package nl.nn.adapterframework.webcontrol.api;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.nn.adapterframework.http.HttpUtils;
import nl.nn.adapterframework.lifecycle.DynamicRegistration;
import nl.nn.adapterframework.lifecycle.IbisInitializer;
import nl.nn.adapterframework.lifecycle.ServletManager;
import nl.nn.adapterframework.util.AppConstants;
import nl.nn.adapterframework.util.LogUtil;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.extension.ExtensionManagerBus;
import org.apache.cxf.transport.servlet.CXFServlet;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.http.HttpHeaders;

@IbisInitializer
/* loaded from: input_file:adapterframework.war:WEB-INF/lib/ibis-adapterframework-core-7.6.5.jar:nl/nn/adapterframework/webcontrol/api/ServletDispatcher.class */
public class ServletDispatcher extends CXFServlet implements DynamicRegistration.ServletWithParameters {
    private static final long serialVersionUID = 3;
    private static final AppConstants APP_CONSTANTS = AppConstants.getInstance();
    private static final boolean IAF_API_ENABLED = APP_CONSTANTS.getBoolean("iaf-api.enabled", true);
    private static final String CORS_ALLOW_ORIGIN = APP_CONSTANTS.getString("iaf-api.cors.allowOrigin", "");
    private static final String CORS_EXPOSE_HEADERS = APP_CONSTANTS.getString("iaf-api.cors.exposeHeaders", "Allow, ETag, Content-Disposition");
    private static final String CORS_ALLOW_METHODS = APP_CONSTANTS.getString("iaf-api.cors.allowMethods", "GET, POST, PUT, DELETE, OPTIONS, HEAD");
    private Logger secLog = LogUtil.getLogger("SEC");
    private Logger log = LogUtil.getLogger(this);
    private List<String> allowedCorsDomains = new ArrayList();

    @Override // org.apache.cxf.transport.servlet.CXFNonSpringServlet, org.apache.cxf.transport.servlet.AbstractHTTPServlet
    public void init(ServletConfig servletConfig) throws ServletException {
        if (IAF_API_ENABLED) {
            this.log.debug("initialize IAFAPI servlet");
            super.init(servletConfig);
            if (CORS_ALLOW_ORIGIN.isEmpty()) {
                return;
            }
            StringTokenizer stringTokenizer = new StringTokenizer(CORS_ALLOW_ORIGIN, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if (nextToken.startsWith("http://")) {
                    this.log.warn("cross side resource domain [" + nextToken + "] is insecure, it is strongly encouraged to use a secure protocol (HTTPS)");
                }
                if (nextToken.startsWith("http://") || nextToken.startsWith("https://")) {
                    this.allowedCorsDomains.add(nextToken);
                    this.log.debug("whitelisted CORS domain [" + nextToken + "]");
                } else {
                    this.log.error("skipping invalid domain [" + nextToken + "], domains must start with http(s)://");
                }
            }
        }
    }

    @Override // org.apache.cxf.transport.servlet.CXFNonSpringServlet, org.apache.cxf.transport.servlet.AbstractHTTPServlet
    public void invoke(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (IAF_API_ENABLED) {
            String method = httpServletRequest.getMethod();
            if (!method.equalsIgnoreCase("GET") && !method.equalsIgnoreCase("OPTIONS")) {
                this.secLog.info(HttpUtils.getExtendedCommandIssuedBy(httpServletRequest));
            }
            String header = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
            if (header == null) {
                if (method.equals("OPTIONS")) {
                    httpServletResponse.setHeader("Allow", CORS_ALLOW_METHODS);
                    httpServletResponse.setStatus(200);
                    return;
                }
            } else if (this.allowedCorsDomains.contains(header)) {
                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, header);
                String header2 = httpServletRequest.getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS);
                if (header2 != null) {
                    httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, header2);
                }
                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, CORS_EXPOSE_HEADERS);
                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, CORS_ALLOW_METHODS);
                httpServletResponse.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600");
            } else {
                this.secLog.info("host[" + httpServletRequest.getRemoteHost() + "] tried to access uri[" + httpServletRequest.getPathInfo() + "] with origin[" + header + "] but was blocked due to CORS restrictions");
            }
            if (method.equals("OPTIONS")) {
                return;
            }
            super.invoke(httpServletRequest, httpServletResponse);
        }
    }

    @Override // org.apache.cxf.transport.servlet.CXFNonSpringServlet
    public void setBus(Bus bus) {
        if (bus != null) {
            this.log.debug("Successfully created IAF-API with SpringBus [" + bus.getId() + "]");
            getServletContext().log("Successfully created IAF-API with SpringBus [" + bus.getId() + "]");
        }
        super.setBus(bus);
    }

    @Override // org.apache.cxf.transport.servlet.CXFServlet, org.springframework.context.ApplicationListener
    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration
    public String getName() {
        return "IAF-API";
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration
    public int loadOnStartUp() {
        return 0;
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration.Servlet
    public HttpServlet getServlet() {
        return this;
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration.Servlet
    public String[] getRoles() {
        return null;
    }

    @Autowired
    public void setServletManager(ServletManager servletManager) {
        servletManager.register(this);
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration.Servlet
    public String getUrlMapping() {
        return "iaf/api/*";
    }

    @Override // nl.nn.adapterframework.lifecycle.DynamicRegistration.ServletWithParameters
    public Map<String, String> getParameters() {
        HashMap hashMap = new HashMap();
        hashMap.put("config-location", "FrankFrameworkApiContext.xml");
        hashMap.put(ExtensionManagerBus.BUS_PROPERTY_NAME, "ff-api-bus");
        return hashMap;
    }
}
