package de.mhus.rest.core.impl;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ObjectNode;
import de.mhus.lib.annotations.service.ServiceComponent;
import de.mhus.lib.basics.RC;
import de.mhus.lib.core.IReadProperties;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MJson;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.aaa.Aaa;
import de.mhus.lib.core.aaa.AccessApi;
import de.mhus.lib.core.cfg.CfgBoolean;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.io.http.MHttp;
import de.mhus.lib.core.logging.ITracer;
import de.mhus.lib.core.logging.Log;
import de.mhus.lib.core.logging.TraceJsonMap;
import de.mhus.lib.core.util.Provider;
import de.mhus.lib.errors.AccessDeniedException;
import de.mhus.lib.errors.MException;
import de.mhus.lib.errors.MRuntimeException;
import de.mhus.rest.core.CallContext;
import de.mhus.rest.core.RestAuthenticator;
import de.mhus.rest.core.RestAuthenticatorByBasicAuth;
import de.mhus.rest.core.RestAuthenticatorByJwt;
import de.mhus.rest.core.RestAuthenticatorByTicket;
import de.mhus.rest.core.api.Node;
import de.mhus.rest.core.api.RestApi;
import de.mhus.rest.core.api.RestException;
import de.mhus.rest.core.api.RestResult;
import de.mhus.rest.core.api.RestTranslationService;
import io.opentracing.Scope;
import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.propagation.Format;
import io.opentracing.tag.Tags;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;

@ServiceComponent(name = "RestServlet", service = {Servlet.class}, property = {"alias=/rest/*"})
/* loaded from: input_file:de/mhus/rest/core/impl/RestServlet.class */
public class RestServlet extends HttpServlet {
    private static final String RESULT_TYPE_JSON = "json";
    private static final String RESULT_TYPE_HTTP = "http";
    private static final String PUBLIC_PATH_START = "/public/";
    private static final String PUBLIC_PATH = "/public";
    private static final long serialVersionUID = 1;
    private Log log = Log.getLog(this);
    private int nextId = 0;
    private LinkedList<RestAuthenticator> authenticators = new LinkedList<>();
    private CfgString CFG_TRACE_ACTIVE = new CfgString(getClass(), "traceActivation", Node.ROOT_PARENT);
    private CfgBoolean CFG_TRACE_FOLLOW = new CfgBoolean(getClass(), "traceFollow", true);
    private CfgBoolean CFG_TRACE_PATH = new CfgBoolean(getClass(), "tracePath", true);
    private CfgBoolean CFG_TRACE_PARAM = new CfgBoolean(getClass(), "traceParam", true);
    private CfgBoolean CFG_HEADER_TAGS = new CfgBoolean(getClass(), "traceHeader", true);
    private CfgBoolean CFG_TRACE_RETURN = new CfgBoolean(getClass(), "traceReturn", true);
    private CfgString CFG_CORS_ORIGIN = new CfgString(getClass(), "corsOrigin", "*");
    private CfgString CFG_CORS_HEADERS = new CfgString(getClass(), "corsHeaders", "*");

    public RestServlet() {
        doInitialize();
    }

    protected void doInitialize() {
        getAuthenticators().add(new RestAuthenticatorByJwt());
        getAuthenticators().add(new RestAuthenticatorByTicket());
        getAuthenticators().add(new RestAuthenticatorByBasicAuth());
    }

    public RestApi getRestService() {
        return (RestApi) M.l(RestApi.class);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Map parameterMap;
        httpServletResponse.setHeader("Access-Control-Allow-Origin", (String) this.CFG_CORS_ORIGIN.value());
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT, HEAD, OPTIONS");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", (String) this.CFG_CORS_HEADERS.value());
        httpServletResponse.setHeader("Access-Control-Max-Age", "0");
        httpServletResponse.setHeader("Cache-Control", "no-store");
        httpServletResponse.setHeader("Vary", "*");
        httpServletResponse.setCharacterEncoding("UTF-8");
        RestApi restService = getRestService();
        if (!restService.checkSecurityRequest(httpServletRequest, httpServletResponse)) {
            this.log.d("request blocked by security", new Object[0]);
            return;
        }
        Scope scope = null;
        try {
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo == null || pathInfo.length() < 1) {
                httpServletResponse.setStatus(404);
                if (0 != 0) {
                    scope.close();
                    return;
                }
                return;
            }
            SpanContext extract = ((Boolean) this.CFG_TRACE_FOLLOW.value()).booleanValue() ? ITracer.get().tracer().extract(Format.Builtin.HTTP_HEADERS, new TraceExtractRest(httpServletRequest)) : null;
            String parameter = httpServletRequest.getParameter("_trace");
            if (MString.isEmpty(parameter)) {
                parameter = (String) this.CFG_TRACE_ACTIVE.value();
            }
            if (extract == null) {
                scope = ITracer.get().start("rest", parameter, new Object[0]);
            } else if (extract != null) {
                scope = ITracer.get().activate(ITracer.get().tracer().buildSpan("rest").asChildOf(extract).start());
            }
            if (MString.isSet(parameter)) {
                ITracer.get().activate(parameter);
            }
            if (scope != null) {
                String parameter2 = httpServletRequest.getParameter("_method");
                if (parameter2 == null) {
                    parameter2 = httpServletRequest.getMethod();
                }
                String upperCase = parameter2.toUpperCase();
                Span current = ITracer.get().current();
                Tags.SPAN_KIND.set(current, "server");
                Tags.HTTP_METHOD.set(current, upperCase);
                Tags.HTTP_URL.set(current, httpServletRequest.getRequestURL().toString());
                current.setTag("http.remote", getRestService().getRemoteAddress(httpServletRequest));
                String pathInfo2 = httpServletRequest.getPathInfo();
                if (((Boolean) this.CFG_TRACE_PATH.value()).booleanValue() && pathInfo2 != null) {
                    int i = 0;
                    for (String str : pathInfo2.split("/")) {
                        current.setTag("urlpart" + i, str);
                        i++;
                    }
                }
                if (((Boolean) this.CFG_TRACE_PARAM.value()).booleanValue() && (parameterMap = httpServletRequest.getParameterMap()) != null) {
                    for (Map.Entry entry : parameterMap.entrySet()) {
                        current.setTag("param_" + ((String) entry.getKey()), arrayToString((String[]) entry.getValue()));
                    }
                }
                if (((Boolean) this.CFG_HEADER_TAGS.value()).booleanValue()) {
                    Enumeration headerNames = httpServletRequest.getHeaderNames();
                    while (headerNames.hasMoreElements()) {
                        String str2 = (String) headerNames.nextElement();
                        StringBuilder sb = null;
                        if ("Authorization".equals(str2)) {
                            sb = new StringBuilder();
                            sb.append(MString.beforeIndex(httpServletRequest.getHeader(str2), ' '));
                            sb.append(" ***");
                        } else {
                            Enumeration headers = httpServletRequest.getHeaders(str2);
                            while (headers.hasMoreElements()) {
                                String str3 = (String) headers.nextElement();
                                if (sb == null) {
                                    sb = new StringBuilder();
                                } else {
                                    sb.append(",");
                                }
                                sb.append(str3);
                            }
                        }
                        if (sb != null) {
                            current.setTag("header_" + str2, sb.toString());
                        }
                    }
                }
            }
            String parameter3 = httpServletRequest.getParameter("_method");
            if (parameter3 == null) {
                parameter3 = httpServletRequest.getMethod();
            }
            String upperCase2 = parameter3.toUpperCase();
            if (upperCase2.equals("OPTIONS")) {
                if (scope != null) {
                    scope.close();
                    return;
                }
                return;
            }
            AuthenticationToken authenticationToken = null;
            RestRequestWrapper restRequestWrapper = new RestRequestWrapper(httpServletRequest);
            Iterator<RestAuthenticator> it = this.authenticators.iterator();
            while (it.hasNext()) {
                authenticationToken = it.next().authenticate(restRequestWrapper);
                if (authenticationToken != null) {
                    break;
                }
            }
            AuthenticationToken authenticationToken2 = authenticationToken;
            ((AccessApi) M.l(AccessApi.class)).createSubject().execute(() -> {
                return serviceInSession(httpServletRequest, httpServletResponse, pathInfo, upperCase2, authenticationToken2, restService);
            });
            if (scope != null) {
                scope.close();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                scope.close();
            }
            throw th;
        }
    }

    private String arrayToString(String[] strArr) {
        return strArr == null ? "null" : strArr.length == 0 ? Node.ROOT_PARENT : strArr.length == 1 ? strArr[0] : Arrays.toString(strArr);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r27v3, types: [java.lang.Throwable, de.mhus.rest.core.api.RestException] */
    private Object serviceInSession(final HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, AuthenticationToken authenticationToken, RestApi restApi) throws IOException {
        ((AccessApi) M.l(AccessApi.class)).updateSessionLastAccessTime();
        long newId = newId();
        Subject subject = SecurityUtils.getSubject();
        LinkedList linkedList = new LinkedList(Arrays.asList(str.split("/")));
        if (linkedList.size() == 0) {
            return null;
        }
        linkedList.remove(0);
        if (authenticationToken != null) {
            try {
                Aaa.login(subject, authenticationToken);
            } catch (AuthenticationException e) {
                return onLoginFailure(authenticationToken, e, httpServletRequest, httpServletResponse, newId);
            }
        }
        if (authenticationToken == null && !isPublicPath(str)) {
            return onLoginFailure(httpServletRequest, httpServletResponse, newId);
        }
        CallContext callContext = new CallContext(httpServletRequest, httpServletResponse, new CachedRestRequest(httpServletRequest.getParameterMap(), null, new Provider<InputStream>() { // from class: de.mhus.rest.core.impl.RestServlet.1
            /* renamed from: get, reason: merged with bridge method [inline-methods] */
            public InputStream m2get() {
                try {
                    return httpServletRequest.getInputStream();
                } catch (IOException e2) {
                    RestServlet.this.log.d(e2);
                    return null;
                }
            }
        }), MHttp.toMethod(str2), ((Boolean) this.CFG_TRACE_RETURN.value()).booleanValue());
        RestResult restResult = null;
        if (str2.equals("HEAD")) {
            return null;
        }
        try {
            if (!restApi.checkSecurityPrepared(callContext)) {
                this.log.d("request blocked by security", new Object[]{Long.valueOf(newId), str});
                return null;
            }
            Node lookup = restApi.lookup(linkedList, null, callContext);
            if (lookup == null) {
                sendError(newId, httpServletRequest, httpServletResponse, 404, "Resource Not Found", null, null, subject);
                return null;
            }
            logAccess(newId, getRestService().getRemoteAddress(httpServletRequest), httpServletRequest.getRemotePort(), subject, str2, httpServletRequest.getPathInfo(), httpServletRequest.getParameterMap());
            if (str2.equals("GET")) {
                restApi.checkPermission(lookup, "read", callContext);
                restResult = lookup.doRead(callContext);
            } else if (str2.equals("POST")) {
                if (callContext.hasAction()) {
                    restApi.checkPermission(lookup, callContext.getAction(), callContext);
                    restResult = lookup.doAction(callContext);
                } else {
                    restApi.checkPermission(lookup, "create", callContext);
                    restResult = lookup.doCreate(callContext);
                }
            } else if (str2.equals("PUT")) {
                restApi.checkPermission(lookup, "update", callContext);
                restResult = lookup.doUpdate(callContext);
            } else if (str2.equals("DELETE")) {
                restApi.checkPermission(lookup, "delete", callContext);
                restResult = lookup.doDelete(callContext);
            } else if (str2.equals("TRACE")) {
            }
            if (restResult == null) {
                sendError(newId, httpServletRequest, httpServletResponse, 501, "unknown request type", null, null, subject);
                return null;
            }
            if (restResult != null) {
                try {
                    if (!restApi.checkSecurityResult(callContext, restResult)) {
                        this.log.d("result blocked by security", new Object[]{Long.valueOf(newId), restResult});
                        return null;
                    }
                    this.log.d("result", new Object[]{Long.valueOf(newId), restResult});
                    int returnCode = restResult.getReturnCode();
                    if (returnCode < 0) {
                        httpServletResponse.setStatus(-returnCode);
                    }
                    httpServletResponse.setContentType(restResult.getContentType(callContext));
                    restResult.write(callContext, httpServletResponse.getWriter());
                } catch (Throwable th) {
                    this.log.d(th);
                    sendError(newId, httpServletRequest, httpServletResponse, 500, th.getMessage(), th, null, subject);
                    return null;
                }
            }
            return null;
        } catch (MRuntimeException e2) {
            this.log.d(e2);
            sendError(newId, httpServletRequest, httpServletResponse, e2.getReturnCode(), e2.getMessage(), e2, null, subject);
            return null;
        } catch (RestException e3) {
            this.log.d((Throwable) e3);
            sendError(newId, httpServletRequest, httpServletResponse, e3.getReturnCode(), e3.getMessage(), e3, e3.getParameters(), subject);
            return null;
        } catch (MException e4) {
            this.log.d(e4);
            sendError(newId, httpServletRequest, httpServletResponse, e4.getReturnCode(), e4.getMessage(), e4, null, subject);
            return null;
        } catch (AccessDeniedException e5) {
            this.log.d(e5);
            sendError(newId, httpServletRequest, httpServletResponse, 404, e5.getMessage(), e5, null, subject);
            return null;
        } catch (Throwable th2) {
            this.log.d(th2);
            sendError(newId, httpServletRequest, httpServletResponse, 500, th2.getMessage(), th2, null, subject);
            return null;
        }
    }

    public boolean isPublicPath(String str) {
        return str.startsWith(PUBLIC_PATH_START) || str.equals(PUBLIC_PATH);
    }

    private Object onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"rest\"");
        sendError(j, httpServletRequest, httpServletResponse, 401, authenticationException.getMessage(), authenticationException, null, null);
        return null;
    }

    private Object onLoginFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"rest\"");
        sendError(j, httpServletRequest, httpServletResponse, 401, Node.ROOT_PARENT, null, null, null);
        return null;
    }

    private void logAccess(long j, String str, int i, Subject subject, String str2, String str3, Map map) {
        String parameterLog = getParameterLog(map);
        Log log = this.log;
        Object[] objArr = new Object[6];
        objArr[0] = Long.valueOf(j);
        objArr[1] = subject == null ? "?" : subject.getPrincipal();
        objArr[2] = ITracer.get().getCurrentId();
        objArr[3] = str2;
        objArr[4] = str3;
        objArr[5] = "\n Remote: " + str + ":" + i + "\n Subject: " + (subject == null ? "?" : subject.getPrincipal()) + "\n Method: " + str2 + "\n Request: " + str3 + "\n Parameters: " + parameterLog + "\n";
        log.d("restaccess", objArr);
    }

    private String getParameterLog(Map<?, ?> map) {
        StringBuilder append = new StringBuilder().append('{');
        for (Map.Entry<?, ?> entry : map.entrySet()) {
            append.append('\n').append(entry.getKey()).append("=[");
            Object value = entry.getValue();
            if (value != null) {
                if (value.getClass().isArray()) {
                    boolean z = true;
                    for (Object obj : (Object[]) value) {
                        if (z) {
                            z = false;
                        } else {
                            append.append(',');
                        }
                        append.append(obj);
                    }
                } else {
                    append.append(value);
                }
            }
            append.append("] ");
        }
        append.append('}');
        return append.toString();
    }

    private synchronized long newId() {
        int i = this.nextId;
        this.nextId = i + 1;
        return i;
    }

    private void sendError(long j, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str, Throwable th, IReadProperties iReadProperties, Subject subject) throws IOException {
        this.log.d("error", new Object[]{Long.valueOf(j), Integer.valueOf(i), str, th});
        if (str == null && th != null) {
            str = th.getMessage();
        }
        if (str == null && th != null) {
            str = th.getClass().getSimpleName();
        }
        String parameter = httpServletRequest.getParameter("_errorResult");
        if (parameter == null) {
            parameter = RESULT_TYPE_JSON;
        }
        if (parameter.equals(RESULT_TYPE_HTTP)) {
            if (httpServletResponse.isCommitted()) {
                return;
            }
            httpServletResponse.sendError(RC.normalize(i), str);
            return;
        }
        if (parameter.equals(RESULT_TYPE_JSON)) {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.setStatus(RC.normalize(i));
            }
            PrintWriter writer = httpServletResponse.getWriter();
            ObjectMapper objectMapper = new ObjectMapper();
            ObjectNode createObjectNode = objectMapper.createObjectNode();
            if (iReadProperties != null) {
                iReadProperties.forEach(entry -> {
                    MJson.setValue(createObjectNode, (String) entry.getKey(), entry.getValue());
                });
            }
            createObjectNode.put("_timestamp", System.currentTimeMillis());
            createObjectNode.put("_sequence", j);
            if (subject != null) {
                createObjectNode.put("_user", String.valueOf(subject.getPrincipal()));
            }
            createObjectNode.put("_error", i);
            createObjectNode.put("_errorMessage", str);
            Locale locale = httpServletRequest.getLocale();
            if (str != null && str.startsWith("[") && str.endsWith("]")) {
                try {
                    JsonNode load = MJson.load(str);
                    createObjectNode.set("_errorArray", load);
                    String translateError = translateError(locale, load);
                    if (translateError != null) {
                        createObjectNode.put("_errorMessage", translateError);
                    }
                } catch (Throwable th2) {
                }
            } else {
                String translateError2 = translateError(locale, str);
                if (translateError2 != null) {
                    createObjectNode.put("_errorMessage", translateError2);
                    createObjectNode.put("_errorString", str);
                }
            }
            if (((Boolean) this.CFG_TRACE_RETURN.value()).booleanValue() && ITracer.get().current() != null) {
                try {
                    ITracer.get().tracer().inject(ITracer.get().current().context(), Format.Builtin.TEXT_MAP, new TraceJsonMap(createObjectNode, "_"));
                } catch (Throwable th3) {
                    this.log.d(th3);
                }
            }
            httpServletResponse.setContentType("application/json");
            objectMapper.writeValue(writer, createObjectNode);
        }
    }

    protected String translateError(Locale locale, JsonNode jsonNode) {
        RestTranslationService translationService;
        RestApi restService = getRestService();
        if (restService == null || (translationService = restService.getTranslationService()) == null) {
            return null;
        }
        return translationService.translateError(locale, jsonNode);
    }

    protected String translateError(Locale locale, String str) {
        RestTranslationService translationService;
        RestApi restService = getRestService();
        if (restService == null || (translationService = restService.getTranslationService()) == null) {
            return null;
        }
        return translationService.translateError(locale, str);
    }

    public LinkedList<RestAuthenticator> getAuthenticators() {
        return this.authenticators;
    }
}
