package org.sakaiproject.blti;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.TreeMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.SimpleOAuthValidator;
import net.oauth.server.OAuthServlet;
import net.oauth.signature.OAuthSignatureMethod;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.azeckoski.reflectutils.transcoders.JSONTranscoder;
import org.imsglobal.basiclti.BasicLTIConstants;
import org.imsglobal.basiclti.BasicLTIUtil;
import org.imsglobal.basiclti.XMLMap;
import org.imsglobal.pox.IMSPOXRequest;
import org.sakaiproject.authz.api.Member;
import org.sakaiproject.authz.api.Role;
import org.sakaiproject.authz.api.SecurityAdvisor;
import org.sakaiproject.authz.cover.SecurityService;
import org.sakaiproject.basiclti.util.SakaiBLTIUtil;
import org.sakaiproject.basiclti.util.ShaUtil;
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.component.cover.ServerConfigurationService;
import org.sakaiproject.service.gradebook.shared.Assignment;
import org.sakaiproject.service.gradebook.shared.GradebookService;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.api.ToolConfiguration;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.cover.SessionManager;
import org.sakaiproject.user.api.User;
import org.sakaiproject.user.cover.UserDirectoryService;
import org.sakaiproject.util.FormattedText;
import org.sakaiproject.util.ResourceLoader;

/* loaded from: input_file:WEB-INF/classes/org/sakaiproject/blti/ServiceServlet.class */
public class ServiceServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static Log M_log = LogFactory.getLog(ServiceServlet.class);
    private static ResourceLoader rb = new ResourceLoader("blis");

    public void pushAdvisor() {
        SecurityService.pushAdvisor(new SecurityAdvisor() { // from class: org.sakaiproject.blti.ServiceServlet.1
            public SecurityAdvisor.SecurityAdvice isAllowed(String str, String str2, String str3) {
                return SecurityAdvisor.SecurityAdvice.ALLOWED;
            }
        });
    }

    public void popAdvisor() {
        SecurityService.popAdvisor();
    }

    public void doError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, Object> map, String str, String str2, Exception exc) throws IOException {
        if (exc != null) {
            M_log.error(exc.getLocalizedMessage(), exc);
        }
        map.put("/message_response/statusinfo/codemajor", "Fail");
        map.put("/message_response/statusinfo/severity", "Error");
        String str3 = rb.getString(str) + ": " + str2;
        M_log.info(str3);
        map.put("/message_response/statusinfo/description", FormattedText.escapeHtmlFormattedText(str3));
        httpServletResponse.getWriter().println(XMLMap.getXML(map, true));
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String contentType = httpServletRequest.getContentType();
        if (contentType == null || !contentType.startsWith("application/xml")) {
            doPostForm(httpServletRequest, httpServletResponse);
        } else {
            doPostXml(httpServletRequest, httpServletResponse);
        }
    }

    protected void doPostForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter;
        ToolConfiguration toolConfiguration;
        String str;
        String remoteAddr = httpServletRequest.getRemoteAddr();
        M_log.debug("Basic LTI Service request from IP=" + remoteAddr);
        String string = ServerConfigurationService.getString(SakaiBLTIUtil.BASICLTI_OUTCOMES_ENABLED, (String) null);
        if (!JSONTranscoder.BOOLEAN_TRUE.equals(string)) {
            string = null;
        }
        String string2 = ServerConfigurationService.getString(SakaiBLTIUtil.BASICLTI_SETTINGS_ENABLED, (String) null);
        if (!JSONTranscoder.BOOLEAN_TRUE.equals(string2)) {
            string2 = null;
        }
        String string3 = ServerConfigurationService.getString(SakaiBLTIUtil.BASICLTI_ROSTER_ENABLED, (String) null);
        if (!JSONTranscoder.BOOLEAN_TRUE.equals(string3)) {
            string3 = null;
        }
        if (string == null && string2 == null && string3 == null) {
            M_log.warn("Basic LTI Services are disabled IP=" + remoteAddr);
            httpServletResponse.setStatus(HttpStatus.SC_FORBIDDEN);
            return;
        }
        Map<String, Object> treeMap = new TreeMap<>();
        for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
            M_log.debug(((String) entry.getKey()) + ":" + ((String[]) entry.getValue())[0]);
        }
        String parameter2 = httpServletRequest.getParameter(BasicLTIConstants.LTI_MESSAGE_TYPE);
        treeMap.put("/message_response/lti_message_type", parameter2);
        Object obj = null;
        if (BasicLTIUtil.equals(parameter2, "basic-lis-replaceresult") || BasicLTIUtil.equals(parameter2, "basic-lis-createresult") || BasicLTIUtil.equals(parameter2, "basic-lis-updateresult") || BasicLTIUtil.equals(parameter2, "basic-lis-deleteresult") || BasicLTIUtil.equals(parameter2, "basic-lis-readresult")) {
            parameter = httpServletRequest.getParameter("sourcedid");
            if (string != null) {
                obj = "basicoutcome";
            }
        } else if (BasicLTIUtil.equals(parameter2, "basic-lti-loadsetting") || BasicLTIUtil.equals(parameter2, "basic-lti-savesetting") || BasicLTIUtil.equals(parameter2, "basic-lti-deletesetting")) {
            parameter = httpServletRequest.getParameter("id");
            if (string2 != null) {
                obj = "toolsetting";
            }
        } else if (!BasicLTIUtil.equals(parameter2, "basic-lis-readmembershipsforcontext")) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.invalid", "lti_message_type=" + parameter2, null);
            return;
        } else {
            parameter = httpServletRequest.getParameter("id");
            if (string3 != null) {
                obj = "roster";
            }
        }
        if (obj == null) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.invalid", "lti_message_type=" + parameter2, null);
            return;
        }
        if (BasicLTIUtil.isBlank(parameter)) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.missing", "sourcedid", null);
            return;
        }
        String parameter3 = httpServletRequest.getParameter(BasicLTIConstants.LTI_VERSION);
        if (!BasicLTIUtil.equals(parameter3, "LTI-1p0")) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.invalid", "lti_version=" + parameter3, null);
            return;
        }
        String parameter4 = httpServletRequest.getParameter(OAuth.OAUTH_CONSUMER_KEY);
        if (BasicLTIUtil.isBlank(parameter4)) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.missing", OAuth.OAUTH_CONSUMER_KEY, null);
            return;
        }
        if (BasicLTIUtil.equals(parameter2, "basic-lis-deleteresult")) {
            treeMap.put("/message_response/statusinfo/codemajor", "Unsupported");
            treeMap.put("/message_response/statusinfo/severity", "Error");
            treeMap.put("/message_response/statusinfo/codeminor", "cannotdelete");
            httpServletResponse.getWriter().println(XMLMap.getXML(treeMap, true));
            return;
        }
        if (parameter.length() > 2048) {
            parameter = parameter.substring(0, 2048);
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        try {
            int indexOf = parameter.indexOf(":::");
            if (indexOf > 0) {
                str3 = parameter.substring(0, indexOf);
                String substring = parameter.substring(indexOf + 3);
                int indexOf2 = substring.indexOf(":::");
                str4 = substring.substring(0, indexOf2);
                str2 = substring.substring(indexOf2 + 3);
            }
        } catch (Exception e) {
            M_log.warn("Unable to decrypt result_sourcedid IP=" + remoteAddr + " Error=" + e.getMessage(), e);
            str3 = null;
            str2 = null;
            str4 = null;
        }
        if (str2 == null || str4 == null) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.sourcedid", "sourcedid", null);
            return;
        }
        M_log.debug("signature=" + str3);
        M_log.debug("user_id=" + str4);
        M_log.debug("placement_id=" + str2);
        Properties config = SiteService.findTool(str2).getConfig();
        String str5 = null;
        Site site = null;
        try {
            toolConfiguration = SiteService.findTool(str2);
            config = toolConfiguration.getConfig();
            str5 = toolConfiguration.getSiteId();
            site = SiteService.getSite(str5);
        } catch (Exception e2) {
            M_log.debug("Error retrieving result_sourcedid information: " + e2.getLocalizedMessage(), e2);
            toolConfiguration = null;
        }
        if (toolConfiguration == null || config == null || str5 == null || site == null) {
            doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.sourcedid", "sourcedid", null);
            return;
        }
        String str6 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "secret", toolConfiguration));
        OAuthMessage message = OAuthServlet.getMessage(httpServletRequest, null);
        SimpleOAuthValidator simpleOAuthValidator = new SimpleOAuthValidator();
        OAuthAccessor oAuthAccessor = new OAuthAccessor(new OAuthConsumer("about:blank#OAuth+CallBack+NotUsed", parameter4, str6, null));
        try {
            str = OAuthSignatureMethod.getBaseString(message);
        } catch (Exception e3) {
            M_log.error(e3.getLocalizedMessage(), e3);
            str = null;
        }
        try {
            simpleOAuthValidator.validateMessage(message, oAuthAccessor);
            String str7 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "placementsecret", toolConfiguration));
            if (str7 == null) {
                doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.sourcedid", "sourcedid", null);
                return;
            }
            String sha256Hash = ShaUtil.sha256Hash(str7 + ":::" + str4 + ":::" + str2);
            M_log.debug("Received signature=" + str3 + " received=" + sha256Hash);
            boolean equals = str3.equals(sha256Hash);
            if (SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "oldplacementsecret", toolConfiguration)) != null && !equals) {
                String sha256Hash2 = ShaUtil.sha256Hash(str7 + ":::" + str4 + ":::" + str2);
                M_log.debug("Received signature II=" + str3 + " received=" + sha256Hash2);
                equals = str3.equals(sha256Hash2);
            }
            if (!equals) {
                doError(httpServletRequest, httpServletResponse, treeMap, "outcomes.sourcedid", "sourcedid", null);
                return;
            }
            if ("basicoutcome".equals(obj)) {
                processOutcome(httpServletRequest, httpServletResponse, parameter2, site, str5, toolConfiguration, config, str4, treeMap);
            }
            if ("toolsetting".equals(obj)) {
                processSetting(httpServletRequest, httpServletResponse, parameter2, site, str5, toolConfiguration, config, str4, treeMap);
            }
            if ("roster".equals(obj)) {
                processRoster(httpServletRequest, httpServletResponse, parameter2, site, str5, toolConfiguration, config, str4, treeMap);
            }
        } catch (Exception e4) {
            M_log.warn("Provider failed to validate message");
            M_log.warn(e4.getLocalizedMessage(), e4);
            if (str != null) {
                M_log.warn(str);
            }
            doError(httpServletRequest, httpServletResponse, treeMap, "outcome.no.validate", parameter4, null);
        }
    }

    protected void processSetting(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Site site, String str2, ToolConfiguration toolConfiguration, Properties properties, String str3, Map<String, Object> map) throws IOException {
        if (!"on".equals(SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "allowsettings", toolConfiguration)))) {
            doError(httpServletRequest, httpServletResponse, map, "outcomes.invalid", "lti_message_type=" + str, null);
            return;
        }
        pushAdvisor();
        boolean z = false;
        try {
            try {
                if ("basic-lti-loadsetting".equals(str)) {
                    String property = toolConfiguration.getPlacementConfig().getProperty("toolsetting", null);
                    if (property != null) {
                        map.put("/message_response/setting/value", property);
                    }
                    z = true;
                } else {
                    if ("basic-lti-savesetting".equals(str)) {
                        String parameter = httpServletRequest.getParameter("setting");
                        if (parameter.length() > 8096) {
                            parameter = parameter.substring(0, 8096);
                        }
                        if (parameter == null) {
                            M_log.warn("No setting parameter");
                            doError(httpServletRequest, httpServletResponse, map, "setting.empty", "", null);
                            popAdvisor();
                            return;
                        }
                        toolConfiguration.getPlacementConfig().setProperty("toolsetting", parameter);
                    } else if ("basic-lti-deletesetting".equals(str)) {
                        toolConfiguration.getPlacementConfig().remove("toolsetting");
                    }
                    try {
                        toolConfiguration.save();
                        z = true;
                    } catch (Exception e) {
                        doError(httpServletRequest, httpServletResponse, map, "setting.save.fail", "", e);
                    }
                }
                popAdvisor();
            } catch (Exception e2) {
                doError(httpServletRequest, httpServletResponse, map, "setting.fail", "", e2);
                popAdvisor();
            }
            if (z) {
                map.put("/message_response/statusinfo/codemajor", "Success");
                map.put("/message_response/statusinfo/severity", "Status");
                map.put("/message_response/statusinfo/codeminor", IMSPOXRequest.MINOR_FULLSUCCESS);
                httpServletResponse.getWriter().println(XMLMap.getXML(map, true));
            }
        } catch (Throwable th) {
            popAdvisor();
            throw th;
        }
    }

    protected void processOutcome(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Site site, String str2, ToolConfiguration toolConfiguration, Properties properties, String str3, Map<String, Object> map) throws IOException {
        try {
            if (site.getMember(str3) != null) {
            }
            String str4 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "assignment", toolConfiguration));
            M_log.debug("ASSN=" + str4);
            if (str4 == null) {
                doError(httpServletRequest, httpServletResponse, map, "outcome.no.assignment", "", null);
                return;
            }
            GradebookService gradebookService = (GradebookService) ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
            Assignment assignment = null;
            pushAdvisor();
            try {
                Iterator it = gradebookService.getAssignments(str2).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Assignment assignment2 = (Assignment) it.next();
                    if (!assignment2.isExternallyMaintained() && str4.equals(assignment2.getName())) {
                        assignment = assignment2;
                        break;
                    }
                }
                popAdvisor();
            } catch (Exception e) {
                assignment = null;
                popAdvisor();
            } catch (Throwable th) {
                popAdvisor();
                throw th;
            }
            if (assignment == null) {
                doError(httpServletRequest, httpServletResponse, map, "outcome.no.assignment", "", null);
                return;
            }
            boolean equals = BasicLTIUtil.equals(str, "basic-lis-readresult");
            String parameter = httpServletRequest.getParameter("result_resultscore_textstring");
            if (BasicLTIUtil.isBlank(parameter) && !equals) {
                doError(httpServletRequest, httpServletResponse, map, "outcomes.missing", "result_resultscore_textstring", null);
                return;
            }
            Session currentSession = SessionManager.getCurrentSession();
            pushAdvisor();
            boolean z = false;
            try {
                try {
                    String string = ServerConfigurationService.getString("basiclti.outcomes.userid", "admin");
                    String string2 = ServerConfigurationService.getString("basiclti.outcomes.usereid", string);
                    currentSession.setUserId(string);
                    currentSession.setUserEid(string2);
                    if (equals) {
                        map.put("/message_response/result/resultscore/textstring", Double.valueOf(new Double(gradebookService.getAssignmentScoreString(str2, str4, str3)).doubleValue() / assignment.getPoints().doubleValue()).toString());
                    } else {
                        gradebookService.setAssignmentScore(str2, str4, str3, Double.valueOf(new Double(parameter).doubleValue() * assignment.getPoints().doubleValue()), "External Outcome");
                        M_log.info("Stored Score=" + str2 + " assignment=" + str4 + " user_id=" + str3 + " score=" + parameter);
                    }
                    z = true;
                    map.put("/message_response/statusinfo/codemajor", "Success");
                    map.put("/message_response/statusinfo/severity", "Status");
                    map.put("/message_response/statusinfo/codeminor", IMSPOXRequest.MINOR_FULLSUCCESS);
                    currentSession.invalidate();
                    popAdvisor();
                } catch (Exception e2) {
                    doError(httpServletRequest, httpServletResponse, map, "outcome.grade.fail", "siteId=" + str2, e2);
                    currentSession.invalidate();
                    popAdvisor();
                }
                if (z) {
                    httpServletResponse.getWriter().println(XMLMap.getXML(map, true));
                }
            } catch (Throwable th2) {
                currentSession.invalidate();
                popAdvisor();
                throw th2;
            }
        } catch (Exception e3) {
            M_log.warn(e3.getLocalizedMessage() + " siteId=" + str2, e3);
            doError(httpServletRequest, httpServletResponse, map, "outcome.site.membership", "", e3);
        }
    }

    protected void processRoster(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Site site, String str2, ToolConfiguration toolConfiguration, Properties properties, String str3, Map<String, Object> map) throws IOException {
        if (!"on".equals(SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "allowroster", toolConfiguration)))) {
            doError(httpServletRequest, httpServletResponse, map, "outcomes.invalid", "lti_message_type=" + str, null);
            return;
        }
        String str4 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "releasename", toolConfiguration));
        String str5 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "releaseemail", toolConfiguration));
        String str6 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "assignment", toolConfiguration));
        String string = ServerConfigurationService.getString(SakaiBLTIUtil.BASICLTI_OUTCOMES_ENABLED, (String) null);
        if (!JSONTranscoder.BOOLEAN_TRUE.equals(string)) {
            string = null;
        }
        String maintainRole = site.getMaintainRole();
        pushAdvisor();
        boolean z = false;
        try {
            try {
                ArrayList arrayList = new ArrayList();
                for (Member member : site.getMembers()) {
                    TreeMap treeMap = new TreeMap();
                    Role role = member.getRole();
                    String userId = member.getUserId();
                    treeMap.put("/user_id", userId);
                    Object obj = "Learner";
                    if (maintainRole != null && maintainRole.equals(role.getId())) {
                        obj = "Instructor";
                    }
                    treeMap.put("/role", obj);
                    User user = null;
                    if (JSONTranscoder.BOOLEAN_TRUE.equals(string) && str6 != null) {
                        user = UserDirectoryService.getUser(userId);
                        String sourceDID = SakaiBLTIUtil.getSourceDID(user, toolConfiguration, properties);
                        if (sourceDID != null) {
                            treeMap.put("/lis_result_sourcedid", sourceDID);
                        }
                    }
                    if ("on".equals(str4) || "on".equals(str5)) {
                        if (user == null) {
                            user = UserDirectoryService.getUser(userId);
                        }
                        if ("on".equals(str4)) {
                            treeMap.put("/person_name_given", user.getFirstName());
                            treeMap.put("/person_name_family", user.getLastName());
                            treeMap.put("/person_name_full", user.getDisplayName());
                        }
                        if ("on".equals(str5)) {
                            treeMap.put("/person_contact_email_primary", user.getEmail());
                            treeMap.put("/person_sourcedid", user.getEid());
                        }
                    }
                    arrayList.add(treeMap);
                }
                map.put("/message_response/members/member", arrayList);
                z = true;
                popAdvisor();
            } catch (Exception e) {
                doError(httpServletRequest, httpServletResponse, map, "memberships.fail", "", e);
                popAdvisor();
            }
            if (z) {
                map.put("/message_response/statusinfo/codemajor", "Success");
                map.put("/message_response/statusinfo/severity", "Status");
                map.put("/message_response/statusinfo/codeminor", IMSPOXRequest.MINOR_FULLSUCCESS);
                httpServletResponse.getWriter().println(XMLMap.getXML(map, true));
            }
        } catch (Throwable th) {
            popAdvisor();
            throw th;
        }
    }

    public void doErrorXml(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IMSPOXRequest iMSPOXRequest, String str, String str2, Exception exc) throws IOException {
        if (exc != null) {
            M_log.error(exc.getLocalizedMessage(), exc);
        }
        String str3 = rb.getString(str) + ": " + str2;
        M_log.info(str3);
        httpServletResponse.setContentType("application/xml");
        httpServletResponse.getWriter().println(IMSPOXRequest.getFatalResponse(str3));
    }

    protected void doPostXml(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ToolConfiguration toolConfiguration;
        String remoteAddr = httpServletRequest.getRemoteAddr();
        M_log.debug("LTI POX Service request from IP=" + remoteAddr);
        String string = ServerConfigurationService.getString(SakaiBLTIUtil.BASICLTI_OUTCOMES_ENABLED, (String) null);
        if (!JSONTranscoder.BOOLEAN_TRUE.equals(string)) {
            string = null;
        }
        if (string == null) {
            M_log.warn("Basic LTI Services are disabled IP=" + remoteAddr);
            httpServletResponse.setStatus(HttpStatus.SC_FORBIDDEN);
            return;
        }
        IMSPOXRequest iMSPOXRequest = new IMSPOXRequest(httpServletRequest);
        if (!iMSPOXRequest.valid) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "pox.invalid", iMSPOXRequest.errorMessage, null);
            return;
        }
        String operation = iMSPOXRequest.getOperation();
        if ((!"replaceResultRequest".equals(operation) && !"readResultRequest".equals(operation) && !"deleteResultRequest".equals(operation)) || string == null) {
            String responseUnsupported = iMSPOXRequest.getResponseUnsupported("Not supported " + operation);
            httpServletResponse.setContentType("application/xml");
            httpServletResponse.getWriter().println(responseUnsupported);
            return;
        }
        String str = iMSPOXRequest.getBodyMap().get("/resultRecord/sourcedGUID/sourcedId");
        if (BasicLTIUtil.isBlank(str)) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.missing", "sourcedid", null);
            return;
        }
        if (str.length() > 2048) {
            str = str.substring(0, 2048);
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        try {
            int indexOf = str.indexOf(":::");
            if (indexOf > 0) {
                str3 = str.substring(0, indexOf);
                String substring = str.substring(indexOf + 3);
                int indexOf2 = substring.indexOf(":::");
                str4 = substring.substring(0, indexOf2);
                str2 = substring.substring(indexOf2 + 3);
            }
        } catch (Exception e) {
            M_log.warn("Unable to decrypt result_sourcedid IP=" + remoteAddr + " Error=" + e.getMessage(), e);
            str3 = null;
            str2 = null;
            str4 = null;
        }
        if (str2 == null || str4 == null) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.sourcedid", "sourcedid", null);
            return;
        }
        M_log.debug("signature=" + str3);
        M_log.debug("user_id=" + str4);
        M_log.debug("placement_id=" + str2);
        Properties config = SiteService.findTool(str2).getConfig();
        String str5 = null;
        Site site = null;
        try {
            toolConfiguration = SiteService.findTool(str2);
            config = toolConfiguration.getConfig();
            str5 = toolConfiguration.getSiteId();
            site = SiteService.getSite(str5);
        } catch (Exception e2) {
            M_log.debug("Error retrieving result_sourcedid information: " + e2.getLocalizedMessage(), e2);
            toolConfiguration = null;
        }
        if (toolConfiguration == null || config == null || str5 == null || site == null) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.sourcedid", "sourcedid", null);
            return;
        }
        String oAuthConsumerKey = iMSPOXRequest.getOAuthConsumerKey();
        iMSPOXRequest.validateRequest(oAuthConsumerKey, SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "secret", toolConfiguration)), httpServletRequest);
        if (!iMSPOXRequest.valid) {
            if (iMSPOXRequest.base_string != null) {
                M_log.warn(iMSPOXRequest.base_string);
            }
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcome.no.validate", oAuthConsumerKey, null);
            return;
        }
        String str6 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "placementsecret", toolConfiguration));
        if (str6 == null) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.sourcedid", "sourcedid", null);
            return;
        }
        String sha256Hash = ShaUtil.sha256Hash(str6 + ":::" + str4 + ":::" + str2);
        M_log.debug("Received signature=" + str3 + " received=" + sha256Hash);
        boolean equals = str3.equals(sha256Hash);
        if (SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(config, "oldplacementsecret", toolConfiguration)) != null && !equals) {
            String sha256Hash2 = ShaUtil.sha256Hash(str6 + ":::" + str4 + ":::" + str2);
            M_log.debug("Received signature II=" + str3 + " received=" + sha256Hash2);
            equals = str3.equals(sha256Hash2);
        }
        if (!equals) {
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.sourcedid", "sourcedid", null);
        } else if ("basicoutcome".equals("basicoutcome")) {
            processOutcomeXml(httpServletRequest, httpServletResponse, operation, site, str5, toolConfiguration, config, str4, iMSPOXRequest);
        } else {
            httpServletResponse.setContentType("application/xml");
            httpServletResponse.getWriter().println(iMSPOXRequest.getResponseUnsupported("Message received and validated operation=" + iMSPOXRequest.getOperation()));
        }
    }

    protected void processOutcomeXml(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Site site, String str2, ToolConfiguration toolConfiguration, Properties properties, String str3, IMSPOXRequest iMSPOXRequest) throws IOException {
        try {
            if (site.getMember(str3) != null) {
            }
            String str4 = SakaiBLTIUtil.toNull(SakaiBLTIUtil.getCorrectProperty(properties, "assignment", toolConfiguration));
            M_log.debug("ASSN=" + str4);
            if (str4 == null) {
                doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcome.no.assignment", "", null);
                return;
            }
            GradebookService gradebookService = (GradebookService) ComponentManager.get("org.sakaiproject.service.gradebook.GradebookService");
            Assignment assignment = null;
            pushAdvisor();
            try {
                Iterator it = gradebookService.getAssignments(str2).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Assignment assignment2 = (Assignment) it.next();
                    if (!assignment2.isExternallyMaintained() && str4.equals(assignment2.getName())) {
                        assignment = assignment2;
                        break;
                    }
                }
                popAdvisor();
            } catch (Exception e) {
                assignment = null;
                popAdvisor();
            } catch (Throwable th) {
                popAdvisor();
                throw th;
            }
            if (assignment == null) {
                doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcome.no.assignment", "", null);
                return;
            }
            boolean equals = BasicLTIUtil.equals(str, "readResultRequest");
            boolean equals2 = BasicLTIUtil.equals(str, "deleteResultRequest");
            Map<String, String> bodyMap = iMSPOXRequest.getBodyMap();
            String str5 = bodyMap.get("/resultRecord/result/resultScore/textString");
            String str6 = bodyMap.get("/resultRecord/result/sourcedId");
            if (BasicLTIUtil.isBlank(str5) && !equals && !equals2) {
                doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcomes.missing", "result_resultscore_textstring", null);
                return;
            }
            TreeMap treeMap = new TreeMap();
            Session currentSession = SessionManager.getCurrentSession();
            pushAdvisor();
            boolean z = false;
            String str7 = null;
            try {
                try {
                    String string = ServerConfigurationService.getString("basiclti.outcomes.userid", "admin");
                    String string2 = ServerConfigurationService.getString("basiclti.outcomes.usereid", string);
                    currentSession.setUserId(string);
                    currentSession.setUserEid(string2);
                    if (equals) {
                        Double valueOf = Double.valueOf(new Double(gradebookService.getAssignmentScoreString(str2, str4, str3)).doubleValue() / assignment.getPoints().doubleValue());
                        String d = valueOf.doubleValue() != 0.0d ? valueOf.toString() : "";
                        treeMap.put("/readResultResponse/result/sourcedId", str6);
                        treeMap.put("/readResultResponse/result/resultScore/textString", d);
                        treeMap.put("/readResultResponse/result/resultScore/language", "en");
                        str7 = "Result read";
                    } else if (equals2) {
                        gradebookService.setAssignmentScore(str2, str4, str3, new Double(0.0d), "External Outcome");
                        M_log.info("Delete Score site=" + str2 + " assignment=" + str4 + " user_id=" + str3);
                        treeMap.put("/deleteResultResponse", "");
                        str7 = "Result deleted";
                    } else {
                        Double d2 = new Double(str5);
                        if (d2.doubleValue() < 0.0d || d2.doubleValue() > 1.0d) {
                            throw new Exception("Grade out of range");
                        }
                        gradebookService.setAssignmentScore(str2, str4, str3, Double.valueOf(d2.doubleValue() * assignment.getPoints().doubleValue()), "External Outcome");
                        M_log.info("Stored Score=" + str2 + " assignment=" + str4 + " user_id=" + str3 + " score=" + str5);
                        treeMap.put("/replaceResultResponse", "");
                        str7 = "Result replaced";
                    }
                    z = true;
                    currentSession.invalidate();
                    popAdvisor();
                } catch (Throwable th2) {
                    currentSession.invalidate();
                    popAdvisor();
                    throw th2;
                }
            } catch (Exception e2) {
                doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcome.grade.fail", "siteId=" + str2, e2);
                currentSession.invalidate();
                popAdvisor();
            }
            if (z) {
                String responseSuccess = iMSPOXRequest.getResponseSuccess(str7, treeMap.size() > 0 ? XMLMap.getXMLFragment(treeMap, true) : "");
                httpServletResponse.setContentType("application/xml");
                httpServletResponse.getWriter().println(responseSuccess);
            }
        } catch (Exception e3) {
            M_log.warn(e3.getLocalizedMessage() + " siteId=" + str2, e3);
            doErrorXml(httpServletRequest, httpServletResponse, iMSPOXRequest, "outcome.site.membership", "", e3);
        }
    }

    public void destroy() {
    }
}
