package org.jaxygen.invoker;

import java.io.IOException;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URLDecoder;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.client.methods.HttpPost;
import org.jaxygen.annotations.ClientIp;
import org.jaxygen.annotations.NetAPI;
import org.jaxygen.annotations.RequestURL;
import org.jaxygen.annotations.SessionContext;
import org.jaxygen.annotations.Validable;
import org.jaxygen.converters.ConvertersFactory;
import org.jaxygen.converters.RequestConverter;
import org.jaxygen.converters.ResponseConverter;
import org.jaxygen.converters.exceptions.SerializationError;
import org.jaxygen.converters.json.JsonHRResponseConverter;
import org.jaxygen.converters.json.JsonMultipartRequestConverter;
import org.jaxygen.converters.json.JsonRequestConverter;
import org.jaxygen.converters.json.JsonResponseConverter;
import org.jaxygen.converters.prop2Json.Prop2JSONConverter;
import org.jaxygen.converters.properties.PropertiesToBeanConverter;
import org.jaxygen.converters.sjo.SJORRequestConverter;
import org.jaxygen.converters.sjo.SJOResponseConverter;
import org.jaxygen.converters.xml.XMLResponseConverter;
import org.jaxygen.dto.Downloadable;
import org.jaxygen.dto.ExceptionResponse;
import org.jaxygen.dto.Response;
import org.jaxygen.dto.properties.PropertyDTO;
import org.jaxygen.dto.security.SecurityProfileDTO;
import org.jaxygen.exceptions.InvalidPropertyFormat;
import org.jaxygen.exceptions.ParametersError;
import org.jaxygen.http.HttpRequestParams;
import org.jaxygen.http.HttpRequestParser;
import org.jaxygen.objectsbuilder.ObjectBuilderFactory;
import org.jaxygen.propertyinjector.PropertyInjector;
import org.jaxygen.propertyinjector.ValueProvider;
import org.jaxygen.propertyinjector.exceptions.PropertyEnhancementException;
import org.jaxygen.security.SecurityProfile;
import org.jaxygen.security.annotations.LoginMethod;
import org.jaxygen.security.annotations.LogoutMethod;
import org.jaxygen.security.annotations.Secured;
import org.jaxygen.security.annotations.SecurityContext;
import org.jaxygen.security.exceptions.NotAlowed;
import org.jaxygen.util.BeanUtil;

/* loaded from: input_file:WEB-INF/lib/jaxygen-core-1.0.9.jar:org/jaxygen/invoker/ServiceInvoker.class */
public class ServiceInvoker extends HttpServlet {
    private static final long serialVersionUID = 566338505269576162L;
    private static final Logger log = Logger.getLogger(ServiceInvoker.class.getCanonicalName());
    public static final String SERVICE_PATH = "servicePath";
    private String beensPath = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.beensPath = servletConfig.getInitParameter(SERVICE_PATH);
    }

    private String buildClassName(String str, String str2) {
        String str3 = str2;
        if (!str.isEmpty()) {
            str3 = str + "." + str2;
        }
        return str3;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletRequest.setCharacterEncoding("UTF-8");
        HttpRequestParams httpRequestParams = null;
        HttpSession session = httpServletRequest.getSession(true);
        try {
            httpRequestParams = new HttpRequestParser(httpServletRequest);
        } catch (Exception e) {
            throwError(httpServletResponse, new JsonResponseConverter(), "Could not parse properties", e);
        }
        if (this.beensPath == null) {
            this.beensPath = getServletContext().getInitParameter(SERVICE_PATH);
        }
        String pathInfo = httpServletRequest.getPathInfo();
        String queryString = httpServletRequest.getQueryString();
        String asString = httpRequestParams.getAsString("inputType", 0, 32, PropertiesToBeanConverter.NAME);
        ResponseConverter responseConverter = ConvertersFactory.getResponseConverter(httpRequestParams.getAsString("outputType", 0, 32, "JSON"));
        if (responseConverter == null) {
            responseConverter = new JsonResponseConverter();
        }
        String decode = queryString != null ? URLDecoder.decode(queryString, "UTF-8") : "";
        log("Requesting resource" + pathInfo);
        String[] split = pathInfo.split("/");
        if (split.length < 2) {
            Logger.getLogger(ServiceInvoker.class.getName()).log(Level.SEVERE, "Invalid request, must be in format class/method");
            throw new ServletException("Invalid '" + pathInfo + "' request, must be in format class/method");
        }
        String str = split[split.length - 1];
        String buildClassName = buildClassName(this.beensPath, split[split.length - 2]);
        try {
            try {
                Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(buildClassName);
                if (loadClass != null) {
                    boolean z = false;
                    for (Method method : loadClass.getMethods()) {
                        if (method.isAnnotationPresent(NetAPI.class) && method.getName().equals(str)) {
                            try {
                                z = true;
                                checkMethodAllowed(session, loadClass.getCanonicalName(), method);
                                Object[] parseParameters = parseParameters(method.getParameterTypes(), asString, httpRequestParams, decode);
                                Object create = ObjectBuilderFactory.instance().create(loadClass);
                                validate(parseParameters);
                                try {
                                    extendDTO(parseParameters, httpServletRequest);
                                    injectSecutityProfile(create, session);
                                    Class<?> returnType = method.getReturnType();
                                    Object invoke = method.invoke(create, parseParameters);
                                    if (invoke instanceof Downloadable) {
                                        FileDeliveryHandler.postFile(httpServletRequest, httpServletResponse, (Downloadable) invoke);
                                    } else if (invoke instanceof SecurityProfile) {
                                        SecurityProfileDTO securityProfileDTO = new SecurityProfileDTO();
                                        SecurityProfile securityProfile = (SecurityProfile) invoke;
                                        securityProfileDTO.setGroups(securityProfile.getUserGroups());
                                        securityProfileDTO.setAllowedMethods(securityProfile.getAllowedMethodDescriptors());
                                        httpServletResponse.setCharacterEncoding("UTF-8");
                                        sendSerializedResponse(SecurityProfileDTO.class, securityProfileDTO, responseConverter, httpServletResponse);
                                    } else {
                                        httpServletResponse.setCharacterEncoding("UTF-8");
                                        sendSerializedResponse(returnType, invoke, responseConverter, httpServletResponse);
                                    }
                                    if (method.isAnnotationPresent(LoginMethod.class)) {
                                        if (!updateSessionSecurityProfile(create, session) && !(invoke instanceof SecurityProfile)) {
                                            throwError(httpServletResponse, responseConverter, "Incompatible interface", "Method " + loadClass + "." + str + " is annotated with @Login but does not return " + SecurityProfile.class.getCanonicalName());
                                        }
                                        if (invoke instanceof SecurityProfile) {
                                            attachSecurityContextToSession(session, (SecurityProfile) invoke);
                                        }
                                    }
                                    if (method.isAnnotationPresent(LogoutMethod.class)) {
                                        detachSecurityContext(session);
                                    }
                                } catch (InvocationTargetException e2) {
                                    throwError(httpServletResponse, responseConverter, "Call to bean failed : " + e2.getTargetException().getMessage(), e2.getTargetException());
                                } catch (Exception e3) {
                                    throwError(httpServletResponse, responseConverter, "Call to bean failed : " + e3.getMessage(), e3);
                                }
                            } catch (Exception e4) {
                                throwError(httpServletResponse, responseConverter, "Cann not intanitiate class " + loadClass.getCanonicalName(), e4);
                            }
                        }
                    }
                    if (!z) {
                        throwError(httpServletResponse, responseConverter, "InvalidRequest", "Method " + buildClassName + "." + str + " not found");
                    }
                } else {
                    throwError(httpServletResponse, responseConverter, "InternalError", "Class '" + buildClassName + "' not fount");
                }
                if (httpRequestParams != null) {
                    httpRequestParams.dispose();
                }
            } catch (Throwable th) {
                if (httpRequestParams != null) {
                    httpRequestParams.dispose();
                }
                throw th;
            }
        } catch (ClassNotFoundException e5) {
            throwError(httpServletResponse, responseConverter, "Class '" + buildClassName + "' not fount", e5);
            if (httpRequestParams != null) {
                httpRequestParams.dispose();
            }
        }
    }

    private void extendDTO(Object[] objArr, HttpServletRequest httpServletRequest) throws PropertyEnhancementException {
        PropertyInjector.bind(objArr, ValueProvider.on(ClientIp.class).provide(() -> {
            return getPublicIpAddress(httpServletRequest);
        }), ValueProvider.on(RequestURL.class).provide(() -> {
            return httpServletRequest.getRequestURL().toString();
        }));
    }

    private Object[] parseParameters(Class<?>[] clsArr, String str, HttpRequestParams httpRequestParams, String str2) throws ParametersError {
        Object[] objArr = new Object[clsArr.length];
        int i = 0;
        for (Class<?> cls : clsArr) {
            try {
                RequestConverter requestConverter = ConvertersFactory.getRequestConverter(str);
                if (requestConverter != null) {
                    objArr[i] = requestConverter.deserialise(httpRequestParams, cls);
                } else {
                    log.log(Level.WARNING, "Could not find converter for name ''{0}''", str);
                }
                i++;
            } catch (Exception e) {
                throw new ParametersError("Cann not parse parameters for parameters class " + cls.getCanonicalName(), e);
            }
        }
        return objArr;
    }

    private static void callSetter(Field field, Object obj, Object obj2) throws SecurityException, IllegalArgumentException, IllegalAccessException {
        boolean isAccessible = field.isAccessible();
        field.setAccessible(true);
        field.set(obj, obj2);
        field.setAccessible(isAccessible);
    }

    private static Object callGetter(Field field, Object obj) throws SecurityException, IllegalArgumentException, IllegalAccessException {
        boolean isAccessible = field.isAccessible();
        field.setAccessible(true);
        Object obj2 = field.get(obj);
        field.setAccessible(isAccessible);
        return obj2;
    }

    private void throwError(HttpServletResponse httpServletResponse, ResponseConverter responseConverter, String str, Throwable th) throws ServletException, IOException {
        log.log(Level.SEVERE, str, th);
        httpServletResponse.setStatus(500);
        try {
            responseConverter.serialize(new ExceptionResponse(th, str), httpServletResponse.getOutputStream());
        } catch (SerializationError e) {
            log.log(Level.SEVERE, "Server was unable to inform peer about exception", th);
        }
    }

    private void throwError(HttpServletResponse httpServletResponse, ResponseConverter responseConverter, String str, String str2) throws ServletException, IOException {
        log.log(Level.SEVERE, str2);
        ExceptionResponse exceptionResponse = new ExceptionResponse(str, str2, new PropertyDTO[0]);
        try {
            httpServletResponse.setStatus(500);
            responseConverter.serialize(exceptionResponse, httpServletResponse.getOutputStream());
        } catch (SerializationError e) {
            log.log(Level.SEVERE, "Server was unable to inform peer about exception", (Throwable) e);
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        System.out.println(HttpPost.METHOD_NAME);
        doGet(httpServletRequest, httpServletResponse);
    }

    private void attachSecurityContextToSession(HttpSession httpSession, SecurityProfile securityProfile) {
        httpSession.setAttribute(SecurityProfile.class.getCanonicalName(), securityProfile);
    }

    private void checkMethodAllowed(HttpSession httpSession, String str, Method method) throws NotAlowed {
        SecurityProfile securityProfile = (SecurityProfile) httpSession.getAttribute(SecurityProfile.class.getCanonicalName());
        if (method.isAnnotationPresent(Secured.class)) {
            if (securityProfile == null || securityProfile.isAllowed(str, method.getName()) == null) {
                throw new NotAlowed(str, method.getName());
            }
        }
    }

    private void detachSecurityContext(HttpSession httpSession) {
        httpSession.setAttribute(SecurityProfile.class.getCanonicalName(), (Object) null);
    }

    private void injectSecutityProfile(Object obj, HttpSession httpSession) throws IllegalArgumentException, IllegalAccessException {
        for (Field field : obj.getClass().getDeclaredFields()) {
            SecurityProfile securityProfile = (SecurityProfile) httpSession.getAttribute(SecurityProfile.class.getCanonicalName());
            if (((SecurityContext) field.getAnnotation(SecurityContext.class)) != null) {
                callSetter(field, obj, securityProfile);
            }
            if (((SessionContext) field.getAnnotation(SessionContext.class)) != null) {
                callSetter(field, obj, httpSession);
            }
        }
    }

    private boolean updateSessionSecurityProfile(Object obj, HttpSession httpSession) throws IllegalArgumentException, IllegalAccessException {
        SecurityProfile securityProfile = (SecurityProfile) httpSession.getAttribute(SecurityProfile.class.getCanonicalName());
        boolean z = false;
        SecurityProfile securityProfile2 = securityProfile;
        for (Field field : obj.getClass().getDeclaredFields()) {
            if (((SecurityContext) field.getAnnotation(SecurityContext.class)) != null) {
                securityProfile2 = (SecurityProfile) callGetter(field, obj);
                z = true;
            }
        }
        if (securityProfile != securityProfile2) {
            httpSession.setAttribute(SecurityProfile.class.getCanonicalName(), securityProfile2);
        }
        return z;
    }

    private void validate(Object[] objArr) throws IllegalArgumentException, IllegalAccessException, InvocationTargetException, InvalidPropertyFormat {
        for (Object obj : objArr) {
            if (obj.getClass().isAnnotationPresent(Validable.class)) {
                BeanUtil.validateBean(obj);
            }
        }
    }

    private void sendSerializedResponse(Class<?> cls, Object obj, ResponseConverter responseConverter, HttpServletResponse httpServletResponse) throws SerializationError, IOException, ServletException {
        responseConverter.serialize(new Response(cls, obj), httpServletResponse.getOutputStream());
    }

    private String getPublicIpAddress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("x-forwarded-for");
        if (header == null) {
            header = httpServletRequest.getHeader("X_FORWARDED_FOR");
            if (header == null) {
                header = httpServletRequest.getRemoteAddr();
            }
        }
        return header;
    }

    static {
        ConvertersFactory.registerRequestConverter(new Prop2JSONConverter());
        ConvertersFactory.registerRequestConverter(new PropertiesToBeanConverter());
        ConvertersFactory.registerResponseConverter(new JsonResponseConverter());
        ConvertersFactory.registerRequestConverter(new JsonMultipartRequestConverter());
        ConvertersFactory.registerRequestConverter(new JsonRequestConverter());
        ConvertersFactory.registerRequestConverter(new SJORRequestConverter());
        ConvertersFactory.registerResponseConverter(new SJOResponseConverter());
        ConvertersFactory.registerResponseConverter(new XMLResponseConverter());
        ConvertersFactory.registerResponseConverter(new JsonHRResponseConverter());
    }
}
