package edu.internet2.middleware.grouper.ui;

import edu.internet2.middleware.grouper.Group;
import edu.internet2.middleware.grouper.GroupFinder;
import edu.internet2.middleware.grouper.GrouperSession;
import edu.internet2.middleware.grouper.MemberFinder;
import edu.internet2.middleware.grouper.Stem;
import edu.internet2.middleware.grouper.StemFinder;
import edu.internet2.middleware.grouper.StemSave;
import edu.internet2.middleware.grouper.SubjectFinder;
import edu.internet2.middleware.grouper.audit.GrouperEngineBuiltin;
import edu.internet2.middleware.grouper.authentication.GrouperPassword;
import edu.internet2.middleware.grouper.cfg.GrouperHibernateConfig;
import edu.internet2.middleware.grouper.cfg.text.GrouperTextContainer;
import edu.internet2.middleware.grouper.exception.GrouperSessionException;
import edu.internet2.middleware.grouper.grouperUi.beans.ContextContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.RequestContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.SessionContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiResponseJs;
import edu.internet2.middleware.grouper.grouperUi.beans.json.GuiScreenAction;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.GrouperRequestContainer;
import edu.internet2.middleware.grouper.grouperUi.beans.ui.TextContainer;
import edu.internet2.middleware.grouper.grouperUi.serviceLogic.UiV2ExternalSubjectSelfRegister;
import edu.internet2.middleware.grouper.hibernate.GrouperContext;
import edu.internet2.middleware.grouper.hooks.beans.GrouperContextTypeBuiltIn;
import edu.internet2.middleware.grouper.hooks.beans.HooksContext;
import edu.internet2.middleware.grouper.instrumentation.InstrumentationDataBuiltinTypes;
import edu.internet2.middleware.grouper.instrumentation.InstrumentationThread;
import edu.internet2.middleware.grouper.j2ee.Authentication;
import edu.internet2.middleware.grouper.j2ee.GrouperRequestWrapper;
import edu.internet2.middleware.grouper.j2ee.ServletRequestUtils;
import edu.internet2.middleware.grouper.j2ee.status.GrouperStatusServlet;
import edu.internet2.middleware.grouper.misc.GrouperSessionHandler;
import edu.internet2.middleware.grouper.misc.GrouperStartup;
import edu.internet2.middleware.grouper.privs.NamingPrivilege;
import edu.internet2.middleware.grouper.privs.PrivilegeHelper;
import edu.internet2.middleware.grouper.session.GrouperSessionResult;
import edu.internet2.middleware.grouper.ui.exceptions.ControllerDone;
import edu.internet2.middleware.grouper.ui.util.GrouperUiConfig;
import edu.internet2.middleware.grouper.ui.util.GrouperUiUtils;
import edu.internet2.middleware.grouper.util.GrouperEmail;
import edu.internet2.middleware.grouper.util.GrouperThreadLocalState;
import edu.internet2.middleware.grouper.util.GrouperUtil;
import edu.internet2.middleware.grouperClient.config.GrouperUiApiTextConfig;
import edu.internet2.middleware.grouperClient.util.ExpirableCache;
import edu.internet2.middleware.subject.Subject;
import edu.internet2.middleware.subject.SubjectNotFoundException;
import edu.internet2.middleware.subject.SubjectNotUniqueException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.Principal;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.ResourceBundle;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.jstl.fmt.LocalizationContext;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileItemFactory;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.apache.commons.logging.Log;
import org.apache.tools.bzip2.BZip2Constants;

/* loaded from: input_file:WEB-INF/lib/grouper-ui-4.9.2.jar:edu/internet2/middleware/grouper/ui/GrouperUiFilter.class */
public class GrouperUiFilter implements Filter {
    private static ExpirableCache<Boolean, String> oidcConfigIdCache = new ExpirableCache<>(5);
    private static FileItemFactory fileItemFactory;
    private static ServletFileUpload upload;
    private static Log LOG;
    private static final long serialVersionUID = 1;
    private static boolean inittedOnce;
    private static ThreadLocal<HttpServlet> threadLocalServlet;
    private static ThreadLocal<Boolean> threadLocalInInit;
    private static ThreadLocal<HttpServletRequest> threadLocalRequest;
    private static ThreadLocal<Long> threadLocalRequestStartMillis;
    private static ThreadLocal<HttpServletResponse> threadLocalResponse;

    /* loaded from: input_file:WEB-INF/lib/grouper-ui-4.9.2.jar:edu/internet2/middleware/grouper/ui/GrouperUiFilter$UiSection.class */
    public enum UiSection implements Serializable {
        ANONYMOUS(null, null) { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection.1
            @Override // edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection
            public boolean isAnonymous() {
                return true;
            }
        },
        EXTERNAL(null, null) { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection.2
            @Override // edu.internet2.middleware.grouper.ui.GrouperUiFilter.UiSection
            public boolean isAnonymous() {
                return true;
            }
        },
        ADMIN_UI("require.group.for.logins", null),
        INVITE_EXTERNAL_SUBJECTS("require.group.for.inviteExternalSubjects.logins", null);

        private String mediaKey;
        private Set<UiSection> uiSectionsThatAllowThisSection;

        public boolean isAnonymous() {
            return false;
        }

        public Set<UiSection> getUiSectionsThatAllowThisSection() {
            if (this.uiSectionsThatAllowThisSection == null) {
                this.uiSectionsThatAllowThisSection = new LinkedHashSet();
            }
            if (!this.uiSectionsThatAllowThisSection.contains(this)) {
                LinkedHashSet linkedHashSet = new LinkedHashSet();
                linkedHashSet.add(this);
                linkedHashSet.addAll(GrouperUtil.nonNull((Set) this.uiSectionsThatAllowThisSection));
                this.uiSectionsThatAllowThisSection = linkedHashSet;
            }
            return this.uiSectionsThatAllowThisSection;
        }

        UiSection(String str, Set set) {
            this.mediaKey = str;
            this.uiSectionsThatAllowThisSection = set;
        }

        public String getMediaKey() {
            return this.mediaKey;
        }
    }

    public static Locale retrieveLocale() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        if (retrieveHttpServletRequest == null) {
            return null;
        }
        return retrieveHttpServletRequest.getLocale();
    }

    public static ResourceBundle retrieveSessionNavResourceBundle() {
        return ((LocalizationContext) retrieveHttpServletRequest().getSession().getAttribute("nav")).getResourceBundle();
    }

    public static ResourceBundle retrieveSessionMediaResourceBundle() {
        HttpSession session = retrieveHttpServletRequest().getSession(false);
        LocalizationContext localizationContext = null;
        if (session != null) {
            localizationContext = (LocalizationContext) session.getAttribute("media");
        }
        if (localizationContext != null) {
            return localizationContext.getResourceBundle();
        }
        throw new RuntimeException("Cant find media bundle");
    }

    public static Map<String, String> retrieveSessionMediaNullMapResourceBundle() {
        HttpSession session = retrieveHttpServletRequest().getSession(false);
        if (session != null) {
            return (Map) session.getAttribute("mediaNullMap");
        }
        throw new RuntimeException("Cant find media bundle");
    }

    public static Properties retrieveMediaProperties() {
        Properties properties = new Properties();
        properties.putAll(GrouperUtil.propertiesFromResourceName("resources/grouper/media.properties"));
        if (GrouperUtil.computeUrl("resources/custom/media.properties", true) != null) {
            properties.putAll(GrouperUtil.propertiesFromResourceName("resources/custom/media.properties"));
        }
        properties.putAll(GrouperUiConfig.retrieveConfig().properties());
        return properties;
    }

    public static List<FileItem> fileItems() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        List<FileItem> list = (List) retrieveHttpServletRequest.getAttribute("fileItems");
        if (list == null) {
            try {
                list = upload.parseRequest(retrieveHttpServletRequest);
                retrieveHttpServletRequest.setAttribute("fileItems", list);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
        return list;
    }

    public static Set<String> requestParameterNamesByPrefix(String str) {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Enumeration parameterNames = retrieveHttpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (str2.startsWith(str)) {
                linkedHashSet.add(str2);
            }
        }
        return linkedHashSet;
    }

    public static long retrieveRequestStartMillis() {
        return GrouperUtil.longValue(threadLocalRequestStartMillis.get(), 0L);
    }

    @Deprecated
    public static String retrieveUserPrincipalNameFromRequest() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        GrouperUtil.assertion(retrieveHttpServletRequest != null, "HttpServletRequest is null, is the GrouperServiceServlet mapped in the web.xml?");
        Principal userPrincipal = retrieveHttpServletRequest.getUserPrincipal();
        GrouperUtil.assertion(userPrincipal != null, "There is no user logged in, make sure the container requires authentication");
        return userPrincipal.getName();
    }

    public static Subject retrieveSubjectLoggedIn() {
        Subject subjectLoggedIn = SessionContainer.retrieveFromSession().getSubjectLoggedIn();
        return subjectLoggedIn != null ? subjectLoggedIn : retrieveSubjectLoggedIn(false, null);
    }

    public static Subject retrieveSubjectLoggedIn(boolean z, HttpServletResponse httpServletResponse) {
        Subject retrieveSubjectLoggedInHelper = retrieveSubjectLoggedInHelper(z);
        if (retrieveSubjectLoggedInHelper != null) {
            SessionContainer.retrieveFromSession().setSubjectLoggedIn(retrieveSubjectLoggedInHelper);
        }
        return retrieveSubjectLoggedInHelper;
    }

    private static Subject retrieveSubjectLoggedInHelper(boolean z) {
        Subject subject;
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        String str = (String) retrieveHttpServletRequest.getSession().getAttribute("authUser");
        String remoteUser = remoteUser(retrieveHttpServletRequest);
        if (!StringUtils.isBlank(str) && !StringUtils.equals(str, remoteUser) && !GrouperUiConfig.retrieveConfig().propertyValueBoolean("grouper.ui.authentication.allowUserIdSwitching", false)) {
            retrieveHttpServletRequest.getSession().invalidate();
            throw new RuntimeException("New user logged in!  was: '" + str + "', and now is: '" + remoteUser + "'");
        }
        retrieveHttpServletRequest.getSession().setAttribute("authUser", remoteUser);
        GrouperSession grouperSession = SessionInitialiser.getGrouperSession(retrieveHttpServletRequest.getSession());
        if (grouperSession != null && grouperSession.getSubject() != null) {
            return grouperSession.getSubject();
        }
        Subject subjectLoggedIn = SessionContainer.retrieveFromSession().getSubjectLoggedIn();
        if (subjectLoggedIn != null) {
            return subjectLoggedIn;
        }
        if (StringUtils.isBlank(remoteUser)) {
            if (z) {
                return null;
            }
            throw new NoUserAuthenticatedException("Cant find logged in user");
        }
        GrouperSession startRootSession = GrouperSession.startRootSession();
        try {
            try {
                String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString("grouper.ui.authentication.sourceIds");
                if (StringUtils.isBlank(propertyValueString)) {
                    subject = SubjectFinder.findByIdOrIdentifier(remoteUser, true);
                } else {
                    Subject subject2 = null;
                    for (String str2 : GrouperUtil.splitTrim(propertyValueString, ",")) {
                        Subject findByIdOrIdentifierAndSource = SubjectFinder.findByIdOrIdentifierAndSource(remoteUser, str2, false);
                        if (findByIdOrIdentifierAndSource != null) {
                            if (subject2 != null) {
                                throw new SubjectNotUniqueException("Found multiple matching subjects: '" + remoteUser + "'");
                            }
                            subject2 = findByIdOrIdentifierAndSource;
                        }
                    }
                    subject = subject2;
                    if (subject == null) {
                        throw new SubjectNotFoundException("Cannot find subject by id or identifier: '" + remoteUser + "'");
                    }
                }
                GrouperSession.stopQuietly(startRootSession);
                return subject;
            } catch (RuntimeException e) {
                if ((e instanceof SubjectNotFoundException) && z) {
                    GrouperSession.stopQuietly(startRootSession);
                    return null;
                }
                GrouperUtil.injectInException(e, "Cant find subject from login id: " + remoteUser);
                throw e;
            }
        } catch (Throwable th) {
            GrouperSession.stopQuietly(startRootSession);
            throw th;
        }
    }

    private static void ensureUserAllowedInSection(UiSection uiSection, Subject subject, HttpServletResponse httpServletResponse) {
        if (subject == null && uiSection.isAnonymous()) {
            return;
        }
        Set nonNull = GrouperUtil.nonNull((Set) uiSection.getUiSectionsThatAllowThisSection());
        Iterator it = nonNull.iterator();
        while (it.hasNext()) {
            if (SessionContainer.retrieveFromSession().getAllowedUiSections().contains((UiSection) it.next())) {
                return;
            }
        }
        StringBuilder sb = new StringBuilder();
        Iterator it2 = nonNull.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            }
            String mediaKey = ((UiSection) it2.next()).getMediaKey();
            if (!StringUtils.isBlank(mediaKey)) {
                if (subject != null) {
                    String requireUiGroup = requireUiGroup(mediaKey, subject, true);
                    if (StringUtils.isBlank(requireUiGroup)) {
                        sb = new StringBuilder();
                        break;
                    }
                    sb.append(requireUiGroup).append(", ");
                } else {
                    try {
                        httpServletResponse.sendRedirect(retrieveServletContext() + "/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=anonymousSessionNotAllowed");
                        throw new ControllerDone();
                    } catch (IOException e) {
                        throw new RuntimeException("Error", e);
                    }
                }
            }
        }
        if (sb.length() <= 0) {
            SessionContainer.retrieveFromSession().getAllowedUiSections().add(uiSection);
            return;
        }
        String message = GrouperUiUtils.message("ui.error.not.in.required.group", false, true, GrouperUtil.subjectToString(subject), sb.substring(0, sb.length() - 2));
        LOG.error(message);
        GrouperUiUtils.appendErrorToRequest(message);
        if (!RequestContainer.retrieveFromRequest().isAjaxRequest()) {
            throw new RuntimeException(message);
        }
        GuiResponseJs.retrieveGuiResponseJs().addAction(GuiScreenAction.newAlert(GrouperUiUtils.message("simpleMembershipUpdate.notAllowedInUi")));
        throw new ControllerDone();
    }

    public static String requireUiGroup(String str, Subject subject, boolean z) {
        String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString(str);
        if (LOG.isDebugEnabled()) {
            LOG.debug("mediaKeyOfGroup: " + str + ", groupToRequire: " + propertyValueString + ", subject: " + GrouperUtil.subjectToString(subject));
        }
        if (StringUtils.isBlank(propertyValueString)) {
            if (z) {
                return null;
            }
            return str;
        }
        GrouperSession grouperSession = null;
        boolean z2 = false;
        try {
            try {
                grouperSession = GrouperSession.staticGrouperSession(false);
                if (grouperSession == null) {
                    grouperSession = GrouperSession.startRootSession();
                    z2 = true;
                }
                if (!PrivilegeHelper.isWheelOrRoot(grouperSession.getSubject())) {
                    grouperSession = grouperSession.internal_getRootSession();
                }
                Group findByName = GroupFinder.findByName(grouperSession, propertyValueString, true);
                if (subject != null) {
                    if (findByName.hasMember(subject)) {
                        if (z2) {
                            GrouperSession.stopQuietly(grouperSession);
                        }
                        return null;
                    }
                }
                return propertyValueString;
            } catch (Exception e) {
                throw new RuntimeException("Problem with user: " + GrouperUtil.subjectToString(subject) + ", " + propertyValueString, e);
            }
        } finally {
            if (z2) {
                GrouperSession.stopQuietly(grouperSession);
            }
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:134:0x03e7  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.lang.String remoteUser(javax.servlet.http.HttpServletRequest r5) {
        /*
            Method dump skipped, instructions count: 1014
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: edu.internet2.middleware.grouper.ui.GrouperUiFilter.remoteUser(javax.servlet.http.HttpServletRequest):java.lang.String");
    }

    public static String retrieveServletContext() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        if (retrieveHttpServletRequest == null) {
            throw new NullPointerException("No request");
        }
        String contextPath = retrieveHttpServletRequest.getContextPath();
        if (contextPath == null || "/".equals(contextPath)) {
            contextPath = "";
        }
        return contextPath;
    }

    public static UiSection uiSectionForRequest() {
        HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
        UiSection uiSection = (UiSection) retrieveHttpServletRequest.getAttribute("uiSectionForRequest");
        if (uiSection == null) {
            uiSection = uiSectionForRequestHelper(retrieveHttpServletRequest);
            retrieveHttpServletRequest.setAttribute("uiSectionForRequest", uiSection);
        }
        return uiSection;
    }

    private static UiSection uiSectionForRequestHelper(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (!requestURI.matches("^/[^/]+/$") && !requestURI.matches("^/[^/]+/index\\.jsp$") && !requestURI.matches("^/[^/]+/grouperExternal/app/[^/]+$") && !requestURI.matches("^/[^/]+/grouperExternal/public/UiV2Public\\.index$") && !requestURI.matches("^/[^/]+/grouperExternal/public/UiV2Public\\.postIndex$") && !requestURI.matches("^/[^/]+/grouperUi/app/UiV2Public\\.postIndex$")) {
            boolean matches = requestURI.matches("^/[^/]+/grouperExternal/app/[^/]+$");
            String parameter = httpServletRequest.getParameter("operation");
            String str = null;
            if (!StringUtils.isBlank(parameter)) {
                str = GrouperUtil.prefixOrSuffix(parameter, ".", true);
            }
            if (!matches) {
                return (StringUtils.isBlank(parameter) || !(str.equals("Misc") || str.equals("MiscMenu"))) ? UiSection.ADMIN_UI : UiSection.ANONYMOUS;
            }
            if (StringUtils.isBlank(str)) {
                return UiSection.ANONYMOUS;
            }
            if (str.startsWith(UiV2ExternalSubjectSelfRegister.class.getSimpleName())) {
                return UiSection.EXTERNAL;
            }
            throw new RuntimeException("Cannot use the external servlet for non external operations! '" + requestURI + "', '" + str + "'");
        }
        return UiSection.ANONYMOUS;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        GrouperStartup.startup();
        GrouperStartup.waitForGrouperStartup();
        InstrumentationThread.startThread(GrouperEngineBuiltin.UI, null);
        initOnce();
    }

    private static void initOnce() {
        if (inittedOnce) {
            return;
        }
        synchronized (GrouperUiFilter.class) {
            if (!inittedOnce) {
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("browser.debug.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.logins"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.membershipUpdateLite.logins"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.subjectPicker.logins"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.inviteExternalSubjects.logins"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("require.group.for.attributeUpdateLite.logins"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("grouperUi.autoCreateUserFolderName"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("simpleMembershipUpdate.subjectSearchRequireGroup"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("subjectPicker.defaultSettings.resultsMustBeInGroup"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.privilegeInheritanceUpdateRequireGroup"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.privilegeInheritanceReadRequireGroup"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.provisioning.must.be.in.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.loader.must.be.in.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.loader.edit.if.in.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.admin.instrumentation.must.be.in.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.admin.daemonJobs.must.be.in.group"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.admin.subjectApiDiagnostics.show"));
                initGroup(GrouperUiConfig.retrieveConfig().propertyValueString("uiV2.admin.subjectApiDiagnostics.must.be.in.group"));
                inittedOnce = true;
            }
        }
    }

    private static void initGroup(final String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.1
            @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
            public Object callback(GrouperSession grouperSession) throws GrouperSessionException {
                Group findByName = GroupFinder.findByName(grouperSession, str, false);
                if (findByName == null) {
                    return null;
                }
                GroupFinder.groupCacheAsRootAddSystemGroup(findByName);
                return null;
            }
        });
    }

    public static GrouperRequestWrapper initRequest(GrouperRequestWrapper grouperRequestWrapper, ServletResponse servletResponse) {
        boolean z = threadLocalInInit.get() != null && threadLocalInInit.get().booleanValue();
        threadLocalInInit.set(true);
        try {
            try {
                threadLocalServlet.remove();
                threadLocalRequest.set(grouperRequestWrapper);
                threadLocalResponse.set((HttpServletResponse) servletResponse);
                threadLocalRequestStartMillis.set(Long.valueOf(System.currentTimeMillis()));
                grouperRequestWrapper.init();
                String requestURI = grouperRequestWrapper.getRequestURI();
                if (requestURI.matches("^/[^/]+/grouper(Ui|External)/app/[^/]+$") && !requestURI.endsWith("/UiV2Main.index") && !requestURI.endsWith("/UiV2Public.index")) {
                    RequestContainer.retrieveFromRequest().setAjaxRequest(true);
                }
                HooksContext.clearThreadLocal();
                GrouperContextTypeBuiltIn.setDefaultContext(GrouperContextTypeBuiltIn.GROUPER_UI);
                HttpSession session = grouperRequestWrapper.getSession();
                String remoteUser = remoteUser(grouperRequestWrapper);
                Subject subject = null;
                GrouperSession grouperSession = SessionInitialiser.getGrouperSession(session);
                if (grouperSession != null) {
                    subject = grouperSession.getSubject();
                }
                UiSection uiSectionForRequest = uiSectionForRequest();
                if (subject == null && !StringUtils.isBlank(remoteUser)) {
                    try {
                        subject = retrieveSubjectLoggedIn();
                    } catch (Exception e) {
                        if (!uiSectionForRequest.isAnonymous()) {
                            LOG.error("Cant find login subject: " + remoteUser + ", " + uiSectionForRequest, e);
                            try {
                                ((HttpServletResponse) servletResponse).sendRedirect(retrieveServletContext() + "/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=authenticatedSubjectNotFound");
                                throw new ControllerDone();
                            } catch (IOException e2) {
                                throw new RuntimeException("Cant redirect", e2);
                            }
                        }
                    }
                }
                HooksContext.assignSubjectLoggedIn(subject);
                HooksContext.setAttributeThreadLocal(HooksContext.KEY_HTTP_SERVLET_REQUEST, grouperRequestWrapper, false);
                HooksContext.setAttributeThreadLocal(HooksContext.KEY_HTTP_SESSION, session, false);
                HooksContext.setAttributeThreadLocal(HooksContext.KEY_HTTP_SERVLET_RESPONSE, servletResponse, false);
                final GrouperContext createNewDefaultContext = GrouperContext.createNewDefaultContext(GrouperEngineBuiltin.UI, false, false);
                createNewDefaultContext.setCallerIpAddress(grouperRequestWrapper.getRemoteAddr());
                if (subject != null) {
                    final Subject subject2 = subject;
                    GrouperSession.internal_callbackRootGrouperSession(new GrouperSessionHandler() { // from class: edu.internet2.middleware.grouper.ui.GrouperUiFilter.2
                        @Override // edu.internet2.middleware.grouper.misc.GrouperSessionHandler
                        public Object callback(GrouperSession grouperSession2) throws GrouperSessionException {
                            createNewDefaultContext.setLoggedInMemberId(MemberFinder.findBySubject(grouperSession2, Subject.this, true).getUuid());
                            return null;
                        }
                    });
                }
                InstrumentationThread.addCount(InstrumentationDataBuiltinTypes.UI_REQUESTS.name());
                threadLocalInInit.remove();
                return grouperRequestWrapper;
            } catch (Throwable th) {
                threadLocalInInit.remove();
                throw th;
            }
        } catch (RuntimeException e3) {
            if (e3 instanceof ControllerDone) {
                throw e3;
            }
            LOG.error("error in init", e3);
            if (!z) {
                throw e3;
            }
            threadLocalInInit.remove();
            return null;
        }
    }

    public static void finallyRequest() {
        GrouperTextContainer.servletRequestThreadLocalClear();
        GrouperTextContainer.grouperRequestContainerThreadLocalClear();
        GrouperUiApiTextConfig.servletRequestThreadLocalClear();
        threadLocalRequest.remove();
        threadLocalResponse.remove();
        threadLocalRequestStartMillis.remove();
        threadLocalServlet.remove();
        HooksContext.clearThreadLocal();
        GrouperContext.deleteDefaultContext();
        GrouperThreadLocalState.removeCurrentThreadLocals();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        GrouperRequestWrapper grouperRequestWrapper = null;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            try {
                servletRequest.setCharacterEncoding("UTF-8");
                servletResponse.setCharacterEncoding("UTF-8");
                GrouperRequestWrapper grouperRequestWrapper2 = new GrouperRequestWrapper((HttpServletRequest) servletRequest);
                ((HttpServletResponse) servletResponse).setHeader("Cache-Control", "private, no-store, no-cache, must-revalidate");
                ((HttpServletResponse) servletResponse).setHeader("Pragma", "no-cache");
                ((HttpServletResponse) servletResponse).setHeader("Expires", "0");
                HttpSession session = grouperRequestWrapper2.getSession();
                if (GrouperHibernateConfig.retrieveConfig().propertyValueBoolean("grouper.is.ui.basicAuthn", false)) {
                    String header = grouperRequestWrapper2.getHeader("Authorization");
                    if (!new Authentication().authenticate(header, GrouperPassword.Application.UI, servletRequest.getRemoteAddr())) {
                        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Protected\"");
                        httpServletResponse.sendError(401, "Unauthorized");
                        sendErrorEmailIfNeeded();
                        finallyRequest();
                        ServletRequestUtils.requestEnd();
                        return;
                    }
                    session.setAttribute("REMOTE_USER", Authentication.retrieveUsername(header));
                    grouperRequestWrapper2.setAttribute("REMOTE_USER", session.getAttribute("REMOTE_USER"));
                }
                GrouperRequestWrapper initRequest = initRequest(grouperRequestWrapper2, servletResponse);
                try {
                    if (GrouperUiConfig.retrieveConfig().propertyValueBoolean("debugSessionSerialization", false)) {
                        HttpSession session2 = initRequest.getSession();
                        Enumeration attributeNames = session2.getAttributeNames();
                        while (attributeNames.hasMoreElements()) {
                            String str = (String) attributeNames.nextElement();
                            Object attribute = session2.getAttribute(str);
                            try {
                                new ObjectOutputStream(new ByteArrayOutputStream()).writeObject(attribute);
                            } catch (Exception e) {
                                LOG.error("Error serializing: " + str, e);
                                if (attribute instanceof Map) {
                                    Map map = (Map) attribute;
                                    for (String str2 : map.keySet()) {
                                        try {
                                            new ObjectOutputStream(new ByteArrayOutputStream()).writeObject(map.get(str2));
                                        } catch (Exception e2) {
                                            LOG.error("Error serializing in map: " + str2, e2);
                                        }
                                    }
                                }
                            }
                        }
                    }
                } catch (Exception e3) {
                    LOG.error("Error checking debugSessionSerialization", e3);
                }
                Subject retrieveSubjectLoggedIn = retrieveSubjectLoggedIn(true, httpServletResponse);
                ensureUserAllowedInSection(uiSectionForRequest(), retrieveSubjectLoggedIn, httpServletResponse);
                GrouperUiApiTextConfig.servletRequestThreadLocalAssign(initRequest);
                GrouperTextContainer.servletRequestThreadLocalAssign(initRequest);
                GrouperTextContainer.grouperRequestContainerThreadLocalAssign(GrouperRequestContainer.retrieveFromRequestOrCreate());
                TextContainer.retrieveFromRequest();
                ensureUserFolder(retrieveSubjectLoggedIn, initRequest);
                filterChain.doFilter(initRequest, servletResponse);
                sendErrorEmailIfNeeded();
                finallyRequest();
                ServletRequestUtils.requestEnd();
            } catch (Throwable th) {
                sendErrorEmailIfNeeded();
                finallyRequest();
                ServletRequestUtils.requestEnd();
                throw th;
            }
        } catch (ControllerDone e4) {
            sendErrorEmailIfNeeded();
            finallyRequest();
            ServletRequestUtils.requestEnd();
        } catch (Throwable th2) {
            GrouperUiUtils.appendErrorToRequest(ExceptionUtils.getFullStackTrace(th2));
            LOG.error("UI error", th2);
            if (!RequestContainer.retrieveFromRequest().isAjaxRequest()) {
                try {
                    if (!(GrouperUtil.defaultString(grouperRequestWrapper.getRequestURI()).contains("UiV2Public.index") && GrouperUtil.defaultString(grouperRequestWrapper.getQueryString()).contains("UiV2Public.error"))) {
                        httpServletResponse.sendRedirect(retrieveServletContext() + "/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=ajaxError");
                    }
                } catch (IOException e5) {
                    throw new RuntimeException("Error", e5);
                }
            }
            sendErrorEmailIfNeeded();
            finallyRequest();
            ServletRequestUtils.requestEnd();
        }
    }

    private static void ensureUserFolder(Subject subject, HttpServletRequest httpServletRequest) {
        if (subject == null || !GrouperUiConfig.retrieveConfig().propertyValueBoolean("grouperUi.autoCreateUserFolderOnLogin").booleanValue()) {
            return;
        }
        Boolean bool = (Boolean) httpServletRequest.getSession().getAttribute("autoCreatedUserFolderOnLoginDone");
        if (bool == null || !bool.booleanValue()) {
            httpServletRequest.getSession().setAttribute("autoCreatedUserFolderOnLoginDone", true);
            String propertyValueStringRequired = GrouperUiConfig.retrieveConfig().propertyValueStringRequired("grouperUi.autoCreateUserFolderName");
            GrouperSessionResult startRootSessionIfNotStarted = GrouperSession.startRootSessionIfNotStarted();
            GrouperSession grouperSession = startRootSessionIfNotStarted.getGrouperSession();
            try {
                try {
                    HashMap hashMap = new HashMap();
                    hashMap.put("subject", subject);
                    String substituteExpressionLanguage = GrouperUtil.substituteExpressionLanguage(propertyValueStringRequired, hashMap, true, false, false);
                    if (substituteExpressionLanguage.contains("$")) {
                        if (startRootSessionIfNotStarted.isCreated()) {
                            GrouperSession.stopQuietly(grouperSession);
                            return;
                        }
                        return;
                    }
                    if (StemFinder.findByName(grouperSession, substituteExpressionLanguage, false) != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Folder " + substituteExpressionLanguage + ", exists for user: " + GrouperUtil.subjectToString(subject));
                        }
                        if (startRootSessionIfNotStarted.isCreated()) {
                            GrouperSession.stopQuietly(grouperSession);
                            return;
                        }
                        return;
                    }
                    Stem save = new StemSave(grouperSession).assignName(substituteExpressionLanguage).assignCreateParentStemsIfNotExist(GrouperUiConfig.retrieveConfig().propertyValueBoolean("grouperUi.autoCreateUserFolderCreateParentFoldersIfNotExist", false)).save();
                    save.grantPriv(subject, NamingPrivilege.CREATE, false);
                    save.grantPriv(subject, NamingPrivilege.STEM, false);
                    save.revokePriv(grouperSession.getSubject(), NamingPrivilege.STEM, false);
                    LOG.warn("Created user folder: " + substituteExpressionLanguage + ", for subject: " + GrouperUtil.subjectToString(subject));
                    if (startRootSessionIfNotStarted.isCreated()) {
                        GrouperSession.stopQuietly(grouperSession);
                    }
                } catch (Exception e) {
                    LOG.error("Cannot create user folder for: " + propertyValueStringRequired + ", " + GrouperUtil.subjectToString(subject), e);
                    if (startRootSessionIfNotStarted.isCreated()) {
                        GrouperSession.stopQuietly(grouperSession);
                    }
                }
            } catch (Throwable th) {
                if (startRootSessionIfNotStarted.isCreated()) {
                    GrouperSession.stopQuietly(grouperSession);
                }
                throw th;
            }
        }
    }

    public static HttpServletRequest retrieveHttpServletRequest() {
        return threadLocalRequest.get();
    }

    public static HttpServlet retrieveHttpServlet() {
        return threadLocalServlet.get();
    }

    public static void assignHttpServlet(HttpServlet httpServlet) {
        threadLocalServlet.set(httpServlet);
        ContextContainer.instance().storeToContext();
    }

    public static HttpServletResponse retrieveHttpServletResponse() {
        return threadLocalResponse.get();
    }

    public void destroy() {
        InstrumentationThread.shutdownThread();
    }

    public void sendErrorEmailIfNeeded() {
        try {
            HttpServletRequest retrieveHttpServletRequest = retrieveHttpServletRequest();
            String str = retrieveHttpServletRequest == null ? null : (String) retrieveHttpServletRequest.getAttribute("error");
            if (!StringUtils.isBlank(str)) {
                String propertyValueString = GrouperUiConfig.retrieveConfig().propertyValueString("errorMailAddresses");
                if (!StringUtils.isBlank(propertyValueString)) {
                    String str2 = "dont know";
                    try {
                        Subject retrieveSubjectLoggedIn = retrieveSubjectLoggedIn();
                        if (retrieveSubjectLoggedIn == null) {
                            str2 = "none";
                        } else {
                            str2 = retrieveSubjectLoggedIn.getSource().getId() + " - " + retrieveSubjectLoggedIn.getId();
                        }
                    } catch (RuntimeException e) {
                        LOG.error(e);
                    }
                    new GrouperEmail().setTo(propertyValueString).setSubject("grouperUi error").setBody("Server name: " + GrouperUtil.hostname() + "\nIP Address: " + retrieveHttpServletRequest.getRemoteAddr() + "\nUser: " + str2 + "\nURL: " + retrieveHttpServletRequest.getRequestURL() + "\nRequest params: " + GrouperUiUtils.requestParams() + "\n\n\nError: " + str).send();
                }
            }
        } catch (Exception e2) {
            LOG.error("Error sending email", e2);
        }
    }

    static {
        GrouperStatusServlet.registerStartup();
        fileItemFactory = new DiskFileItemFactory(BZip2Constants.baseBlockSize, null);
        upload = new ServletFileUpload(fileItemFactory);
        LOG = GrouperUtil.getLog(GrouperUiFilter.class);
        inittedOnce = false;
        threadLocalServlet = new InheritableThreadLocal();
        threadLocalInInit = new InheritableThreadLocal();
        threadLocalRequest = new InheritableThreadLocal();
        threadLocalRequestStartMillis = new InheritableThreadLocal();
        threadLocalResponse = new InheritableThreadLocal();
    }
}
