package org.webswing.server.api.base;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webswing.server.api.services.security.login.SecuredPathHandler;
import org.webswing.server.api.util.SecurityUtil;
import org.webswing.server.api.util.ServerApiUtil;
import org.webswing.server.common.model.security.WebswingAction;
import org.webswing.server.common.service.security.AbstractWebswingUser;
import org.webswing.server.common.service.security.SecurableService;
import org.webswing.server.common.util.CommonUtil;
import org.webswing.server.model.exception.WsException;

/* loaded from: input_file:org/webswing/server/api/base/AbstractUrlHandler.class */
public abstract class AbstractUrlHandler implements UrlHandler, SecurableService {
    private static final Logger log = LoggerFactory.getLogger(AbstractUrlHandler.class);
    private final UrlHandler parent;
    private final List<UrlHandler> childHandlers = Collections.synchronizedList(new LinkedList());

    public AbstractUrlHandler(UrlHandler urlHandler) {
        this.parent = urlHandler;
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void init() {
        synchronized (this.childHandlers) {
            for (UrlHandler urlHandler : this.childHandlers) {
                try {
                    urlHandler.init();
                } catch (Exception e) {
                    log.error("Failed to initialize child handler: " + urlHandler.getClass().getName(), e);
                }
            }
        }
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void destroy() {
        synchronized (this.childHandlers) {
            for (UrlHandler urlHandler : this.childHandlers) {
                try {
                    urlHandler.destroy();
                } catch (Exception e) {
                    log.error("Failed to destroy child handler: " + urlHandler.getClass().getName(), e);
                }
            }
            this.childHandlers.clear();
        }
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public boolean serve(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        String pathInfo = getPathInfo(httpServletRequest);
        for (UrlHandler urlHandler : new LinkedList(this.childHandlers)) {
            if (isSubPath(toPath(urlHandler.getPathMapping()), pathInfo) && urlHandler.serve(httpServletRequest, httpServletResponse)) {
                return true;
            }
        }
        return false;
    }

    public Object secureServe(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        return Boolean.valueOf(serve(httpServletRequest, httpServletResponse));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleCorsHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws WsException {
        if (isOriginAllowed(httpServletRequest.getHeader("Origin"))) {
            if (httpServletRequest.getHeader("Origin") != null) {
                httpServletResponse.setHeader("Access-Control-Allow-Origin", httpServletRequest.getHeader("Origin"));
                httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
                httpServletResponse.setHeader("Access-Control-Expose-Headers", "X-webswing-args, X-webswing-recording, X-Cache-Date, X-Atmosphere-tracking-id, X-Requested-With");
            }
            if ("OPTIONS".equals(httpServletRequest.getMethod())) {
                httpServletResponse.setHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST, DELETE");
                httpServletResponse.setHeader("Access-Control-Allow-Headers", "Authorization, X-webswing-args, X-webswing-recording, X-Requested-With, Origin, Content-Type, Content-Range, Content-Disposition, Content-Description, X-Atmosphere-Framework, X-Cache-Date, X-Atmosphere-tracking-id, X-Atmosphere-Transport");
                httpServletResponse.setHeader("Access-Control-Max-Age", "-1");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isOriginAllowed(String str) {
        return false;
    }

    protected boolean isSameOrigin(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Origin");
        String header2 = httpServletRequest.getHeader("X-Forwarded-Host");
        if (header == null) {
            return true;
        }
        if (header2 == null) {
            header2 = httpServletRequest.getHeader("Host");
        }
        if (header == null || header2 == null) {
            return false;
        }
        return StringUtils.equals(header.indexOf("://") >= 0 ? header.substring(header.indexOf("://") + 3) : header, header2);
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public String getFullPathMapping() {
        String str;
        String path = toPath(getPathMapping());
        if (this.parent != null) {
            str = this.parent.getFullPathMapping() + path;
        } else {
            str = ServerApiUtil.getContextPath(getServletContext()) + path;
        }
        return str;
    }

    public String getPathInfo(HttpServletRequest httpServletRequest) {
        String fullPathMapping = getFullPathMapping();
        String path = toPath(ServerApiUtil.getContextPath(getServletContext()) + httpServletRequest.getPathInfo());
        return isSubPath(fullPathMapping, path) ? toPath(path.substring(fullPathMapping.length())) : "/";
    }

    protected abstract String getPath();

    @Override // org.webswing.server.api.base.UrlHandler
    public String getPathMapping() {
        return toPath(getPath());
    }

    public boolean isSubPath(String str, String str2) {
        return CommonUtil.isSubPath(str, str2);
    }

    public static String toPath(String str) {
        return CommonUtil.toPath(str);
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void registerFirstChildUrlHandler(UrlHandler urlHandler) {
        synchronized (this.childHandlers) {
            this.childHandlers.add(0, urlHandler);
        }
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void registerChildUrlHandler(UrlHandler urlHandler) {
        synchronized (this.childHandlers) {
            this.childHandlers.add(urlHandler);
        }
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void removeChildUrlHandler(UrlHandler urlHandler) {
        synchronized (this.childHandlers) {
            if (this.childHandlers.contains(urlHandler)) {
                this.childHandlers.remove(urlHandler);
                urlHandler.destroy();
            }
        }
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public ServletContext getServletContext() {
        return this.parent.getServletContext();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.webswing.server.api.base.UrlHandler
    public String getSecuredPath() {
        if ((!SecuredPathHandler.class.isAssignableFrom(getClass()) || ((SecuredPathHandler) this).get() == null) && this.parent != null) {
            return this.parent.getSecuredPath();
        }
        return getFullPathMapping();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.webswing.server.api.base.UrlHandler
    public SecuredPathHandler getSecurityProvider() {
        if (SecuredPathHandler.class.isAssignableFrom(getClass())) {
            SecuredPathHandler securedPathHandler = (SecuredPathHandler) this;
            if (securedPathHandler.get() != null) {
                return securedPathHandler;
            }
        }
        return this.parent == null ? (SecuredPathHandler) this : this.parent.getSecurityProvider();
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public long getLastModified(HttpServletRequest httpServletRequest) {
        return -1L;
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public AbstractWebswingUser getUser() {
        return SecurityUtil.getUser(this);
    }

    public AbstractWebswingUser getMasterUser() {
        return SecurityUtil.getUser(getRootHandler());
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public UrlHandler getRootHandler() {
        return this.parent != null ? this.parent.getRootHandler() : this;
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void checkPermission(WebswingAction webswingAction) throws WsException {
        checkPermission(getUser(), webswingAction);
    }

    @Override // org.webswing.server.api.base.UrlHandler
    public void checkMasterPermission(WebswingAction webswingAction) throws WsException {
        checkPermission(getMasterUser(), webswingAction);
    }

    public void checkPermissionLocalOrMaster(WebswingAction webswingAction) throws WsException {
        try {
            checkPermission(webswingAction);
        } catch (WsException e) {
            checkMasterPermission(webswingAction);
        }
    }

    private void checkPermission(AbstractWebswingUser abstractWebswingUser, WebswingAction webswingAction) throws WsException {
        if (abstractWebswingUser == null || !abstractWebswingUser.isPermitted(webswingAction.name())) {
            throw new WsException("User '" + abstractWebswingUser + "' is not allowed to execute action '" + webswingAction + "'", 401);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendContent(HttpServletResponse httpServletResponse, String str) throws WsException {
        try {
            PrintWriter writer = httpServletResponse.getWriter();
            try {
                writer.write(str);
                writer.flush();
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            throw new WsException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendFile(HttpServletResponse httpServletResponse, File file) throws WsException {
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                IOUtils.copy(fileInputStream, httpServletResponse.getOutputStream());
                fileInputStream.close();
            } finally {
            }
        } catch (IOException e) {
            throw new WsException(e);
        }
    }
}
