package org.fabric3.management.rest.runtime;

import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.fabric3.api.Role;
import org.fabric3.api.annotation.monitor.Monitor;
import org.fabric3.host.Fabric3Exception;
import org.fabric3.host.runtime.ParseException;
import org.fabric3.management.rest.model.HttpHeaders;
import org.fabric3.management.rest.model.HttpStatus;
import org.fabric3.management.rest.model.ResourceException;
import org.fabric3.management.rest.model.Response;
import org.fabric3.management.rest.spi.DuplicateResourceNameException;
import org.fabric3.management.rest.spi.ResourceHost;
import org.fabric3.management.rest.spi.ResourceMapping;
import org.fabric3.management.rest.spi.Verb;
import org.fabric3.spi.federation.MessageException;
import org.fabric3.spi.federation.ZoneChannelException;
import org.fabric3.spi.federation.ZoneTopologyService;
import org.fabric3.spi.host.ServletHost;
import org.fabric3.spi.invocation.WorkContext;
import org.fabric3.spi.invocation.WorkContextTunnel;
import org.fabric3.spi.objectfactory.ObjectCreationException;
import org.fabric3.spi.objectfactory.ObjectFactory;
import org.fabric3.spi.security.AuthenticationException;
import org.fabric3.spi.security.BasicAuthenticator;
import org.fabric3.spi.security.NoCredentialsException;
import org.fabric3.spi.transform.TransformationException;
import org.oasisopen.sca.annotation.Destroy;
import org.oasisopen.sca.annotation.Init;
import org.oasisopen.sca.annotation.Property;
import org.oasisopen.sca.annotation.Reference;

/* loaded from: input_file:org/fabric3/management/rest/runtime/ResourceHostImpl.class */
public class ResourceHostImpl extends HttpServlet implements ResourceHost {
    private static final long serialVersionUID = 5554150494161533656L;
    private static final String RESOURCE_CHANNEL = "resourceChannel";
    private static final String MANAGEMENT_PATH = "/management/*";
    private Marshaller marshaller;
    private ServletHost servletHost;
    private BasicAuthenticator authenticator;
    private ManagementMonitor monitor;
    private ZoneTopologyService topologyService;
    private boolean disableHttp;
    private ManagementSecurity security = ManagementSecurity.DISABLED;
    private Set<Role> roles = new HashSet();
    private Map<String, ResourceMapping> getMappings = new ConcurrentHashMap();
    private Map<String, ResourceMapping> postMappings = new ConcurrentHashMap();
    private Map<String, ResourceMapping> putMappings = new ConcurrentHashMap();
    private Map<String, ResourceMapping> deleteMappings = new ConcurrentHashMap();
    private Map<String, List<ResourceMapping>> registered = new ConcurrentHashMap();

    public ResourceHostImpl(@Reference Marshaller marshaller, @Reference ServletHost servletHost, @Reference BasicAuthenticator basicAuthenticator, @Monitor ManagementMonitor managementMonitor) {
        this.marshaller = marshaller;
        this.servletHost = servletHost;
        this.authenticator = basicAuthenticator;
        this.monitor = managementMonitor;
    }

    @Property(required = false)
    public void setSecurity(String str) throws ParseException {
        try {
            this.security = ManagementSecurity.valueOf(str.toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new ParseException("Invalid management security setting:" + str);
        }
    }

    @Property(required = false)
    public void setRoles(String str) {
        for (String str2 : str.split(",")) {
            this.roles.add(new Role(str2.trim()));
        }
    }

    @Property(required = false)
    public void setDisableHttp(boolean z) {
        this.disableHttp = z;
    }

    @Reference(required = false)
    public void setTopologyService(ZoneTopologyService zoneTopologyService) {
        this.topologyService = zoneTopologyService;
    }

    @Init
    public void start() throws ZoneChannelException {
        this.servletHost.registerMapping(MANAGEMENT_PATH, this);
        if (this.topologyService != null) {
            this.topologyService.openChannel(RESOURCE_CHANNEL, (String) null, new ResourceReplicationHandler(this, this.monitor));
        }
        if (ManagementSecurity.DISABLED == this.security) {
            this.monitor.securityDisabled();
        }
        if (this.disableHttp) {
            return;
        }
        this.monitor.httpEnabled();
    }

    @Destroy
    public void stop() throws ZoneChannelException {
        this.servletHost.unregisterMapping(MANAGEMENT_PATH);
        if (this.topologyService != null) {
            this.topologyService.closeChannel(RESOURCE_CHANNEL);
        }
    }

    public void init() {
    }

    @Override // org.fabric3.management.rest.spi.ResourceHost
    public boolean isPathRegistered(String str, Verb verb) {
        return verb == Verb.GET ? this.getMappings.containsKey(str) : verb == Verb.POST ? this.postMappings.containsKey(str) : verb == Verb.PUT ? this.putMappings.containsKey(str) : verb == Verb.DELETE && this.deleteMappings.containsKey(str);
    }

    @Override // org.fabric3.management.rest.spi.ResourceHost
    public void register(ResourceMapping resourceMapping) throws DuplicateResourceNameException {
        Verb verb = resourceMapping.getVerb();
        if (verb == Verb.GET) {
            register(resourceMapping, this.getMappings);
            return;
        }
        if (verb == Verb.POST) {
            register(resourceMapping, this.postMappings);
        } else if (verb == Verb.PUT) {
            register(resourceMapping, this.putMappings);
        } else if (verb == Verb.DELETE) {
            register(resourceMapping, this.deleteMappings);
        }
    }

    @Override // org.fabric3.management.rest.spi.ResourceHost
    public void unregister(String str) {
        List<ResourceMapping> remove = this.registered.remove(str);
        if (remove == null) {
            return;
        }
        for (ResourceMapping resourceMapping : remove) {
            String path = resourceMapping.getPath();
            Verb verb = resourceMapping.getVerb();
            if (verb == Verb.GET) {
                this.getMappings.remove(path);
            } else if (verb == Verb.POST) {
                this.postMappings.remove(path);
            } else if (verb == Verb.PUT) {
                this.putMappings.remove(path);
            } else if (verb == Verb.DELETE) {
                this.deleteMappings.remove(path);
            }
        }
    }

    @Override // org.fabric3.management.rest.spi.ResourceHost
    public void unregisterPath(String str, Verb verb) {
        ResourceMapping remove = verb == Verb.GET ? this.getMappings.remove(str) : verb == Verb.POST ? this.postMappings.remove(str) : verb == Verb.PUT ? this.putMappings.remove(str) : this.deleteMappings.remove(str);
        if (remove != null) {
            this.registered.get(remove.getIdentifier()).remove(remove);
        }
    }

    @Override // org.fabric3.management.rest.spi.ResourceHost
    public void dispatch(String str, Verb verb, Object[] objArr) {
        ResourceMapping resolveMapping = resolveMapping(verb, str);
        if (resolveMapping == null) {
            this.monitor.error("Mapping not found during zone broadcast: " + str);
            return;
        }
        try {
            invoke(resolveMapping, objArr, false, new WorkContext());
        } catch (ResourceException e) {
            this.monitor.error("Error replicating resource request: " + resolveMapping.getMethod(), e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handle(Verb.GET, httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handle(Verb.POST, httpServletRequest, httpServletResponse);
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handle(Verb.DELETE, httpServletRequest, httpServletResponse);
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handle(Verb.PUT, httpServletRequest, httpServletResponse);
    }

    private void register(ResourceMapping resourceMapping, Map<String, ResourceMapping> map) throws DuplicateResourceNameException {
        String path = resourceMapping.getPath();
        if (map.containsKey(path)) {
            throw new DuplicateResourceNameException("Resource already registered at: " + path);
        }
        getRegistered(resourceMapping.getIdentifier()).add(resourceMapping);
        map.put(path, resourceMapping);
    }

    private List<ResourceMapping> getRegistered(String str) {
        List<ResourceMapping> list = this.registered.get(str);
        if (list == null) {
            list = new ArrayList();
            this.registered.put(str, list);
        }
        return list;
    }

    private void handle(Verb verb, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.disableHttp && !httpServletRequest.isSecure()) {
            httpServletResponse.setStatus(HttpStatus.FORBIDDEN.getCode());
            try {
                httpServletResponse.getWriter().write("Forbidden. Only HTTPS access is allowed");
                return;
            } catch (IOException e) {
                this.monitor.error("Error writing response");
                return;
            }
        }
        if (httpServletRequest.getPathInfo() == null) {
            httpServletResponse.setStatus(HttpStatus.NOT_FOUND.getCode());
            return;
        }
        ResourceMapping resolveMapping = resolveMapping(verb, parsePathInfo(httpServletRequest));
        if (resolveMapping == null) {
            httpServletResponse.setStatus(404);
            try {
                httpServletResponse.getWriter().print("Management resource not found");
                return;
            } catch (IOException e2) {
                this.monitor.error("Error writing response", e2);
                return;
            }
        }
        WorkContext workContext = new WorkContext();
        if (securityCheck(resolveMapping, httpServletRequest, httpServletResponse, workContext)) {
            try {
                respond(invoke(resolveMapping, this.marshaller.deserialize(verb, httpServletRequest, resolveMapping), true, workContext), resolveMapping, httpServletRequest, httpServletResponse);
            } catch (ResourceException e3) {
                respondError(e3, resolveMapping, httpServletResponse);
            }
        }
    }

    private String parsePathInfo(HttpServletRequest httpServletRequest) {
        String lowerCase = httpServletRequest.getPathInfo().toLowerCase();
        if (lowerCase.endsWith("/")) {
            lowerCase = lowerCase.substring(0, lowerCase.length() - 1);
        }
        if (lowerCase.startsWith("/management/")) {
            lowerCase = lowerCase.substring(11);
        }
        return lowerCase;
    }

    private ResourceMapping resolveMapping(Verb verb, String str) {
        return verb == Verb.GET ? resolve(str, this.getMappings) : verb == Verb.POST ? resolve(str, this.postMappings) : verb == Verb.PUT ? resolve(str, this.putMappings) : resolve(str, this.deleteMappings);
    }

    private ResourceMapping resolve(String str, Map<String, ResourceMapping> map) {
        boolean z = true;
        while (str != null) {
            ResourceMapping resourceMapping = map.get(str);
            if (resourceMapping != null && (z || resourceMapping.isParameterized())) {
                return resourceMapping;
            }
            z = false;
            String parentPath = PathHelper.getParentPath(str);
            if (str.equals(parentPath)) {
                return null;
            }
            str = parentPath;
        }
        return null;
    }

    private boolean securityCheck(ResourceMapping resourceMapping, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, WorkContext workContext) {
        if (ManagementSecurity.DISABLED == this.security) {
            return true;
        }
        try {
            this.authenticator.authenticate(httpServletRequest, workContext);
            if (ManagementSecurity.AUTHORIZATION != this.security) {
                return true;
            }
            if (!checkSubjectHasRole(workContext, this.roles)) {
                setUnauthorizedResponse(httpServletResponse);
                return false;
            }
            if (checkSubjectHasRole(workContext, resourceMapping.getRoles())) {
                return true;
            }
            setUnauthorizedResponse(httpServletResponse);
            return false;
        } catch (AuthenticationException e) {
            setUnauthorizedResponse(httpServletResponse);
            return false;
        } catch (NoCredentialsException e2) {
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.getCode());
            httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"fabric3\"");
            return false;
        }
    }

    private boolean checkSubjectHasRole(WorkContext workContext, Set<Role> set) {
        if (set.isEmpty()) {
            return true;
        }
        boolean z = false;
        Iterator it = workContext.getSubject().getRoles().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (set.contains((Role) it.next())) {
                z = true;
                break;
            }
        }
        return z;
    }

    private void setUnauthorizedResponse(HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.getCode());
        try {
            httpServletResponse.getWriter().write("Unauthorized");
        } catch (IOException e) {
            this.monitor.error("Error writing response", e);
        }
    }

    private Object invoke(ResourceMapping resourceMapping, Object[] objArr, boolean z, WorkContext workContext) throws ResourceException {
        WorkContext threadWorkContext = WorkContextTunnel.setThreadWorkContext(workContext);
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        try {
            try {
                try {
                    Object resourceMapping2 = resourceMapping.getInstance();
                    if (resourceMapping2 instanceof ObjectFactory) {
                        resourceMapping2 = ((ObjectFactory) resourceMapping2).getInstance();
                    }
                    Thread.currentThread().setContextClassLoader(resourceMapping2.getClass().getClassLoader());
                    Object invoke = resourceMapping.getMethod().invoke(resourceMapping2, objArr);
                    if (z) {
                        replicate(resourceMapping, objArr);
                    }
                    return invoke;
                } catch (IllegalAccessException e) {
                    this.monitor.error("Error invoking operation: " + resourceMapping.getMethod(), e);
                    throw new ResourceException(HttpStatus.INTERNAL_SERVER_ERROR);
                } catch (InvocationTargetException e2) {
                    Fabric3Exception targetException = e2.getTargetException();
                    if (targetException instanceof ResourceException) {
                        throw ((ResourceException) targetException);
                    }
                    this.monitor.error("Error invoking operation: " + resourceMapping.getMethod(), e2);
                    throw new ResourceException(HttpStatus.INTERNAL_SERVER_ERROR);
                }
            } catch (MessageException e3) {
                this.monitor.error("Error replicating operation: " + resourceMapping.getMethod(), e3);
                throw new ResourceException(HttpStatus.INTERNAL_SERVER_ERROR);
            } catch (ObjectCreationException e4) {
                this.monitor.error("Error invoking operation: " + resourceMapping.getMethod(), e4);
                throw new ResourceException(HttpStatus.INTERNAL_SERVER_ERROR);
            }
        } finally {
            WorkContextTunnel.setThreadWorkContext(threadWorkContext);
            Thread.currentThread().setContextClassLoader(contextClassLoader);
        }
    }

    private void replicate(ResourceMapping resourceMapping, Object[] objArr) throws MessageException {
        ReplicationEnvelope replicationEnvelope;
        if (this.topologyService == null || !resourceMapping.isReplicate() || resourceMapping.getVerb() == Verb.GET) {
            return;
        }
        if (objArr.length <= 0 || !(objArr[0] instanceof HttpServletRequest)) {
            replicationEnvelope = new ReplicationEnvelope(resourceMapping.getPath(), resourceMapping.getVerb(), objArr);
        } else {
            replicationEnvelope = new ReplicationEnvelope(resourceMapping.getPath(), resourceMapping.getVerb(), new Object[]{copyRequest((HttpServletRequest) objArr[0])});
        }
        this.topologyService.sendAsynchronous(RESOURCE_CHANNEL, replicationEnvelope);
    }

    private void respond(Object obj, ResourceMapping resourceMapping, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ResourceException {
        if (!(obj instanceof Response)) {
            if (obj != null) {
                this.marshaller.serialize(obj, resourceMapping, httpServletRequest, httpServletResponse);
                return;
            }
            return;
        }
        Response response = (Response) obj;
        for (Map.Entry<String, String> entry : response.getHeaders().entrySet()) {
            httpServletResponse.setHeader(entry.getKey(), entry.getValue());
        }
        httpServletResponse.setStatus(response.getStatus().getCode());
        Object entity = response.getEntity();
        if (entity != null) {
            this.marshaller.serialize(entity, resourceMapping, httpServletRequest, httpServletResponse);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void respondError(ResourceException resourceException, ResourceMapping resourceMapping, HttpServletResponse httpServletResponse) {
        for (Map.Entry<String, String> entry : resourceException.getHeaders().entrySet()) {
            httpServletResponse.setHeader(entry.getKey(), entry.getValue());
        }
        httpServletResponse.setStatus(resourceException.getStatus().getCode());
        try {
            String message = resourceException.getMessage();
            Object entity = resourceException.getEntity();
            if (entity != null) {
                httpServletResponse.getOutputStream().write((byte[]) resourceMapping.getPair().getSerializer().transform(entity, entity.getClass().getClassLoader()));
            } else if (message != null) {
                httpServletResponse.getOutputStream().write((byte[]) resourceMapping.getPair().getSerializer().transform(message, getClass().getClassLoader()));
            }
        } catch (IOException e) {
            this.monitor.error("Cannot write error response", e);
            this.monitor.error("Response was ", resourceException);
        } catch (TransformationException e2) {
            this.monitor.error("Cannot serialize error response", e2);
            this.monitor.error("Response was ", resourceException);
        }
    }

    private ReplicatedHttpServletRequest copyRequest(HttpServletRequest httpServletRequest) {
        ReplicatedHttpServletRequest replicatedHttpServletRequest = new ReplicatedHttpServletRequest();
        replicatedHttpServletRequest.setLocalAddr(httpServletRequest.getLocalAddr());
        replicatedHttpServletRequest.setContentType(httpServletRequest.getContentType());
        replicatedHttpServletRequest.setMethod(httpServletRequest.getMethod());
        replicatedHttpServletRequest.setPort(httpServletRequest.getLocalPort());
        replicatedHttpServletRequest.setProtocol(httpServletRequest.getProtocol());
        replicatedHttpServletRequest.setRequestUri(httpServletRequest.getRequestURI());
        replicatedHttpServletRequest.setRequestUrl(httpServletRequest.getRequestURL());
        replicatedHttpServletRequest.setScheme(httpServletRequest.getScheme());
        replicatedHttpServletRequest.setServerName(httpServletRequest.getServerName());
        replicatedHttpServletRequest.setServletPath(httpServletRequest.getServletPath());
        return replicatedHttpServletRequest;
    }
}
