package org.eclipse.scout.rt.ui.html;

import java.io.IOException;
import java.security.AccessController;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.SessionCookieConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.scout.rt.platform.BEANS;
import org.eclipse.scout.rt.platform.config.AbstractBooleanConfigProperty;
import org.eclipse.scout.rt.platform.config.CONFIG;
import org.eclipse.scout.rt.platform.context.CorrelationId;
import org.eclipse.scout.rt.platform.context.RunContext;
import org.eclipse.scout.rt.platform.context.RunContexts;
import org.eclipse.scout.rt.platform.exception.DefaultExceptionTranslator;
import org.eclipse.scout.rt.platform.util.IOUtility;
import org.eclipse.scout.rt.platform.util.PathValidator;
import org.eclipse.scout.rt.platform.util.StringUtility;
import org.eclipse.scout.rt.server.commons.authentication.ServletFilterHelper;
import org.eclipse.scout.rt.server.commons.servlet.AbstractHttpServlet;
import org.eclipse.scout.rt.server.commons.servlet.CookieUtility;
import org.eclipse.scout.rt.server.commons.servlet.HttpServletControl;
import org.eclipse.scout.rt.server.commons.servlet.IHttpServletRoundtrip;
import org.eclipse.scout.rt.server.commons.servlet.logging.ServletDiagnosticsProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/scout/rt/ui/html/UiServlet.class */
public class UiServlet extends AbstractHttpServlet {
    private static final long serialVersionUID = 1;
    private static final Logger LOG = LoggerFactory.getLogger(UiServlet.class);
    private static final Set<String> HTTP_METHODS_SUPPORTED_BY_JAVAX_HTTP_SERVLET = new HashSet(Arrays.asList("GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS", "TRACE"));
    private final HttpServletControl m_httpServletControl = (HttpServletControl) BEANS.get(HttpServletControl.class);
    private final UiThreadInterruption m_uiThreadInterruption = (UiThreadInterruption) BEANS.get(UiThreadInterruption.class);

    /* loaded from: input_file:org/eclipse/scout/rt/ui/html/UiServlet$CheckSessionCookieSecureFlagProperty.class */
    public static class CheckSessionCookieSecureFlagProperty extends AbstractBooleanConfigProperty {
        public String getKey() {
            return "scout.auth.cookieSessionValidateSecure";
        }

        public String description() {
            return "Specifies if the UI server should ensure a secure cookie configuration of the webapp.\nIf enabled the application validates that the 'httpOnly' and 'Secure' flags are set in the cookie configuration in the web.xml.\nThis property should be disabled if no secure connection (https) is used to the client browser (not recommended).\nThe default value is true.";
        }

        /* renamed from: getDefaultValue, reason: merged with bridge method [inline-methods] */
        public Boolean m13getDefaultValue() {
            return Boolean.TRUE;
        }
    }

    protected boolean isHttpMethodSupportedByJavaxHttpServlet(String str) {
        return HTTP_METHODS_SUPPORTED_BY_JAVAX_HTTP_SERVLET.contains(str);
    }

    protected RunContext createServletRunContext(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("X-Scout-Correlation-Id");
        return RunContexts.copyCurrent(true).withSubject(Subject.getSubject(AccessController.getContext())).withThreadLocal(IHttpServletRoundtrip.CURRENT_HTTP_SERVLET_REQUEST, httpServletRequest).withThreadLocal(IHttpServletRoundtrip.CURRENT_HTTP_SERVLET_RESPONSE, httpServletResponse).withDiagnostics(((ServletDiagnosticsProviderFactory) BEANS.get(ServletDiagnosticsProviderFactory.class)).getProviders(httpServletRequest, httpServletResponse)).withLocale(getPreferredLocale(httpServletRequest)).withCorrelationId(header != null ? header : ((CorrelationId) BEANS.get(CorrelationId.class)).newCorrelationId());
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        checkSessionCookieConfig(servletConfig.getServletContext().getSessionCookieConfig());
    }

    protected void checkSessionCookieConfig(SessionCookieConfig sessionCookieConfig) throws ServletException {
        if (sessionCookieConfig == null) {
            LOG.warn("Cannot validate the configuration of the session cookie!");
            return;
        }
        boolean z = !((Boolean) CONFIG.getPropertyValue(CheckSessionCookieSecureFlagProperty.class)).booleanValue() || sessionCookieConfig.isSecure();
        boolean z2 = true;
        if (!sessionCookieConfig.isHttpOnly()) {
            LOG.error("'HttpOnly' flag has not been set on session cookie. Enable the flag in your web.xml (<session-config>...<cookie-config>...<http-only>true</http-only>...</cookie-config>...</session-config>)");
            z2 = false;
        }
        if (!z) {
            LOG.error("'Secure' flag has not been set on session cookie. Enable the flag in your web.xml (<session-config>...<cookie-config>...<secure>true</secure>...</cookie-config>...</session-config>) or disable the 'Secure' flag check using property '{}=false' if no encrypted channel (https) to the end user is used.", ((CheckSessionCookieSecureFlagProperty) BEANS.get(CheckSessionCookieSecureFlagProperty.class)).getKey());
            z2 = false;
        }
        if (z2) {
            return;
        }
        ServletException servletException = new ServletException("Internal Server Error. See server log for details.");
        servletException.setStackTrace(new StackTraceElement[0]);
        throw servletException;
    }

    protected Locale getPreferredLocale(HttpServletRequest httpServletRequest) {
        Cookie cookieByName = CookieUtility.getCookieByName(httpServletRequest, IUiSession.PREFERRED_LOCALE_COOKIE_NAME);
        return cookieByName == null ? httpServletRequest.getLocale() : Locale.forLanguageTag(cookieByName.getValue());
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (isHttpMethodSupportedByJavaxHttpServlet(httpServletRequest.getMethod())) {
            super.service(httpServletRequest, httpServletResponse);
        } else {
            wrap(httpServletRequest, httpServletResponse, this::handleHttpMethodsNotSupportedByJavaxHttpServlet);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        sendNotFound(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        sendNotFound(httpServletRequest, httpServletResponse);
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        sendNotFound(httpServletRequest, httpServletResponse);
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        sendNotFound(httpServletRequest, httpServletResponse);
    }

    protected void doHead(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        super.doHead(httpServletRequest, httpServletResponse);
    }

    protected void doOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        super.doOptions(httpServletRequest, httpServletResponse);
    }

    protected void doTrace(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        super.doTrace(httpServletRequest, httpServletResponse);
    }

    protected void handleHttpMethodsNotSupportedByJavaxHttpServlet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (handleRequest(httpServletRequest, httpServletResponse)) {
            return;
        }
        httpServletResponse.sendError(501, "HTTP method not supported");
    }

    protected boolean handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.m_uiThreadInterruption.detectAndClear(this, "handleRequest");
        this.m_httpServletControl.doDefaults(this, httpServletRequest, httpServletResponse);
        try {
            return ((Boolean) createServletRunContext(httpServletRequest, httpServletResponse).call(() -> {
                return Boolean.valueOf(handleRequestInternal(httpServletRequest, httpServletResponse));
            }, DefaultExceptionTranslator.class)).booleanValue();
        } catch (Exception e) {
            LOG.error("Failed to process HTTP-{} request from UI", httpServletRequest.getMethod(), e);
            httpServletResponse.sendError(500);
            return true;
        }
    }

    protected boolean handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (((ServletFilterHelper) BEANS.get(ServletFilterHelper.class)).redirectIncompleteBasePath(httpServletRequest, httpServletResponse, true)) {
            return true;
        }
        long nanoTime = System.nanoTime();
        try {
            try {
                if (!PathValidator.isValid(httpServletRequest.getPathInfo())) {
                    LOG.info("Request with invalid path detected: '{}'. Parent paths are not allowed by default. To change this behavior replace {}.", httpServletRequest.getPathInfo(), PathValidator.class);
                    httpServletResponse.sendError(400);
                    if (!LOG.isDebugEnabled()) {
                        return true;
                    }
                    LOG.debug("[{}] {} {} took {} ms", new Object[]{Integer.valueOf(httpServletResponse.getStatus()), httpServletRequest.getMethod(), StringUtility.join("?", new Object[]{IOUtility.urlDecode(httpServletRequest.getRequestURL().toString()), IOUtility.urlDecode(httpServletRequest.getQueryString())}), StringUtility.formatNanos(System.nanoTime() - nanoTime)});
                    return true;
                }
                Iterator it = BEANS.all(IUiServletRequestHandler.class).iterator();
                while (it.hasNext()) {
                    if (((IUiServletRequestHandler) it.next()).handle(httpServletRequest, httpServletResponse)) {
                        if (!LOG.isDebugEnabled()) {
                            return true;
                        }
                        LOG.debug("[{}] {} {} took {} ms", new Object[]{Integer.valueOf(httpServletResponse.getStatus()), httpServletRequest.getMethod(), StringUtility.join("?", new Object[]{IOUtility.urlDecode(httpServletRequest.getRequestURL().toString()), IOUtility.urlDecode(httpServletRequest.getQueryString())}), StringUtility.formatNanos(System.nanoTime() - nanoTime)});
                        return true;
                    }
                }
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                LOG.debug("[{}] {} {} took {} ms", new Object[]{Integer.valueOf(httpServletResponse.getStatus()), httpServletRequest.getMethod(), StringUtility.join("?", new Object[]{IOUtility.urlDecode(httpServletRequest.getRequestURL().toString()), IOUtility.urlDecode(httpServletRequest.getQueryString())}), StringUtility.formatNanos(System.nanoTime() - nanoTime)});
                return false;
            } catch (Exception e) {
                LOG.error("Exception while processing request", e);
                httpServletResponse.sendError(500);
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug("[{}] {} {} took {} ms", new Object[]{Integer.valueOf(httpServletResponse.getStatus()), httpServletRequest.getMethod(), StringUtility.join("?", new Object[]{IOUtility.urlDecode(httpServletRequest.getRequestURL().toString()), IOUtility.urlDecode(httpServletRequest.getQueryString())}), StringUtility.formatNanos(System.nanoTime() - nanoTime)});
                return true;
            }
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("[{}] {} {} took {} ms", new Object[]{Integer.valueOf(httpServletResponse.getStatus()), httpServletRequest.getMethod(), StringUtility.join("?", new Object[]{IOUtility.urlDecode(httpServletRequest.getRequestURL().toString()), IOUtility.urlDecode(httpServletRequest.getQueryString())}), StringUtility.formatNanos(System.nanoTime() - nanoTime)});
            }
            throw th;
        }
    }

    protected void sendNotFound(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        LOG.info("404_NOT_FOUND: {} {}", httpServletRequest.getMethod(), httpServletRequest.getPathInfo());
        httpServletResponse.sendError(404);
    }
}
