prepareStatement = DBHandler.dbHandle.prepareStatement("UPDATE user SET certificate = ? WHERE id = " + i);
                                prepareStatement.setBytes(1, IOUtils.toByteArray(inputStream));
                                prepareStatement.execute();
                                z2 = true;
                            }
                        } catch (Exception e2) {
                            z2 = false;
                            this.logger.warn("AddCert Routine: Certificate storage resulted in exception.");
                            this.logger.debug("Exception Caught: ", e2);
                        }
                    }
                }
                if (i == -1 || !z2 || !z) {
                    str4 = str4 + "Improper data provided. Check user selection and certificate file choice. ";
                }
            } catch (Exception e3) {
                this.logger.debug("Exception Caught: ", e3);
            }
            z = true;
        } else if (MediaType.MULTIPART_FORM_DATA.equals(representation.getMediaType(), true) && str5.equalsIgnoreCase("updateuser")) {
            int i2 = -1;
            String str6 = "";
            str = "updateuser";
            z2 = false;
            z3 = false;
            DiskFileItemFactory diskFileItemFactory2 = new DiskFileItemFactory();
            diskFileItemFactory2.setSizeThreshold(1000240);
            try {
                for (FileItem fileItem2 : new RestletFileUpload(diskFileItemFactory2).parseRequest(getRequest())) {
                    if (fileItem2.isFormField()) {
                        if (fileItem2.getFieldName().equals("userid")) {
                            i2 = Integer.parseInt(fileItem2.getString());
                        }
                        if (fileItem2.getFieldName().equals("username")) {
                            str2 = fileItem2.getString().trim();
                        }
                        if (fileItem2.getFieldName().equals("password")) {
                            str3 = fileItem2.getString().trim();
                            try {
                                if (VEPHelperMethods.testDBconsistency()) {
                                    ResultSet query2 = this.db.query("select", "*", "user", "where username='" + str2 + "'");
                                    if (query2.next() && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase(query2.getString("password")) && query2.getString("role").equalsIgnoreCase("administrator")) {
                                        z = true;
                                    }
                                } else if (str2.equalsIgnoreCase("admin") && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase("789b49606c321c8cf228d17942608eff0ccc4171")) {
                                    z = true;
                                }
                            } catch (Exception e4) {
                                this.logger.warn("Admin authentication resulted in exception.");
                                this.logger.debug("Exception Caught: ", e4);
                                z = false;
                            }
                        }
                        if (fileItem2.getFieldName().equals("role")) {
                            str6 = fileItem2.getString().trim();
                        }
                    }
                    if (fileItem2.getFieldName().equals("certfile") && i2 != -1 && z) {
                        this.logger.info("UpdateUser: trying to update certificate into table for userid = " + i2);
                        try {
                            InputStream inputStream2 = fileItem2.getInputStream();
                            if (inputStream2.available() > 0) {
                                PreparedStatement prepareStatement2 = DBHandler.dbHandle.prepareStatement("UPDATE user SET certificate = ? WHERE id = " + i2);
                                prepareStatement2.setBytes(1, IOUtils.toByteArray(inputStream2));
                                prepareStatement2.execute();
                                z2 = true;
                            }
                        } catch (Exception e5) {
                            z2 = false;
                            this.logger.warn("UpdateUser Routine: Certificate storage resulted in exception.");
                            this.logger.debug("Exception Caught: ", e5);
                        }
                    }
                    if (fileItem2.getFieldName().equals("role") && i2 != -1 && z) {
                        this.logger.info("UpdateUser: trying to update role into table for userid = " + i2);
                        try {
                            if (str6.length() > 0) {
                                PreparedStatement prepareStatement3 = DBHandler.dbHandle.prepareStatement("UPDATE user SET role = ? WHERE id = " + i2);
                                prepareStatement3.setString(1, str6);
                                prepareStatement3.execute();
                                z3 = true;
                            }
                        } catch (Exception e6) {
                            this.logger.warn("AddCert Routine: Role update process resulted in exception.");
                            z3 = false;
                            this.logger.debug("Exception Caught: ", e6);
                        }
                    }
                }
                if (i2 == -1 || (!z2 && !z3)) {
                    str4 = str4 + "Improper data provided. Check user selection and certificate file or role value. ";
                }
            } catch (Exception e7) {
                this.logger.debug("Exception Caught: ", e7);
            }
        } else {
            Map valuesMap = new Form(representation).getValuesMap();
            Set keySet = valuesMap.keySet();
            Collection values = valuesMap.values();
            Iterator it2 = keySet.iterator();
            Iterator it3 = values.iterator();
            while (it2.hasNext() && it3.hasNext()) {
                String str7 = (String) it2.next();
                String str8 = (String) it3.next();
                if (str7.equalsIgnoreCase("username")) {
                    str2 = str8;
                }
                if (str7.equalsIgnoreCase("password")) {
                    str3 = str8;
                }
            }
            try {
                if (VEPHelperMethods.testDBconsistency()) {
                    ResultSet query3 = this.db.query("select", "*", "user", "where username='" + str2 + "'");
                    if (query3.next() && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase(query3.getString("password")) && query3.getString("role").equalsIgnoreCase("administrator")) {
                        z = true;
                    }
                } else if (str2.equalsIgnoreCase("admin") && VEPHelperMethods.makeSHA1Hash(str3).equalsIgnoreCase("789b49606c321c8cf228d17942608eff0ccc4171")) {
                    z = true;
                }
            } catch (Exception e8) {
                this.logger.warn("Admin authentication resulted in exception.");
                this.logger.debug("Exception Caught: ", e8);
                z = false;
            }
        }
        if (z) {
            sb.append("<b>Welcome to VEP Service Management Page</b><br>");
            sb.append(str2).append(", you can manage individual user's account in this page!<hr>");
            sb.append("<table><tr><td valign='top' width='790' style='font-family:Verdana;font-size:9pt;'>");
            if (str5 == null) {
                HashMap hashMap = new HashMap();
                try {
                    ResultSet query4 = this.db.query("select", "*", "user", "WHERE certificate IS '' OR certificate IS null");
                    while (query4.next()) {
                        hashMap.put(Integer.valueOf(query4.getInt("id")), query4.getString("username"));
                    }
                } catch (Exception e9) {
                    this.logger.debug("Exception Caught: ", e9);
                }
                sb.append("For any newly created user account, you can generate a user certificate and upload to the server. Please select from the drop down list of newly created ").append("account that you wish to act on:<br><br>");
                sb.append("<form  enctype='multipart/form-data' name='editnewuser' action='../admin/usermanagement/addcert' method='post' style='font-family:Verdana;font-size:9pt;color:white;'>");
                sb.append("<table style='font-family:Verdana;font-size:9pt;background:white;color:black;border-style:dotted;border-color:green;border-width:1px;'>");
                sb.append("<input type='hidden' name='username' value='").append(str2).append("'>");
                sb.append("<input type='hidden' name='password' value='").append(str3).append("'>");
                sb.append("<tr><td>Select the user account<td align='left'><select name='userid'><option value='-1'>Not selected</option>");
                for (Map.Entry entry : hashMap.entrySet()) {
                    sb.append("<option value='").append(entry.getKey()).append("'>").append((String) entry.getValue()).append("</option>");
                }
                sb.append("</select><td>");
                sb.append("<tr><td>Certificate Path (.pfx)<td align='right'><input type='file' name='certfile' size='40'>");
                sb.append("<td align='right'><input type='submit' value='add certificate'>");
                sb.append("</table></form><br>");
                sb.append("You can change roles and update user certificate for existing users below:<br><br>");
                sb.append("<form  enctype='multipart/form-data' name='updateuser' action='../admin/usermanagement/updateuser' method='post' style='font-family:Verdana;font-size:9pt;color:white;'>");
                sb.append("<table style='font-family:Verdana;font-size:9pt;background:white;color:black;border-style:dotted;border-color:brown;border-width:1px;'>");
                sb.append("<input type='hidden' name='username' value='").append(str2).append("'>");
                sb.append("<input type='hidden' name='password' value='").append(str3).append("'>");
                sb.append("<tr><td>Select the user account<td align='left'><select name='userid'><option value='-1'>Not selected</option>");
                HashMap hashMap2 = new HashMap();
                try {
                    ResultSet query5 = this.db.query("select", "*", "user", "");
                    while (query5.next()) {
                        hashMap2.put(Integer.valueOf(query5.getInt("id")), query5.getString("username"));
                    }
                } catch (Exception e10) {
                    this.logger.debug("Exception Caught: ", e10);
                }
                for (Map.Entry entry2 : hashMap2.entrySet()) {
                    sb.append("<option value='").append(entry2.getKey()).append("'>").append((String) entry2.getValue()).append("</option>");
                }
                sb.append("</select>");
                sb.append("<tr><td>Certificate Path (.pfx)<td align='left'><input type='file' name='certfile' size='39'>");
                sb.append("<tr><td>Role (leave empty to keep the existing role)<td align='left'><input type='text' name='role' size='39'>(administrator or user)");
                sb.append("<tr><td><td align='left'><input type='submit' value='update account'>");
                sb.append("</table></form><br>");
                sb.append("<td valign='top'>");
                sb.append("<form name='goback' action='../admin/dologin' method='post' style='font-family:Verdana;font-size:8pt;'>");
                sb.append("<table style='font-family:Verdana;font-size:8pt;background:#FFFFFF;'>");
                sb.append("<input type='hidden' name='username' value='").append(str2).append("'>");
                sb.append("<input type='hidden' name='password' value='").append(str3).append("'>");
                sb.append("<tr><td><td align='right'><input type='submit' value='cancel and go back'>");
                sb.append("</table></form>");
            } else if (str.equalsIgnoreCase("addcert")) {
                if (z2) {
                    sb.append("<font color='green'>The user certificate was uploaded successfully!</font><br><br>");
                    sb.append("<form name='proceed' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='proceed'></form>");
                } else {
                    sb.append("<br><br><font color='red'>").append(str4).append("</font><br><br>");
                    sb.append("<form name='goback' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='go back'></form>");
                }
            } else if (str.equalsIgnoreCase("updateuser")) {
                if (!z2 && !z3) {
                    sb.append("<br><br><font color='red'>").append(str4 + "User role and the certificate were left unchanged. ").append("</font><br><br>");
                    sb.append("<form name='goback' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='go back'></form>");
                } else if (!z2 && z3) {
                    sb.append("<font color='green'>The user certificate was left unchanged and the role was updated successfully!</font><br><br>");
                    sb.append("<form name='proceed' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='proceed'></form>");
                } else if (z2 && !z3) {
                    sb.append("<font color='green'>The user certificate was updated and the role was left unchanged!</font><br><br>");
                    sb.append("<form name='proceed' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='proceed'></form>");
                } else if (z2 && z3) {
                    sb.append("<font color='green'>The user certificate and the role were updated successfully!</font><br><br>");
                    sb.append("<form name='proceed' action='../usermanagement' method='post'>").append("<input type='hidden' name='username' value='").append(str2).append("'>").append("<input type='hidden' name='password' value='").append(str3).append("'>").append("<input type='submit' value='proceed'></form>");
                }
            }
            sb.append("</table>");
        } else {
            sb.append("<br><br><font color='red'>Unauthorized access, login and try again,</font><br><br>");
            sb.append("<form name='goback' action='../admin/' method='get'>").append("<input type='submit' value='go back'></form>");
        }
        sb.append(VEPHelperMethods.getRESTwebFooter());
        return new StringRepresentation(sb.toString(), MediaType.TEXT_HTML);
    }
}
