package org.apache.shindig.gadgets.servlet;

import com.google.inject.Inject;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.shindig.auth.AuthInfoUtil;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.servlet.InjectedServlet;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.uri.ProxyUriManager;

/* loaded from: input_file:org/apache/shindig/gadgets/servlet/ProxyServlet.class */
public class ProxyServlet extends InjectedServlet {
    private static final long serialVersionUID = 9085050443492307723L;
    private static final String classname = ProxyServlet.class.getName();
    private static final Logger LOG = Logger.getLogger(classname, "org.apache.shindig.common.logging.i18n.resource");
    private transient ProxyUriManager proxyUriManager;
    private transient LockedDomainService lockedDomainService;
    private transient ProxyHandler proxyHandler;

    @Inject
    public void setProxyHandler(ProxyHandler proxyHandler) {
        checkInitialized();
        this.proxyHandler = proxyHandler;
    }

    @Inject
    public void setProxyUriManager(ProxyUriManager proxyUriManager) {
        checkInitialized();
        this.proxyUriManager = proxyUriManager;
    }

    @Inject
    public void setLockedDomainService(LockedDomainService lockedDomainService) {
        checkInitialized();
        this.lockedDomainService = lockedDomainService;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        processRequest(httpServletRequest, httpServletResponse);
    }

    private void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpResponse errorResponse;
        ProxyUriManager.ProxyUri process;
        String header;
        if (httpServletRequest.getHeader("If-Modified-Since") != null) {
            httpServletResponse.setStatus(HttpResponse.SC_NOT_MODIFIED);
            return;
        }
        try {
            process = this.proxyUriManager.process(new UriBuilder(httpServletRequest).toUri());
            SecurityToken securityTokenFromRequest = AuthInfoUtil.getSecurityTokenFromRequest(httpServletRequest);
            process.setSecurityToken(securityTokenFromRequest);
            if (process.getGadget() == null && securityTokenFromRequest != null && !securityTokenFromRequest.isAnonymous()) {
                process.setGadget(securityTokenFromRequest.getAppUrl());
            }
            AuthType authType = process.getAuthType();
            if (AuthType.OAUTH.equals(authType)) {
                process.setOAuthArguments(new OAuthArguments(AuthType.OAUTH, httpServletRequest));
            } else if (AuthType.OAUTH2.equals(authType)) {
                process.setOAuth2Arguments(new OAuth2Arguments(httpServletRequest));
            }
            header = httpServletRequest.getHeader("Host");
        } catch (GadgetException e) {
            errorResponse = ServletUtil.errorResponse(new GadgetException(e.getCode(), e.getMessage(), HttpResponse.SC_BAD_REQUEST));
        }
        if (this.lockedDomainService.isSafeForOpenProxy(header)) {
            errorResponse = "POST".equalsIgnoreCase(httpServletRequest.getMethod()) ? this.proxyHandler.fetch(process, getPOSTContent(httpServletRequest).toString()) : this.proxyHandler.fetch(process);
            ServletUtil.copyToServletResponseAndOverrideCacheHeaders(errorResponse, httpServletResponse);
            return;
        }
        Uri resource = process.getResource();
        String str = "Embed request for url " + (resource != null ? resource.toString() : "n/a") + " made to wrong domain " + header;
        if (LOG.isLoggable(Level.INFO)) {
            Logger logger = LOG;
            Level level = Level.INFO;
            String str2 = classname;
            Object[] objArr = new Object[2];
            objArr[0] = resource != null ? resource.toString() : "n/a";
            objArr[1] = header;
            logger.logp(level, str2, "processRequest", "embededImgWrongDomain", objArr);
        }
        throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, str, HttpResponse.SC_BAD_REQUEST);
    }

    private StringBuffer getPOSTContent(HttpServletRequest httpServletRequest) throws IOException {
        StringBuffer stringBuffer = new StringBuffer();
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader(httpServletRequest.getInputStream()));
                while (true) {
                    int read = bufferedReader.read();
                    if (read == -1) {
                        break;
                    }
                    stringBuffer.append((char) read);
                }
                bufferedReader.close();
                IOUtils.closeQuietly(bufferedReader);
            } catch (IOException e) {
                LOG.logp(Level.WARNING, classname, "getPOSTContent", "Caught exception while reading POST body:" + e.getMessage());
                IOUtils.closeQuietly(bufferedReader);
            }
            return stringBuffer;
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedReader);
            throw th;
        }
    }
}
