package org.apache.shindig.gadgets.servlet;

import com.google.common.collect.Maps;
import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthInfoUtil;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.JsonSerializer;
import org.apache.shindig.common.servlet.HttpUtil;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.Utf8UrlCoder;
import org.apache.shindig.config.ContainerConfig;
import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.FeedProcessor;
import org.apache.shindig.gadgets.FetchResponseUtils;
import org.apache.shindig.gadgets.Gadget;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.RequestPipeline;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.process.ProcessingException;
import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterList;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.RewriterRegistry;
import org.apache.shindig.gadgets.rewrite.RewritingException;
import org.apache.shindig.gadgets.rewrite.image.BasicImageRewriter;
import org.apache.shindig.gadgets.uri.UriCommon;

@Singleton
/* loaded from: input_file:org/apache/shindig/gadgets/servlet/MakeRequestHandler.class */
public class MakeRequestHandler implements ContainerConfig.ConfigObserver {
    public static final String POST_DATA_PARAM = "postData";
    public static final String METHOD_PARAM = "httpMethod";
    public static final String HEADERS_PARAM = "headers";
    public static final String CONTENT_TYPE_PARAM = "contentType";
    public static final String NUM_ENTRIES_PARAM = "numEntries";
    public static final String DEFAULT_NUM_ENTRIES = "3";
    public static final String GET_SUMMARIES_PARAM = "getSummaries";
    public static final String GET_FULL_HEADERS_PARAM = "getFullHeaders";
    public static final String AUTHZ_PARAM = "authz";
    public static final String MAX_POST_SIZE_KEY = "gadgets.jsonProxyUrl.maxPostSize";
    public static final String MULTI_PART_FORM_POST = "MPFP";
    public static final String MULTI_PART_FORM_POST_IFRAME = "iframe";
    public static final String GADGETS_FEATURES = "gadgets.features";
    public static final String CORE_IO = "core.io";
    public static final String UNPARSEABLE_CRUFT = "unparseableCruft";
    public static final int MAX_POST_SIZE_DEFAULT = 5242880;
    public static final String IFRAME_RESPONSE_PREFIX = "<html><head></head><body><textarea></textarea><script type='text/javascript'>document.getElementsByTagName('TEXTAREA')[0].value='";
    public static final String IFRAME_RESPONSE_SUFFIX = "';</script></body></html>";
    private final RequestPipeline requestPipeline;
    private final ResponseRewriterRegistry contentRewriterRegistry;
    private final Provider<FeedProcessor> feedProcessorProvider;
    private final GadgetAdminStore gadgetAdminStore;
    private final Processor processor;
    private final LockedDomainService lockedDomainService;
    private final Map<String, Integer> maxPostSizes = Maps.newConcurrentMap();
    private final Map<String, String> unparseableCruftMsgs = Maps.newConcurrentMap();

    @Inject
    public MakeRequestHandler(ContainerConfig containerConfig, RequestPipeline requestPipeline, @RewriterRegistry(rewriteFlow = ResponseRewriterList.RewriteFlow.DEFAULT) ResponseRewriterRegistry responseRewriterRegistry, Provider<FeedProcessor> provider, GadgetAdminStore gadgetAdminStore, Processor processor, LockedDomainService lockedDomainService) {
        this.requestPipeline = requestPipeline;
        this.contentRewriterRegistry = responseRewriterRegistry;
        this.feedProcessorProvider = provider;
        this.gadgetAdminStore = gadgetAdminStore;
        this.processor = processor;
        this.lockedDomainService = lockedDomainService;
        containerConfig.addConfigObserver(this, true);
    }

    public void fetch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws GadgetException, IOException {
        HttpRequest buildHttpRequest = buildHttpRequest(httpServletRequest);
        String container = buildHttpRequest.getContainer();
        final Uri gadget = buildHttpRequest.getGadget();
        if (gadget == null) {
            throw new GadgetException(GadgetException.Code.MISSING_PARAMETER, "Unable to find gadget in request", HttpResponse.SC_FORBIDDEN);
        }
        HttpGadgetContext httpGadgetContext = new HttpGadgetContext(httpServletRequest) { // from class: org.apache.shindig.gadgets.servlet.MakeRequestHandler.1
            @Override // org.apache.shindig.gadgets.servlet.HttpGadgetContext, org.apache.shindig.gadgets.GadgetContext
            public Uri getUrl() {
                return gadget;
            }

            @Override // org.apache.shindig.gadgets.servlet.HttpGadgetContext, org.apache.shindig.gadgets.GadgetContext
            public boolean getIgnoreCache() {
                return getParameter("bypassSpecCache").equals("1");
            }
        };
        try {
            Gadget process = this.processor.process(httpGadgetContext);
            if (!this.lockedDomainService.isGadgetValidForHost(httpGadgetContext.getHost(), process, container)) {
                throw new GadgetException(GadgetException.Code.GADGET_HOST_MISMATCH, "The gadget is incorrect for this request", HttpResponse.SC_FORBIDDEN);
            }
            if (!this.gadgetAdminStore.isWhitelisted(container, gadget.toString())) {
                throw new GadgetException(GadgetException.Code.NON_WHITELISTED_GADGET, "The requested content is unavailable", HttpResponse.SC_FORBIDDEN);
            }
            HttpResponse execute = this.requestPipeline.execute(buildHttpRequest);
            if (this.contentRewriterRegistry != null) {
                try {
                    execute = this.contentRewriterRegistry.rewriteHttpResponse(buildHttpRequest, execute, process);
                } catch (RewritingException e) {
                    throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e, e.getHttpStatusCode());
                }
            }
            String convertResponseToJson = convertResponseToJson(buildHttpRequest.getSecurityToken(), httpServletRequest, execute);
            setResponseHeaders(httpServletRequest, httpServletResponse, execute);
            httpServletResponse.setStatus(HttpResponse.SC_OK);
            httpServletResponse.setCharacterEncoding("UTF-8");
            PrintWriter writer = httpServletResponse.getWriter();
            if (!"1".equals(getParameter(httpServletRequest, MULTI_PART_FORM_POST_IFRAME, null))) {
                httpServletResponse.setContentType("application/json");
                writer.write(this.unparseableCruftMsgs.get(container) + convertResponseToJson);
                return;
            }
            httpServletResponse.setContentType("text/html");
            writer.write(IFRAME_RESPONSE_PREFIX);
            writer.write(StringEscapeUtils.escapeEcmaScript(this.unparseableCruftMsgs.get(container)));
            writer.write(StringEscapeUtils.escapeEcmaScript(convertResponseToJson));
            writer.write(IFRAME_RESPONSE_SUFFIX);
        } catch (ProcessingException e2) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "Error processing gadget", e2, HttpResponse.SC_BAD_REQUEST);
        }
    }

    protected HttpRequest buildHttpRequest(HttpServletRequest httpServletRequest) throws GadgetException {
        String container;
        String header;
        String parameter = getParameter(httpServletRequest, UriCommon.Param.URL.getKey(), null);
        if (parameter == null) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, UriCommon.Param.URL.getKey() + " parameter is missing.", HttpResponse.SC_BAD_REQUEST);
        }
        try {
            Uri validateUrl = ServletUtil.validateUrl(Uri.parse(parameter));
            SecurityToken securityTokenFromRequest = AuthInfoUtil.getSecurityTokenFromRequest(httpServletRequest);
            Uri uri = null;
            if ("1".equals(getParameter(httpServletRequest, MULTI_PART_FORM_POST, null)) && securityTokenFromRequest == null) {
                throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
            }
            if (securityTokenFromRequest == null || securityTokenFromRequest.isAnonymous()) {
                container = getContainer(httpServletRequest);
                String parameter2 = getParameter(httpServletRequest, UriCommon.Param.GADGET.getKey(), null);
                if (parameter2 != null) {
                    uri = Uri.parse(parameter2);
                }
            } else {
                container = securityTokenFromRequest.getContainer();
                String appUrl = securityTokenFromRequest.getAppUrl();
                if (appUrl != null) {
                    uri = Uri.parse(appUrl);
                }
            }
            HttpRequest gadget = new HttpRequest(validateUrl).setMethod(getParameter(httpServletRequest, METHOD_PARAM, "GET")).setContainer(container).setGadget(uri);
            if ("POST".equals(gadget.getMethod()) || "PUT".equals(gadget.getMethod())) {
                setPostData(container, httpServletRequest, gadget);
            }
            String parameter3 = getParameter(httpServletRequest, HEADERS_PARAM, "");
            if (parameter3.length() > 0) {
                for (String str : StringUtils.split(parameter3, '&')) {
                    String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(str, '=');
                    if (splitPreserveAllTokens.length != 2) {
                        throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Malformed header param specified:" + str, HttpResponse.SC_BAD_REQUEST);
                    }
                    String decode = Utf8UrlCoder.decode(splitPreserveAllTokens[0]);
                    if (!HttpRequestHandler.BAD_HEADERS.contains(decode.toUpperCase())) {
                        gadget.addHeader(decode, Utf8UrlCoder.decode(splitPreserveAllTokens[1]));
                    }
                }
            }
            if ("POST".equals(gadget.getMethod()) && gadget.getHeader(BasicImageRewriter.CONTENT_TYPE) == null) {
                gadget.addHeader(BasicImageRewriter.CONTENT_TYPE, "application/x-www-form-urlencoded");
            } else if ("1".equals(getParameter(httpServletRequest, MULTI_PART_FORM_POST, null))) {
                gadget.setHeader(BasicImageRewriter.CONTENT_TYPE, httpServletRequest.getHeader(BasicImageRewriter.CONTENT_TYPE));
            }
            gadget.setIgnoreCache("1".equals(getParameter(httpServletRequest, UriCommon.Param.NO_CACHE.getKey(), null)));
            String parameter4 = getParameter(httpServletRequest, UriCommon.Param.REFRESH.getKey(), null);
            if (parameter4 != null) {
                try {
                    gadget.setCacheTtl(Integer.parseInt(parameter4));
                } catch (NumberFormatException e) {
                }
            }
            gadget.setRewriteMimeType(getParameter(httpServletRequest, UriCommon.Param.REWRITE_MIME_TYPE.getKey(), null));
            AuthType parse = AuthType.parse(getParameter(httpServletRequest, AUTHZ_PARAM, null));
            gadget.setAuthType(parse);
            if (parse != AuthType.NONE) {
                gadget.setSecurityToken(extractAndValidateToken(httpServletRequest));
                if (parse == AuthType.OAUTH2) {
                    gadget.setOAuth2Arguments(new OAuth2Arguments(httpServletRequest));
                } else {
                    gadget.setOAuthArguments(new OAuthArguments(parse, httpServletRequest));
                }
            } else {
                gadget.setSecurityToken(securityTokenFromRequest);
            }
            if (gadget.getHeader("User-Agent") == null && (header = httpServletRequest.getHeader("User-Agent")) != null) {
                gadget.setHeader("User-Agent", header);
            }
            ServletUtil.setXForwardedForHeader(httpServletRequest, gadget);
            return gadget;
        } catch (IllegalArgumentException e2) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Invalid " + UriCommon.Param.URL.getKey() + " parameter", HttpResponse.SC_BAD_REQUEST);
        }
    }

    protected void setPostData(String str, HttpServletRequest httpServletRequest, HttpRequest httpRequest) throws GadgetException {
        if (this.maxPostSizes.get(str).intValue() < httpServletRequest.getContentLength()) {
            throw new GadgetException(GadgetException.Code.POST_TOO_LARGE, "Posted data too large.", HttpResponse.SC_REQUEST_ENTITY_TOO_LARGE);
        }
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            characterEncoding = "UTF-8";
        }
        try {
            String header = httpServletRequest.getHeader(BasicImageRewriter.CONTENT_TYPE);
            if (header == null || !header.startsWith("multipart/form-data")) {
                httpRequest.setPostBody(getParameter(httpServletRequest, POST_DATA_PARAM, "").getBytes(characterEncoding.toUpperCase()));
            } else {
                httpRequest.setPostBody((InputStream) httpServletRequest.getInputStream());
            }
        } catch (UnsupportedEncodingException e) {
            throw new GadgetException(GadgetException.Code.HTML_PARSE_ERROR, e, HttpResponse.SC_BAD_REQUEST);
        } catch (IOException e2) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e2, HttpResponse.SC_BAD_REQUEST);
        }
    }

    protected String convertResponseToJson(SecurityToken securityToken, HttpServletRequest httpServletRequest, HttpResponse httpResponse) throws GadgetException {
        String updatedToken;
        boolean parseBoolean = Boolean.parseBoolean(getParameter(httpServletRequest, GET_FULL_HEADERS_PARAM, "false"));
        String parameter = getParameter(httpServletRequest, UriCommon.Param.URL.getKey(), null);
        String responseAsString = httpResponse.getResponseAsString();
        if (responseAsString.length() > 0 && "FEED".equals(getParameter(httpServletRequest, CONTENT_TYPE_PARAM, null))) {
            responseAsString = processFeed(parameter, httpServletRequest, responseAsString);
        }
        Map<String, Object> responseAsJson = FetchResponseUtils.getResponseAsJson(httpResponse, null, responseAsString, parseBoolean);
        if (securityToken != null && (updatedToken = securityToken.getUpdatedToken()) != null) {
            responseAsJson.put("st", updatedToken);
        }
        return JsonSerializer.serialize(Collections.singletonMap(parameter, responseAsJson));
    }

    protected RequestPipeline getRequestPipeline() {
        return this.requestPipeline;
    }

    private SecurityToken extractAndValidateToken(HttpServletRequest httpServletRequest) throws GadgetException {
        SecurityToken securityTokenFromRequest = AuthInfoUtil.getSecurityTokenFromRequest(httpServletRequest);
        if (securityTokenFromRequest == null) {
            throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
        }
        return securityTokenFromRequest;
    }

    private String processFeed(String str, HttpServletRequest httpServletRequest, String str2) throws GadgetException {
        try {
            return ((FeedProcessor) this.feedProcessorProvider.get()).process(str, str2, Boolean.parseBoolean(getParameter(httpServletRequest, GET_SUMMARIES_PARAM, "false")), Integer.valueOf(getParameter(httpServletRequest, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES)).intValue()).toString();
        } catch (NumberFormatException e) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "numEntries paramater is not a number", HttpResponse.SC_BAD_REQUEST);
        }
    }

    protected static String getContainer(HttpServletRequest httpServletRequest) {
        String parameter = getParameter(httpServletRequest, UriCommon.Param.CONTAINER.getKey(), null);
        if (parameter == null) {
            parameter = getParameter(httpServletRequest, UriCommon.Param.SYND.getKey(), null);
        }
        return parameter != null ? parameter : "default";
    }

    protected static String getParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter != null ? parameter : str2;
    }

    protected void setResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpResponse httpResponse) throws GadgetException {
        int i;
        if (httpResponse.isStrictNoCache() || "1".equals(getParameter(httpServletRequest, UriCommon.Param.NO_CACHE.getKey(), null))) {
            i = 0;
        } else if (getParameter(httpServletRequest, UriCommon.Param.REFRESH.getKey(), null) != null) {
            try {
                i = Integer.valueOf(getParameter(httpServletRequest, UriCommon.Param.REFRESH.getKey(), null)).intValue();
            } catch (NumberFormatException e) {
                throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "refresh parameter is not a number", HttpResponse.SC_BAD_REQUEST);
            }
        } else {
            i = Math.max(3600, (int) (httpResponse.getCacheTtl() / 1000));
        }
        HttpUtil.setCachingHeaders(httpServletResponse, i, false);
        if (!"1".equals(getParameter(httpServletRequest, MULTI_PART_FORM_POST, null))) {
            httpServletResponse.setHeader("Content-Disposition", "attachment;filename=p.txt");
        }
        if (httpServletResponse.getContentType() == null) {
            httpServletResponse.setContentType("application/octet-stream");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void containersChanged(ContainerConfig containerConfig, Collection<String> collection, Collection<String> collection2) {
        Map map;
        for (String str : collection) {
            Integer valueOf = Integer.valueOf(containerConfig.getInt(str, MAX_POST_SIZE_KEY));
            if (valueOf.intValue() == 0) {
                valueOf = Integer.valueOf(MAX_POST_SIZE_DEFAULT);
            }
            this.maxPostSizes.put(str, valueOf);
            Map map2 = containerConfig.getMap(str, GADGETS_FEATURES);
            if (map2 != null && (map = (Map) map2.get(CORE_IO)) != null) {
                this.unparseableCruftMsgs.put(str, map.get(UNPARSEABLE_CRUFT));
            }
        }
        for (String str2 : collection2) {
            this.maxPostSizes.remove(str2);
            this.unparseableCruftMsgs.remove(str2);
        }
    }
}
