package de.contecon.picapport.server.servlet;

import com.google.common.net.HttpHeaders;
import com.orientechnologies.orient.core.index.OIndexInternal;
import com.orientechnologies.orient.core.sql.functions.misc.OSQLFunctionCount;
import de.contecon.ccuser2.authorization.permission.CcUser2PermissionChecker;
import de.contecon.ccuser2.exceptions.CcUser2Exception;
import de.contecon.ccuser2.persistence.CcUser2UserDAO;
import de.contecon.ccuser2.values.CcUser2Values;
import de.contecon.imageutils.CcJpegUtils;
import de.contecon.picapport.PicApport;
import de.contecon.picapport.PicApportFotoList;
import de.contecon.picapport.PicApportFotoListCache;
import de.contecon.picapport.PicApportPhotoSyncManager;
import de.contecon.picapport.PicApportProperties;
import de.contecon.picapport.db.DbWrapper;
import de.contecon.picapport.db.Photo;
import de.contecon.picapport.db.PicApportDBService;
import de.contecon.picapport.directoryservices.PhotoInFileSystem;
import de.contecon.picapport.plugins.PluginManager;
import de.contecon.picapport.plugins.otherformats.OtherFormatsDescriptor;
import de.contecon.picapport.server.IPicApportViewSession;
import de.contecon.picapport.server.PicApportSession;
import de.contecon.picapport.server.PicApportWebApiException;
import de.contecon.picapport.server.PicApportWebApiSession;
import de.contecon.picapport.server.PicApportWebApiSessionManager;
import de.contecon.picapport.userservices.NotAuthorisedException;
import de.contecon.picapport.userservices.Permission;
import de.contecon.picapport.userservices.UserManager;
import de.contecon.picapport.userservices.UserSession;
import java.io.File;
import java.io.IOException;
import java.io.OutputStream;
import java.lang.reflect.InvocationTargetException;
import java.nio.file.Files;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import java.util.ResourceBundle;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.essc.util.GenLog;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: input_file:de/contecon/picapport/server/servlet/PicApportWebApiServlet.class */
public class PicApportWebApiServlet extends PicApportResourceServlet {
    public static final String SERVLET_PATH = "/picapportapi/1.0/*";
    private static final String ERROR_MSG_PREFIX = "PicApport WebApi: ";
    private PicApportUploadServlet uploadServlet = new PicApportUploadServlet();
    private static final transient ResourceBundle res = ResourceBundle.getBundle("de.contecon.picapport.Res");
    private static SimpleDateFormat jsonDateformat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGet(httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // de.contecon.picapport.server.servlet.PicApportResourceServlet, javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null || pathInfo.length() < 2) {
            throw new ServletException("api Function not set.");
        }
        String substring = pathInfo.substring(1);
        if (GenLog.isTracelevel(4)) {
            dumpWebApiParameter(substring, httpServletRequest);
        }
        if (!PicApportProperties.getInstance().isWebApiFuncAllowed(substring)) {
            httpServletResponse.sendError(403, "PicApport WebApi: Invalid function " + substring);
            return;
        }
        String str = "pawa_" + substring;
        try {
            Object invoke = getClass().getMethod(str, HttpServletRequest.class, HttpServletResponse.class).invoke(this, httpServletRequest, httpServletResponse);
            try {
                if (GenLog.isTracelevel(4)) {
                    dumpWebApiResult(invoke);
                }
                if (null != invoke) {
                    httpServletResponse.setHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=utf-8");
                    httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
                    httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
                    httpServletResponse.setCharacterEncoding("UTF-8");
                    if (invoke instanceof JSONObject) {
                        ((JSONObject) invoke).write(httpServletResponse.getWriter());
                    } else {
                        ((JSONArray) invoke).write(httpServletResponse.getWriter());
                    }
                    httpServletResponse.flushBuffer();
                    httpServletResponse.getWriter().close();
                }
            } catch (Exception e) {
                throw new ServletException("Unexpected error", e);
            }
        } catch (Exception e2) {
            if (GenLog.isTracelevel(4)) {
                GenLog.dumpException(e2);
            } else {
                GenLog.dumpExceptionError("PicApportWebApiServlet.doGet", e2);
            }
            Throwable th = null;
            if (e2 instanceof InvocationTargetException) {
                th = ((InvocationTargetException) e2).getCause();
            }
            if (null == th || !(th instanceof PicApportWebApiException)) {
                httpServletResponse.sendError(500, "PicApport WebApi: Unexpected Error in method " + str + ": " + (null != th ? th.getLocalizedMessage() : e2.getLocalizedMessage()));
            } else {
                httpServletResponse.sendError(((PicApportWebApiException) th).status, "PicApport WebApi: Method " + str + " Reason: " + th.getLocalizedMessage());
            }
        }
    }

    private void dumpWebApiParameter(String str, HttpServletRequest httpServletRequest) {
        GenLog.dumpDebugMessage("WebApi Request");
        GenLog.dumpMessage("       " + str);
        Enumeration<String> parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            for (String str2 : httpServletRequest.getParameterValues(nextElement)) {
                GenLog.dumpMessage("       " + nextElement + "=" + (PicApportResourceServlet.APIPW.equals(nextElement.toLowerCase()) ? "**********" : str2));
            }
        }
    }

    private void dumpWebApiResult(Object obj) {
        if (null == obj) {
            GenLog.dumpMessage("       WebApi Result=null");
            return;
        }
        GenLog.dumpMessage("       WebApi Result class=" + obj.getClass().getName());
        if (obj instanceof JSONObject) {
            GenLog.dumpMessage(((JSONObject) obj).toString(2));
        }
    }

    public JSONObject pawa_createWebApiSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException, Exception {
        JSONObject jSONObject = new JSONObject();
        PicApportProperties picApportProperties = PicApportProperties.getInstance();
        String parameter = httpServletRequest.getParameter(PicApportResourceServlet.APIKEY);
        if (!picApportProperties.isApiKeyValid(parameter)) {
            throw new PicApportWebApiException(403, "invalid apikey: " + parameter);
        }
        PicApportWebApiSession createWebApiSession = PicApportWebApiSessionManager.getInstance().createWebApiSession(httpServletRequest, httpServletResponse);
        boolean z = false;
        String apiDefaultUid = picApportProperties.getApiDefaultUid();
        if (null != apiDefaultUid) {
            z = createWebApiSession.getPicApportSession().getUserSession().doLogon(apiDefaultUid, apiDefaultUid);
        }
        jSONObject.put(PicApportResourceServlet.APISID, createWebApiSession.getAPIsid());
        jSONObject.put("authorised", z);
        if (PicApportProperties.getInstance().isWebApiPasswordEncryptionEnabled()) {
            createWebApiSession.createEncryptionHandlerForSession(jSONObject);
        } else {
            jSONObject.put(OIndexInternal.ALGORITHM, AlgorithmIdentifiers.NONE);
        }
        return jSONObject;
    }

    public JSONObject pawa_closeWebApiSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(PicApportResourceServlet.APISID, PicApportWebApiSessionManager.getInstance().closeWebApiSession(httpServletRequest, httpServletResponse));
        return jSONObject;
    }

    public JSONObject pawa_checkUserPermission(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        String parameter = httpServletRequest.getParameter(PicApportResourceServlet.PERMID);
        if (null == parameter) {
            throw new PicApportWebApiException(403, "permid not defined.");
        }
        boolean hasPermission = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse).getPicApportSession().getUserSession().hasPermission(parameter);
        jSONObject.put(PicApportResourceServlet.PERMID, parameter);
        jSONObject.put("hasPermission", hasPermission);
        return jSONObject;
    }

    public JSONObject pawa_authorizeWebApiSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        PicApportProperties picApportProperties = PicApportProperties.getInstance();
        PicApportWebApiSession webApiSession = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse);
        String parameter = httpServletRequest.getParameter(PicApportResourceServlet.APIUID);
        String parameter2 = httpServletRequest.getParameter(PicApportResourceServlet.APIPW);
        if (picApportProperties.isWebApiPasswordEncryptionEnabled()) {
            try {
                parameter2 = webApiSession.decryptPW(parameter2);
            } catch (Exception e) {
                GenLog.dumpException(e);
                throw new PicApportWebApiException(403, "can't decrypt password");
            }
        }
        boolean doLogon = webApiSession.getPicApportSession().getUserSession().doLogon(parameter, parameter2);
        webApiSession.getPicApportSession().removeAllViewSessions();
        jSONObject.put(PicApportResourceServlet.APISID, webApiSession.getAPIsid());
        jSONObject.put(PicApportResourceServlet.APIUID, parameter);
        jSONObject.put("authorised", doLogon);
        return jSONObject;
    }

    public JSONObject pawa_runQuery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        PicApportWebApiSession webApiSession = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse);
        IPicApportViewSession createViewSessionQuery = webApiSession.getPicApportSession().createViewSessionQuery(httpServletRequest.getParameter(PicApportResourceServlet.QUERY), null);
        jSONObject.put(PicApportResourceServlet.APISID, webApiSession.getAPIsid());
        jSONObject.put(PicApportResourceServlet.VID, createViewSessionQuery.getVid());
        jSONObject.put(OSQLFunctionCount.NAME, createViewSessionQuery.getNumPhotos());
        return jSONObject;
    }

    public JSONObject pawa_upload(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        PicApportWebApiSession webApiSession = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse);
        PicApportSession picApportSession = webApiSession.getPicApportSession();
        jSONObject.put(PicApportResourceServlet.APISID, webApiSession.getAPIsid());
        try {
            this.uploadServlet.process(httpServletRequest, httpServletResponse, picApportSession.getUserSession(), jSONObject);
            return jSONObject;
        } catch (Exception e) {
            if (GenLog.isTracelevel(4)) {
                GenLog.dumpException(e);
            } else {
                GenLog.dumpExceptionError("PicApportWebApiServlet.pawa_upload", e);
            }
            throw new PicApportWebApiException(500, e.getLocalizedMessage());
        }
    }

    private void writeGallery(JSONObject jSONObject, CcUser2UserDAO ccUser2UserDAO, PicApportFotoList picApportFotoList) {
        jSONObject.put(PicApportResourceServlet.SID, ccUser2UserDAO.getAccessToken(UserManager.ACCESS_TOKEN_ID_SHARE)).put(PicApportResourceServlet.APIUID, ccUser2UserDAO.getId()).put("name", ccUser2UserDAO.getName()).put(CcUser2Values.DESCRIPTION, ccUser2UserDAO.getDescription()).put(OSQLFunctionCount.NAME, picApportFotoList.size()).put("indexmarked", Math.max(-1, Math.min(picApportFotoList.size() - 1, ccUser2UserDAO.getOptionalIntAttribute(UserManager.ATTR_FIRST_MARKED_INDEX, -1)))).put(CcUser2Values.CREATED, toApiTimeStamp(ccUser2UserDAO.getCreated())).put("expires", 0 == ccUser2UserDAO.getActiveUntil() ? "never" : toApiTimeStamp(ccUser2UserDAO.getActiveUntil()));
    }

    public JSONObject pawa_getSharedGallerys(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        int i = 0;
        for (CcUser2UserDAO ccUser2UserDAO : UserManager.getInstance().getCcum().getAllUsersAsList(UserManager.SYSTEM_ID_GROUP_SHAREDLINKS)) {
            try {
                JSONObject jSONObject2 = new JSONObject();
                writeGallery(jSONObject2, ccUser2UserDAO, PicApportFotoListCache.getInstance().getGalleryForSharedUserID(ccUser2UserDAO.getId()));
                jSONArray.put(jSONObject2);
                i++;
            } catch (Exception e) {
                if (GenLog.isTracelevel(4)) {
                    GenLog.dumpException(e);
                } else {
                    GenLog.dumpExceptionError("PicApportWebApiServlet.pawa_getSharedGallerys", e);
                }
            }
        }
        jSONObject.put(OSQLFunctionCount.NAME, i);
        jSONObject.put("gallerys", jSONArray);
        return jSONObject;
    }

    public JSONObject pawa_getGallery(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        JSONObject jSONObject = new JSONObject();
        String parameter = httpServletRequest.getParameter(PicApportResourceServlet.SID);
        boolean optionalBooleanFromParameter = getOptionalBooleanFromParameter(httpServletRequest, "withmeta", false);
        if (parameter != null) {
            try {
                CcUser2PermissionChecker authenticateUserWithAccessToken = UserManager.getInstance().getCcum().authenticateUserWithAccessToken(parameter, UserManager.ACCESS_TOKEN_ID_SHARE);
                CcUser2UserDAO user = authenticateUserWithAccessToken.getUser();
                PicApportFotoList galleryForSharedUserID = PicApportFotoListCache.getInstance().getGalleryForSharedUserID(user.getId());
                writeGallery(jSONObject, user, galleryForSharedUserID);
                if (optionalBooleanFromParameter && authenticateUserWithAccessToken.hasPermission(Permission.PAP_ACCESS_METADATA.getId())) {
                    List<Photo> loadPhotos = galleryForSharedUserID.loadPhotos();
                    JSONArray jSONArray = new JSONArray();
                    for (Photo photo : loadPhotos) {
                        if (null != photo) {
                            jSONArray.put(photo.toJSON(new JSONObject()));
                        } else {
                            jSONArray.put(new JSONObject());
                        }
                    }
                    jSONObject.put("photos", jSONArray);
                }
                return jSONObject;
            } catch (CcUser2Exception e) {
                if (GenLog.isTracelevel(4)) {
                    GenLog.dumpException(e);
                } else {
                    GenLog.dumpExceptionError("PicApportWebApiServlet.pawa_getGallery", e);
                }
            }
        }
        throw new PicApportWebApiException(404, "Gallery not found for sid: " + parameter);
    }

    public JSONObject pawa_getPhotoMetadata(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        getPhotoFromRequest(httpServletRequest, httpServletResponse, Permission.PAP_ACCESS_METADATA.getId()).toJSON(jSONObject);
        return jSONObject;
    }

    public JSONObject pawa_removePhoto(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        JSONObject jSONObject = new JSONObject();
        int photoRecIdFromRequest = getPhotoRecIdFromRequest(httpServletRequest, httpServletResponse, Permission.PAP_ACCESS_REMOVEPHOTOS.getId());
        String uid = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse).getPicApportSession().getUserSession().getUid();
        DbWrapper dbWrapper = PicApportDBService.getInstance().getDbWrapper();
        Throwable th = null;
        try {
            try {
                dbWrapper.removePhoto(photoRecIdFromRequest, null, uid);
                if (dbWrapper != null) {
                    if (0 != 0) {
                        try {
                            dbWrapper.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        dbWrapper.close();
                    }
                }
                jSONObject.put("removed", true);
                return jSONObject;
            } finally {
            }
        } catch (Throwable th3) {
            if (dbWrapper != null) {
                if (th != null) {
                    try {
                        dbWrapper.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dbWrapper.close();
                }
            }
            throw th3;
        }
    }

    public JSONObject pawa_checkPhotoId(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        try {
            PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse).getPicApportSession().getUserSession().checkPermission(Permission.PAP_ACCESS_UPLOADS);
            String optionalStringFromParameter = getOptionalStringFromParameter(httpServletRequest, PicApportResourceServlet.PHOTOID, "");
            DbWrapper dbWrapper = PicApportDBService.getInstance().getDbWrapper();
            Throwable th = null;
            try {
                try {
                    boolean doesPhotoIdExist = dbWrapper.doesPhotoIdExist(optionalStringFromParameter);
                    if (dbWrapper != null) {
                        if (0 != 0) {
                            try {
                                dbWrapper.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            dbWrapper.close();
                        }
                    }
                    boolean doesPhotoIdExist2 = PicApportPhotoSyncManager.getInstance().doesPhotoIdExist(optionalStringFromParameter);
                    jSONObject.put("photoID", optionalStringFromParameter);
                    jSONObject.put("exists", doesPhotoIdExist);
                    jSONObject.put("alreadySynced", doesPhotoIdExist2);
                    return jSONObject;
                } finally {
                }
            } catch (Throwable th3) {
                if (dbWrapper != null) {
                    if (th != null) {
                        try {
                            dbWrapper.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        dbWrapper.close();
                    }
                }
                throw th3;
            }
        } catch (NotAuthorisedException e) {
            if (GenLog.isTracelevel(4)) {
                GenLog.dumpException(e);
            } else {
                GenLog.dumpExceptionError("PicApportWebApiServlet.pawa_checkPhotoId", e);
            }
            throw new PicApportWebApiException(403, "download permission required.");
        }
    }

    public JSONObject pawa_getServerStatus(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws PicApportWebApiException {
        JSONObject jSONObject = new JSONObject();
        UserSession userSession = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse).getPicApportSession().getUserSession();
        PicApportProperties picApportProperties = PicApportProperties.getInstance();
        jSONObject.put("versionMajor", PicApport.getVersionMajor());
        jSONObject.put("versionMinor", PicApport.getVersionMinor());
        jSONObject.put("version", PicApport.getVersionStringForAbout());
        jSONObject.put("versionReady", picApportProperties.isReady());
        jSONObject.put("isValid", userSession.isValid());
        jSONObject.put(PicApportResourceServlet.APIUID, userSession.getUid());
        jSONObject.put("name", userSession.getName());
        jSONObject.put("canUpload", userSession.hasPermission(Permission.PAP_ACCESS_UPLOADS));
        return jSONObject;
    }

    public JSONObject pawa_getOriginalFile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        PhotoInFileSystem photoInFileSystem = getPhotoFromRequest(httpServletRequest, httpServletResponse, Permission.PAP_ACCESS_DOWNLOADS_WITHMETADATA.getId()).getPhotoInFileSystem();
        File fileWithJpgImage = photoInFileSystem.getFileWithJpgImage();
        httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
        httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
        String str = "image/jpeg";
        OtherFormatsDescriptor plugInDescriptor = PluginManager.getInstance().getPlugInDescriptor(photoInFileSystem.getOriginalFile());
        if (plugInDescriptor != null) {
            fileWithJpgImage = photoInFileSystem.getOriginalFile();
            str = plugInDescriptor.getMimeType();
        }
        httpServletResponse.setContentType(str);
        httpServletResponse.addHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=" + fileWithJpgImage.getName());
        Files.copy(fileWithJpgImage.toPath(), httpServletResponse.getOutputStream());
        httpServletResponse.getOutputStream().close();
        return null;
    }

    public JSONObject pawa_getPhoto(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Photo photoFromRequest = getPhotoFromRequest(httpServletRequest, httpServletResponse, null);
        int optionalIntFromParameter = getOptionalIntFromParameter(httpServletRequest, "width", 0);
        int optionalIntFromParameter2 = getOptionalIntFromParameter(httpServletRequest, "height", 0);
        float optionalFloatFromParameter = getOptionalFloatFromParameter(httpServletRequest, "quality", 0.7f);
        httpServletResponse.setContentType("image/jpeg");
        httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
        httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
        if (optionalIntFromParameter < 1 && optionalIntFromParameter2 < 1) {
            CcJpegUtils.getInstance().writeUnscaledImage(httpServletResponse.getOutputStream(), photoFromRequest.getPhotoInFileSystem().getFileWithJpgImage(), optionalFloatFromParameter);
        } else if (optionalIntFromParameter == optionalIntFromParameter2) {
            CcJpegUtils.getInstance().writeSquareImage(httpServletResponse.getOutputStream(), photoFromRequest.getPhotoInFileSystem().getFileWithJpgImage(), optionalIntFromParameter, optionalFloatFromParameter);
        } else {
            CcJpegUtils.getInstance().writeScaledImage(httpServletResponse.getOutputStream(), photoFromRequest.getPhotoInFileSystem().getFileWithJpgImage(), optionalIntFromParameter, optionalIntFromParameter2, optionalFloatFromParameter, optionalIntFromParameter > 0 && optionalIntFromParameter2 > 0);
        }
        httpServletResponse.getOutputStream().close();
        return null;
    }

    public JSONObject pawa_getThumbnail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Photo photoFromRequest = getPhotoFromRequest(httpServletRequest, httpServletResponse, null);
        httpServletResponse.setContentType("image/jpeg");
        httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache, no-store, max-age=0, must-revalidate");
        httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
        if (photoFromRequest.hasThumb()) {
            httpServletResponse.getOutputStream().write(photoFromRequest.getThumb());
        } else {
            PicApportProperties picApportProperties = PicApportProperties.getInstance();
            CcJpegUtils.getInstance().writeScaledImage((OutputStream) httpServletResponse.getOutputStream(), photoFromRequest.getPhotoInFileSystem().getFileWithJpgImage(), 0, picApportProperties.getThumbHeight(), picApportProperties.getFotoJpgQuality(), false);
        }
        httpServletResponse.getOutputStream().close();
        return null;
    }

    private final Photo getPhotoFromRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws PicApportWebApiException {
        return (Photo) getPhotoFromRequest(httpServletRequest, httpServletResponse, str, true);
    }

    private final int getPhotoRecIdFromRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws PicApportWebApiException {
        return ((Integer) getPhotoFromRequest(httpServletRequest, httpServletResponse, str, false)).intValue();
    }

    private final Object getPhotoFromRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) throws PicApportWebApiException {
        Photo photo = null;
        Integer num = null;
        String parameter = httpServletRequest.getParameter(PicApportResourceServlet.SID);
        int optionalIntFromParameter = getOptionalIntFromParameter(httpServletRequest, "index", -1);
        if (!z || parameter == null || optionalIntFromParameter < 0) {
            int optionalIntFromParameter2 = getOptionalIntFromParameter(httpServletRequest, PicApportResourceServlet.VID, -1);
            PicApportWebApiSession webApiSession = PicApportWebApiSessionManager.getInstance().getWebApiSession(httpServletRequest, httpServletResponse);
            String optionalStringFromParameter = getOptionalStringFromParameter(httpServletRequest, PicApportResourceServlet.PHOTOID, "");
            if (null != str) {
                try {
                    webApiSession.getPicApportSession().getUserSession().checkPermission(str);
                } catch (NotAuthorisedException e) {
                    if (GenLog.isTracelevel(4)) {
                        GenLog.dumpException(e);
                    } else {
                        GenLog.dumpExceptionError("PicApportWebApiServlet.getPhotoFromRequest2", e);
                    }
                    throw new PicApportWebApiException(403, "Permission required: " + str);
                }
            }
            if (optionalStringFromParameter.length() > 0) {
                optionalIntFromParameter2 = webApiSession.getPicApportSession().createViewSessionQuery("photoid:\"" + optionalStringFromParameter + "\"", null).getVid();
                optionalIntFromParameter = 0;
            }
            try {
                if (z) {
                    photo = webApiSession.getPicApportSession().getViewSession(optionalIntFromParameter2).getPhoto(optionalIntFromParameter);
                } else {
                    num = Integer.valueOf(webApiSession.getPicApportSession().getViewSession(optionalIntFromParameter2).getPhotoRecId(optionalIntFromParameter));
                }
            } catch (Exception e2) {
                if (GenLog.isTracelevel(4)) {
                    GenLog.dumpException(e2);
                } else {
                    GenLog.dumpExceptionError("PicApportWebApiServlet.getPhotoFromRequest3", e2);
                }
            }
        } else {
            try {
                CcUser2PermissionChecker authenticateUserWithAccessToken = UserManager.getInstance().getCcum().authenticateUserWithAccessToken(parameter, UserManager.ACCESS_TOKEN_ID_SHARE);
                CcUser2UserDAO user = authenticateUserWithAccessToken.getUser();
                if (null == str || (null != str && authenticateUserWithAccessToken.hasPermission(str))) {
                    PicApportFotoList galleryForSharedUserID = PicApportFotoListCache.getInstance().getGalleryForSharedUserID(user.getId());
                    if (optionalIntFromParameter < galleryForSharedUserID.size()) {
                        photo = galleryForSharedUserID.loadPhoto(optionalIntFromParameter);
                    }
                }
            } catch (CcUser2Exception e3) {
                if (GenLog.isTracelevel(4)) {
                    GenLog.dumpException(e3);
                } else {
                    GenLog.dumpExceptionError("PicApportWebApiServlet.getPhotoFromRequest1", e3);
                }
                throw new PicApportWebApiException(403, "no permission for sid: " + parameter);
            }
        }
        if (z) {
            if (null != photo) {
                return photo;
            }
        } else if (null != num) {
            return num;
        }
        throw new PicApportWebApiException(404, "photo not found: " + httpServletRequest.getQueryString());
    }

    private boolean hasPermission(String str, Permission permission) {
        if (null == str) {
            return false;
        }
        try {
            return UserManager.getInstance().getCcum().authenticateUserWithAccessToken(str, UserManager.ACCESS_TOKEN_ID_SHARE).hasPermission(permission.getId());
        } catch (Exception e) {
            if (!GenLog.isTracelevel(4)) {
                return false;
            }
            GenLog.dumpExceptionError("PicApportWebApiServlet.hasPermission", e);
            return false;
        }
    }

    private void checkPermission(String str, Permission permission) throws PicApportWebApiException {
        if (!hasPermission(str, permission)) {
            throw new PicApportWebApiException(403, "Permission required:" + permission.getId());
        }
    }

    private final String toApiTimeStamp(long j) {
        return jsonDateformat.format(new Date(j));
    }
}
