package de.sep.sesam.server.communication;

import de.sep.sesam.auth.PasswordUtil;
import de.sep.sesam.common.ini.SesamIni;
import de.sep.sesam.common.json.JsonUtil;
import de.sep.sesam.common.logging.ContextLogger;
import de.sep.sesam.common.logging.LogContext;
import de.sep.sesam.common.logging.LogGroup;
import de.sep.sesam.common.logging.LogMessage;
import de.sep.sesam.common.logging.messages.SimpleMessage;
import de.sep.sesam.common.util.HostUtils;
import de.sep.sesam.gui.client.mediaaction.MediaActionStrings;
import de.sep.sesam.model.auth.dto.LoginDto;
import de.sep.sesam.model.core.defaults.DefaultUserNames;
import de.sep.sesam.rest.exceptions.AuthenticationException;
import de.sep.sesam.rest.exceptions.InsufficientPermissionsException;
import de.sep.sesam.rest.exceptions.OperationNotPossibleException;
import de.sep.sesam.rest.exceptions.ServiceException;
import de.sep.sesam.rest.utils.HttpStatus;
import de.sep.sesam.restapi.authentication.SessionContext;
import de.sep.sesam.restapi.authentication.SessionHandler;
import de.sep.sesam.restapi.core.interfaces.IRestService;
import de.sep.sesam.restapi.dao.DefaultsDaoServer;
import de.sep.sesam.restapi.dao.IGenericDao;
import de.sep.sesam.restapi.dao.login.LoginServiceServer;
import de.sep.sesam.restapi.service.impl.LoginServiceImpl;
import de.sep.sesam.security.CertificateAuthenticationHandler;
import de.sep.sesam.server.communication.restlet.AbstractRestServiceRestlet;
import de.sep.sesam.server.communication.restlet.RestServiceRestlet;
import de.sep.sesam.server.communication.restlet.file.StaticFileDeliveryRestlet;
import de.sep.sesam.server.impl.GUIServerImpl;
import de.sep.sesam.server.netty.NettyServerUtils;
import de.sep.sesam.server.netty.SepHttpRequest;
import de.sep.sesam.server.utils.SpringUtils;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.cookie.CookieHeaderNames;
import io.netty.handler.codec.http.cookie.DefaultCookie;
import io.netty.handler.codec.http.cookie.ServerCookieEncoder;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.SocketAddress;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.mail.EmailConstants;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.ClassUtils;

/* loaded from: input_file:de/sep/sesam/server/communication/RestHandler.class */
public class RestHandler {
    private static final String ORIGINAL_IP_HEADER = "Sep-address";
    private static final String API_HELP_FILE = "Sesam-REST-API-V2.pdf";
    private final StaticFileDeliveryRestlet staticFileDeliveryRestlet;
    private StaticFileDeliveryRestlet apiRestlet;
    private LoginServiceServer loginService;
    private static final Lock lock;
    public static final HashMap<String, AbstractRestServiceRestlet> restlets;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final ContextLogger logger = new ContextLogger(RestHandler.class);
    private boolean initialized = false;

    public RestHandler(File file) {
        if (GUIServerImpl.hasWebInterface("dashboard")) {
            this.logger.info("RestHandler", "Starting the dashboard web application", new Object[0]);
            this.staticFileDeliveryRestlet = new StaticFileDeliveryRestlet("/sep/ui", file, "/html");
        } else {
            this.logger.info("RestHandler", "Dashboard web application disabled", new Object[0]);
            this.staticFileDeliveryRestlet = null;
        }
        if (SpringUtils.isAvailable()) {
            init();
        }
    }

    public void init() {
        if (!this.initialized || restlets.size() <= 0) {
            lock.lock();
            try {
                if (GUIServerImpl.hasWebInterface(GUIServerImpl.WEB_APP_APIHELP)) {
                    this.logger.info(MediaActionStrings.INIT, "Starting the API help web application", new Object[0]);
                    String str = SesamIni.getInstance().get("PATHES", "gv_ro_gui");
                    if (!HostUtils.isWindowsHost()) {
                        while (StringUtils.isNotBlank(str) && !new File(str, "html/Sesam-REST-API-V2.pdf").canRead()) {
                            str = !StringUtils.startsWith(str, "/usr/share/doc") ? "/usr/share/doc/packages/sesam" : StringUtils.contains(str, "/packages/") ? "/usr/share/doc/sesam" : null;
                        }
                    }
                    if (StringUtils.isNotBlank(str)) {
                        this.apiRestlet = new StaticFileDeliveryRestlet("/sep/api", new File(str, EmailConstants.TEXT_SUBTYPE_HTML), "/html");
                    } else {
                        SesamIni.getInstance().set("[UI]webInterface.apihelp", "true");
                        this.logger.info(MediaActionStrings.INIT, "API help web application disabled. Cannot determine location of API help file.", new Object[0]);
                    }
                } else {
                    this.logger.info(MediaActionStrings.INIT, "API help web application disabled", new Object[0]);
                }
                this.logger.info(MediaActionStrings.INIT, "Loading REST API services...", new Object[0]);
                List<Class<? extends IRestService>> listServiceBeans = SpringUtils.listServiceBeans();
                int i = 0;
                int i2 = 0;
                int i3 = 0;
                if (CollectionUtils.isNotEmpty(listServiceBeans)) {
                    for (Class<? extends IRestService> cls : listServiceBeans) {
                        boolean isV2Services = SpringUtils.isV2Services(cls);
                        if (isV2Services) {
                            i3++;
                        } else if (ClassUtils.isAssignable(IGenericDao.class, cls)) {
                            i++;
                        } else {
                            i2++;
                        }
                        registerRestService(cls, isV2Services);
                    }
                }
                this.logger.info(MediaActionStrings.INIT, "Loading REST API services completed (Total # of services = " + restlets.size() + ", # of V1 DAOs = " + i + ", # of V1 services = " + i2 + ", # of V2 service = " + i3 + ")", new Object[0]);
                this.logger.info(MediaActionStrings.INIT, "Loading log in service...", new Object[0]);
                this.loginService = (LoginServiceServer) SpringUtils.getBean(LoginServiceServer.class);
                if (!$assertionsDisabled && this.loginService == null) {
                    throw new AssertionError();
                }
                this.loginService.initialize();
                this.logger.info(MediaActionStrings.INIT, "Loading log in service completed", new Object[0]);
                this.initialized = true;
                lock.unlock();
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        }
    }

    private void doHandle(SepHttpRequest sepHttpRequest, FullHttpResponse fullHttpResponse) {
        String uri = sepHttpRequest.getUri();
        HttpStatus httpStatus = HttpStatus.NONE;
        OperationNotPossibleException.ONPMessage oNPMessage = null;
        Exception exc = null;
        if (StringUtils.isBlank(uri) || StringUtils.equalsAnyIgnoreCase(uri, "/", "/sep", "/sep/")) {
            fullHttpResponse.setStatus(HttpResponseStatus.MOVED_PERMANENTLY);
            fullHttpResponse.headers().clear();
            fullHttpResponse.headers().add(HttpHeaderNames.CONTENT_TYPE, "text/plain; charset=UTF-8");
            fullHttpResponse.headers().add("Location", (Object) ("https://" + sepHttpRequest.getHeaders().get(HttpHeaderNames.HOST) + "/sep/ui/home/" + (StringUtils.isNotBlank(sepHttpRequest.getUriParam()) ? sepHttpRequest.getUriParam() : "")));
        } else if (StringUtils.equalsAnyIgnoreCase(uri, "/sep/api", "/sep/api/", "/sep/api/info")) {
            if (this.apiRestlet == null || !GUIServerImpl.hasWebInterface(GUIServerImpl.WEB_APP_APIHELP)) {
                httpStatus = HttpStatus.CLIENT_ERROR_BAD_REQUEST;
                oNPMessage = OperationNotPossibleException.ONPMessage.FORBIDDEN;
            } else {
                this.apiRestlet.handle(new SepHttpRequest("/sep/api/Sesam-REST-API-V2.pdf"), fullHttpResponse);
            }
        } else if (StringUtils.startsWithIgnoreCase(uri, "/sep/api/v2/")) {
            String substring = uri.substring(12);
            if (substring.indexOf(47) != -1) {
                substring = substring.substring(0, substring.indexOf(47));
            }
            AbstractRestServiceRestlet restlet = getRestlet(substring, true);
            if (restlet != null) {
                restlet.handle(sepHttpRequest, fullHttpResponse);
            } else {
                httpStatus = HttpStatus.CLIENT_ERROR_NOT_FOUND;
                oNPMessage = OperationNotPossibleException.ONPMessage.INVALID_API;
            }
        } else if (StringUtils.startsWithIgnoreCase(uri, "/sep/api/")) {
            String substring2 = uri.substring(9);
            if (substring2.indexOf(47) != -1) {
                substring2 = substring2.substring(0, substring2.indexOf(47));
            }
            AbstractRestServiceRestlet restlet2 = getRestlet(substring2, false);
            if (restlet2 != null) {
                restlet2.handle(sepHttpRequest, fullHttpResponse);
            } else {
                httpStatus = HttpStatus.CLIENT_ERROR_NOT_FOUND;
                oNPMessage = OperationNotPossibleException.ONPMessage.INVALID_API;
            }
        } else if (StringUtils.equalsAnyIgnoreCase(uri, "/sep/ui", "/sep/ui/restore")) {
            if (GUIServerImpl.hasWebInterface("dashboard")) {
                fullHttpResponse.setStatus(HttpResponseStatus.MOVED_PERMANENTLY);
                fullHttpResponse.headers().add("Location", (Object) (uri + "/"));
            } else {
                httpStatus = HttpStatus.CLIENT_ERROR_BAD_REQUEST;
                oNPMessage = OperationNotPossibleException.ONPMessage.FORBIDDEN;
            }
        } else if (StringUtils.startsWithIgnoreCase(uri, "/sep/ui/")) {
            if (!GUIServerImpl.hasWebInterface("dashboard")) {
                httpStatus = HttpStatus.CLIENT_ERROR_BAD_REQUEST;
                oNPMessage = OperationNotPossibleException.ONPMessage.FORBIDDEN;
            } else {
                if (!$assertionsDisabled && this.staticFileDeliveryRestlet == null) {
                    throw new AssertionError();
                }
                this.staticFileDeliveryRestlet.handle(sepHttpRequest, fullHttpResponse);
            }
        }
        if (httpStatus != HttpStatus.NONE) {
            if (oNPMessage == null) {
                oNPMessage = OperationNotPossibleException.ONPMessage.INVALID_API;
            }
            NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, httpStatus, (0 == 0 ? new OperationNotPossibleException(oNPMessage, uri) : new OperationNotPossibleException(oNPMessage, uri, exc.getMessage())).toError());
        }
    }

    private void registerRestService(Class<?> cls, boolean z) {
        try {
            RestServiceRestlet restServiceRestlet = new RestServiceRestlet(cls);
            lock.lock();
            try {
                restlets.put((z ? "v2-" : "") + restServiceRestlet.getServiceName(), restServiceRestlet);
                lock.unlock();
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        } catch (ClassNotFoundException e) {
            this.logger.error("registerRestService", LogGroup.ERROR, new SimpleMessage("Unable to attach REST service restlet {0}"), e, cls.getCanonicalName());
        }
    }

    private String getIp(String str, SepHttpRequest sepHttpRequest) {
        String str2;
        return (!str.equals("127.0.0.1") || (str2 = sepHttpRequest.getHeaders().get(ORIGINAL_IP_HEADER)) == null) ? str : str2;
    }

    public void handle(SepHttpRequest sepHttpRequest, FullHttpResponse fullHttpResponse) {
        if (!$assertionsDisabled && sepHttpRequest == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && fullHttpResponse == null) {
            throw new AssertionError();
        }
        boolean z = false;
        String ip = sepHttpRequest.getIp();
        SessionContext sessionContext = null;
        String sessionId = sepHttpRequest.getSessionId();
        LogContext context = LogContext.getContext();
        LogContext.updateContext(sessionId, getUsername(sepHttpRequest), ip);
        if (!sepHttpRequest.isCyclic() && !StringUtils.endsWithIgnoreCase(sepHttpRequest.getUri(), "/cli/process")) {
            this.logger.debug(sepHttpRequest.method().name(), LogGroup.REQUEST, formatLogMessage(sepHttpRequest), formatMessageParams(sepHttpRequest));
        }
        if (context != null) {
            LogContext.updateContext(context.getSessionId(), context.getUserId(), context.getUserIp());
        }
        if (StringUtils.isNotBlank(sessionId)) {
            sessionContext = SessionHandler.get(sessionId);
            if (sessionContext == null) {
                sessionId = null;
            } else if (sessionContext.isTimedOut()) {
                SessionHandler.remove(sessionId);
                sessionId = null;
                if (sepHttpRequest.isSessionCookie()) {
                    DefaultCookie defaultCookie = new DefaultCookie(SessionHandler.COOKIE_NAME, "");
                    defaultCookie.setMaxAge(-1L);
                    defaultCookie.setPath("/");
                    defaultCookie.setSameSite(CookieHeaderNames.SameSite.Lax);
                    fullHttpResponse.headers().add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(defaultCookie));
                }
            } else {
                SecurityContextHolder.getContext().setAuthentication(sessionContext);
            }
        }
        if (!this.initialized) {
            try {
                lock.lock();
                lock.unlock();
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        }
        if (!$assertionsDisabled && this.loginService == null) {
            throw new AssertionError();
        }
        if (sessionContext == null) {
            SecurityContextHolder.getContext().setAuthentication(SessionHandler.ANONYMOUS);
            LogContext.updateContext(null, SessionHandler.ANONYMOUS.getName(), ip);
            boolean isBypassAuthenticationAllowed = isBypassAuthenticationAllowed(sepHttpRequest.getUri(), sepHttpRequest.method());
            if (isBypassAuthenticationAllowed) {
                z = true;
            }
            String authorizationHeader = sepHttpRequest.getAuthorizationHeader();
            String str = sepHttpRequest.getHeaders().get("X-SEP-Authenticated");
            String str2 = null;
            try {
                DefaultsDaoServer defaultsDaoServer = (DefaultsDaoServer) SpringUtils.getBean(DefaultsDaoServer.class);
                if (defaultsDaoServer != null) {
                    str2 = StringUtils.trim(defaultsDaoServer.getSystemDefault("gui.enable.credentials.preauthenticated"));
                }
            } catch (ServiceException e) {
            }
            if (StringUtils.isNotBlank(str) && StringUtils.equalsIgnoreCase(str2, CustomBooleanEditor.VALUE_1)) {
                try {
                    LoginDto loginDto = new LoginDto();
                    loginDto.setUsername(StringUtils.trim(str));
                    loginDto.setPreAuthenticated(Boolean.TRUE);
                    loginDto.setIp(getIp(ip, sepHttpRequest));
                    sessionId = this.loginService.authenticate(loginDto, false);
                    z = true;
                } catch (AuthenticationException e2) {
                    if (!isBypassAuthenticationAllowed) {
                        this.logger.info("login", LogGroup.SECURITY, new SimpleMessage(e2.getMessage()), new Object[0]);
                        NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, e2.getStatusCode(), e2.toError());
                        LogContext.destroy();
                        return;
                    }
                }
            } else if (StringUtils.startsWith(authorizationHeader, "X509") && CertificateAuthenticationHandler.getInstance().isInitialized()) {
                try {
                    LoginDto loginDto2 = new LoginDto();
                    decodeAuthorization(loginDto2, authorizationHeader);
                    loginDto2.setIp(getIp(ip, sepHttpRequest));
                    CertificateAuthenticationHandler certificateAuthenticationHandler = CertificateAuthenticationHandler.getInstance();
                    if (!$assertionsDisabled && certificateAuthenticationHandler == null) {
                        throw new AssertionError();
                    }
                    certificateAuthenticationHandler.validate(loginDto2.getUsername(), loginDto2.getCertificate());
                    sessionId = this.loginService.authenticate(loginDto2, StringUtils.equals(loginDto2.getUsername(), DefaultUserNames.SESAM_USER));
                    z = true;
                } catch (AuthenticationException e3) {
                    if (!isBypassAuthenticationAllowed) {
                        this.logger.info("login", LogGroup.SECURITY, new SimpleMessage(e3.getMessage()), new Object[0]);
                        NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, e3.getStatusCode(), e3.toError());
                        LogContext.destroy();
                        return;
                    }
                }
            } else if (StringUtils.startsWith(authorizationHeader, "Basic")) {
                LoginDto loginDto3 = new LoginDto();
                decodeAuthorization(loginDto3, authorizationHeader);
                loginDto3.setIp(getIp(ip, sepHttpRequest));
                try {
                    sessionId = this.loginService.authenticate(loginDto3, false);
                    z = true;
                } catch (AuthenticationException e4) {
                    if (!isBypassAuthenticationAllowed) {
                        this.logger.info("login", LogGroup.SECURITY, new SimpleMessage(e4.getMessage()), new Object[0]);
                        NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, e4.getStatusCode(), e4.toError());
                        LogContext.destroy();
                        return;
                    }
                }
            } else if ((LoginServiceImpl.isLocalFullAccess() && LoginServiceImpl.isLocal(getIp(ip, sepHttpRequest))) || this.loginService.isAllPermissionPolicySet()) {
                LoginDto loginDto4 = new LoginDto();
                loginDto4.setUsername(DefaultUserNames.ADMIN_USER);
                loginDto4.setIp(getIp(ip, sepHttpRequest));
                try {
                    sessionId = this.loginService.authenticate(loginDto4, true);
                } catch (AuthenticationException e5) {
                    this.logger.info("login", LogGroup.SECURITY, new SimpleMessage("Authentication of administrator user for " + (this.loginService.isAllPermissionPolicySet() ? "local full access" : "all permission") + " failed."), new Object[0]);
                }
            } else if (sepHttpRequest.getHeaders().contains("X-SEP-Application") && !LoginServiceImpl.isAuthEnabled()) {
                String str3 = sepHttpRequest.getHeaders().get("X-SEP-Application");
                LoginDto loginDto5 = new LoginDto();
                loginDto5.setUsername(str3);
                loginDto5.setIp(getIp(ip, sepHttpRequest));
                try {
                    sessionId = this.loginService.authenticate(loginDto5, false);
                } catch (AuthenticationException e6) {
                }
            }
        }
        if (sessionContext == null && sessionId != null) {
            sessionContext = SessionHandler.get(sessionId);
            if (sessionContext == null) {
                this.logger.info("login", LogGroup.SECURITY, new SimpleMessage("Got session ID '" + sessionId + "', but session handler did not return session."), new Object[0]);
            }
        }
        if (sessionContext == null && sepHttpRequest.isSessionCookie() && sessionId != null) {
            DefaultCookie defaultCookie2 = new DefaultCookie(SessionHandler.COOKIE_NAME, "");
            defaultCookie2.setMaxAge(-1L);
            defaultCookie2.setPath("/");
            defaultCookie2.setSameSite(CookieHeaderNames.SameSite.Lax);
            fullHttpResponse.headers().add(HttpHeaderNames.SET_COOKIE, ServerCookieEncoder.STRICT.encode(defaultCookie2));
        }
        if (sessionContext != null && !sessionContext.equals(SessionHandler.ANONYMOUS)) {
            LogContext.updateContext(sessionId, sessionContext.getName(), ip);
            SecurityContextHolder.getContext().setAuthentication(sessionContext);
        }
        if (sessionContext == null && SessionHandler.ANONYMOUS.equals(SecurityContextHolder.getContext().getAuthentication()) && isBypassAuthenticationAllowed(sepHttpRequest.getUri(), sepHttpRequest.method())) {
            sessionContext = SessionHandler.ANONYMOUS;
        }
        if (sessionContext == null) {
            InsufficientPermissionsException insufficientPermissionsException = new InsufficientPermissionsException("execute request " + sepHttpRequest.getUri() + " (No session)");
            NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, insufficientPermissionsException.getStatusCode(), insufficientPermissionsException.toError());
        } else {
            try {
                doHandle(sepHttpRequest, fullHttpResponse);
            } catch (RuntimeException e7) {
                this.logger.error("handle", e7, new Object[0]);
                StringWriter stringWriter = new StringWriter();
                e7.printStackTrace(new PrintWriter(stringWriter));
                NettyServerUtils.writeError(fullHttpResponse, sepHttpRequest, HttpStatus.SERVER_ERROR_INTERNAL, new OperationNotPossibleException(OperationNotPossibleException.ONPMessage.INTERNAL_ERROR, stringWriter.toString()).toError());
            }
        }
        LogContext.destroy();
        if (z) {
            SecurityContextHolder.getContext().setAuthentication(null);
            if (sessionId != null) {
                SessionHandler.remove(sessionId);
            }
        }
    }

    private String getUsername(SepHttpRequest sepHttpRequest) {
        String str = null;
        if (sepHttpRequest != null && StringUtils.isNotBlank(sepHttpRequest.getAuthorizationHeader())) {
            String authorizationHeader = sepHttpRequest.getAuthorizationHeader();
            LoginDto loginDto = new LoginDto();
            decodeAuthorization(loginDto, authorizationHeader);
            str = loginDto.getUsername();
        }
        return str;
    }

    private void decodeAuthorization(LoginDto loginDto, String str) {
        if (!$assertionsDisabled && loginDto == null) {
            throw new AssertionError();
        }
        if (StringUtils.startsWith(str, "Basic")) {
            String[] split = new String(new Base64().decode(StringUtils.substring(str, "Basic".length()).trim()), StandardCharsets.UTF_8).split(":", 2);
            if (split.length > 0) {
                loginDto.setUsername(split[0]);
            }
            if (split.length > 1) {
                loginDto.setSecret(!"null".equals(split[1]) ? split[1] : null);
                return;
            }
            return;
        }
        if (StringUtils.startsWith(str, "X509")) {
            String[] split2 = new String(new Base64().decode(StringUtils.substring(str, "X509".length()).trim()), StandardCharsets.UTF_8).split(":");
            if (split2.length > 0) {
                loginDto.setUsername(split2[0]);
            }
            if (split2.length > 1) {
                try {
                    loginDto.setCertificate((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(split2[1]))));
                } catch (CertificateException e) {
                }
            }
            loginDto.setSecret(null);
            if (split2.length <= 2 || !StringUtils.isNotBlank(split2[2])) {
                return;
            }
            loginDto.setSecret(split2[2]);
        }
    }

    private LogMessage formatLogMessage(SepHttpRequest sepHttpRequest) {
        if ($assertionsDisabled || sepHttpRequest != null) {
            return StringUtils.isBlank(sepHttpRequest.getBodyAsString()) ? new SimpleMessage("request." + sepHttpRequest.method().name(), "[{0}] {1} [User: {2}, IP: {3}]") : new SimpleMessage("request." + sepHttpRequest.method().name(), "[{0}] {1} [User: {2}, IP: {3}]\n:: {4}");
        }
        throw new AssertionError();
    }

    private Object[] formatMessageParams(SepHttpRequest sepHttpRequest) {
        if (!$assertionsDisabled && sepHttpRequest == null) {
            throw new AssertionError();
        }
        String name = (SecurityContextHolder.getContext() == null || SecurityContextHolder.getContext().getAuthentication() == null) ? null : SecurityContextHolder.getContext().getAuthentication().getName();
        if (StringUtils.isBlank(name)) {
            name = getUsername(sepHttpRequest);
        }
        Object[] objArr = new Object[5];
        objArr[0] = sepHttpRequest.method().name();
        objArr[1] = sepHttpRequest.getUri();
        objArr[2] = name;
        objArr[3] = formatAddress(sepHttpRequest.getAddress());
        if (StringUtils.isBlank(sepHttpRequest.getBodyAsString())) {
            return Arrays.copyOfRange(objArr, 0, 4);
        }
        if (sepHttpRequest.getUri().equals("/sep/api/server/login") || sepHttpRequest.getUri().equals("/sep/api/v2/auth/login")) {
            objArr[4] = PasswordUtil.STARS;
        } else {
            try {
                objArr[4] = JsonUtil.prettyLog(sepHttpRequest.getBodyAsJson());
            } catch (ServiceException e) {
                objArr[4] = sepHttpRequest.getBodyAsString();
            }
        }
        return objArr;
    }

    private String formatAddress(SocketAddress socketAddress) {
        String obj = socketAddress.toString();
        return obj.startsWith("/") ? obj.substring(1) : obj;
    }

    private boolean isBypassAuthenticationAllowed(String str, HttpMethod httpMethod) {
        return StringUtils.isNotBlank(str) && (StringUtils.equals(StringUtils.removeEnd(str, "/"), "/sep/api/server/getInfo") || StringUtils.equals(StringUtils.removeEnd(str, "/"), "/sep/api/v2/server/info") || StringUtils.equals(StringUtils.removeEnd(str, "/"), "/sep/api/v2/auth/login") || StringUtils.equals(StringUtils.removeEnd(str, "/"), "/sep/api/v2/auth/logout") || StringUtils.equals(str, "/") || StringUtils.equals(str, "/sep/ui") || StringUtils.startsWith(str, "/sep/ui/") || ((StringUtils.equals(str, "/sep/api") && HttpMethod.GET.equals(httpMethod)) || ((StringUtils.equals(str, "/sep/api/") && HttpMethod.GET.equals(httpMethod)) || StringUtils.startsWith(str, "/sep/api/info") || StringUtils.startsWith(str, "/sep/api/mailer/") || StringUtils.startsWith(str, "/sep/api/v2/server/download"))));
    }

    public AbstractRestServiceRestlet getRestlet(String str, boolean z) {
        lock.lock();
        if (z) {
            try {
                str = "v2-" + str;
            } catch (Throwable th) {
                lock.unlock();
                throw th;
            }
        }
        AbstractRestServiceRestlet abstractRestServiceRestlet = restlets.get(str);
        lock.unlock();
        return abstractRestServiceRestlet;
    }

    static {
        $assertionsDisabled = !RestHandler.class.desiredAssertionStatus();
        lock = new ReentrantLock();
        restlets = new HashMap<>();
    }
}
