package org.bibsonomy.rest;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shindig.auth.SecurityToken;
import org.bibsonomy.common.errors.ErrorMessage;
import org.bibsonomy.common.exceptions.AccessDeniedException;
import org.bibsonomy.common.exceptions.DatabaseException;
import org.bibsonomy.common.exceptions.InternServerException;
import org.bibsonomy.common.exceptions.ResourceMovedException;
import org.bibsonomy.database.DBLogicNoAuthInterfaceFactory;
import org.bibsonomy.database.ShindigDBLogicUserInterfaceFactory;
import org.bibsonomy.database.util.IbatisDBSessionFactory;
import org.bibsonomy.model.logic.LogicInterface;
import org.bibsonomy.model.logic.LogicInterfaceFactory;
import org.bibsonomy.opensocial.oauth.OAuthRequestValidator;
import org.bibsonomy.rest.enums.HttpMethod;
import org.bibsonomy.rest.exceptions.AuthenticationException;
import org.bibsonomy.rest.exceptions.BadRequestOrResponseException;
import org.bibsonomy.rest.exceptions.NoSuchResourceException;
import org.bibsonomy.rest.renderer.Renderer;
import org.bibsonomy.rest.renderer.RendererFactory;
import org.bibsonomy.rest.renderer.RenderingFormat;
import org.bibsonomy.rest.renderer.UrlRenderer;
import org.bibsonomy.rest.strategy.Context;
import org.bibsonomy.rest.util.MultiPartRequestParser;
import org.bibsonomy.rest.utils.HeaderUtils;
import org.bibsonomy.util.ValidationUtils;
import org.springframework.beans.factory.annotation.Required;

/* loaded from: input_file:org/bibsonomy/rest/RestServlet.class */
public final class RestServlet extends HttpServlet {
    private static final long serialVersionUID = -1737804091652029470L;
    private static final Log log = LogFactory.getLog(RestServlet.class);
    private static final String NO_AUTH_ERROR = "Please authenticate yourself.";
    private static final String HTTP_AUTH_BASIC_IDENTIFIER = "Basic ";
    public static final String DOCUMENTS_PATH_KEY = "docPath";
    public static final String PROJECT_HOME_KEY = "projectHome";
    public static final String RESPONSE_ENCODING = "UTF-8";
    public static final String REQUEST_ENCODING = "UTF-8";
    private LogicInterfaceFactory logicFactory;
    private UrlRenderer urlRenderer;
    private RendererFactory rendererFactory;
    private final Map<String, String> additionalInfos = new HashMap();
    private OAuthRequestValidator oauthValidator;
    private ShindigDBLogicUserInterfaceFactory oauthLogicFactory;

    @Required
    public void setProjectHome(String str) {
        this.additionalInfos.put(PROJECT_HOME_KEY, str);
    }

    @Required
    public void setUrlRenderer(UrlRenderer urlRenderer) {
        this.urlRenderer = urlRenderer;
        this.rendererFactory = new RendererFactory(urlRenderer);
    }

    @Required
    public void setDocumentPath(String str) {
        this.additionalInfos.put(DOCUMENTS_PATH_KEY, str);
    }

    public void init() throws ServletException {
        super.init();
        try {
            IbatisDBSessionFactory ibatisDBSessionFactory = new IbatisDBSessionFactory();
            this.oauthValidator = OAuthRequestValidator.getInstance();
            this.oauthLogicFactory = new ShindigDBLogicUserInterfaceFactory();
            this.oauthLogicFactory.setDbSessionFactory(ibatisDBSessionFactory);
            DBLogicNoAuthInterfaceFactory dBLogicNoAuthInterfaceFactory = new DBLogicNoAuthInterfaceFactory();
            dBLogicNoAuthInterfaceFactory.setDbSessionFactory(ibatisDBSessionFactory);
            this.oauthLogicFactory.setNoAuthLogicFactory(dBLogicNoAuthInterfaceFactory);
            log.debug("Sucessfully enabled oauth database layer");
        } catch (Error e) {
            log.error("Error initializing the oauth database layer (disabling oauth for the rest api)");
        }
    }

    @Required
    public void setLogicInterfaceFactory(LogicInterfaceFactory logicInterfaceFactory) {
        this.logicFactory = logicInterfaceFactory;
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.GET);
    }

    public void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.PUT);
    }

    public void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.DELETE);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.POST);
    }

    public void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        validateAuthorization(httpServletRequest);
    }

    private void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMethod httpMethod) throws IOException {
        log.debug("Incoming Request: " + httpMethod.name() + " " + ((Object) httpServletRequest.getRequestURL()) + " from IP " + httpServletRequest.getHeader("x-forwarded-for"));
        long currentTimeMillis = System.currentTimeMillis();
        try {
            Context context = new Context(httpMethod, getPathInfo(httpServletRequest), RESTUtils.getRenderingFormatForRequest(httpServletRequest.getParameterMap(), httpServletRequest.getHeader("Accept"), httpServletRequest.getContentType()), this.urlRenderer, RESTUtils.getInputReaderForStream(httpServletRequest.getInputStream(), "UTF-8"), new MultiPartRequestParser(httpServletRequest).getList(), validateAuthorization(httpServletRequest), httpServletRequest.getParameterMap(), this.additionalInfos);
            context.canAccess();
            String header = httpServletRequest.getHeader("User-Agent");
            log.debug("[USER-AGENT] " + header);
            httpServletResponse.setContentType(context.getContentType(header));
            httpServletResponse.setCharacterEncoding("UTF-8");
            if (httpMethod.equals(HttpMethod.POST)) {
                httpServletResponse.setStatus(201);
            } else {
                httpServletResponse.setStatus(200);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            context.perform(byteArrayOutputStream);
            httpServletResponse.setContentLength(byteArrayOutputStream.size());
            log.debug("Size of output sent:" + byteArrayOutputStream.size());
            log.debug("Processing time: " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            byteArrayOutputStream.writeTo(httpServletResponse.getOutputStream());
        } catch (DatabaseException e) {
            StringBuilder sb = new StringBuilder("");
            Iterator it = e.getErrorMessages().keySet().iterator();
            while (it.hasNext()) {
                for (ErrorMessage errorMessage : e.getErrorMessages((String) it.next())) {
                    log.error(errorMessage.toString());
                    sb.append(errorMessage.toString() + "\n ");
                }
            }
            sendError(httpServletRequest, httpServletResponse, 400, sb.toString());
        } catch (AccessDeniedException e2) {
            log.error(e2.getMessage());
            sendError(httpServletRequest, httpServletResponse, 403, e2.getMessage());
        } catch (AuthenticationException e3) {
            log.warn(e3.getMessage());
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + RestProperties.getInstance().getBasicRealm() + "\"");
            sendError(httpServletRequest, httpServletResponse, 401, e3.getMessage());
        } catch (InternServerException e4) {
            log.error(e4.getMessage());
            sendError(httpServletRequest, httpServletResponse, 500, e4.getMessage());
        } catch (NoSuchResourceException e5) {
            log.error(e5.getMessage());
            sendError(httpServletRequest, httpServletResponse, 404, e5.getMessage());
        } catch (Exception e6) {
            log.error(e6, e6);
            sendError(httpServletRequest, httpServletResponse, 500, e6.getMessage());
        } catch (BadRequestOrResponseException e7) {
            log.error(e7.getMessage());
            sendError(httpServletRequest, httpServletResponse, 400, e7.getMessage());
        } catch (ResourceMovedException e8) {
            log.error(e8.getMessage());
            httpServletResponse.setHeader("Location", this.urlRenderer.createHrefForResource(e8.getUserName(), e8.getNewIntraHash()));
            sendError(httpServletRequest, httpServletResponse, 301, e8.getMessage());
        }
    }

    private String getPathInfo(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        return ValidationUtils.present(pathInfo) ? pathInfo : httpServletRequest.getRequestURL().substring(this.urlRenderer.getApiUrl().length()).toString();
    }

    private void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        RenderingFormat renderingFormatForRequest = RESTUtils.getRenderingFormatForRequest(httpServletRequest.getParameterMap(), httpServletRequest.getHeader("Accept"), httpServletRequest.getContentType());
        Renderer renderer = this.rendererFactory.getRenderer(renderingFormatForRequest);
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentType(renderingFormatForRequest.getMimeType());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        renderer.serializeError(new OutputStreamWriter(byteArrayOutputStream, Charset.forName("UTF-8")), str);
        httpServletResponse.setContentLength(byteArrayOutputStream.size());
        httpServletResponse.getOutputStream().print(byteArrayOutputStream.toString("UTF-8"));
    }

    protected LogicInterface validateAuthorization(HttpServletRequest httpServletRequest) throws AuthenticationException {
        String header = httpServletRequest.getHeader("Authorization");
        if (HeaderUtils.isHttpBasicAuthorization(header)) {
            return validateHttpBasicAuthorization(header);
        }
        if (ValidationUtils.present(this.oauthValidator) && ValidationUtils.present(this.oauthLogicFactory)) {
            return validateOAuthAuthorization(httpServletRequest);
        }
        throw new AuthenticationException(NO_AUTH_ERROR);
    }

    private LogicInterface validateOAuthAuthorization(HttpServletRequest httpServletRequest) {
        SecurityToken securityTokenFromRequest = this.oauthValidator.getSecurityTokenFromRequest(httpServletRequest);
        if (!ValidationUtils.present(securityTokenFromRequest) || securityTokenFromRequest.isAnonymous()) {
            throw new AuthenticationException(NO_AUTH_ERROR);
        }
        return this.oauthLogicFactory.getLogicAccess(securityTokenFromRequest);
    }

    protected LogicInterface validateHttpBasicAuthorization(String str) {
        if (!HeaderUtils.isHttpBasicAuthorization(str)) {
            throw new AuthenticationException(NO_AUTH_ERROR);
        }
        try {
            String str2 = new String(Base64.decodeBase64(str.substring(HTTP_AUTH_BASIC_IDENTIFIER.length()).getBytes()), "UTF-8");
            int indexOf = str2.indexOf(58);
            if (indexOf < 0) {
                throw new BadRequestOrResponseException("error decoding authorization header: syntax error");
            }
            String substring = str2.substring(0, indexOf);
            String substring2 = str2.substring(indexOf + 1);
            log.debug("Username/API-key: " + substring + " / " + substring2);
            try {
                return this.logicFactory.getLogicAccess(substring, substring2);
            } catch (AccessDeniedException e) {
                throw new AuthenticationException("Authentication failure: " + e.getMessage());
            }
        } catch (IOException e2) {
            throw new BadRequestOrResponseException("error decoding authorization header: " + e2.toString());
        }
    }
}
