package nl.nn.adapterframework.http.rest;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.nn.adapterframework.core.IPipeLineSession;
import nl.nn.adapterframework.core.PipeLineSessionBase;
import nl.nn.adapterframework.http.HttpSecurityHandler;
import nl.nn.adapterframework.util.AppConstants;
import nl.nn.adapterframework.util.LogUtil;
import nl.nn.adapterframework.util.Misc;
import org.apache.axis.providers.java.JavaProvider;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.io.FilenameUtils;
import org.apache.cxf.binding.soap.jms.interceptor.SoapJMSConstants;
import org.apache.log4j.Logger;
import org.hsqldb.Tokens;
import org.joda.time.DateTimeConstants;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.2.jar:nl/nn/adapterframework/http/rest/ApiListenerServlet.class */
public class ApiListenerServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    protected Logger log = LogUtil.getLogger(this);
    private ApiServiceDispatcher dispatcher = null;
    private IApiCache cache = null;
    private int authTTL = AppConstants.getInstance().getInt("api.auth.token-ttl", DateTimeConstants.SECONDS_PER_WEEK);
    private String CorsAllowOrigin = AppConstants.getInstance().getString("api.auth.cors.allowOrigin", "*");
    private String CorsExposeHeaders = AppConstants.getInstance().getString("api.auth.cors.exposeHeaders", "Allow, ETag, Content-Disposition");

    public void init() throws ServletException {
        if (this.dispatcher == null) {
            this.dispatcher = ApiServiceDispatcher.getInstance();
        }
        if (this.cache == null) {
            this.cache = ApiCacheManager.getInstance();
        }
        super.init();
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        PipeLineSessionBase pipeLineSessionBase = new PipeLineSessionBase();
        pipeLineSessionBase.put(IPipeLineSession.HTTP_REQUEST_KEY, httpServletRequest);
        pipeLineSessionBase.put(IPipeLineSession.HTTP_RESPONSE_KEY, httpServletResponse);
        pipeLineSessionBase.put(IPipeLineSession.SERVLET_CONTEXT_KEY, getServletContext());
        pipeLineSessionBase.setSecurityHandler(new HttpSecurityHandler(httpServletRequest));
        try {
            String pathInfo = httpServletRequest.getPathInfo();
            String upperCase = httpServletRequest.getMethod().toUpperCase();
            this.log.trace("ApiListenerServlet dispatching uri [" + pathInfo + "] and method [" + upperCase + "]");
            if (pathInfo == null) {
                httpServletResponse.setStatus(400);
                this.log.warn("Aborting request with status [400], empty uri");
                return;
            }
            if (pathInfo.startsWith("/")) {
                pathInfo = pathInfo.substring(1);
            }
            if (pathInfo.endsWith("/")) {
                pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
            }
            ApiDispatchConfig findConfigForUri = this.dispatcher.findConfigForUri(pathInfo);
            if (findConfigForUri == null) {
                httpServletResponse.setStatus(404);
                this.log.trace("Aborting request with status [404], no ApiListener configured for [" + pathInfo + "]");
                return;
            }
            String header = httpServletRequest.getHeader("Origin");
            if (upperCase.equals("OPTIONS") || header != null) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", this.CorsAllowOrigin);
                String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
                if (header2 != null) {
                    httpServletResponse.setHeader("Access-Control-Allow-Headers", header2);
                }
                httpServletResponse.setHeader("Access-Control-Expose-Headers", this.CorsExposeHeaders);
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = findConfigForUri.getMethods().iterator();
                while (it.hasNext()) {
                    sb.append(", ").append(it.next());
                }
                httpServletResponse.setHeader("Access-Control-Allow-Methods", sb.toString());
                if (upperCase.equals("OPTIONS")) {
                    httpServletResponse.setStatus(200);
                    this.log.trace("Aborting preflight request with status [200], method [" + upperCase + "]");
                    return;
                }
            }
            ApiListener apiListener = findConfigForUri.getApiListener(upperCase);
            if (apiListener == null) {
                httpServletResponse.setStatus(405);
                this.log.trace("Aborting request with status [405], method [" + upperCase + "] not allowed");
                return;
            }
            this.log.trace("ApiListenerServlet calling service [" + apiListener.getName() + "]");
            ApiPrincipal apiPrincipal = null;
            if (apiListener.getAuthenticationMethod() != null) {
                String str = null;
                Cookie cookie = null;
                if (apiListener.getAuthenticationMethod().equals("COOKIE")) {
                    for (Cookie cookie2 : httpServletRequest.getCookies()) {
                        if (cookie2.getName().equals("authenticationToken")) {
                            str = cookie2.getValue();
                            cookie = cookie2;
                            cookie.setPath("/");
                        }
                    }
                } else if (apiListener.getAuthenticationMethod().equals("HEADER")) {
                    str = httpServletRequest.getHeader("Authorization");
                }
                if (str != null && this.cache.containsKey(str)) {
                    apiPrincipal = (ApiPrincipal) this.cache.get(str);
                }
                if (apiPrincipal == null || !apiPrincipal.isLoggedIn()) {
                    this.cache.remove(str);
                    if (cookie != null) {
                        cookie.setMaxAge(0);
                        httpServletResponse.addCookie(cookie);
                    }
                    httpServletResponse.setStatus(401);
                    this.log.trace("Aborting request with status [401], no (valid) credentials supplied");
                    return;
                }
                if (cookie != null) {
                    cookie.setMaxAge(this.authTTL);
                    httpServletResponse.addCookie(cookie);
                }
                apiPrincipal.updateExpiry();
                apiPrincipal.setToken(str);
                this.cache.put(str, apiPrincipal, this.authTTL);
                pipeLineSessionBase.put("authorizationToken", str);
            }
            pipeLineSessionBase.put("remoteAddr", httpServletRequest.getRemoteAddr());
            pipeLineSessionBase.put(IPipeLineSession.API_PRINCIPAL_KEY, apiPrincipal);
            pipeLineSessionBase.put("uri", pathInfo);
            String header3 = httpServletRequest.getHeader("Accept");
            if (header3 != null && !header3.isEmpty() && !header3.equals("*/*") && !apiListener.getProduces().equals(Tokens.T_ANY) && !header3.contains(apiListener.getContentType())) {
                httpServletResponse.setStatus(406);
                httpServletResponse.getWriter().print("It appears you expected the MediaType [" + header3 + "] but I only support the MediaType [" + apiListener.getContentType() + "] :)");
                this.log.trace("Aborting request with status [406], client expects [" + header3 + "] got [" + apiListener.getContentType() + "] instead");
                return;
            }
            if (httpServletRequest.getContentType() != null && !apiListener.isConsumable(httpServletRequest.getContentType())) {
                httpServletResponse.setStatus(415);
                this.log.trace("Aborting request with status [415], did not match consumes [" + apiListener.getConsumes() + "] got [" + httpServletRequest.getContentType() + "] instead");
                return;
            }
            String buildCacheKey = ApiCacheManager.buildCacheKey(pathInfo);
            this.log.debug("Evaluating preconditions for listener[" + apiListener.getName() + "] etagKey[" + buildCacheKey + "]");
            if (this.cache.containsKey(buildCacheKey)) {
                String str2 = (String) this.cache.get(buildCacheKey);
                this.log.debug("found etag value[" + str2 + "] for key[" + buildCacheKey + "]");
                if (upperCase.equals("GET")) {
                    String header4 = httpServletRequest.getHeader("If-None-Match");
                    if (header4 != null && header4.equals(str2)) {
                        httpServletResponse.setStatus(304);
                        this.log.trace("Aborting request with status [304], matched if-none-match [" + header4 + "]");
                        return;
                    }
                } else {
                    String header5 = httpServletRequest.getHeader("If-Match");
                    if (header5 != null && !header5.equals(str2)) {
                        httpServletResponse.setStatus(412);
                        this.log.trace("Aborting request with status [412], matched if-match [" + header5 + "] method [" + upperCase + "]");
                        return;
                    }
                }
            }
            pipeLineSessionBase.put("updateEtag", Boolean.valueOf(apiListener.getUpdateEtag()));
            String[] split = apiListener.getUriPattern().split("/");
            String[] split2 = pathInfo.split("/");
            int i = 0;
            for (int i2 = 0; i2 < split.length; i2++) {
                String str3 = split[i2];
                if (str3.startsWith("{") && str3.endsWith("}")) {
                    String substring = str3.equals("*") ? "uriIdentifier_" + i : str3.substring(1, str3.length() - 1);
                    i++;
                    this.log.trace("setting uriSegment [" + substring + "] to [" + split2[i2] + "]");
                    pipeLineSessionBase.put(substring, split2[i2]);
                }
            }
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                String str4 = (String) parameterNames.nextElement();
                String parameter = httpServletRequest.getParameter(str4);
                this.log.trace("setting queryParameter [" + str4 + "] to [" + parameter + "]");
                pipeLineSessionBase.put(str4, parameter);
            }
            if (ServletFileUpload.isMultipartContent(httpServletRequest)) {
                for (FileItem fileItem : new ServletFileUpload(new DiskFileItemFactory()).parseRequest(httpServletRequest)) {
                    if (fileItem.isFormField()) {
                        String fieldName = fileItem.getFieldName();
                        String string = fileItem.getString();
                        this.log.trace("setting multipart formField [" + fieldName + "] to [" + string + "]");
                        pipeLineSessionBase.put(fieldName, string);
                    } else {
                        String fieldName2 = fileItem.getFieldName();
                        String str5 = fieldName2 + "Name";
                        String name = FilenameUtils.getName(fileItem.getName());
                        this.log.trace("setting multipart formFile [" + str5 + "] to [" + name + "]");
                        pipeLineSessionBase.put(str5, name);
                        this.log.trace("setting parameter [" + fieldName2 + "] to input stream of file [" + name + "]");
                        pipeLineSessionBase.put(fieldName2, fileItem.getInputStream());
                    }
                }
            }
            StringBuilder sb2 = new StringBuilder();
            sb2.append("OPTIONS, ");
            Iterator<String> it2 = findConfigForUri.getMethods().iterator();
            while (it2.hasNext()) {
                sb2.append(it2.next() + ", ");
            }
            pipeLineSessionBase.put(JavaProvider.OPTION_ALLOWEDMETHODS, sb2.substring(0, sb2.length() - 2));
            String processRequest = apiListener.processRequest((String) null, ServletFileUpload.isMultipartContent(httpServletRequest) ? "" : Misc.streamToString(httpServletRequest.getInputStream(), "\n", false), (IPipeLineSession) pipeLineSessionBase);
            if (pipeLineSessionBase.get("updateEtag", true)) {
                this.log.debug("calculating etags over processed result");
                String cleanPattern = apiListener.getCleanPattern();
                if (processRequest == null || !upperCase.equals("GET")) {
                    this.log.debug("removing etag with key[" + buildCacheKey + "]");
                    this.cache.remove(buildCacheKey);
                    String parentCacheKey = ApiCacheManager.getParentCacheKey(apiListener, pathInfo);
                    if (parentCacheKey != null) {
                        this.log.debug("removing parent etag with key[" + parentCacheKey + "]");
                        this.cache.remove(parentCacheKey);
                    }
                } else {
                    String buildEtag = ApiCacheManager.buildEtag(cleanPattern, processRequest.hashCode());
                    this.log.debug("adding/overwriting etag with key[" + buildCacheKey + "] value[" + buildEtag + "]");
                    this.cache.put(buildCacheKey, buildEtag);
                    httpServletResponse.addHeader("etag", buildEtag);
                }
            }
            httpServletResponse.addHeader("Allow", (String) pipeLineSessionBase.get(JavaProvider.OPTION_ALLOWEDMETHODS));
            String str6 = apiListener.getContentType() + "; charset=utf-8";
            if (apiListener.getProduces().equals(Tokens.T_ANY)) {
                str6 = pipeLineSessionBase.get(SoapJMSConstants.CONTENTTYPE_PARAMETER_NAME, str6);
            }
            httpServletResponse.setHeader("Content-Type", str6);
            int i3 = pipeLineSessionBase.get("exitcode", 0);
            if (i3 > 0) {
                httpServletResponse.setStatus(i3);
            }
            if (processRequest != null) {
                httpServletResponse.getWriter().print(processRequest);
            }
            this.log.trace("ApiListenerServlet finished with statusCode [" + i3 + "] result [" + processRequest + "]");
        } catch (Exception e) {
            this.log.warn("ApiListenerServlet caught exception, will rethrow as ServletException", e);
            try {
                httpServletResponse.flushBuffer();
                httpServletResponse.sendError(500, e.getMessage());
            } catch (IllegalStateException e2) {
                httpServletResponse.setStatus(500);
            }
        }
    }
}
