package de.cismet.projecttracker.server;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gwt.thirdparty.guava.common.net.HttpHeaders;
import com.mchange.v2.sql.SqlUtils;
import de.cismet.projecttracker.client.exceptions.DataRetrievalException;
import de.cismet.projecttracker.client.exceptions.InvalidInputValuesException;
import de.cismet.projecttracker.client.exceptions.LoginFailedException;
import de.cismet.projecttracker.client.exceptions.NoSessionException;
import de.cismet.projecttracker.client.exceptions.PermissionDenyException;
import de.cismet.projecttracker.report.db.entities.Staff;
import de.cismet.projecttracker.report.db.entities.StaffExtern;
import de.cismet.projecttracker.report.db.entities.WorkPackage;
import de.cismet.projecttracker.report.query.DBManager;
import de.cismet.projecttracker.utilities.DTOManager;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.hibernate.Session;
import org.hibernate.criterion.Restrictions;

/* loaded from: input_file:WEB-INF/classes/de/cismet/projecttracker/server/Lookup.class */
public class Lookup extends BasicServlet {
    private static final Logger logger = Logger.getLogger(Lookup.class);

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public String getServletInfo() {
        return "Short description";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // javax.servlet.http.HttpServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");
        httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, DELETE, PUT, OPTIONS");
        httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "Content-Type, Authorization");
        super.service(httpServletRequest, httpServletResponse);
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("username");
        String parameter2 = httpServletRequest.getParameter(SqlUtils.DRIVER_MANAGER_PASSWORD_PROPERTY);
        String parameter3 = httpServletRequest.getParameter("operation");
        DBManager dBManager = new DBManager(ConfigurationManager.getInstance().getConfBaseDir());
        PrintWriter writer = httpServletResponse.getWriter();
        try {
            try {
                Object checklogin = checklogin(parameter, parameter2, httpServletRequest.getSession(), dBManager);
                if (checklogin == null) {
                    httpServletResponse.setStatus(400);
                    writer.print("The username/password is not correct.");
                } else if (parameter3.equalsIgnoreCase("searchableWorkPackages")) {
                    DTOManager dTOManager = new DTOManager();
                    List<WorkPackage> arrayList = checklogin instanceof StaffExtern ? new ArrayList(((StaffExtern) checklogin).getWorkpackages()) : getAllWorkPackages((Staff) checklogin, dBManager);
                    httpServletResponse.setCharacterEncoding("UTF-8");
                    writer.print(new ObjectMapper().writerWithDefaultPrettyPrinter().writeValueAsString(dTOManager.clone(arrayList)));
                } else {
                    httpServletResponse.setStatus(400);
                    writer.print("no valid operation");
                }
                dBManager.closeSession();
                writer.close();
            } catch (Exception e) {
                logger.error("login error", e);
                e.printStackTrace();
                httpServletResponse.setStatus(400);
                writer.print(e.getMessage());
                dBManager.closeSession();
                writer.close();
            }
        } catch (Throwable th) {
            dBManager.closeSession();
            writer.close();
            throw th;
        }
    }

    private List<WorkPackage> getAllWorkPackages(Staff staff, DBManager dBManager) throws InvalidInputValuesException, DataRetrievalException, PermissionDenyException, NoSessionException {
        if (logger.isDebugEnabled()) {
            logger.debug("get workpackages: ");
        }
        try {
            List<WorkPackage> allObjects = dBManager.getAllObjects(WorkPackage.class);
            if (logger.isDebugEnabled()) {
                logger.debug(allObjects.size() + " workpackages found");
            }
            return allObjects;
        } catch (Exception e) {
            logger.error("Error while retrieving workpackages");
            return new ArrayList();
        }
    }

    public Object checklogin(String str, String str2, HttpSession httpSession, DBManager dBManager) throws LoginFailedException, DataRetrievalException {
        try {
            Session session = dBManager.getSession();
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(str2.getBytes());
            byte[] digest = messageDigest.digest();
            Staff staff = (Staff) session.createCriteria(Staff.class).add(Restrictions.and(Restrictions.eq("username", str), Restrictions.eq(SqlUtils.DRIVER_MANAGER_PASSWORD_PROPERTY, digest))).uniqueResult();
            return staff == null ? (StaffExtern) session.createCriteria(StaffExtern.class).add(Restrictions.and(Restrictions.eq("username", str), Restrictions.eq(SqlUtils.DRIVER_MANAGER_PASSWORD_PROPERTY, digest))).uniqueResult() : staff;
        } catch (Throwable th) {
            logger.error("Error:", th);
            throw new DataRetrievalException(th.getMessage(), th);
        }
    }
}
