package org.apache.chemistry.opencmis.server.impl.browser.token;

import java.io.IOException;
import java.io.PrintWriter;
import java.io.Serializable;
import java.net.URL;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.chemistry.opencmis.commons.exceptions.CmisBaseException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisObjectNotFoundException;
import org.apache.chemistry.opencmis.commons.exceptions.CmisRuntimeException;
import org.apache.chemistry.opencmis.commons.impl.UrlBuilder;
import org.apache.chemistry.opencmis.commons.impl.json.JSONArray;
import org.apache.chemistry.opencmis.commons.impl.json.JSONObject;
import org.apache.chemistry.opencmis.commons.impl.json.JSONStreamAware;
import org.apache.chemistry.opencmis.commons.server.CallContext;
import org.apache.chemistry.opencmis.commons.server.CmisService;
import org.apache.chemistry.opencmis.commons.server.CmisServiceFactory;
import org.apache.chemistry.opencmis.server.filter.ProxyHttpServletRequestWrapper;
import org.apache.chemistry.opencmis.server.impl.CmisRepositoryContextListener;
import org.apache.chemistry.opencmis.server.impl.browser.AbstractBrowserServiceCall;
import org.apache.chemistry.opencmis.server.shared.Dispatcher;

/* loaded from: input_file:lib/chemistry-opencmis-server-bindings-0.9.0.jar:org/apache/chemistry/opencmis/server/impl/browser/token/AbstractSimpleTokenHandler.class */
public abstract class AbstractSimpleTokenHandler implements TokenHandler, Serializable {
    private static final long serialVersionUID = 1;
    private static final int TOKEN_BATCH_SIZE = 10;
    private static final String ATTR_PREFIX = "org.apache.chemistry.opencmis.";
    private static final String JSP_PATH = "/WEB-INF/token/";
    private static final String JSP_SCRIPT = "cmis.js.jsp";
    private static final String JSP_IFRAME = "repository.jsp";
    private static final String JSP_LOGIN = "login.jsp";
    private static final String PARAM_LOGIN = "login";
    private static final String LOGIN_SCRIPT = "script";
    private static final String LOGIN_CONTROLLER = "controller";
    private static final String LOGIN_LOGIN = "login";
    private static final String LOGIN_LOGOUT = "logout";
    private static final String LOGIN_TOKEN = "token";
    private static final UrlServiceCall URL_SERVICE_CALL = new UrlServiceCall();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/chemistry-opencmis-server-bindings-0.9.0.jar:org/apache/chemistry/opencmis/server/impl/browser/token/AbstractSimpleTokenHandler$UrlServiceCall.class */
    public static class UrlServiceCall extends AbstractBrowserServiceCall {
        UrlServiceCall() {
        }

        @Override // org.apache.chemistry.opencmis.server.shared.ServiceCall
        public void serve(CallContext callContext, CmisService cmisService, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        }
    }

    @Override // org.apache.chemistry.opencmis.server.impl.browser.token.TokenHandler
    public void service(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("login");
        try {
            if ("token".equals(parameter)) {
                sendTokens(servletContext, httpServletRequest, httpServletResponse);
            } else if (LOGIN_SCRIPT.equals(parameter)) {
                sendJavaScript(servletContext, httpServletRequest, httpServletResponse, null);
            } else if (LOGIN_CONTROLLER.equals(parameter)) {
                sendControllerContent(servletContext, httpServletRequest, httpServletResponse, null);
            } else if ("login".equals(parameter)) {
                login(servletContext, httpServletRequest, httpServletResponse, null);
            } else {
                if (!LOGIN_LOGOUT.equals(parameter)) {
                    throw new CmisObjectNotFoundException();
                }
                logout(servletContext, httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            if (!(e instanceof CmisBaseException)) {
                throw new CmisRuntimeException("Internal Error!", e);
            }
            throw ((CmisBaseException) e);
        }
    }

    protected void sendTokens(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        JSONArray jSONArray = new JSONArray();
        if (SimpleTokenHandlerSessionHelper.checkApplicationKey(httpServletRequest)) {
            String applicationIdFromKey = SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(SimpleTokenHandlerSessionHelper.getKey(httpServletRequest));
            for (int i = 0; i < 10; i++) {
                String generateKey = SimpleTokenHandlerSessionHelper.generateKey(applicationIdFromKey);
                SimpleTokenHandlerSessionHelper.addToken(httpServletRequest, generateKey);
                jSONArray.add(generateKey);
            }
        } else {
            String applicationIdFromKey2 = SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(SimpleTokenHandlerSessionHelper.getKey(httpServletRequest));
            if (applicationIdFromKey2 != null) {
                SimpleTokenHandlerSessionHelper.removeApplicationKey(httpServletRequest, applicationIdFromKey2);
            }
        }
        printJSON(httpServletResponse, jSONArray);
    }

    protected void sendJavaScript(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        UrlBuilder compileBaseUrl = URL_SERVICE_CALL.compileBaseUrl(httpServletRequest, str);
        URL url = new URL(compileBaseUrl.toString());
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.domain", encodeJavaScriptString(url.getProtocol() + "://" + url.getHost() + (url.getPort() > -1 ? ":" + url.getPort() : "")));
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.serviceUrl", encodeJavaScriptString(compileBaseUrl.toString()));
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.iframeUrl", encodeJavaScriptString(compileBaseUrl.addParameter("login", LOGIN_CONTROLLER).toString()));
        httpServletResponse.setContentType("application/json; charset=UTF-8");
        try {
            servletContext.getRequestDispatcher("/WEB-INF/token/cmis.js.jsp").include(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new CmisRuntimeException("Internal error!", e);
        }
    }

    protected void sendControllerContent(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.loginUrl", encodeJavaScriptString(URL_SERVICE_CALL.compileBaseUrl(httpServletRequest, str).addParameter("login", "").toString()));
        try {
            servletContext.getRequestDispatcher("/WEB-INF/token/repository.jsp").include(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new CmisRuntimeException("Internal error!", e);
        }
    }

    protected void login(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (Dispatcher.METHOD_GET.equals(httpServletRequest.getMethod())) {
            showLoginForm(servletContext, httpServletRequest, httpServletResponse, null);
        } else if (Dispatcher.METHOD_POST.equals(httpServletRequest.getMethod())) {
            authenticate(servletContext, httpServletRequest, httpServletResponse, str);
        } else {
            httpServletResponse.sendError(400);
        }
    }

    protected void showLoginForm(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        String key = SimpleTokenHandlerSessionHelper.getKey(httpServletRequest);
        URL applicationURL = SimpleTokenHandlerSessionHelper.getApplicationURL(httpServletRequest, SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(key));
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.formkey", key);
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.error", str);
        httpServletRequest.setAttribute("org.apache.chemistry.opencmis.appurl", encodeHTMLString(applicationURL.toString()));
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        try {
            servletContext.getRequestDispatcher("/WEB-INF/token/login.jsp").include(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            throw new CmisRuntimeException("Internal error!", e);
        }
    }

    protected void authenticate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (SimpleTokenHandlerSessionHelper.checkFormKey(httpServletRequest)) {
            String parameter = httpServletRequest.getParameter(SimpleTokenHandlerSessionHelper.PARAM_TRUSTAPP);
            String parameter2 = httpServletRequest.getParameter(SimpleTokenHandlerSessionHelper.PARAM_USER);
            String parameter3 = httpServletRequest.getParameter("password");
            if (!"1".equals(parameter)) {
                showLoginForm(servletContext, httpServletRequest, httpServletResponse, "Please confirm that you trust the application!");
                return;
            }
            if (!authenticate(servletContext, httpServletRequest, httpServletResponse, parameter2, parameter3)) {
                showLoginForm(servletContext, httpServletRequest, httpServletResponse, "Invalid credentials!");
                return;
            }
            String applicationIdFromKey = SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(SimpleTokenHandlerSessionHelper.getKey(httpServletRequest));
            SimpleTokenHandlerSessionHelper.setApplicationKey(httpServletRequest, SimpleTokenHandlerSessionHelper.generateKey(applicationIdFromKey));
            SimpleTokenHandlerSessionHelper.setUser(httpServletRequest, applicationIdFromKey, parameter2);
            SimpleTokenHandlerSessionHelper.removeFormKey(httpServletRequest, applicationIdFromKey);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(SimpleTokenHandlerSessionHelper.getApplicationURL(httpServletRequest, applicationIdFromKey).toString()));
            return;
        }
        String parameter4 = httpServletRequest.getParameter("url");
        if (parameter4 == null || parameter4.trim().length() < 8 || !parameter4.toLowerCase().startsWith(ProxyHttpServletRequestWrapper.HTTP_SCHEME)) {
            httpServletResponse.sendError(400);
            return;
        }
        try {
            URL url = new URL(parameter4);
            String parameter5 = httpServletRequest.getParameter("key");
            if (parameter5 == null || parameter5.trim().length() == 0) {
                String generateAppId = SimpleTokenHandlerSessionHelper.generateAppId();
                String generateKey = SimpleTokenHandlerSessionHelper.generateKey(generateAppId);
                String generateKey2 = SimpleTokenHandlerSessionHelper.generateKey(generateAppId);
                SimpleTokenHandlerSessionHelper.setLoginKey(httpServletRequest, generateKey, generateKey2, url);
                String encodeJavaScriptString = encodeJavaScriptString(URL_SERVICE_CALL.compileBaseUrl(httpServletRequest, str).addParameter("login", "login").addParameter("key", generateKey2).toString());
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("ok", (Object) 0);
                jSONObject.put("key", (Object) generateKey);
                jSONObject.put("url", (Object) encodeJavaScriptString);
                printJSON(httpServletResponse, jSONObject);
                return;
            }
            String applicationIdFromKey2 = SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(SimpleTokenHandlerSessionHelper.getKey(httpServletRequest));
            String applicationKey = SimpleTokenHandlerSessionHelper.getApplicationKey(httpServletRequest, applicationIdFromKey2);
            if (applicationKey == null || !SimpleTokenHandlerSessionHelper.checkLoginKey(httpServletRequest)) {
                SimpleTokenHandlerSessionHelper.removeLoginKey(httpServletRequest, applicationIdFromKey2);
                SimpleTokenHandlerSessionHelper.removeApplicationKey(httpServletRequest, applicationIdFromKey2);
                httpServletResponse.sendError(400);
            } else {
                SimpleTokenHandlerSessionHelper.removeLoginKey(httpServletRequest, applicationIdFromKey2);
                JSONObject jSONObject2 = new JSONObject();
                jSONObject2.put("ok", (Object) 1);
                jSONObject2.put("key", (Object) applicationKey);
                printJSON(httpServletResponse, jSONObject2);
            }
        } catch (Exception e) {
            httpServletResponse.sendError(400);
        }
    }

    protected abstract boolean authenticate(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2);

    protected void logout(ServletContext servletContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String applicationIdFromKey = SimpleTokenHandlerSessionHelper.getApplicationIdFromKey(SimpleTokenHandlerSessionHelper.getKey(httpServletRequest));
        if (applicationIdFromKey != null) {
            SimpleTokenHandlerSessionHelper.removeApplicationKey(httpServletRequest, applicationIdFromKey);
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("ok", (Object) 1);
        printJSON(httpServletResponse, jSONObject);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CmisServiceFactory getCmisServiceFactory(ServletContext servletContext) {
        CmisServiceFactory cmisServiceFactory = (CmisServiceFactory) servletContext.getAttribute(CmisRepositoryContextListener.SERVICES_FACTORY);
        if (cmisServiceFactory == null) {
            throw new CmisRuntimeException("Service factory not available! Configuration problem?");
        }
        return cmisServiceFactory;
    }

    protected void printJSON(HttpServletResponse httpServletResponse, JSONStreamAware jSONStreamAware) throws IOException {
        httpServletResponse.setStatus(200);
        httpServletResponse.setContentType("application/json; charset=utf-8");
        httpServletResponse.addHeader("Cache-Control", "private, max-age=0");
        PrintWriter writer = httpServletResponse.getWriter();
        jSONStreamAware.writeJSONString(writer);
        writer.flush();
    }

    protected String encodeJavaScriptString(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '\'') {
                sb.append("\\'");
            } else {
                sb.append(charAt);
            }
        }
        return sb.toString();
    }

    protected String encodeHTMLString(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '\t' || charAt == '\n' || charAt == '\r' || ((charAt >= 'a' && charAt <= 'z') || ((charAt >= 'A' && charAt <= 'Z') || ((charAt >= '0' && charAt <= '9') || charAt == ' ' || charAt == '.' || charAt == ',' || charAt == '-' || charAt == '_')))) {
                sb.append(charAt);
            } else if (charAt <= 31 || (charAt >= 127 && charAt <= 159)) {
                sb.append(' ');
            } else if (charAt == '&') {
                sb.append("&amp;");
            } else if (charAt == '\"') {
                sb.append("&quot;");
            } else if (charAt == '<') {
                sb.append("&lt;");
            } else if (charAt == '>') {
                sb.append("&gt;");
            } else {
                sb.append("&#x" + Integer.toHexString(charAt) + ";");
            }
        }
        return sb.toString();
    }
}
