package ee.datel.dogis.proxy.service;

import ee.datel.dogis.DogisContextHolder;
import ee.datel.dogis.config.CloseableHttpClientProvider;
import ee.datel.dogis.exception.Http404Exception;
import ee.datel.dogis.exception.HttpStatusException;
import ee.datel.dogis.exception.ManagedException;
import ee.datel.dogis.proxy.cluster.ProxyMappingsCache;
import ee.datel.dogis.proxy.controller.ModController;
import ee.datel.dogis.proxy.model.CachedResponse;
import ee.datel.dogis.proxy.oauth.OAuthTokenService;
import ee.datel.dogis.proxy.utils.FilterXml;
import ee.datel.dogis.utils.CommonUtils;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
import java.io.OutputStream;
import java.net.HttpCookie;
import java.net.URI;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.input.TeeInputStream;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.AuthCache;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.AbstractExecutionAwareRequest;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.RequestBuilder;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.conn.HttpHostConnectException;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
import org.springframework.util.MultiValueMap;

@Service
/* loaded from: input_file:ee/datel/dogis/proxy/service/ProxyService.class */
public class ProxyService {
    private static final int MAX_TOTAL = 2000;
    private static final int MAXP_PERROUTE = 500;
    private static final int PROXY_CONNECTIONTIMEOUT = 5000;
    private static final int PROXY_SOCKETTIMEOUT = 1200000;
    protected final ProxyMappingsCache cache;
    private final ProxyHostMapperService hostEncoder;
    private final CloseableHttpClient httpClient;
    private final RequestConfig postRequestConfig;
    static final Set<String> HOP_HEADERS = Set.copyOf((Collection) Arrays.stream(new String[]{"Accept-Encoding", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "Access-Control-Allow-Methods", "Access-Control-Allow-Credentials", "Authorization", "Connection", "Content-Length", "Host", "Proxy-Authenticate", "Proxy-Authorization", "Server", "TE", "Trailer", "Transfer-Encoding", "Upgrade", "User-Agent", "Via", "WWW-Authenticate", "X-Frame-Options", "Keep-Alive", "X-XSS-Protection", "X-Content-Type-Options", "X-Forwarded-For", "X-Forwarded-Host", "X-Forwarded-Proto", "X-Forwarded-Server", "Forwarded", "X-DNS-Prefetch-Control", "sec-ch-ua", "sec-ch-ua-mobile", "sec-ch-ua-platform", "Sec-Fetch-Dest", "Sec-Fetch-Mode", "Sec-Fetch-Site", "Sec-Fetch-User", "Sec-WebSocket-Accept", "Origin"}).map(ProxyServiceHelper::getLowercase).collect(Collectors.toSet()));
    private static final String HEADER_SETCOOKIE = ProxyServiceHelper.getLowercase("Set-Cookie");
    private static final String HEADER_SETCOOKIE2 = ProxyServiceHelper.getLowercase("Set-Cookie2");
    private static final String HEADER_LOCATION = ProxyServiceHelper.getLowercase("Location");
    private static final String HEADER_EXPIRES = ProxyServiceHelper.getLowercase("Expires");
    private final Logger logger = LoggerFactory.getLogger(ProxyService.class);
    private final Map<String, CredentialsProvider> credentials = new ConcurrentHashMap();
    private final AuthCache authCache = new BasicAuthCache();

    public ProxyService(ProxyMappingsCache proxyMappingsCache, ProxyHostMapperService proxyHostMapperService, CloseableHttpClientProvider closeableHttpClientProvider) {
        this.cache = proxyMappingsCache;
        this.hostEncoder = proxyHostMapperService;
        this.httpClient = closeableHttpClientProvider.getCloseableHttpClient(MAX_TOTAL, MAXP_PERROUTE, PROXY_CONNECTIONTIMEOUT, PROXY_CONNECTIONTIMEOUT, false);
        this.postRequestConfig = closeableHttpClientProvider.getRequestConfig(PROXY_CONNECTIONTIMEOUT, PROXY_SOCKETTIMEOUT, false);
    }

    public CloseableHttpClient getHttpClient() {
        return this.httpClient;
    }

    public void proxy(HttpMethod httpMethod, String str, String str2, MultiValueMap<String, String> multiValueMap, HttpHeaders httpHeaders, HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws HttpStatusException, ManagedException {
        String str3 = (String) DogisContextHolder.getNamedValue(ModController.class.getName());
        String remoteUrlFromKey = str3 == null ? this.cache.getRemoteUrlFromKey(str2, httpSession) : str3;
        if (remoteUrlFromKey == null) {
            throw new Http404Exception((String) null);
        }
        List<NameValuePair> queryStringPairs = ProxyServiceHelper.getQueryStringPairs(httpServletRequest.getQueryString());
        String query = ProxyServiceHelper.getQuery(str3 != null ? str3 : remoteUrlFromKey, str, queryStringPairs);
        CachedResponse cachedResponse = this.cache.getCachedResponse(query);
        if (cachedResponse == null) {
            doProxy(httpMethod, str2, httpHeaders, httpSession, httpServletRequest, httpServletResponse, multiValueMap, query, remoteUrlFromKey, str3, queryStringPairs);
        } else {
            responseFromCache(httpMethod, httpSession, httpServletRequest, httpServletResponse, query, cachedResponse, queryStringPairs);
        }
    }

    protected void doProxy(HttpMethod httpMethod, String str, HttpHeaders httpHeaders, HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, MultiValueMap<String, String> multiValueMap, String str2, String str3, String str4, List<NameValuePair> list) throws ManagedException, HttpStatusException {
        boolean z;
        HttpRequest proxyRequest;
        long currentTimeMillis = System.currentTimeMillis();
        URI uri = RequestBuilder.create("GET").setUri(str2).build().getURI();
        if (MediaType.MULTIPART_FORM_DATA.isCompatibleWith(httpHeaders.getContentType())) {
            proxyRequest = ProxyServiceHelper.getMultipartProxyRequest(uri, httpServletRequest);
            z = true;
        } else {
            z = false;
            proxyRequest = (MediaType.APPLICATION_FORM_URLENCODED.equals(httpHeaders.getContentType()) || !(httpHeaders.containsKey("Content-Length") || httpHeaders.containsKey("Transfer-Encoding"))) ? ProxyServiceHelper.getProxyRequest(httpMethod, uri, multiValueMap) : ProxyServiceHelper.getProxyRequest(httpMethod, uri, httpHeaders, httpServletRequest);
        }
        String str5 = str + "_";
        ProxyServiceHelper.addRequestHeaders(httpHeaders, proxyRequest, str5, z, (String) httpServletRequest.getAttribute(OAuthTokenService.OAUTH_TOKEN));
        try {
            URI create = URI.create(str3);
            HttpHost extractHost = URIUtils.extractHost(create);
            proxyRequest.setHeader("Host", extractHost.getHostName());
            if (str4 != null) {
                proxyRequest.setHeader("X-D6-ModWork", Thread.currentThread().getName());
            }
            HttpClientContext create2 = HttpClientContext.create();
            if (create.getUserInfo() != null) {
                addAuthentication(create, extractHost, create2);
            }
            if (HttpMethod.POST == httpMethod) {
                create2.setRequestConfig(this.postRequestConfig);
            }
            this.logger.info("{}", proxyRequest);
            try {
                try {
                    try {
                        CloseableHttpResponse execute = this.httpClient.execute(extractHost, proxyRequest, create2);
                        try {
                            int statusCode = execute.getStatusLine().getStatusCode();
                            httpServletResponse.setStatus(statusCode);
                            addResponseHeaders(execute, httpServletResponse, str, str5, httpServletRequest.isSecure(), uri, httpSession);
                            if (statusCode == 304) {
                                httpServletResponse.setIntHeader("Content-Length", 0);
                            } else {
                                writeResponse(httpMethod, httpSession, httpServletRequest, httpServletResponse, str2, execute, list);
                            }
                            if (execute != null) {
                                execute.close();
                            }
                            ((AbstractExecutionAwareRequest) proxyRequest).reset();
                        } catch (Throwable th) {
                            if (execute != null) {
                                try {
                                    execute.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (IOException e) {
                        handleIOException(httpMethod, httpServletResponse, str2, e);
                        ((AbstractExecutionAwareRequest) proxyRequest).reset();
                    } catch (Exception e2) {
                        this.logger.error("{} {}\n{}", new Object[]{httpMethod, str2, e2.getMessage(), e2});
                        throw new HttpStatusException(HttpStatus.INTERNAL_SERVER_ERROR, CommonUtils.getExceptionCause(e2).getMessage());
                    }
                } catch (InterruptedIOException e3) {
                    this.logger.warn("Timeout: {}ms {}: {}", new Object[]{Long.toString(System.currentTimeMillis() - currentTimeMillis), httpMethod, str2});
                    throw new HttpStatusException(HttpStatus.REQUEST_TIMEOUT, "Proxy timeout");
                } catch (HttpHostConnectException e4) {
                    this.logger.warn(e4.getMessage());
                    throw new HttpStatusException(HttpStatus.SERVICE_UNAVAILABLE, CommonUtils.getExceptionCause(e4).getMessage());
                }
            } catch (Throwable th3) {
                ((AbstractExecutionAwareRequest) proxyRequest).reset();
                throw th3;
            }
        } catch (IllegalArgumentException e5) {
            this.logger.error("{}\n{}", new Object[]{str3, e5.getMessage(), e5});
            throw new HttpStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Configuration error");
        }
    }

    protected void addAuthentication(URI uri, HttpHost httpHost, HttpClientContext httpClientContext) {
        if (this.authCache.get(httpHost) == null) {
            this.authCache.put(httpHost, new BasicScheme());
        }
        httpClientContext.setCredentialsProvider(this.credentials.computeIfAbsent(uri.getUserInfo(), str -> {
            int indexOf = uri.getUserInfo().indexOf(58);
            BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(uri.getUserInfo().substring(0, indexOf), uri.getUserInfo().substring(indexOf + 1)));
            return basicCredentialsProvider;
        }));
        httpClientContext.setAuthCache(this.authCache);
    }

    protected void writeResponse(HttpMethod httpMethod, HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, CloseableHttpResponse closeableHttpResponse, List<NameValuePair> list) throws IOException {
        InputStream content;
        HttpEntity entity = closeableHttpResponse.getEntity();
        if (entity == null) {
            httpServletResponse.setIntHeader("Content-Length", 0);
            return;
        }
        String value = entity.getContentType() == null ? "" : entity.getContentType().getValue();
        OutputStream outputStream = getOutputStream(httpServletRequest, httpServletResponse, value);
        try {
            if (value.indexOf("xml", 5) > 0) {
                content = entity.getContent();
                try {
                    CachedResponse filterResponse = filterResponse(httpMethod, content, outputStream, value, httpSession, true, list);
                    if (content != null) {
                        content.close();
                    }
                    if (filterResponse != null) {
                        filterResponse.setContentType(value);
                        this.cache.cacheResponse(str, filterResponse);
                    }
                } finally {
                }
            } else {
                content = entity.getContent();
                try {
                    copyResponseEntity(content, outputStream);
                    if (content != null) {
                        content.close();
                    }
                } finally {
                }
            }
            if (outputStream != null) {
                outputStream.close();
            }
        } catch (Throwable th) {
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    protected void responseFromCache(HttpMethod httpMethod, HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, CachedResponse cachedResponse, List<NameValuePair> list) {
        httpServletResponse.addHeader("Cache-Control", "max-age=0");
        httpServletResponse.addHeader("ETag", cachedResponse.getEtag());
        if (Objects.equals(httpServletRequest.getHeader("If-None-Match"), cachedResponse.getEtag())) {
            httpServletResponse.setStatus(304);
            return;
        }
        httpServletResponse.setContentType(cachedResponse.getContentType());
        try {
            InputStream inputStream = cachedResponse.getInputStream();
            try {
                OutputStream outputStream = getOutputStream(httpServletRequest, httpServletResponse, cachedResponse.getContentType());
                try {
                    filterResponse(httpMethod, inputStream, outputStream, cachedResponse.getContentType(), httpSession, false, list);
                    if (outputStream != null) {
                        outputStream.close();
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } catch (Throwable th) {
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            handleIOException(httpMethod, httpServletResponse, str, e);
        }
    }

    protected OutputStream getOutputStream(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        return (CommonUtils.isGzipAccepted(httpServletRequest) && (str == null || str.startsWith("text/") || str.startsWith("application/json") || str.startsWith("application/javascript") || str.contains("xml"))) ? CommonUtils.getGzipOutputstream(httpServletRequest, httpServletResponse, httpServletResponse.getOutputStream()) : httpServletResponse.getOutputStream();
    }

    protected void handleIOException(HttpMethod httpMethod, HttpServletResponse httpServletResponse, String str, IOException iOException) {
        String message = CommonUtils.getExceptionCause(iOException).getMessage();
        if (message == null || !(message.contains("Connection reset by peer") || message.contains("Broken pipe"))) {
            this.logger.warn("{} {}\nIOException: {}", new Object[]{httpMethod, str, message});
            try {
                httpServletResponse.reset();
            } catch (Exception e) {
                CommonUtils.doNothing(e);
            }
        }
    }

    protected CachedResponse filterResponse(HttpMethod httpMethod, InputStream inputStream, OutputStream outputStream, String str, HttpSession httpSession, boolean z, List<NameValuePair> list) throws IOException {
        int indexOf = str.indexOf(59);
        String substring = indexOf < 0 ? str : str.substring(0, indexOf);
        byte[] popByteBuffer = ProxyServiceHelper.popByteBuffer();
        try {
            InputStream preload = ProxyServiceXmlHelper.preload(inputStream, popByteBuffer);
            try {
                if (!ProxyServiceXmlHelper.isXml(popByteBuffer)) {
                    copyResponseEntity(preload, outputStream);
                    if (preload != null) {
                        preload.close();
                    }
                    return null;
                }
                FilterXml quessFilter = ProxyServiceXmlHelper.quessFilter(httpMethod, substring, popByteBuffer, outputStream, httpSession, list, this.hostEncoder);
                if (quessFilter == null) {
                    copyResponseEntity(preload, outputStream);
                } else {
                    if (z && quessFilter.getCachedResponse() != null) {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        TeeInputStream teeInputStream = new TeeInputStream(preload, byteArrayOutputStream, true);
                        try {
                            quessFilter.filter(teeInputStream);
                            teeInputStream.close();
                            quessFilter.getCachedResponse().setResponse(byteArrayOutputStream.toByteArray());
                            CachedResponse cachedResponse = quessFilter.getCachedResponse();
                            if (preload != null) {
                                preload.close();
                            }
                            ProxyServiceHelper.pushByteBuffer(popByteBuffer);
                            return cachedResponse;
                        } catch (Throwable th) {
                            try {
                                teeInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                            throw th;
                        }
                    }
                    quessFilter.filter(preload);
                }
                if (preload != null) {
                    preload.close();
                }
                ProxyServiceHelper.pushByteBuffer(popByteBuffer);
                return null;
            } finally {
            }
        } finally {
            ProxyServiceHelper.pushByteBuffer(popByteBuffer);
        }
    }

    public void copyResponseEntity(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] popByteBuffer = ProxyServiceHelper.popByteBuffer();
        while (true) {
            try {
                int read = inputStream.read(popByteBuffer);
                if (read == -1) {
                    return;
                } else {
                    outputStream.write(popByteBuffer, 0, read);
                }
            } finally {
                ProxyServiceHelper.pushByteBuffer(popByteBuffer);
            }
        }
    }

    protected void addResponseHeaders(HttpResponse httpResponse, HttpServletResponse httpServletResponse, String str, String str2, boolean z, URI uri, HttpSession httpSession) {
        Arrays.stream(httpResponse.getAllHeaders()).forEach(header -> {
            addResponseHeader(httpServletResponse, str, str2, z, uri, httpSession, header);
        });
        String header2 = httpServletResponse.getHeader("Cache-Control");
        if (header2 == null && httpServletResponse.getHeader("Expires") == null && httpServletResponse.getHeader("Pragma") == null) {
            httpServletResponse.addHeader("Cache-Control", "max-age=0");
        } else {
            if (header2 == null || !header2.startsWith("max-age=")) {
                return;
            }
            httpServletResponse.setHeader("Cache-Control", "public, " + header2);
        }
    }

    protected void addResponseHeader(HttpServletResponse httpServletResponse, String str, String str2, boolean z, URI uri, HttpSession httpSession, Header header) {
        String lowercase = ProxyServiceHelper.getLowercase(header.getName());
        if (HOP_HEADERS.contains(lowercase)) {
            return;
        }
        if (HEADER_SETCOOKIE.equals(lowercase) || HEADER_SETCOOKIE2.equals(lowercase)) {
            setResponseCookie(header, httpServletResponse, str, str2, z);
            return;
        }
        if (HEADER_LOCATION.equals(lowercase)) {
            setResponseLocation(header.getValue(), httpServletResponse, str, uri, httpSession);
        } else if (HEADER_EXPIRES.equals(lowercase)) {
            httpServletResponse.setHeader("Expires", header.getValue());
        } else {
            httpServletResponse.addHeader(header.getName(), header.getValue());
        }
    }

    protected void setResponseLocation(String str, HttpServletResponse httpServletResponse, String str2, URI uri, HttpSession httpSession) {
        if (str.indexOf("//") != -1) {
            httpServletResponse.setHeader("Location", this.hostEncoder.getProxyUrl(str, httpSession));
        } else if (str.startsWith("/")) {
            httpServletResponse.setHeader("Location", this.hostEncoder.getProxyPathBase(str2) + str);
        } else {
            setResponseLocation(uri.resolve(str).toString(), httpServletResponse, str2, uri, httpSession);
        }
    }

    protected void setResponseCookie(Header header, HttpServletResponse httpServletResponse, String str, String str2, boolean z) {
        HttpCookie.parse(header.getValue().replace("$", "")).stream().filter(httpCookie -> {
            return StringUtils.isBlank(httpCookie.getDomain());
        }).forEach(httpCookie2 -> {
            Cookie cookie = new Cookie(str2 + httpCookie2.getName(), httpCookie2.getValue());
            cookie.setMaxAge((int) httpCookie2.getMaxAge());
            cookie.setPath(this.hostEncoder.getProxyPathBase(str) + httpCookie2.getPath());
            cookie.setSecure(z);
            cookie.setVersion(httpCookie2.getVersion());
            cookie.setHttpOnly(true);
            httpServletResponse.addCookie(cookie);
        });
    }
}
