package org.phenotips.data.receive.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import com.xpn.xwiki.web.XWikiRequest;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.URLDecoder;
import java.security.SecureRandom;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Named;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.phenotips.configuration.RecordConfigurationManager;
import org.phenotips.data.Patient;
import org.phenotips.data.PatientRepository;
import org.phenotips.data.internal.PhenoTipsPatient;
import org.phenotips.data.permissions.PermissionsManager;
import org.phenotips.data.receive.ReceivePatientData;
import org.phenotips.data.securestorage.LocalLoginToken;
import org.phenotips.data.securestorage.SecureStorageManager;
import org.phenotips.groups.Group;
import org.phenotips.groups.GroupManager;
import org.slf4j.Logger;
import org.xwiki.bridge.DocumentAccessBridge;
import org.xwiki.component.annotation.Component;
import org.xwiki.configuration.ConfigurationSource;
import org.xwiki.context.Execution;
import org.xwiki.model.reference.DocumentReference;
import org.xwiki.model.reference.DocumentReferenceResolver;
import org.xwiki.query.QueryManager;
import org.xwiki.users.User;
import org.xwiki.users.UserManager;

@Component
/* loaded from: input_file:org/phenotips/data/receive/internal/DefaultReceivePatientData.class */
public class DefaultReceivePatientData implements ReceivePatientData {
    private static final String SERVER_CONFIG_IP_PROPERTY_NAME = "ip";
    private static final String SERVER_CONFIG_USE_TOKEN_PROPERTY_NAME = "user_tokens";
    private static final String SERVER_CONFIG_SERVER_NAME_PROPERTY_NAME = "name";
    private static final String SERVER_CONFIG_TOKEN_PROPERTY_NAME = "token";
    private static final String SERVER_CONFIG_UPDATES_ENABLED_PROPERTY_NAME = "allow_updates";
    private static final String SERVER_CONFIG_USER_TOKEN_EXPIRE_PROPERTY_NAME = "user_token_life_in_days";
    private SecureRandom secureRandomGenerator = new SecureRandom();

    @Inject
    private Logger logger;

    @Inject
    private Execution execution;

    @Inject
    private PatientRepository patientRepository;

    @Inject
    private RecordConfigurationManager configurationManager;

    @Inject
    private GroupManager groupManager;

    @Inject
    private UserManager userManager;

    @Inject
    private QueryManager queryManager;

    @Inject
    @Named("current")
    private DocumentReferenceResolver<String> stringResolver;

    @Inject
    private DocumentAccessBridge bridge;

    @Inject
    private SecureStorageManager storageManager;

    @Inject
    @Named("xwikiproperties")
    private ConfigurationSource configuration;

    @Inject
    private PermissionsManager permisionManager;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/phenotips/data/receive/internal/DefaultReceivePatientData$TokenStatus.class */
    public enum TokenStatus {
        VALID,
        EXPIRED,
        INVALID
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public boolean isServerTrusted() {
        XWikiContext xContext = getXContext();
        BaseObject sourceServerConfiguration = getSourceServerConfiguration(xContext.getRequest().getRemoteAddr(), xContext);
        if (sourceServerConfiguration == null) {
            this.logger.error("Connection from an unknown server", xContext.getRequest().getRemoteAddr());
            return false;
        }
        return StringUtils.equals(sourceServerConfiguration.getStringValue(SERVER_CONFIG_TOKEN_PROPERTY_NAME), xContext.getRequest().getParameter("server_token"));
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public JSONObject untrustedServerResponse() {
        return generateFailedLoginResponse("unauthorized_server");
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public JSONObject unsupportedeActionResponse() {
        return generateFailedActionResponse("unsupported_action");
    }

    protected JSONObject generateFailedLoginResponse() {
        return generateFailedLoginResponse(null);
    }

    protected JSONObject generateFailedLoginResponse(String str) {
        JSONObject generateFailureResponse = generateFailureResponse();
        generateFailureResponse.element("login_failed", true);
        if (str != null) {
            generateFailureResponse.element(str, true);
        }
        return generateFailureResponse;
    }

    protected JSONObject generateFailedCredentialsResponse() {
        return generateFailedCredentialsResponse(null);
    }

    protected JSONObject generateFailedCredentialsResponse(String str) {
        JSONObject generateFailedLoginResponse = generateFailedLoginResponse("incorrect_credentials");
        if (str != null) {
            generateFailedLoginResponse.element(str, true);
        }
        return generateFailedLoginResponse;
    }

    protected JSONObject generateFailedActionResponse() {
        return generateFailedActionResponse(null);
    }

    protected JSONObject generateFailedActionResponse(String str) {
        JSONObject generateFailureResponse = generateFailureResponse();
        generateFailureResponse.element("action_failed", true);
        if (str != null) {
            generateFailureResponse.element(str, true);
        }
        return generateFailureResponse;
    }

    protected XWikiDocument getPatientDocument(Patient patient) throws Exception {
        return this.bridge.getDocument(patient.getDocument());
    }

    protected String getPatientGUID(Patient patient) {
        try {
            return getPatientDocument(patient).getXObject(Patient.CLASS_REFERENCE).getGuid();
        } catch (Exception e) {
            this.logger.error("Failed to get patient GUID: [{}] {}", e.getMessage(), e);
            return null;
        }
    }

    protected String getPatientURL(Patient patient, XWikiContext xWikiContext) {
        try {
            return getPatientDocument(patient).getURL("view", xWikiContext);
        } catch (Exception e) {
            this.logger.error("Failed to get patient URL: [{}] {}", e.getMessage(), e);
            return null;
        }
    }

    protected JSONObject generateSuccessfulResponseWithPatientIDs(Patient patient, XWikiContext xWikiContext) {
        try {
            String patientGUID = getPatientGUID(patient);
            String patientURL = getPatientURL(patient, xWikiContext);
            String name = patient.getDocument().getName();
            JSONObject generateSuccessfulResponse = generateSuccessfulResponse();
            generateSuccessfulResponse.element("patient_guid", patientGUID);
            generateSuccessfulResponse.element("patient_id", name);
            generateSuccessfulResponse.element("patient_url", patientURL);
            return generateSuccessfulResponse;
        } catch (Exception e) {
            this.logger.error("Failed to get patient GUID/ID/URL: [{}] {}", e.getMessage(), e);
            return generateFailedActionResponse();
        }
    }

    protected JSONObject generateSuccessfulResponse() {
        JSONObject generateEmptyResponse = generateEmptyResponse();
        generateEmptyResponse.element("success", true);
        return generateEmptyResponse;
    }

    protected JSONObject generateFailureResponse() {
        JSONObject generateEmptyResponse = generateEmptyResponse();
        generateEmptyResponse.element("success", false);
        return generateEmptyResponse;
    }

    protected JSONObject generateEmptyResponse() {
        JSONObject jSONObject = new JSONObject();
        jSONObject.element("response_protocol_version", "1");
        return jSONObject;
    }

    protected boolean isValidUserGroup(String str, String str2) {
        Iterator it = this.groupManager.getGroupsForUser(this.userManager.getUser(str)).iterator();
        while (it.hasNext()) {
            if (((Group) it.next()).getReference().getName().equals(str2)) {
                return true;
            }
        }
        return false;
    }

    protected String generateNewToken(String str) {
        this.logger.warn("generating new token for user {}", str);
        return new BigInteger(256, this.secureRandomGenerator).toString(32);
    }

    protected TokenStatus checkUserToken(String str, String str2, String str3, long j) {
        LocalLoginToken localLoginToken;
        if (str3 != null && (localLoginToken = this.storageManager.getLocalLoginToken(str, str2)) != null) {
            if (!str3.equals(localLoginToken.getLoginToken())) {
                this.logger.warn("Stored token does not match provided token");
                return TokenStatus.INVALID;
            }
            if (j == 0 || localLoginToken.getTokenAgeInDays() <= j) {
                return TokenStatus.VALID;
            }
            this.logger.warn("Stored token has expired");
            return TokenStatus.EXPIRED;
        }
        return TokenStatus.INVALID;
    }

    protected boolean userTokensEnabled(BaseObject baseObject) {
        return baseObject.getIntValue(SERVER_CONFIG_USE_TOKEN_PROPERTY_NAME) == 1;
    }

    protected JSONObject validateLogin(XWikiRequest xWikiRequest, XWikiContext xWikiContext) {
        try {
            BaseObject sourceServerConfiguration = getSourceServerConfiguration(xWikiRequest.getRemoteAddr(), xWikiContext);
            String parameter = xWikiRequest.getParameter("username");
            String parameter2 = xWikiRequest.getParameter("user_login_token");
            if (parameter == null) {
                return generateFailedCredentialsResponse();
            }
            if (parameter2 == null) {
                if (xWikiContext.getWiki().getAuthService().authenticate(parameter, xWikiRequest.getParameter("password"), xWikiContext) == null) {
                    return generateFailedCredentialsResponse();
                }
                return null;
            }
            if (!userTokensEnabled(sourceServerConfiguration)) {
                this.logger.warn("user token provided by [{}] but tokens are disabled", parameter);
                return generateFailedCredentialsResponse("user_tokens_not_supported");
            }
            TokenStatus checkUserToken = checkUserToken(parameter, sourceServerConfiguration.getStringValue(SERVER_CONFIG_SERVER_NAME_PROPERTY_NAME), parameter2, sourceServerConfiguration.getLongValue(SERVER_CONFIG_USER_TOKEN_EXPIRE_PROPERTY_NAME));
            if (checkUserToken == TokenStatus.INVALID) {
                return generateFailedCredentialsResponse();
            }
            if (checkUserToken == TokenStatus.EXPIRED) {
                return generateFailedCredentialsResponse("user_token_expired");
            }
            return null;
        } catch (Exception e) {
            this.logger.error("Error during remote login [{}] {}", e.getMessage(), e);
            return generateFailedLoginResponse();
        }
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public JSONObject receivePatient() {
        Patient createNewPatient;
        try {
            XWikiContext xContext = getXContext();
            XWikiRequest request = xContext.getRequest();
            this.logger.warn("Push patient request from remote [{}]", request.getRemoteAddr());
            JSONObject validateLogin = validateLogin(request, xContext);
            if (validateLogin != null) {
                return validateLogin;
            }
            String parameter = request.getParameter("username");
            String parameter2 = request.getParameter("groupname");
            if (parameter2 != null && !isValidUserGroup(parameter, parameter2)) {
                this.logger.warn("Incorrect group");
                return generateFailedActionResponse("incorrect_user_group");
            }
            String parameter3 = xContext.getRequest().getParameter("patient_json");
            if (parameter3 == null) {
                this.logger.error("No patient data provided by {})", request.getRemoteAddr());
                return generateFailedActionResponse();
            }
            String decode = URLDecoder.decode(parameter3, "UTF-8");
            String parameter4 = request.getParameter("patient_guid");
            if (parameter4 != null) {
                createNewPatient = getPatientByGUID(parameter4);
                if (!updatesByGUIDEnabled(request.getRemoteAddr(), xContext)) {
                    return generateFailedActionResponse("updates_disabled");
                }
                if (createNewPatient == null) {
                    return generateFailedActionResponse("incorrect_guid");
                }
                if (!userCanAccessPatient(parameter, createNewPatient)) {
                    return generateFailedActionResponse("guid_access_denied");
                }
                this.logger.warn("Loaded existing patient [{}] successfully", createNewPatient.getDocument().getName());
            } else {
                User user = this.userManager.getUser(parameter);
                createNewPatient = this.patientRepository.createNewPatient(user.getProfileDocument());
                getPatientDocument(createNewPatient).setAuthorReference(user.getProfileDocument());
                if (parameter2 != null) {
                    this.permisionManager.getPatientAccess(createNewPatient).setOwner(this.groupManager.getGroup(parameter2).getReference());
                    this.permisionManager.getPatientAccess(createNewPatient).addCollaborator(user.getProfileDocument(), this.permisionManager.resolveAccessLevel("manage"));
                } else {
                    this.permisionManager.getPatientAccess(createNewPatient).setOwner(user.getProfileDocument());
                }
                if (createNewPatient == null) {
                    this.logger.error("Can not create new patient");
                    return generateFailedActionResponse();
                }
                this.logger.warn("Created new patient successfully");
            }
            createNewPatient.updateFromJSON(JSONObject.fromObject(decode));
            this.logger.warn("Updated patient successfully");
            String stringValue = getSourceServerConfiguration(request.getRemoteAddr(), xContext).getStringValue(SERVER_CONFIG_SERVER_NAME_PROPERTY_NAME);
            this.storageManager.storePatientSourceServerInfo(getPatientGUID(createNewPatient), stringValue);
            return generateSuccessfulResponseWithPatientIDs(createNewPatient, xContext);
        } catch (Exception e) {
            this.logger.error("Error importing patient [{}] {}", e.getMessage(), e);
            return generateFailedActionResponse();
        }
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public JSONObject getConfiguration() {
        try {
            XWikiContext xContext = getXContext();
            XWikiRequest request = xContext.getRequest();
            this.logger.warn("Get config request from remote [{}]", request.getRemoteAddr());
            JSONObject validateLogin = validateLogin(request, xContext);
            if (validateLogin != null) {
                return validateLogin;
            }
            String parameter = request.getParameter("username");
            Set groupsForUser = this.groupManager.getGroupsForUser(this.userManager.getUser(parameter));
            JSONArray jSONArray = new JSONArray();
            Iterator it = groupsForUser.iterator();
            while (it.hasNext()) {
                jSONArray.add(((Group) it.next()).getReference().getName());
            }
            List enabledNonIdentifiableFieldNames = this.configurationManager.getActiveConfiguration().getEnabledNonIdentifiableFieldNames();
            JSONObject generateSuccessfulResponse = generateSuccessfulResponse();
            generateSuccessfulResponse.element("user_groups", jSONArray);
            generateSuccessfulResponse.element("accepted_fields", enabledNonIdentifiableFieldNames);
            if (updatesByGUIDEnabled(request.getRemoteAddr(), xContext)) {
                generateSuccessfulResponse.element("updates_enabled", true);
            } else {
                generateSuccessfulResponse.element("updates_enabled", false);
            }
            BaseObject sourceServerConfiguration = getSourceServerConfiguration(request.getRemoteAddr(), xContext);
            if (userTokensEnabled(sourceServerConfiguration)) {
                String parameter2 = request.getParameter("user_login_token");
                if (parameter2 == null) {
                    parameter2 = generateNewToken(parameter);
                }
                String stringValue = sourceServerConfiguration.getStringValue(SERVER_CONFIG_SERVER_NAME_PROPERTY_NAME);
                this.logger.warn("Remote server name: [{}]", stringValue);
                this.storageManager.storeLocalLoginToken(parameter, stringValue, parameter2);
                generateSuccessfulResponse.element("user_login_token", parameter2);
            }
            return generateSuccessfulResponse;
        } catch (Exception e) {
            this.logger.error("Unable to perform getConfig [{}] {}", e.getMessage(), e);
            return generateFailedActionResponse();
        }
    }

    @Override // org.phenotips.data.receive.ReceivePatientData
    public JSONObject getPatientURL() {
        try {
            XWikiContext xContext = getXContext();
            XWikiRequest request = xContext.getRequest();
            this.logger.warn("Get patient URL request from remote [{}]", request.getRemoteAddr());
            JSONObject validateLogin = validateLogin(request, xContext);
            if (validateLogin != null) {
                return validateLogin;
            }
            String parameter = request.getParameter("username");
            String parameter2 = request.getParameter("patient_guid");
            if (parameter == null || parameter2 == null) {
                return generateFailedActionResponse();
            }
            Patient patientByGUID = getPatientByGUID(parameter2);
            return patientByGUID == null ? generateFailedActionResponse("incorrect_guid") : !userCanAccessPatient(parameter, patientByGUID) ? generateFailedActionResponse("guid_access_denied") : generateSuccessfulResponseWithPatientIDs(patientByGUID, xContext);
        } catch (Exception e) {
            this.logger.error("Unable to process URL request [{}] {}", e.getMessage(), e);
            return generateFailedActionResponse();
        }
    }

    protected Patient getPatientByGUID(String str) {
        try {
            List execute = this.queryManager.createQuery("from doc.object(PhenoTips.PatientClass) as o where o.guid = :guid", "xwql").bindValue("guid", str).execute();
            if (execute.size() == 1) {
                return new PhenoTipsPatient(this.bridge.getDocument(this.stringResolver.resolve(execute.get(0), new Object[]{Patient.DEFAULT_DATA_SPACE})));
            }
            return null;
        } catch (Exception e) {
            this.logger.warn("Failed to get patient with GUID [{}]: [{}] {}", new Object[]{str, e.getMessage(), e});
            return null;
        }
    }

    private boolean userCanAccessPatient(String str, Patient patient) {
        try {
            XWikiDocument document = this.bridge.getDocument(patient.getDocument());
            if (document.getCreatorReference() != null && document.getCreatorReference().getName().equals(str)) {
                return true;
            }
            if (document.getAuthorReference() != null) {
                return document.getAuthorReference().getName().equals(str);
            }
            return false;
        } catch (Exception e) {
            return false;
        }
    }

    private boolean updatesByGUIDEnabled(String str, XWikiContext xWikiContext) {
        return getSourceServerConfiguration(str, xWikiContext).getIntValue(SERVER_CONFIG_UPDATES_ENABLED_PROPERTY_NAME) == 1;
    }

    private XWikiContext getXContext() {
        return (XWikiContext) this.execution.getContext().getProperty("xwikicontext");
    }

    private BaseObject getSourceServerConfiguration(String str, XWikiContext xWikiContext) {
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(new DocumentReference(xWikiContext.getDatabase(), "XWiki", "XWikiPreferences"), xWikiContext);
            BaseObject xObject = document.getXObject(new DocumentReference(xWikiContext.getDatabase(), "PhenoTips", "ReceivePatientServer"), SERVER_CONFIG_IP_PROPERTY_NAME, str);
            if (xObject != null) {
                return xObject;
            }
            return document.getXObject(new DocumentReference(xWikiContext.getDatabase(), "PhenoTips", "ReceivePatientServer"), SERVER_CONFIG_IP_PROPERTY_NAME, InetAddress.getByName(str).getHostName());
        } catch (Exception e) {
            this.logger.error("Failed to get server info: [{}] {}", e.getMessage(), e);
            return null;
        }
    }
}
