package org.webswing.server.base;

import com.google.common.net.HttpHeaders;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import java.security.SecureRandom;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.activemq.command.ActiveMQDestination;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.security.utils.Base64;
import org.atmosphere.cpr.BroadcastFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.Constants;
import org.webswing.server.common.model.SecuredPathConfig;
import org.webswing.server.common.model.SwingConfig;
import org.webswing.server.common.model.admin.InstanceManagerStatus;
import org.webswing.server.common.util.CommonUtil;
import org.webswing.server.common.util.ConfigUtil;
import org.webswing.server.common.util.VariableSubstitutor;
import org.webswing.server.model.exception.WsException;
import org.webswing.server.model.exception.WsInitException;
import org.webswing.server.services.config.ConfigurationService;
import org.webswing.server.services.security.api.SecurityContext;
import org.webswing.server.services.security.api.WebswingAuthenticationException;
import org.webswing.server.services.security.api.WebswingSecurityConfig;
import org.webswing.server.services.security.api.WebswingSecurityModule;
import org.webswing.server.services.security.login.SecuredPathHandler;
import org.webswing.server.services.security.modules.SecurityModuleService;
import org.webswing.server.services.swingmanager.SwingInstanceManager;
import org.webswing.server.util.SecurityUtil;
import org.webswing.server.util.ServerUtil;

/* loaded from: input_file:WEB-INF/classes/org/webswing/server/base/PrimaryUrlHandler.class */
public abstract class PrimaryUrlHandler extends AbstractUrlHandler implements SecuredPathHandler, SecurityContext {
    private static final Logger log = LoggerFactory.getLogger(PrimaryUrlHandler.class);
    private static final String default_version = "unresolved";
    public static final String JAVASCRIPT_NLS_PREFIX = "/javascript/nls";
    protected final ConfigurationService configService;
    protected final SecurityModuleService securityModuleService;
    private SecuredPathConfig config;
    private WebswingSecurityModule securityModule;
    private boolean enabled;
    private InstanceManagerStatus status;
    protected VariableSubstitutor varSubs;

    public PrimaryUrlHandler(UrlHandler urlHandler, SecurityModuleService securityModuleService, ConfigurationService configurationService) {
        super(urlHandler);
        this.enabled = false;
        this.status = new InstanceManagerStatus();
        this.securityModuleService = securityModuleService;
        this.securityModule = securityModuleService.createNoAccess(null, this, null);
        this.configService = configurationService;
        this.varSubs = VariableSubstitutor.basic();
    }

    @Override // org.webswing.server.base.AbstractUrlHandler, org.webswing.server.base.UrlHandler
    public void init() {
        try {
            super.init();
            if (getConfig().isEnabled()) {
                initConfiguration();
            } else {
                disable();
            }
        } catch (Throwable th) {
            log.error("Failed to start '" + getPathMapping() + "'.", th);
            try {
                destroy();
            } catch (Throwable th2) {
            }
            setStatusError(th);
        }
    }

    public abstract List<SwingInstanceManager> getApplications();

    @Override // org.webswing.server.services.security.login.SecuredPathHandler
    public synchronized void initConfiguration() {
        this.status.setStatus(InstanceManagerStatus.Status.Starting);
        String pathMapping = StringUtils.isEmpty(getPathMapping()) ? "/" : getPathMapping();
        this.config = this.configService.getConfiguration(pathMapping);
        WebswingSecurityConfig securityConfig = getSecurityConfig();
        try {
            this.varSubs = VariableSubstitutor.forSwingApp(getConfig());
            if (!new File(getHome()).getAbsoluteFile().isDirectory()) {
                throw new WsInitException("Home Folder '" + new File(getHome()).getAbsolutePath() + "'does not exist!");
            }
            try {
                if (this.securityModule != null) {
                    this.securityModule.destroy();
                }
            } catch (Exception e) {
                log.error("Failed to destroy Security module for " + pathMapping + ActiveMQDestination.PATH_SEPERATOR, (Throwable) e);
            }
            this.securityModule = this.securityModuleService.create(this, securityConfig);
            if (this.securityModule != null) {
                this.securityModule.init();
            }
            this.status.setStatus(InstanceManagerStatus.Status.Running);
            this.enabled = true;
        } catch (Exception e2) {
            this.securityModule = this.securityModuleService.createNoAccess(WebswingAuthenticationException.CONFIG_ERROR, this, securityConfig);
            setStatusError(e2);
        }
    }

    public synchronized void disable() {
        this.status.setStatus(InstanceManagerStatus.Status.Stopping);
        this.enabled = false;
        try {
            killAll();
            if (this.securityModule != null) {
                this.securityModule.destroy();
            }
            this.status.setStatus(InstanceManagerStatus.Status.Stopped);
        } finally {
            this.securityModule = this.securityModuleService.createNoAccess(null, this, null);
        }
    }

    protected void killAll() {
    }

    private void setStatusError(Throwable th) {
        this.status.setStatus(InstanceManagerStatus.Status.Error);
        this.status.setError(th.getMessage());
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        this.status.setErrorDetails(stringWriter.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WebswingSecurityConfig getSecurityConfig() {
        return (WebswingSecurityConfig) getConfig().getValueAs("security", WebswingSecurityConfig.class);
    }

    @Override // org.webswing.server.base.AbstractUrlHandler, org.webswing.server.base.UrlHandler
    public void destroy() {
        super.destroy();
        disable();
    }

    @Override // org.webswing.server.base.AbstractUrlHandler, org.webswing.server.base.UrlHandler
    public boolean serve(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        handleCorsHeaders(httpServletRequest, httpServletResponse);
        if (!isWrongUrlCase(httpServletRequest) && !isRootPathWithoutSlash(httpServletRequest)) {
            return super.serve(httpServletRequest, httpServletResponse);
        }
        try {
            String str = getFullPathMapping() + (ServerUtil.getContextPath(getServletContext()) + toPath(httpServletRequest.getPathInfo())).substring(getFullPathMapping().length());
            ServerUtil.sendHttpRedirect(httpServletRequest, httpServletResponse, (isRootPathWithoutSlash(httpServletRequest) ? str + "/" : str) + (httpServletRequest.getQueryString() == null ? "" : "?" + httpServletRequest.getQueryString()));
            return true;
        } catch (IOException e) {
            log.error("Failed to redirect.", (Throwable) e);
            return true;
        }
    }

    @Override // org.webswing.server.base.AbstractUrlHandler
    public boolean isSubPath(String str, String str2) {
        return CommonUtil.isSubPathIgnoreCase(str, str2);
    }

    private boolean isWrongUrlCase(HttpServletRequest httpServletRequest) {
        if (httpServletRequest.getPathInfo() == null) {
            return false;
        }
        String substring = toPath(httpServletRequest.getPathInfo()).substring(0, getPathMapping().length());
        return !substring.equals(getPathMapping()) && substring.equalsIgnoreCase(getPathMapping());
    }

    private boolean isRootPathWithoutSlash(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getPathInfo() == null || new StringBuilder().append(ServerUtil.getContextPath(getServletContext())).append(httpServletRequest.getPathInfo()).toString().equals(getFullPathMapping());
    }

    private void handleCorsHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        if (isOriginAllowed(httpServletRequest.getHeader(HttpHeaders.ORIGIN))) {
            if (httpServletRequest.getHeader(HttpHeaders.ORIGIN) != null) {
                httpServletResponse.addHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader(HttpHeaders.ORIGIN));
                httpServletResponse.addHeader("Access-Control-Allow-Credentials", "true");
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_EXPOSE_HEADERS, "X-webswing-args, X-webswing-recording, X-Cache-Date, X-Atmosphere-tracking-id, X-Requested-With");
            }
            if ("OPTIONS".equals(httpServletRequest.getMethod())) {
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "OPTIONS, GET, POST");
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, "X-webswing-args, X-webswing-recording, X-Requested-With, Origin, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Atmosphere-Framework, X-Cache-Date, X-Atmosphere-tracking-id, X-Atmosphere-Transport");
                httpServletResponse.addHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, BroadcastFilter.VOID_ATMOSPHERE_RESOURCE_UUID);
            }
        }
    }

    public boolean isOriginAllowed(String str) {
        List<String> allowedCorsOrigins = getSwingConfig().getAllowedCorsOrigins();
        if (allowedCorsOrigins == null || allowedCorsOrigins.size() == 0) {
            return false;
        }
        for (String str2 : allowedCorsOrigins) {
            if (str2.trim().equals(str) || str2.trim().equals("*")) {
                return true;
            }
        }
        return false;
    }

    public boolean isSameOrigin(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpHeaders.ORIGIN);
        String header2 = httpServletRequest.getHeader(HttpHeaders.X_FORWARDED_HOST);
        if (header == null) {
            return true;
        }
        if (header2 == null) {
            header2 = httpServletRequest.getHeader("Host");
        }
        if (header == null || header2 == null) {
            return false;
        }
        return StringUtils.equals(header.indexOf("://") >= 0 ? header.substring(header.indexOf("://") + 3) : header, header2);
    }

    @Override // org.webswing.server.services.security.login.SecuredPathHandler
    public SecuredPathConfig getConfig() {
        if (this.config == null || !this.enabled) {
            this.config = this.configService.getConfiguration(StringUtils.isEmpty(getPathMapping()) ? "/" : getPathMapping());
        }
        return this.config;
    }

    public SwingConfig getSwingConfig() {
        return getConfig().getSwingConfig() == null ? (SwingConfig) ConfigUtil.instantiateConfig(null, SwingConfig.class, new Object[0]) : getConfig().getSwingConfig();
    }

    public InstanceManagerStatus getStatus() {
        return this.status;
    }

    @Override // org.webswing.server.services.security.login.SecuredPathHandler, org.webswing.server.common.model.meta.ConfigContext
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // org.webswing.server.services.security.login.SecuredPathHandler
    public WebswingSecurityModule get() {
        return this.securityModule;
    }

    @Override // org.webswing.server.common.model.meta.ConfigContext
    public File resolveFile(String str) {
        return CommonUtil.resolveFile(str, getHome(), this.varSubs);
    }

    private String getHome() {
        return VariableSubstitutor.basic().replace(getConfig().getHomeDir());
    }

    public URL getWebResource(String str) {
        if (toPath(str).startsWith(JAVASCRIPT_NLS_PREFIX)) {
            String langFolder = getConfig().getLangFolder();
            URL fileResource = ServerUtil.getFileResource(toPath(str).substring(JAVASCRIPT_NLS_PREFIX.length()), StringUtils.isEmpty(langFolder) ? null : resolveFile(langFolder));
            if (fileResource != null) {
                return fileResource;
            }
        }
        String webFolder = getConfig().getWebFolder();
        return ServerUtil.getWebResource(toPath(str), getServletContext(), StringUtils.isEmpty(webFolder) ? null : resolveFile(webFolder));
    }

    public String generateCsrfToken() {
        String str = (String) getFromSecuritySession(Constants.HTTP_ATTR_CSRF_TOKEN_HEADER);
        if (str == null) {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            str = Base64.encode(bArr);
            setToSecuritySession(Constants.HTTP_ATTR_CSRF_TOKEN_HEADER, str);
        }
        return str;
    }

    public boolean validateCsrfToken(HttpServletRequest httpServletRequest) {
        String str = (String) getFromSecuritySession(Constants.HTTP_ATTR_CSRF_TOKEN_HEADER);
        return str != null && StringUtils.equals(httpServletRequest.getParameter(Constants.HTTP_ATTR_CSRF_TOKEN_HEADER), str);
    }

    @Override // org.webswing.server.common.model.meta.ConfigContext
    public String replaceVariables(String str) {
        return this.varSubs.replace(str);
    }

    public Map<String, String> getVariableMap() {
        return this.varSubs.getVariableMap();
    }

    @Override // org.webswing.server.services.security.api.SecurityContext
    public Object getFromSecuritySession(String str) {
        return SecurityUtil.getFromSecuritySession(str);
    }

    @Override // org.webswing.server.services.security.api.SecurityContext
    public void setToSecuritySession(String str, Object obj) {
        SecurityUtil.setToSecuritySession(str, obj);
    }
}
