package org.bibsonomy.rest;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bibsonomy.common.enums.Role;
import org.bibsonomy.common.errors.ErrorMessage;
import org.bibsonomy.common.exceptions.AccessDeniedException;
import org.bibsonomy.common.exceptions.DatabaseException;
import org.bibsonomy.common.exceptions.InternServerException;
import org.bibsonomy.common.exceptions.InvalidModelException;
import org.bibsonomy.common.exceptions.ReadOnlyDatabaseException;
import org.bibsonomy.common.exceptions.ResourceMovedException;
import org.bibsonomy.common.exceptions.UnsupportedResourceTypeException;
import org.bibsonomy.model.logic.LogicInterface;
import org.bibsonomy.model.sync.SyncService;
import org.bibsonomy.rest.enums.HttpMethod;
import org.bibsonomy.rest.exceptions.AuthenticationException;
import org.bibsonomy.rest.exceptions.BadRequestOrResponseException;
import org.bibsonomy.rest.exceptions.NoSuchResourceException;
import org.bibsonomy.rest.exceptions.UnsupportedHttpMethodException;
import org.bibsonomy.rest.exceptions.UnsupportedMediaTypeException;
import org.bibsonomy.rest.fileupload.DualUploadedFileAccessor;
import org.bibsonomy.rest.renderer.Renderer;
import org.bibsonomy.rest.renderer.RendererFactory;
import org.bibsonomy.rest.renderer.RenderingFormat;
import org.bibsonomy.rest.renderer.UrlRenderer;
import org.bibsonomy.rest.strategy.Context;
import org.bibsonomy.search.InvalidSearchRequestException;
import org.bibsonomy.services.filesystem.FileLogic;
import org.bibsonomy.util.ValidationUtils;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;

/* loaded from: input_file:org/bibsonomy/rest/RestServlet.class */
public final class RestServlet extends HttpServlet {
    private static final long serialVersionUID = -1737804091652029470L;
    private static final Log log = LogFactory.getLog(RestServlet.class);
    private static final String MAIN_FILE = "main";
    public static final String DOCUMENTS_PATH_KEY = "docPath";
    public static final String PROJECT_HOME_KEY = "projectHome";
    private static final String PROJECT_NAME_KEY = "projectName";
    public static final String RESPONSE_ENCODING = "UTF-8";
    public static final String REQUEST_ENCODING = "UTF-8";
    public static final String SSL_VERIFY_HEADER = "SSL_CLIENT_VERIFY";
    public static final String SUCCESS = "SUCCESS";
    public static final String SSL_CLIENT_S_DN = "SSL_CLIENT_S_DN";
    private List<AuthenticationHandler<?>> authenticationHandlers;
    private FileLogic fileLogic;
    private UrlRenderer urlRenderer;
    private RendererFactory rendererFactory;
    private final Map<String, String> additionalInfos = new HashMap();

    @Required
    public void setProjectHome(String str) {
        this.additionalInfos.put(PROJECT_HOME_KEY, str);
    }

    public void setProjectName(String str) {
        this.additionalInfos.put(PROJECT_NAME_KEY, str);
    }

    @Required
    public void setUrlRenderer(UrlRenderer urlRenderer) {
        this.urlRenderer = urlRenderer;
    }

    public void setRendererFactory(RendererFactory rendererFactory) {
        this.rendererFactory = rendererFactory;
    }

    public void setFileLogic(FileLogic fileLogic) {
        this.fileLogic = fileLogic;
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.GET);
    }

    public void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.PUT);
    }

    public void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.DELETE);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        handle(httpServletRequest, httpServletResponse, HttpMethod.POST);
    }

    public void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            validateAuthorization(httpServletRequest);
        } catch (AuthenticationException e) {
            handleAuthenticationException(httpServletRequest, httpServletResponse, e);
        }
    }

    private void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMethod httpMethod) throws IOException {
        log.debug("Incoming Request: " + httpMethod.name() + " " + ((Object) httpServletRequest.getRequestURL()) + " from IP " + httpServletRequest.getHeader("x-forwarded-for"));
        long currentTimeMillis = System.currentTimeMillis();
        try {
            LogicInterface validateAuthorization = validateAuthorization(httpServletRequest);
            Context context = new Context(httpMethod, httpServletRequest.getRequestURI(), getRenderingFormatForError(httpServletRequest), this.rendererFactory, RESTUtils.getInputReaderForStream(getMainInputStream(httpServletRequest), "UTF-8"), new DualUploadedFileAccessor(httpServletRequest), validateAuthorization, this.fileLogic, httpServletRequest.getParameterMap(), this.additionalInfos);
            context.canAccess();
            String header = httpServletRequest.getHeader("User-Agent");
            log.debug("[USER-AGENT] " + header);
            httpServletResponse.setContentType(context.getContentType(header));
            httpServletResponse.setCharacterEncoding("UTF-8");
            if (httpMethod.equals(HttpMethod.POST)) {
                httpServletResponse.setStatus(201);
            } else {
                httpServletResponse.setStatus(200);
            }
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            context.perform(byteArrayOutputStream);
            httpServletResponse.setContentLength(byteArrayOutputStream.size());
            log.debug("Size of output sent:" + byteArrayOutputStream.size());
            log.debug("Processing time: " + (System.currentTimeMillis() - currentTimeMillis) + " ms");
            byteArrayOutputStream.writeTo(httpServletResponse.getOutputStream());
        } catch (AuthenticationException e) {
            handleAuthenticationException(httpServletRequest, httpServletResponse, e);
        } catch (UnsupportedMediaTypeException e2) {
            log.error(e2.getMessage());
            sendError(httpServletRequest, httpServletResponse, 415, e2.getMessage());
        } catch (BadRequestOrResponseException | InvalidModelException | InvalidSearchRequestException | UnsupportedResourceTypeException | UnsupportedHttpMethodException e3) {
            log.info(e3.getMessage(), e3);
            sendError(httpServletRequest, httpServletResponse, 400, e3.getMessage());
        } catch (NoSuchResourceException e4) {
            log.info(e4.getMessage());
            sendError(httpServletRequest, httpServletResponse, 404, e4.getMessage());
        } catch (Exception e5) {
            log.error(e5.getMessage(), e5);
            sendError(httpServletRequest, httpServletResponse, 500, e5.getMessage());
        } catch (AccessDeniedException e6) {
            log.info(e6.getMessage());
            sendError(httpServletRequest, httpServletResponse, 403, e6.getMessage());
        } catch (InternServerException e7) {
            log.error(e7.getMessage());
            sendError(httpServletRequest, httpServletResponse, 500, e7.getMessage());
        } catch (ReadOnlyDatabaseException e8) {
            sendError(httpServletRequest, httpServletResponse, 503, e8.getMessage());
        } catch (DatabaseException e9) {
            StringBuilder sb = new StringBuilder("");
            Iterator it = e9.getErrorMessages().keySet().iterator();
            while (it.hasNext()) {
                for (ErrorMessage errorMessage : e9.getErrorMessages((String) it.next())) {
                    log.error(errorMessage.toString());
                    sb.append(errorMessage.toString() + "\n ");
                }
            }
            sendError(httpServletRequest, httpServletResponse, 400, sb.toString());
        } catch (ResourceMovedException e10) {
            log.info(e10.getMessage());
            httpServletResponse.setHeader("Location", this.urlRenderer.createHrefForResource(e10.getUserName(), e10.getNewIntraHash()));
            sendError(httpServletRequest, httpServletResponse, 301, e10.getMessage());
        }
    }

    private void handleAuthenticationException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        log.info(authenticationException.getMessage());
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.additionalInfos.get(PROJECT_NAME_KEY) + "WebService\"");
        sendError(httpServletRequest, httpServletResponse, 401, authenticationException.getMessage());
    }

    protected static String getMainContentType(HttpServletRequest httpServletRequest) {
        if (!(httpServletRequest instanceof MultipartHttpServletRequest)) {
            return httpServletRequest.getContentType();
        }
        MultipartFile file = ((MultipartHttpServletRequest) httpServletRequest).getFile(MAIN_FILE);
        if (file != null) {
            return file.getContentType();
        }
        return null;
    }

    protected static InputStream getMainInputStream(HttpServletRequest httpServletRequest) throws IOException {
        MultipartFile file;
        return (!(httpServletRequest instanceof MultipartHttpServletRequest) || (file = ((MultipartHttpServletRequest) httpServletRequest).getFile(MAIN_FILE)) == null) ? httpServletRequest.getInputStream() : file.getInputStream();
    }

    private void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str) throws IOException {
        RenderingFormat renderingFormatForError = getRenderingFormatForError(httpServletRequest);
        Renderer renderer = this.rendererFactory.getRenderer(renderingFormatForError);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setStatus(i);
        httpServletResponse.setContentType(renderingFormatForError.getErrorFormat().getMimeType());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, Charset.forName("UTF-8"));
        renderer.serializeError(outputStreamWriter, str);
        outputStreamWriter.close();
        httpServletResponse.setContentLength(byteArrayOutputStream.size());
        httpServletResponse.getOutputStream().print(byteArrayOutputStream.toString("UTF-8"));
    }

    protected static RenderingFormat getRenderingFormatForError(HttpServletRequest httpServletRequest) {
        try {
            return RESTUtils.getRenderingFormatForRequest(httpServletRequest.getParameterMap(), httpServletRequest.getHeader("Accept"), getMainContentType(httpServletRequest));
        } catch (UnsupportedMediaTypeException e) {
            try {
                return RESTUtils.getRenderingFormatForRequest(httpServletRequest.getParameterMap(), httpServletRequest.getHeader("Accept"), null);
            } catch (UnsupportedMediaTypeException e2) {
                return RESTUtils.DEFAULT_RENDERING_FORMAT;
            }
        }
    }

    protected LogicInterface validateAuthorization(HttpServletRequest httpServletRequest) throws AuthenticationException {
        Iterator<AuthenticationHandler<?>> it = this.authenticationHandlers.iterator();
        while (it.hasNext()) {
            LogicInterface logic = getLogic(it.next(), httpServletRequest);
            if (ValidationUtils.present(logic)) {
                validateSyncAuthorization(httpServletRequest, logic);
                return logic;
            }
        }
        throw new AuthenticationException(AuthenticationHandler.NO_AUTH_ERROR);
    }

    private static <T> LogicInterface getLogic(AuthenticationHandler<T> authenticationHandler, HttpServletRequest httpServletRequest) {
        T extractAuthentication = authenticationHandler.extractAuthentication(httpServletRequest);
        if (authenticationHandler.canAuthenticateUser(extractAuthentication)) {
            return authenticationHandler.authenticateUser(extractAuthentication);
        }
        return null;
    }

    private static void validateSyncAuthorization(HttpServletRequest httpServletRequest, LogicInterface logicInterface) {
        log.debug("start ssl header check for synchronization");
        if (!SUCCESS.equals(httpServletRequest.getHeader(SSL_VERIFY_HEADER))) {
            log.debug("ssl_verify_header not found or not 'SUCCESS'");
            return;
        }
        String header = httpServletRequest.getHeader(SSL_CLIENT_S_DN);
        if (!ValidationUtils.present(header)) {
            log.debug("ssl_client_verify was set, but ssl_client_s_dn not found");
            return;
        }
        log.debug("checking available sync client against SSL_CLIENT_S_DN '" + header + "'.");
        List syncServices = logicInterface.getSyncServices(false, header);
        if (ValidationUtils.present(syncServices)) {
            SyncService syncService = (SyncService) syncServices.get(0);
            log.debug("sync client:" + syncService.getService() + " | service ssl_s_dn:" + syncService.getSslDn());
            log.debug("setting user role to SYNC");
            logicInterface.getAuthenticatedUser().setRole(Role.SYNC);
        }
    }

    public void setAuthenticationHandlers(List<AuthenticationHandler<?>> list) {
        this.authenticationHandlers = list;
    }
}
