package org.apache.shindig.gadgets.servlet;

import com.google.inject.Inject;
import com.google.inject.Provider;
import com.google.inject.Singleton;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Collections;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthInfoUtil;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.JsonSerializer;
import org.apache.shindig.common.servlet.HttpUtil;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.util.Utf8UrlCoder;
import org.apache.shindig.gadgets.AuthType;
import org.apache.shindig.gadgets.FeedProcessor;
import org.apache.shindig.gadgets.FetchResponseUtils;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.LockedDomainService;
import org.apache.shindig.gadgets.admin.GadgetAdminStore;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.http.HttpResponse;
import org.apache.shindig.gadgets.http.RequestPipeline;
import org.apache.shindig.gadgets.oauth.OAuthArguments;
import org.apache.shindig.gadgets.oauth2.OAuth2Arguments;
import org.apache.shindig.gadgets.process.ProcessingException;
import org.apache.shindig.gadgets.process.Processor;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterList;
import org.apache.shindig.gadgets.rewrite.ResponseRewriterRegistry;
import org.apache.shindig.gadgets.rewrite.RewriterRegistry;
import org.apache.shindig.gadgets.rewrite.RewritingException;
import org.apache.shindig.gadgets.uri.UriCommon;
import org.apache.shindig.protocol.ContentTypes;
import org.apache.xerces.impl.xs.SchemaSymbols;

@Singleton
/* loaded from: input_file:WEB-INF/lib/shindig-gadgets-3.0.0-beta4.jar:org/apache/shindig/gadgets/servlet/MakeRequestHandler.class */
public class MakeRequestHandler {
    public static final String UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >";
    public static final String POST_DATA_PARAM = "postData";
    public static final String METHOD_PARAM = "httpMethod";
    public static final String HEADERS_PARAM = "headers";
    public static final String CONTENT_TYPE_PARAM = "contentType";
    public static final String NUM_ENTRIES_PARAM = "numEntries";
    public static final String DEFAULT_NUM_ENTRIES = "3";
    public static final String GET_SUMMARIES_PARAM = "getSummaries";
    public static final String GET_FULL_HEADERS_PARAM = "getFullHeaders";
    public static final String AUTHZ_PARAM = "authz";
    private final RequestPipeline requestPipeline;
    private final ResponseRewriterRegistry contentRewriterRegistry;
    private final Provider<FeedProcessor> feedProcessorProvider;
    private final GadgetAdminStore gadgetAdminStore;
    private final Processor processor;
    private final LockedDomainService lockedDomainService;

    @Inject
    public MakeRequestHandler(RequestPipeline requestPipeline, @RewriterRegistry(rewriteFlow = ResponseRewriterList.RewriteFlow.DEFAULT) ResponseRewriterRegistry responseRewriterRegistry, Provider<FeedProcessor> provider, GadgetAdminStore gadgetAdminStore, Processor processor, LockedDomainService lockedDomainService) {
        this.requestPipeline = requestPipeline;
        this.contentRewriterRegistry = responseRewriterRegistry;
        this.feedProcessorProvider = provider;
        this.gadgetAdminStore = gadgetAdminStore;
        this.processor = processor;
        this.lockedDomainService = lockedDomainService;
    }

    public void fetch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws GadgetException, IOException {
        HttpRequest buildHttpRequest = buildHttpRequest(httpServletRequest);
        String container = buildHttpRequest.getContainer();
        final Uri gadget = buildHttpRequest.getGadget();
        if (gadget == null) {
            throw new GadgetException(GadgetException.Code.MISSING_PARAMETER, "Unable to find gadget in request", 403);
        }
        HttpGadgetContext httpGadgetContext = new HttpGadgetContext(httpServletRequest) { // from class: org.apache.shindig.gadgets.servlet.MakeRequestHandler.1
            @Override // org.apache.shindig.gadgets.servlet.HttpGadgetContext, org.apache.shindig.gadgets.GadgetContext
            public Uri getUrl() {
                return gadget;
            }

            @Override // org.apache.shindig.gadgets.servlet.HttpGadgetContext, org.apache.shindig.gadgets.GadgetContext
            public boolean getIgnoreCache() {
                return getParameter("bypassSpecCache").equals(SchemaSymbols.ATTVAL_TRUE_1);
            }
        };
        try {
            if (!this.lockedDomainService.isGadgetValidForHost(httpGadgetContext.getHost(), this.processor.process(httpGadgetContext), container)) {
                throw new GadgetException(GadgetException.Code.GADGET_HOST_MISMATCH, "The gadget is incorrect for this request", 403);
            }
            if (!this.gadgetAdminStore.isWhitelisted(container, gadget.toString())) {
                throw new GadgetException(GadgetException.Code.NON_WHITELISTED_GADGET, "The requested content is unavailable", 403);
            }
            HttpResponse execute = this.requestPipeline.execute(buildHttpRequest);
            if (this.contentRewriterRegistry != null) {
                try {
                    execute = this.contentRewriterRegistry.rewriteHttpResponse(buildHttpRequest, execute);
                } catch (RewritingException e) {
                    throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e, e.getHttpStatusCode());
                }
            }
            String convertResponseToJson = convertResponseToJson(buildHttpRequest.getSecurityToken(), httpServletRequest, execute);
            setResponseHeaders(httpServletRequest, httpServletResponse, execute);
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType(ContentTypes.OUTPUT_JSON_CONTENT_TYPE);
            httpServletResponse.setCharacterEncoding("UTF-8");
            httpServletResponse.getWriter().write(UNPARSEABLE_CRUFT + convertResponseToJson);
        } catch (ProcessingException e2) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "Error processing gadget", e2, 400);
        }
    }

    protected HttpRequest buildHttpRequest(HttpServletRequest httpServletRequest) throws GadgetException {
        String parameter = httpServletRequest.getParameter(UriCommon.Param.URL.getKey());
        if (parameter == null) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, UriCommon.Param.URL.getKey() + " parameter is missing.", 400);
        }
        try {
            HttpRequest container = new HttpRequest(ServletUtil.validateUrl(Uri.parse(parameter))).setMethod(getParameter(httpServletRequest, METHOD_PARAM, "GET")).setContainer(getContainer(httpServletRequest));
            setPostData(httpServletRequest, container);
            String parameter2 = getParameter(httpServletRequest, HEADERS_PARAM, "");
            if (parameter2.length() > 0) {
                for (String str : StringUtils.split(parameter2, '&')) {
                    String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(str, '=');
                    if (splitPreserveAllTokens.length != 2) {
                        throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Malformed header param specified:" + str, 400);
                    }
                    String decode = Utf8UrlCoder.decode(splitPreserveAllTokens[0]);
                    if (!HttpRequestHandler.BAD_HEADERS.contains(decode.toUpperCase())) {
                        container.addHeader(decode, Utf8UrlCoder.decode(splitPreserveAllTokens[1]));
                    }
                }
            }
            if ("POST".equals(container.getMethod()) && container.getHeader("Content-Type") == null) {
                container.addHeader("Content-Type", "application/x-www-form-urlencoded");
            }
            container.setIgnoreCache(SchemaSymbols.ATTVAL_TRUE_1.equals(httpServletRequest.getParameter(UriCommon.Param.NO_CACHE.getKey())));
            if (httpServletRequest.getParameter(UriCommon.Param.GADGET.getKey()) != null) {
                container.setGadget(Uri.parse(httpServletRequest.getParameter(UriCommon.Param.GADGET.getKey())));
            }
            if (httpServletRequest.getParameter(UriCommon.Param.REFRESH.getKey()) != null) {
                try {
                    container.setCacheTtl(Integer.parseInt(httpServletRequest.getParameter(UriCommon.Param.REFRESH.getKey())));
                } catch (NumberFormatException e) {
                }
            }
            container.setRewriteMimeType(httpServletRequest.getParameter(UriCommon.Param.REWRITE_MIME_TYPE.getKey()));
            AuthType parse = AuthType.parse(getParameter(httpServletRequest, AUTHZ_PARAM, null));
            container.setAuthType(parse);
            if (parse != AuthType.NONE) {
                if (parse == AuthType.OAUTH2) {
                    container.setSecurityToken(extractAndValidateToken(httpServletRequest));
                    container.setOAuth2Arguments(new OAuth2Arguments(httpServletRequest));
                } else {
                    container.setSecurityToken(extractAndValidateToken(httpServletRequest));
                    container.setOAuthArguments(new OAuthArguments(parse, httpServletRequest));
                }
            }
            ServletUtil.setXForwardedForHeader(httpServletRequest, container);
            return container;
        } catch (IllegalArgumentException e2) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Invalid " + UriCommon.Param.URL.getKey() + " parameter", 400);
        }
    }

    protected void setPostData(HttpServletRequest httpServletRequest, HttpRequest httpRequest) throws GadgetException {
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            characterEncoding = "UTF-8";
        }
        try {
            httpRequest.setPostBody(getParameter(httpServletRequest, POST_DATA_PARAM, "").getBytes(characterEncoding.toUpperCase()));
        } catch (UnsupportedEncodingException e) {
            throw new GadgetException(GadgetException.Code.HTML_PARSE_ERROR, e, 400);
        }
    }

    protected String convertResponseToJson(SecurityToken securityToken, HttpServletRequest httpServletRequest, HttpResponse httpResponse) throws GadgetException {
        String updatedToken;
        boolean parseBoolean = Boolean.parseBoolean(getParameter(httpServletRequest, GET_FULL_HEADERS_PARAM, SchemaSymbols.ATTVAL_FALSE));
        String parameter = httpServletRequest.getParameter(UriCommon.Param.URL.getKey());
        String responseAsString = httpResponse.getResponseAsString();
        if (responseAsString.length() > 0 && "FEED".equals(httpServletRequest.getParameter(CONTENT_TYPE_PARAM))) {
            responseAsString = processFeed(parameter, httpServletRequest, responseAsString);
        }
        Map<String, Object> responseAsJson = FetchResponseUtils.getResponseAsJson(httpResponse, null, responseAsString, parseBoolean);
        if (securityToken != null && (updatedToken = securityToken.getUpdatedToken()) != null) {
            responseAsJson.put("st", updatedToken);
        }
        return JsonSerializer.serialize((Map<String, ?>) Collections.singletonMap(parameter, responseAsJson));
    }

    protected RequestPipeline getRequestPipeline() {
        return this.requestPipeline;
    }

    private SecurityToken extractAndValidateToken(HttpServletRequest httpServletRequest) throws GadgetException {
        SecurityToken securityTokenFromRequest = AuthInfoUtil.getSecurityTokenFromRequest(httpServletRequest);
        if (securityTokenFromRequest == null) {
            throw new GadgetException(GadgetException.Code.INVALID_SECURITY_TOKEN);
        }
        return securityTokenFromRequest;
    }

    private String processFeed(String str, HttpServletRequest httpServletRequest, String str2) throws GadgetException {
        try {
            return this.feedProcessorProvider.get().process(str, str2, Boolean.parseBoolean(getParameter(httpServletRequest, GET_SUMMARIES_PARAM, SchemaSymbols.ATTVAL_FALSE)), Integer.valueOf(getParameter(httpServletRequest, NUM_ENTRIES_PARAM, DEFAULT_NUM_ENTRIES)).intValue()).toString();
        } catch (NumberFormatException e) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "numEntries paramater is not a number", 400);
        }
    }

    protected static String getContainer(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(UriCommon.Param.CONTAINER.getKey());
        if (parameter == null) {
            parameter = httpServletRequest.getParameter(UriCommon.Param.SYND.getKey());
        }
        return parameter != null ? parameter : "default";
    }

    protected static String getParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter != null ? parameter : str2;
    }

    protected static void setResponseHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpResponse httpResponse) throws GadgetException {
        int i;
        if (httpResponse.isStrictNoCache() || SchemaSymbols.ATTVAL_TRUE_1.equals(httpServletRequest.getParameter(UriCommon.Param.NO_CACHE.getKey()))) {
            i = 0;
        } else if (httpServletRequest.getParameter(UriCommon.Param.REFRESH.getKey()) != null) {
            try {
                i = Integer.valueOf(httpServletRequest.getParameter(UriCommon.Param.REFRESH.getKey())).intValue();
            } catch (NumberFormatException e) {
                throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "refresh parameter is not a number", 400);
            }
        } else {
            i = Math.max(3600, (int) (httpResponse.getCacheTtl() / 1000));
        }
        HttpUtil.setCachingHeaders(httpServletResponse, i, false);
        httpServletResponse.setHeader("Content-Disposition", "attachment;filename=p.txt");
        if (httpServletResponse.getContentType() == null) {
            httpServletResponse.setContentType("application/octet-stream");
        }
    }
}
