package org.iplass.mtp.impl.webapi.rest;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.Reader;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.function.BiFunction;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.StreamingOutput;
import javax.ws.rs.core.Variant;
import javax.xml.bind.JAXBException;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.transform.sax.SAXSource;
import org.iplass.mtp.command.RequestContext;
import org.iplass.mtp.impl.session.SessionService;
import org.iplass.mtp.impl.web.LimitRequestBodyHttpServletRequest;
import org.iplass.mtp.impl.web.RequestPath;
import org.iplass.mtp.impl.web.WebRequestStack;
import org.iplass.mtp.impl.web.WebUtil;
import org.iplass.mtp.impl.webapi.MetaWebApi;
import org.iplass.mtp.impl.webapi.WebApiParameter;
import org.iplass.mtp.impl.webapi.WebApiParameterMap;
import org.iplass.mtp.impl.webapi.WebApiResponse;
import org.iplass.mtp.impl.webapi.jackson.WebApiObjectMapperService;
import org.iplass.mtp.impl.webapi.jaxb.WebApiJaxbService;
import org.iplass.mtp.spi.ServiceRegistry;
import org.iplass.mtp.util.StringUtil;
import org.iplass.mtp.webapi.WebApiRequestConstants;
import org.iplass.mtp.webapi.WebApiRuntimeException;
import org.iplass.mtp.webapi.definition.MethodType;
import org.iplass.mtp.webapi.definition.RequestType;
import org.iplass.mtp.webapi.definition.StateType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

@Path("/")
/* loaded from: input_file:org/iplass/mtp/impl/webapi/rest/RestCommandInvoker.class */
public class RestCommandInvoker {
    private static final String ORIGIN = "Origin";
    private static final String ACCESS_CONTROL_REQUEST_HEADERS = "Access-Control-Request-Headers";
    private static final String ACCESS_CONTROL_REQUEST_METHOD = "Access-Control-Request-Method";
    private static final String ACCESS_CONTROL_ALLOW_HEADERS = "Access-Control-Allow-Headers";
    private static final String ACCESS_CONTROL_ALLOW_METHODS = "Access-Control-Allow-Methods";
    private static final String ACCESS_CONTROL_ALLOW_CREDENTIALS = "Access-Control-Allow-Credentials";
    private static final String ACCESS_CONTROL_ALLOW_ORIGIN = "Access-Control-Allow-Origin";
    private static Logger logger = LoggerFactory.getLogger(RestCommandInvoker.class);
    private static WebApiJaxbService jbservice = (WebApiJaxbService) ServiceRegistry.getRegistry().getService(WebApiJaxbService.class);
    private static WebApiObjectMapperService omservice = (WebApiObjectMapperService) ServiceRegistry.getRegistry().getService(WebApiObjectMapperService.class);
    private static SessionService sessionService = ServiceRegistry.getRegistry().getService(SessionService.class);

    @Context
    SAXParserFactory sax;

    private <R> R process(String str, String str2, ServletContext servletContext, Request request, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, BiFunction<WebRequestStack, MetaWebApi.WebApiRuntime, R> biFunction) {
        RequestPath requestPath = (RequestPath) httpServletRequest.getAttribute(RequestPath.ATTR_NAME);
        MetaWebApi.WebApiRuntime webApiRuntime = (MetaWebApi.WebApiRuntime) httpServletRequest.getAttribute("mtp.restRequestContext.webApiRuntime");
        WebRequestStack webRequestStack = new WebRequestStack(requestPath, new RestRequestContext(servletContext, httpServletRequest, request, webApiRuntime.m158getMetaData().isSupportBearerToken()), servletContext, httpServletRequest, httpServletResponse, null);
        if (webApiRuntime.m158getMetaData().getState() == StateType.STATELESS) {
            sessionService.setSessionStateless(false);
        }
        try {
            webRequestStack.setAttribute(WebApiRequestConstants.API_NAME, webApiRuntime.getPublicWebApiName());
            R apply = biFunction.apply(webRequestStack, webApiRuntime);
            webRequestStack.finallyProcess();
            return apply;
        } catch (Throwable th) {
            webRequestStack.finallyProcess();
            throw th;
        }
    }

    private Response executeCommand(WebRequestStack webRequestStack, MetaWebApi.WebApiRuntime webApiRuntime) {
        WebApiResponse webApiResponse = new WebApiResponse();
        try {
            webApiResponse.setStatus(webApiRuntime.executeCommand(webRequestStack, "webApi"));
            Object obj = null;
            if (webApiRuntime.m158getMetaData().getResults() != null) {
                for (String str : webApiRuntime.m158getMetaData().getResults()) {
                    Object attribute = webRequestStack.getRequestContext().getAttribute(str);
                    if (attribute != null) {
                        webApiResponse.addResult(str, attribute);
                    }
                }
            }
            if (webApiResponse.getResults() != null && webApiResponse.getResults().size() == 1) {
                obj = webApiResponse.getResults().values().iterator().next();
            }
            if (webApiRuntime.m158getMetaData().getCacheControlType() != null) {
                switch (webApiRuntime.m158getMetaData().getCacheControlType()) {
                    case CACHE:
                        WebUtil.setCacheControlHeader(webRequestStack, true, webApiRuntime.m158getMetaData().getCacheControlMaxAge());
                        break;
                    case CACHE_PUBLIC:
                        WebUtil.setCacheControlHeader(webRequestStack, true, true, webApiRuntime.m158getMetaData().getCacheControlMaxAge());
                        break;
                    case NO_CACHE:
                        WebUtil.setCacheControlHeader(webRequestStack, false, -1L);
                        break;
                }
            }
            if (obj instanceof Response.ResponseBuilder) {
                return ((Response.ResponseBuilder) obj).build();
            }
            if (obj instanceof StreamingOutput) {
                Response.ResponseBuilder ok = Response.ok(obj);
                ok.type(selectVariant(webRequestStack, webApiRuntime).getMediaType());
                return ok.build();
            }
            Response.ResponseBuilder ok2 = Response.ok(webApiResponse);
            ok2.type(selectVariant(webRequestStack, webApiRuntime).getMediaType());
            return ok2.build();
        } catch (WebApplicationException e) {
            throw e;
        } catch (RuntimeException e2) {
            throw new WrappedRestException(e2);
        }
    }

    private Variant selectVariant(WebRequestStack webRequestStack, MetaWebApi.WebApiRuntime webApiRuntime) {
        List<Variant> variants = webApiRuntime.getVariants();
        if (variants.size() == 1) {
            return variants.get(0);
        }
        Variant selectVariant = ((RestRequestContext) webRequestStack.getRequestContext()).rsRequest().selectVariant(variants);
        if (selectVariant == null) {
            throw new WebApiRuntimeException("Response Type cannot determined. Specify correct Accept header:" + webRequestStack.getRequest().getHeader(MetaWebApi.HEADER_ACCEPT));
        }
        return selectVariant;
    }

    private void checkValidRequest(WebRequestStack webRequestStack, MetaWebApi.WebApiRuntime webApiRuntime) {
        RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
        webApiRuntime.checkRequestType(restRequestContext.requestType(), webRequestStack.getRequest());
        if (!handleCrossOriginResourceSharing(webApiRuntime, restRequestContext, webRequestStack.getRequest(), webRequestStack.getResponse())) {
            throw new WebApiRuntimeException("Cross Origin Resource Sharing Policy Erorr on WebApi:" + webApiRuntime.m158getMetaData().getName());
        }
        webApiRuntime.checkXRequestedWith(webRequestStack.getRequest());
    }

    private boolean isSameOrigin(String str, HttpServletRequest httpServletRequest) {
        try {
            URI uri = new URI(str);
            if (uri.getHost() == null || !uri.getHost().equals(httpServletRequest.getServerName())) {
                return false;
            }
            int port = uri.getPort();
            if (port == -1) {
                if ("http".equals(uri.getScheme())) {
                    port = 80;
                } else if ("https".equals(uri.getScheme())) {
                    port = 443;
                }
            }
            return port == httpServletRequest.getServerPort();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("requestOrigin not valid:" + str, e);
        }
    }

    private boolean handleCrossOriginResourceSharing(MetaWebApi.WebApiRuntime webApiRuntime, RequestContext requestContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(ORIGIN);
        if (header == null || isSameOrigin(header, httpServletRequest)) {
            return true;
        }
        boolean isCorsAllowOrigin = webApiRuntime.isCorsAllowOrigin(header, requestContext);
        if (logger.isDebugEnabled()) {
            logger.debug("CORS check with Origin: " + header + ", api: " + webApiRuntime.m158getMetaData().getName() + " = " + isCorsAllowOrigin);
        }
        if (isCorsAllowOrigin) {
            httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_ORIGIN, header);
            if (webApiRuntime.isCorsAllowCredentials()) {
                httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
            }
            if (httpServletRequest.getMethod().equals("OPTIONS")) {
                String header2 = httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_METHOD);
                if (header2 != null && webApiRuntime.getRequestRestriction().isAllowedMethod(header2)) {
                    httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_METHODS, webApiRuntime.corsAccessControlAllowMethods());
                }
                String header3 = httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_HEADERS);
                if (header3 != null) {
                    httpServletResponse.addHeader(ACCESS_CONTROL_ALLOW_HEADERS, header3);
                }
            }
        }
        return isCorsAllowOrigin;
    }

    private RequestType decideRequestType(HttpServletRequest httpServletRequest, MetaWebApi.WebApiRuntime webApiRuntime) {
        RequestType requestType = null;
        String contentType = httpServletRequest.getContentType();
        if (contentType != null) {
            MediaType valueOf = MediaType.valueOf(contentType);
            if (valueOf.getType().equals(MediaType.APPLICATION_JSON_TYPE.getType())) {
                if (valueOf.getSubtype().equals(MediaType.APPLICATION_JSON_TYPE.getSubtype())) {
                    requestType = RequestType.REST_JSON;
                } else if (valueOf.getSubtype().equals(MediaType.APPLICATION_XML_TYPE.getSubtype())) {
                    requestType = RequestType.REST_XML;
                }
            }
        }
        if (requestType == null && webApiRuntime.m158getMetaData().getAccepts() != null && webApiRuntime.m158getMetaData().getAccepts().length == 1) {
            requestType = webApiRuntime.m158getMetaData().getAccepts()[0];
        }
        if (requestType == null) {
            requestType = RequestType.REST_FORM;
        }
        return requestType;
    }

    @Path("{apiName : .+}")
    @OPTIONS
    public Response preflight(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str) {
        return (Response) process(str, httpServletRequest.getHeader(ACCESS_CONTROL_REQUEST_METHOD), servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            handleCrossOriginResourceSharing(webApiRuntime, webRequestStack.getRequestContext(), httpServletRequest, httpServletResponse);
            return Response.ok().build();
        });
    }

    @GET
    @Path("{apiName : .+}")
    public Response doGet(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str) {
        return (Response) process(str, "GET", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
            RequestType decideRequestType = decideRequestType(httpServletRequest, webApiRuntime);
            restRequestContext.setRequestType(decideRequestType);
            checkValidRequest(webRequestStack, webApiRuntime);
            switch (decideRequestType) {
                case REST_JSON:
                    setJsonParameter(webRequestStack, webApiRuntime, httpServletRequest, null);
                    break;
                case REST_XML:
                    setXmlParameter(webRequestStack, webApiRuntime, httpServletRequest, null);
                    break;
            }
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @Path("{apiName : .+}")
    @DELETE
    public Response doDelete(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str) {
        return (Response) process(str, "DELETE", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
            RequestType decideRequestType = decideRequestType(httpServletRequest, webApiRuntime);
            restRequestContext.setRequestType(decideRequestType);
            checkValidRequest(webRequestStack, webApiRuntime);
            switch (decideRequestType) {
                case REST_JSON:
                    setJsonParameter(webRequestStack, webApiRuntime, httpServletRequest, null);
                    break;
                case REST_XML:
                    setXmlParameter(webRequestStack, webApiRuntime, httpServletRequest, null);
                    break;
            }
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @Path("{apiName : .+}")
    @PUT
    @Consumes({"application/x-www-form-urlencoded", "*/*"})
    public Response doPutForm(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, MultivaluedMap<String, String> multivaluedMap) {
        return (Response) process(str, "PUT", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
            restRequestContext.setRequestType(RequestType.REST_FORM);
            restRequestContext.setValueMap(new MultivaluedMapParameterValueMap(multivaluedMap));
            checkValidRequest(webRequestStack, webApiRuntime);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @Path("{apiName : .+}")
    @PUT
    @Consumes({"application/json"})
    public Response doPutJson(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, Reader reader) {
        return (Response) process(str, "PUT", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            ((RestRequestContext) webRequestStack.getRequestContext()).setRequestType(RequestType.REST_JSON);
            checkValidRequest(webRequestStack, webApiRuntime);
            setJsonParameter(webRequestStack, webApiRuntime, httpServletRequest, reader);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @Path("{apiName : .+}")
    @PUT
    @Consumes({"application/xml"})
    public Response doPutXml(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, Reader reader) {
        return (Response) process(str, "PUT", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            ((RestRequestContext) webRequestStack.getRequestContext()).setRequestType(RequestType.REST_XML);
            checkValidRequest(webRequestStack, webApiRuntime);
            setXmlParameter(webRequestStack, webApiRuntime, httpServletRequest, reader);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @POST
    @Path("{apiName : .+}")
    @Consumes({"application/x-www-form-urlencoded", "*/*"})
    public Response doPostForm(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, MultivaluedMap<String, String> multivaluedMap) {
        return (Response) process(str, "POST", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
            restRequestContext.setRequestType(RequestType.REST_FORM);
            restRequestContext.setValueMap(new MultivaluedMapParameterValueMap(multivaluedMap));
            checkValidRequest(webRequestStack, webApiRuntime);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @POST
    @Path("{apiName : .+}")
    @Consumes({"multipart/form-data"})
    public Response doPostFormMultipart(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str) {
        Long l = (Long) httpServletRequest.getAttribute("mtp.restRequestContext.maxBodySize");
        if (l != null) {
            httpServletRequest = new LimitRequestBodyHttpServletRequest(httpServletRequest, l.longValue());
        }
        return (Response) process(str, "POST", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            ((RestRequestContext) webRequestStack.getRequestContext()).setRequestType(RequestType.REST_FORM);
            checkValidRequest(webRequestStack, webApiRuntime);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @POST
    @Path("{apiName : .+}")
    @Consumes({"application/json"})
    public Response doPostJson(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, Reader reader) {
        return (Response) process(str, "POST", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            ((RestRequestContext) webRequestStack.getRequestContext()).setRequestType(RequestType.REST_JSON);
            checkValidRequest(webRequestStack, webApiRuntime);
            setJsonParameter(webRequestStack, webApiRuntime, httpServletRequest, reader);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    @POST
    @Path("{apiName : .+}")
    @Consumes({"application/xml"})
    public Response doPostXml(@Context ServletContext servletContext, @Context Request request, @Context HttpServletRequest httpServletRequest, @Context HttpServletResponse httpServletResponse, @PathParam("apiName") String str, Reader reader) {
        return (Response) process(str, "POST", servletContext, request, httpServletRequest, httpServletResponse, (webRequestStack, webApiRuntime) -> {
            ((RestRequestContext) webRequestStack.getRequestContext()).setRequestType(RequestType.REST_XML);
            checkValidRequest(webRequestStack, webApiRuntime);
            setXmlParameter(webRequestStack, webApiRuntime, httpServletRequest, reader);
            return executeCommand(webRequestStack, webApiRuntime);
        });
    }

    private void setJsonParameter(WebRequestStack webRequestStack, MetaWebApi.WebApiRuntime webApiRuntime, HttpServletRequest httpServletRequest, Reader reader) {
        RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
        MethodType methodType = restRequestContext.methodType();
        try {
            String restJsonParameterName = webApiRuntime.m158getMetaData().getRestJsonParameterName();
            if (restJsonParameterName != null) {
                ObjectMapper objectMapper = omservice.getObjectMapper();
                Object obj = null;
                Class<?> restJsonParameterType = webApiRuntime.m158getMetaData().getRestJsonParameterType();
                if (restJsonParameterType == null || restJsonParameterType == Void.TYPE) {
                    restJsonParameterType = Object.class;
                }
                if (MethodType.GET == methodType || MethodType.DELETE == methodType) {
                    String parameter = httpServletRequest.getParameter(restJsonParameterName);
                    if (parameter != null) {
                        obj = objectMapper.readValue(parameter, restJsonParameterType);
                    }
                } else {
                    obj = objectMapper.readValue(reader, restJsonParameterType);
                }
                if (obj instanceof WebApiParameterMap) {
                    obj = toMap((WebApiParameterMap) obj);
                }
                if (restJsonParameterName.equals("param") && (obj instanceof Map)) {
                    restRequestContext.setValueMap(new MapParameterValueMap((Map) obj));
                } else if (obj != null) {
                    restRequestContext.setAttribute(restJsonParameterName, obj);
                }
            }
        } catch (IOException | NullPointerException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
    }

    private Map<String, Object> toMap(WebApiParameterMap webApiParameterMap) {
        HashMap hashMap = new HashMap();
        for (WebApiParameter webApiParameter : webApiParameterMap.getParams()) {
            hashMap.put(webApiParameter.getName(), webApiParameter.getValue());
        }
        return hashMap;
    }

    private void setXmlParameter(WebRequestStack webRequestStack, MetaWebApi.WebApiRuntime webApiRuntime, HttpServletRequest httpServletRequest, Reader reader) {
        Object unmarshal;
        RestRequestContext restRequestContext = (RestRequestContext) webRequestStack.getRequestContext();
        MethodType methodType = restRequestContext.methodType();
        try {
            String restXmlParameterName = webApiRuntime.m158getMetaData().getRestXmlParameterName();
            if (restXmlParameterName != null) {
                if (MethodType.GET == methodType || MethodType.DELETE == methodType) {
                    String parameter = httpServletRequest.getParameter(restXmlParameterName);
                    if (StringUtil.isEmpty(parameter)) {
                        unmarshal = null;
                    } else {
                        unmarshal = jbservice.getJAXBContext().createUnmarshaller().unmarshal(new SAXSource(this.sax.newSAXParser().getXMLReader(), new InputSource(new ByteArrayInputStream(parameter.getBytes()))));
                    }
                } else {
                    unmarshal = jbservice.getJAXBContext().createUnmarshaller().unmarshal(new SAXSource(this.sax.newSAXParser().getXMLReader(), new InputSource(reader)));
                }
                if (unmarshal instanceof WebApiParameterMap) {
                    unmarshal = toMap((WebApiParameterMap) unmarshal);
                }
                if (restXmlParameterName.equals("param") && (unmarshal instanceof Map)) {
                    restRequestContext.setValueMap(new MapParameterValueMap((Map) unmarshal));
                } else if (unmarshal != null) {
                    restRequestContext.setAttribute(restXmlParameterName, unmarshal);
                }
            }
        } catch (NullPointerException | JAXBException | ParserConfigurationException | SAXException e) {
            throw new WebApplicationException(e, Response.Status.BAD_REQUEST);
        }
    }
}
