package com.agapsys.rcf;

import com.agapsys.rcf.exceptions.ClientException;
import com.agapsys.rcf.exceptions.ForbiddenException;
import com.agapsys.rcf.exceptions.UnauthorizedException;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.lang.reflect.Parameter;
import java.lang.reflect.ParameterizedType;
import java.lang.reflect.Type;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/agapsys/rcf/Controller.class */
public class Controller extends ActionServlet {
    public static final String METHOD_NAME_MAPPING = "?";
    private static final Set<String> EMPTY_ROLE_SET = Collections.unmodifiableSet(new LinkedHashSet());
    private static final Object[] EMPTY_OBJ_ARRAY = new Object[0];
    public static final String SESSION_ATTR_USER = Controller.class.getName() + ".SESSION_ATTR_USER";
    public static final String SESSION_ATTR_XSRF_TOKEN = Controller.class.getName() + ".SESSION_ATTR_XSRF_TOKEN";
    public static final String XSRF_COOKIE = "XSRF-TOKEN";
    public static final String XSRF_HEADER = "X-XSRF-TOKEN";
    private static final int XSRF_TOKEN_LENGTH = 128;

    /* loaded from: input_file:com/agapsys/rcf/Controller$Dto.class */
    public interface Dto<T> {
        T getDto();
    }

    /* loaded from: input_file:com/agapsys/rcf/Controller$MethodCallerAction.class */
    private class MethodCallerAction implements Action {
        private final String[] requiredRoles;
        private final long requiredPerms;
        private final Method method;
        private final boolean secured;

        private MethodCallerAction(Method method, boolean z, String[] strArr, long j) {
            if (!Modifier.isPublic(method.getModifiers())) {
                throw new RuntimeException("Action method is not public: " + method.toGenericString());
            }
            this.method = method;
            this.requiredRoles = strArr;
            this.requiredPerms = j;
            this.secured = z || strArr.length > 0 || j != 0;
        }

        private Object[] __getCallParams(Method method, ActionRequest actionRequest, ActionResponse actionResponse) throws IOException {
            if (method.getParameterCount() == 0) {
                return Controller.EMPTY_OBJ_ARRAY;
            }
            LinkedList linkedList = new LinkedList();
            for (Parameter parameter : method.getParameters()) {
                Class<?> type = parameter.getType();
                if (JsonRequest.class.isAssignableFrom(type)) {
                    linkedList.add(new JsonRequest(actionRequest));
                } else if (JsonResponse.class.isAssignableFrom(type)) {
                    linkedList.add(new JsonResponse(actionResponse));
                } else if (ActionRequest.class.isAssignableFrom(type)) {
                    linkedList.add(actionRequest);
                } else if (ActionResponse.class.isAssignableFrom(type)) {
                    linkedList.add(actionResponse);
                } else if (HttpServletRequest.class.isAssignableFrom(type)) {
                    linkedList.add(actionRequest.getServletRequest());
                } else if (HttpServletResponse.class.isAssignableFrom(type)) {
                    linkedList.add(actionResponse.getServletResponse());
                } else {
                    JsonRequest jsonRequest = new JsonRequest(actionRequest);
                    if (!Collection.class.isAssignableFrom(type)) {
                        linkedList.add(jsonRequest.readObject(type));
                    } else {
                        if (!List.class.isAssignableFrom(type)) {
                            throw new UnsupportedOperationException(String.format("Unsupported param type: %s", type));
                        }
                        Type parameterizedType = parameter.getParameterizedType();
                        if (!(parameterizedType instanceof ParameterizedType)) {
                            throw new UnsupportedOperationException("Missing list element type");
                        }
                        Type type2 = ((ParameterizedType) parameterizedType).getActualTypeArguments()[0];
                        if (!type2.getClass().equals(Class.class)) {
                            throw new UnsupportedOperationException("Unsupported list element type: " + type2);
                        }
                        linkedList.add(jsonRequest.readList((Class) type2));
                    }
                }
            }
            return linkedList.toArray();
        }

        private void __checkSecurity(ActionRequest actionRequest, ActionResponse actionResponse) throws ServletException, IOException, UnauthorizedException, ForbiddenException {
            if (this.secured) {
                User user = Controller.this.getUser(actionRequest);
                if (user == null) {
                    throw new UnauthorizedException("Unauthorized", new Object[0]);
                }
                Set<String> roles = user.getRoles();
                if (roles == null) {
                    roles = Controller.EMPTY_ROLE_SET;
                }
                for (String str : this.requiredRoles) {
                    if (!roles.contains(str)) {
                        throw new ForbiddenException();
                    }
                }
                if ((user.getPermissions() & this.requiredPerms) != this.requiredPerms) {
                    throw new ForbiddenException();
                }
            }
        }

        private Object __getSingleDto(Object obj) {
            if (obj == null) {
                return null;
            }
            return obj instanceof Dto ? ((Dto) obj).getDto() : obj;
        }

        private List __getDtoList(List list) {
            LinkedList linkedList = new LinkedList();
            Iterator it = list.iterator();
            while (it.hasNext()) {
                linkedList.add(__getSingleDto(it.next()));
            }
            return linkedList;
        }

        private Map __getDtoMap(Map<Object, Object> map) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            for (Map.Entry<Object, Object> entry : map.entrySet()) {
                linkedHashMap.put(__getSingleDto(entry.getKey()), __getSingleDto(entry.getValue()));
            }
            return linkedHashMap;
        }

        private Set __getDtoSet(Set set) {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            Iterator it = set.iterator();
            while (it.hasNext()) {
                linkedHashSet.add(__getSingleDto(it.next()));
            }
            return linkedHashSet;
        }

        private Object __getDtoObject(Object obj) {
            return obj instanceof List ? __getDtoList((List) obj) : obj instanceof Set ? __getDtoSet((Set) obj) : obj instanceof Map ? __getDtoMap((Map) obj) : __getSingleDto(obj);
        }

        @Override // com.agapsys.rcf.Action
        public void processRequest(ActionRequest actionRequest, ActionResponse actionResponse) throws ServletException, IOException {
            try {
                __checkSecurity(actionRequest, actionResponse);
                Object invoke = this.method.invoke(Controller.this, __getCallParams(this.method, actionRequest, actionResponse));
                if (invoke == null && this.method.getReturnType().equals(Void.TYPE)) {
                    return;
                }
                Controller.this.sendObject(actionRequest, actionResponse, __getDtoObject(invoke));
            } catch (IllegalAccessException | InvocationTargetException e) {
                if (!(e instanceof InvocationTargetException)) {
                    throw new RuntimeException(e);
                }
                Throwable targetException = ((InvocationTargetException) e).getTargetException();
                if (!(targetException instanceof ClientException)) {
                    throw new RuntimeException(targetException);
                }
                throw ((ClientException) targetException);
            }
        }
    }

    private static String __getRandom(int i) {
        return __getRandom(i, "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ".toCharArray());
    }

    private static String __getRandom(int i, char[] cArr) {
        if (i < 1) {
            throw new IllegalArgumentException("Invalid length: " + i);
        }
        if (cArr == null || cArr.length == 0) {
            throw new IllegalArgumentException("Null/Empty chars");
        }
        StringBuilder sb = new StringBuilder();
        Random random = new Random();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(cArr[random.nextInt(cArr.length)]);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.agapsys.rcf.ActionServlet
    public final void onInit() {
        WebAction[] value;
        super.onInit();
        for (Method method : getClass().getDeclaredMethods()) {
            WebActions webActions = (WebActions) method.getAnnotation(WebActions.class);
            if (webActions == null) {
                WebAction webAction = (WebAction) method.getAnnotation(WebAction.class);
                value = webAction == null ? new WebAction[0] : new WebAction[]{webAction};
            } else {
                value = webActions.value();
            }
            for (WebAction webAction2 : value) {
                HttpMethod[] httpMethods = webAction2.httpMethods();
                String trim = webAction2.mapping().trim();
                if (trim.equals(METHOD_NAME_MAPPING)) {
                    trim = "/" + method.getName();
                }
                MethodCallerAction methodCallerAction = new MethodCallerAction(method, webAction2.secured(), webAction2.requiredRoles(), webAction2.requiredPerms());
                for (HttpMethod httpMethod : httpMethods) {
                    registerAction(httpMethod, trim, methodCallerAction);
                }
            }
        }
        onControllerInit();
    }

    protected void onControllerInit() {
    }

    protected User getUser(ActionRequest actionRequest) throws ServletException, IOException {
        User user;
        HttpSession session = actionRequest.getServletRequest().getSession(false);
        if (session == null || (user = (User) session.getAttribute(SESSION_ATTR_USER)) == null || !Objects.equals((String) session.getAttribute(SESSION_ATTR_XSRF_TOKEN), actionRequest.getHeader(XSRF_HEADER))) {
            return null;
        }
        return user;
    }

    protected void setUser(ActionRequest actionRequest, ActionResponse actionResponse, User user) throws ServletException, IOException {
        if (user != null) {
            HttpSession session = actionRequest.getServletRequest().getSession();
            session.setAttribute(SESSION_ATTR_USER, user);
            String __getRandom = __getRandom(XSRF_TOKEN_LENGTH);
            session.setAttribute(SESSION_ATTR_XSRF_TOKEN, __getRandom);
            actionResponse.addCookie(XSRF_COOKIE, __getRandom, -1);
            return;
        }
        HttpSession session2 = actionRequest.getServletRequest().getSession(false);
        if (session2 != null) {
            session2.removeAttribute(SESSION_ATTR_USER);
            session2.removeAttribute(SESSION_ATTR_XSRF_TOKEN);
            actionResponse.removeCookie(XSRF_COOKIE);
        }
    }

    protected void sendObject(ActionRequest actionRequest, ActionResponse actionResponse, Object obj) throws ServletException, IOException {
        new JsonResponse(actionResponse).sendObject(obj);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.agapsys.rcf.ActionServlet
    public boolean onUncaughtError(ActionRequest actionRequest, ActionResponse actionResponse, RuntimeException runtimeException) throws ServletException, IOException {
        Throwable cause = runtimeException.getCause();
        if (cause == null) {
            cause = runtimeException;
        }
        if (cause instanceof ServletException) {
            throw ((ServletException) cause);
        }
        if (cause instanceof IOException) {
            throw ((IOException) cause);
        }
        return super.onUncaughtError(actionRequest, actionResponse, runtimeException);
    }
}
