package de.mhus.rest.core.impl;

import de.mhus.lib.annotations.service.ServiceComponent;
import de.mhus.lib.core.M;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.aaa.Aaa;
import de.mhus.lib.core.aaa.AccessApi;
import de.mhus.lib.core.cfg.CfgLong;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.io.http.MHttp;
import de.mhus.lib.core.logging.ITracer;
import de.mhus.lib.core.logging.Log;
import de.mhus.lib.errors.MException;
import de.mhus.lib.errors.MRuntimeException;
import de.mhus.rest.core.CallContext;
import de.mhus.rest.core.RestAuthenticator;
import de.mhus.rest.core.RestAuthenticatorByBasicAuth;
import de.mhus.rest.core.RestAuthenticatorByJwt;
import de.mhus.rest.core.RestAuthenticatorByTicket;
import de.mhus.rest.core.api.Node;
import de.mhus.rest.core.api.RestApi;
import io.opentracing.SpanContext;
import io.opentracing.propagation.Format;
import java.io.IOException;
import java.net.URI;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.Servlet;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.eclipse.jetty.websocket.api.Session;
import org.eclipse.jetty.websocket.api.UpgradeRequest;
import org.eclipse.jetty.websocket.servlet.ServletUpgradeRequest;
import org.eclipse.jetty.websocket.servlet.ServletUpgradeResponse;
import org.eclipse.jetty.websocket.servlet.WebSocketCreator;
import org.eclipse.jetty.websocket.servlet.WebSocketServlet;
import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;

@ServiceComponent(name = "RestWebSocketServlet", service = {Servlet.class}, property = {"alias=/restsocket/*"})
/* loaded from: input_file:de/mhus/rest/core/impl/RestWebSocketServlet.class */
public class RestWebSocketServlet extends WebSocketServlet {
    private static final long serialVersionUID = 1;
    private static final String PUBLIC_PATH_START = "/public/";
    private static final String PUBLIC_PATH = "/public";
    private LinkedList<RestAuthenticator> authenticators = new LinkedList<>();
    private CfgString CFG_TRACE_ACTIVE = new CfgString(getClass(), "traceActivation", Node.ROOT_PARENT);
    private CfgLong CFG_IDLE_TIMEOUT = new CfgLong(getClass(), "idleTimeout", 3600000);
    private Set<RestWebSocket> sessions = Collections.synchronizedSet(new HashSet());
    private Log log = Log.getLog(this);
    private int nextId = 0;

    public RestWebSocketServlet() {
        doInitialize();
    }

    protected void doInitialize() {
        getAuthenticators().add(new RestAuthenticatorByBasicAuth());
        getAuthenticators().add(new RestAuthenticatorByTicket());
        getAuthenticators().add(new RestAuthenticatorByJwt());
    }

    public RestApi getRestService() {
        return (RestApi) M.l(RestApi.class);
    }

    public void configure(WebSocketServletFactory webSocketServletFactory) {
        webSocketServletFactory.setCreator(new WebSocketCreator() { // from class: de.mhus.rest.core.impl.RestWebSocketServlet.1
            public Object createWebSocket(ServletUpgradeRequest servletUpgradeRequest, ServletUpgradeResponse servletUpgradeResponse) {
                return new RestWebSocket(RestWebSocketServlet.this);
            }
        });
    }

    public void onWebSocketConnect(RestWebSocket restWebSocket, Session session) {
        try {
            if (!getRestService().checkSecurityRequest(restWebSocket, session)) {
                if (!this.sessions.contains(restWebSocket)) {
                    restWebSocket.close(500, null);
                }
                if (restWebSocket.scope != null) {
                    restWebSocket.scope.close();
                    return;
                }
                return;
            }
            session.setIdleTimeout(((Long) this.CFG_IDLE_TIMEOUT.value()).longValue());
            UpgradeRequest upgradeRequest = session.getUpgradeRequest();
            String preparePath = preparePath(upgradeRequest.getRequestURI().getPath());
            SpanContext extract = ITracer.get().tracer().extract(Format.Builtin.HTTP_HEADERS, new SocketTraceMap(upgradeRequest));
            List list = (List) upgradeRequest.getParameterMap().get("_trace");
            String str = (list == null || list.size() < 1) ? null : (String) list.get(0);
            if (MString.isEmpty(str)) {
                str = (String) this.CFG_TRACE_ACTIVE.value();
            }
            if (extract == null) {
                restWebSocket.scope = ITracer.get().start("rest", str, new Object[0]);
            } else if (extract != null) {
                restWebSocket.scope = ITracer.get().activate(ITracer.get().tracer().buildSpan("rest").asChildOf(extract).start());
            }
            if (MString.isSet(str)) {
                ITracer.get().activate(str);
            }
            if (preparePath == null || preparePath.length() < 1) {
                session.getUpgradeResponse().setStatusCode(404);
                session.close(404, "not found");
                session.setIdleTimeout(1000L);
                if (!this.sessions.contains(restWebSocket)) {
                    restWebSocket.close(500, null);
                }
                if (restWebSocket.scope != null) {
                    restWebSocket.scope.close();
                    return;
                }
                return;
            }
            AuthenticationToken authenticationToken = null;
            SocketRequestWrapper socketRequestWrapper = new SocketRequestWrapper(upgradeRequest);
            Iterator<RestAuthenticator> it = this.authenticators.iterator();
            while (it.hasNext()) {
                authenticationToken = it.next().authenticate(socketRequestWrapper);
                if (authenticationToken != null) {
                    break;
                }
            }
            Subject createSubject = ((AccessApi) M.l(AccessApi.class)).createSubject();
            restWebSocket.subject = createSubject;
            if (authenticationToken != null) {
                try {
                    Aaa.login(createSubject, authenticationToken);
                } catch (AuthenticationException e) {
                    onLoginFailure(restWebSocket);
                    if (!this.sessions.contains(restWebSocket)) {
                        restWebSocket.close(500, null);
                    }
                    if (restWebSocket.scope != null) {
                        restWebSocket.scope.close();
                        return;
                    }
                    return;
                }
            }
            if (authenticationToken != null || isPublicPath(preparePath)) {
                createSubject.execute(() -> {
                    serviceInSession(restWebSocket, preparePath);
                });
                if (!this.sessions.contains(restWebSocket)) {
                    restWebSocket.close(500, null);
                }
                if (restWebSocket.scope != null) {
                    restWebSocket.scope.close();
                    return;
                }
                return;
            }
            onLoginFailure(restWebSocket);
            if (!this.sessions.contains(restWebSocket)) {
                restWebSocket.close(500, null);
            }
            if (restWebSocket.scope != null) {
                restWebSocket.scope.close();
            }
        } catch (Throwable th) {
            if (!this.sessions.contains(restWebSocket)) {
                restWebSocket.close(500, null);
            }
            if (restWebSocket.scope != null) {
                restWebSocket.scope.close();
            }
            throw th;
        }
    }

    private String preparePath(String str) {
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(47, 1);
        return indexOf < 0 ? Node.ROOT_PARENT : str.substring(indexOf);
    }

    private void onLoginFailure(RestWebSocket restWebSocket) {
        restWebSocket.session.getUpgradeResponse().setHeader("WWW-Authenticate", "BASIC realm=\"rest\"");
        restWebSocket.session.getUpgradeResponse().setStatusCode(401);
        onError(restWebSocket, null, 401, null, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void close(RestWebSocket restWebSocket, int i, String str) {
        if (restWebSocket == null) {
            return;
        }
        this.sessions.remove(restWebSocket);
        synchronized (restWebSocket) {
            if (restWebSocket.isClosed()) {
                return;
            }
            try {
                restWebSocket.session.getRemote().sendString("{_action:\"close\",_rc:" + i + "}\n");
            } catch (IOException e) {
                e.printStackTrace();
            }
            restWebSocket.session.close(i, str);
            restWebSocket.session.setIdleTimeout(1000L);
            restWebSocket.session = null;
            getRestService().unregister(restWebSocket);
        }
    }

    private void serviceInSession(RestWebSocket restWebSocket, String str) {
        Session session = restWebSocket.session;
        UpgradeRequest upgradeRequest = session.getUpgradeRequest();
        ((AccessApi) M.l(AccessApi.class)).updateSessionLastAccessTime();
        long newId = newId();
        restWebSocket.id = newId;
        session.getUpgradeResponse().addHeader("RemoteIdent", String.valueOf(newId));
        Subject subject = SecurityUtils.getSubject();
        LinkedList linkedList = new LinkedList(Arrays.asList(str.split("/")));
        if (linkedList.size() == 0) {
            onError(restWebSocket, null, 404, null, true);
            return;
        }
        linkedList.remove(0);
        CallContext callContext = new CallContext(upgradeRequest, session, CachedRestRequest.transformFromLists(upgradeRequest.getParameterMap(), upgradeRequest.getHeaders(), null), MHttp.METHOD.GET, false);
        restWebSocket.context = callContext;
        RestApi restService = getRestService();
        if (restService.checkSecurityPrepared(callContext)) {
            try {
                Node lookup = restService.lookup(linkedList, null, callContext);
                if (lookup == null || !lookup.streamingAccept(restWebSocket)) {
                    onError(restWebSocket, null, 404, "Resource Not Found", true);
                    return;
                }
                restWebSocket.node = restService.getNodeId(lookup);
                this.sessions.add(restWebSocket);
                getRestService().register(restWebSocket);
                String remoteAddress = getRestService().getRemoteAddress(restWebSocket);
                if (remoteAddress == null) {
                    remoteAddress = session.getRemoteAddress().getHostName();
                }
                logAccess(newId, remoteAddress, subject, session.getUpgradeRequest().getRequestURI(), session.getUpgradeRequest().getParameterMap());
            } catch (MRuntimeException e) {
                this.log.d(e);
                onError(restWebSocket, null, e.getReturnCode(), e.getMessage(), true);
            } catch (MException e2) {
                this.log.d(e2);
                onError(restWebSocket, null, e2.getReturnCode(), e2.getMessage(), true);
            } catch (Throwable th) {
                this.log.d(th);
                onError(restWebSocket, th, 500, null, true);
            }
        }
    }

    private void logAccess(long j, String str, Subject subject, URI uri, Map<String, List<String>> map) {
        this.log.d("access", new Object[]{Long.valueOf(j), "\n Remote: " + str + "\n Subject: " + subject + "\n Request: " + uri + "\n Parameters: " + getParameterLog(map) + "\n"});
    }

    private String getParameterLog(Map<?, ?> map) {
        StringBuilder append = new StringBuilder().append('{');
        for (Map.Entry<?, ?> entry : map.entrySet()) {
            append.append('\n').append(entry.getKey()).append("=[");
            Object value = entry.getValue();
            if (value != null) {
                if (value.getClass().isArray()) {
                    boolean z = true;
                    for (Object obj : (Object[]) value) {
                        if (z) {
                            z = false;
                        } else {
                            append.append(',');
                        }
                        append.append(obj);
                    }
                } else {
                    append.append(value);
                }
            }
            append.append("] ");
        }
        append.append('}');
        return append.toString();
    }

    private void onError(RestWebSocket restWebSocket, Throwable th, int i, String str, boolean z) {
        if (str == null) {
            str = th != null ? th.toString() : (String) MHttp.HTTP_STATUS_CODES.getOrDefault(Integer.valueOf(i), "unknown");
        }
        if (z) {
            close(restWebSocket, i, str);
        }
    }

    public void onWebSocketError(RestWebSocket restWebSocket, Throwable th) {
        this.log.d("error", new Object[]{restWebSocket, th});
        synchronized (restWebSocket) {
            this.sessions.remove(restWebSocket);
            if (restWebSocket.isClosed()) {
                return;
            }
            try {
                restWebSocket.session.disconnect();
            } catch (IOException e) {
            }
            restWebSocket.session = null;
            getRestService().unregister(restWebSocket);
        }
    }

    public void onWebSocketText(RestWebSocket restWebSocket, String str) {
        this.log.t("text", new Object[]{restWebSocket, str});
        synchronized (restWebSocket) {
            if (restWebSocket.isClosed()) {
                return;
            }
            Node node = getRestService().getNode(restWebSocket.node);
            restWebSocket.subject.execute(() -> {
                node.streamingText(restWebSocket, str);
            });
        }
    }

    public void onWebSocketBinary(RestWebSocket restWebSocket, byte[] bArr, int i, int i2) {
        this.log.d("binary", new Object[]{restWebSocket, Integer.valueOf(i2)});
        synchronized (restWebSocket) {
            if (restWebSocket.isClosed()) {
                return;
            }
            Node node = getRestService().getNode(restWebSocket.node);
            restWebSocket.subject.execute(() -> {
                node.streamingBinary(restWebSocket, bArr, i, i2);
            });
        }
    }

    public void onWebSocketClose(RestWebSocket restWebSocket, int i, String str) {
        synchronized (restWebSocket) {
            this.sessions.remove(restWebSocket);
            restWebSocket.session = null;
            getRestService().unregister(restWebSocket);
        }
    }

    public LinkedList<RestAuthenticator> getAuthenticators() {
        return this.authenticators;
    }

    private synchronized long newId() {
        int i = this.nextId;
        this.nextId = i + 1;
        return i;
    }

    public boolean isPublicPath(String str) {
        return str.startsWith(PUBLIC_PATH_START) || str.equals(PUBLIC_PATH);
    }
}
