package io.datarouter.web.dispatcher;

import io.datarouter.inject.DatarouterInjector;
import io.datarouter.util.net.UrlTool;
import io.datarouter.web.config.ServletContextSupplier;
import io.datarouter.web.dispatcher.ApiKeyPredicate;
import io.datarouter.web.handler.BaseHandler;
import io.datarouter.web.handler.encoder.HandlerEncoder;
import io.datarouter.web.handler.params.MultipartParams;
import io.datarouter.web.handler.params.Params;
import io.datarouter.web.security.SecurityValidationResult;
import io.datarouter.web.user.authenticate.config.DatarouterAuthenticationConfig;
import io.datarouter.web.user.authenticate.saml.DatarouterSamlSettings;
import io.datarouter.web.user.authenticate.saml.SamlService;
import io.datarouter.web.user.role.DatarouterUserRole;
import io.datarouter.web.user.session.DatarouterSession;
import io.datarouter.web.user.session.DatarouterSessionManager;
import io.datarouter.web.user.session.service.Role;
import io.datarouter.web.util.RequestAttributeKey;
import io.datarouter.web.util.RequestAttributeTool;
import io.datarouter.web.util.http.RequestTool;
import io.datarouter.web.util.http.ResponseTool;
import java.io.IOException;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;

@Singleton
/* loaded from: input_file:io/datarouter/web/dispatcher/Dispatcher.class */
public class Dispatcher {
    private static final String JSESSIONID_PATH_PARAM = ";jsessionid=";
    public static final RequestAttributeKey<Boolean> TRANSMITS_PII = new RequestAttributeKey<>("transmitsPii");

    @Inject
    private DatarouterAuthenticationConfig authenticationConfig;

    @Inject
    private ServletContextSupplier servletContext;

    @Inject
    private DatarouterInjector injector;

    @Inject
    private DatarouterSessionManager sessionManager;

    @Inject
    private SamlService samlService;

    @Inject
    private DatarouterSamlSettings samlSettings;

    public RoutingResult handleRequestIfUrlMatch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RouteSet routeSet) throws ServletException, IOException {
        BaseHandler baseHandler = null;
        String substring = httpServletRequest.getRequestURI().substring(this.servletContext.get().getContextPath().length());
        if (substring.contains(JSESSIONID_PATH_PARAM)) {
            substring = substring.substring(0, substring.indexOf(JSESSIONID_PATH_PARAM));
        }
        Iterator<DispatchRule> it = routeSet.getDispatchRules().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            DispatchRule next = it.next();
            if (next.getPattern().matcher(substring).matches()) {
                SecurityValidationResult applySecurityValidation = next.applySecurityValidation(httpServletRequest);
                httpServletRequest = applySecurityValidation.getWrappedRequest();
                if (!applySecurityValidation.isSuccess()) {
                    ((HandlerEncoder) this.injector.getInstance(next.getDefaultHandlerEncoder())).sendForbiddenResponse(httpServletRequest, httpServletResponse, applySecurityValidation);
                    return RoutingResult.FORBIDDEN;
                }
                if (this.authenticationConfig.useDatarouterAuthentication() && !next.checkRoles(httpServletRequest)) {
                    handleMissingRoles(httpServletRequest, httpServletResponse, next.getAllowedRoles());
                    return RoutingResult.ROUTED;
                }
                baseHandler = (BaseHandler) this.injector.getInstance(next.getHandlerClass());
                baseHandler.setDefaultHandlerEncoder(next.getDefaultHandlerEncoder());
                baseHandler.setDefaultHandlerDecoder(next.getDefaultHandlerDecoder());
                RequestAttributeTool.set(httpServletRequest, BaseHandler.HANDLER_ENCODER_ATTRIBUTE, (HandlerEncoder) this.injector.getInstance(next.getDefaultHandlerEncoder()));
                RequestAttributeTool.set(httpServletRequest, TRANSMITS_PII, Boolean.valueOf(next.doesTransmitPii()));
                if (next.hasApiKey()) {
                    ApiKeyPredicate.ApiKeyPredicateCheck check = next.getApiKeyPredicate().check(next, httpServletRequest);
                    if (check.allowed()) {
                        baseHandler.setAccountName(check.accountName());
                    }
                }
            }
        }
        Class<? extends BaseHandler> defaultHandlerClass = routeSet.getDefaultHandlerClass();
        if (baseHandler == null) {
            if (defaultHandlerClass == null) {
                return RoutingResult.NOT_FOUND;
            }
            baseHandler = (BaseHandler) this.injector.getInstance(defaultHandlerClass);
        }
        baseHandler.setRequest(httpServletRequest);
        baseHandler.setResponse(httpServletResponse);
        baseHandler.setServletContext(this.servletContext.get());
        baseHandler.setParams(parseParams(httpServletRequest, baseHandler.getDefaultMultipartCharset()));
        baseHandler.handleWrapper();
        return RoutingResult.ROUTED;
    }

    private Params parseParams(HttpServletRequest httpServletRequest, Charset charset) throws ServletException {
        if (!isMultipart(httpServletRequest)) {
            return new Params(httpServletRequest);
        }
        try {
            return new MultipartParams(httpServletRequest, charset);
        } catch (FileUploadException e) {
            throw new ServletException(e);
        }
    }

    private void handleMissingRoles(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Set<Role> set) {
        Optional<DatarouterSession> fromRequest = DatarouterSessionManager.getFromRequest(httpServletRequest);
        String requestUrlString = RequestTool.getRequestUrlString(httpServletRequest);
        if (((Boolean) fromRequest.map((v0) -> {
            return v0.isAnonymous();
        }).orElse(true)).booleanValue()) {
            if (this.samlSettings.getShouldProcess().booleanValue()) {
                this.samlService.redirectToIdentityProvider(httpServletRequest, httpServletResponse);
                return;
            } else {
                this.sessionManager.addTargetUrlCookie(httpServletResponse, requestUrlString);
                ResponseTool.sendRedirect(httpServletRequest, httpServletResponse, 303, String.valueOf(httpServletRequest.getContextPath()) + this.authenticationConfig.getSigninPath());
                return;
            }
        }
        if (((Boolean) fromRequest.map(datarouterSession -> {
            return Boolean.valueOf(datarouterSession.hasRole(DatarouterUserRole.REQUESTOR));
        }).orElse(false)).booleanValue()) {
            ResponseTool.sendRedirect(httpServletRequest, httpServletResponse, 303, String.valueOf(httpServletRequest.getContextPath()) + this.authenticationConfig.getPermissionRequestPath() + "?deniedUrl=" + UrlTool.encode(requestUrlString) + "&allowedRoles=" + ((String) set.stream().map((v0) -> {
                return v0.getPersistentString();
            }).collect(Collectors.joining(","))));
        } else {
            try {
                httpServletResponse.sendError(403);
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
    }

    private static boolean isMultipart(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContentType() != null && httpServletRequest.getContentType().toLowerCase().contains("multipart/form-data");
    }
}
