package org.apache.shindig.gadgets.http;

import com.google.inject.Inject;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLDecoder;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shindig.gadgets.ContentFetcher;
import org.apache.shindig.gadgets.ContentFetcherFactory;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.GadgetToken;
import org.apache.shindig.gadgets.GadgetTokenDecoder;
import org.apache.shindig.gadgets.RemoteContent;
import org.apache.shindig.gadgets.RemoteContentRequest;
import org.apache.shindig.gadgets.oauth.OAuthRequestParams;
import org.apache.shindig.gadgets.spec.Auth;
import org.apache.shindig.gadgets.spec.Preload;
import org.apache.shindig.util.InputStreamConsumer;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:org/apache/shindig/gadgets/http/ProxyHandler.class */
public class ProxyHandler {
    public static final String UNPARSEABLE_CRUFT = "throw 1; < don't be evil' >";
    public static final String POST_DATA_PARAM = "postData";
    public static final String METHOD_PARAM = "httpMethod";
    public static final String SECURITY_TOKEN_PARAM = "st";
    public static final String HEADERS_PARAM = "headers";
    public static final String NOCACHE_PARAM = "nocache";
    public static final String URL_PARAM = "url";
    private static final String REFRESH_PARAM = "refresh";
    private final GadgetTokenDecoder gadgetTokenDecoder;
    private static final Set<String> DISALLOWED_RESPONSE_HEADERS = new HashSet();
    private ContentFetcherFactory contentFetcherFactory;

    @Inject
    public void setContentFetcher(ContentFetcherFactory contentFetcherFactory) {
        this.contentFetcherFactory = contentFetcherFactory;
    }

    @Inject
    public ProxyHandler(ContentFetcherFactory contentFetcherFactory, GadgetTokenDecoder gadgetTokenDecoder) {
        this.contentFetcherFactory = contentFetcherFactory;
        this.gadgetTokenDecoder = gadgetTokenDecoder;
    }

    public void fetchJson(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, GadgetException {
        String serializeJsonResponse = serializeJsonResponse(httpServletRequest, getContentFetcher(httpServletRequest, httpServletResponse).fetch(buildRemoteContentRequest(httpServletRequest)));
        int i = 0;
        if (httpServletRequest.getParameter(REFRESH_PARAM) != null) {
            i = Integer.valueOf(httpServletRequest.getParameter(REFRESH_PARAM)).intValue();
        }
        HttpUtil.setCachingHeaders(httpServletResponse, i);
        httpServletResponse.setStatus(RemoteContent.SC_OK);
        httpServletResponse.setContentType("application/json; charset=utf-8");
        httpServletResponse.setHeader("Content-Disposition", "attachment;filename=p.txt");
        httpServletResponse.getWriter().write(serializeJsonResponse);
    }

    private RemoteContentRequest buildRemoteContentRequest(HttpServletRequest httpServletRequest) throws GadgetException {
        byte[] bArr;
        Map<String, List<String>> treeMap;
        try {
            String characterEncoding = httpServletRequest.getCharacterEncoding();
            if (characterEncoding == null) {
                characterEncoding = "UTF-8";
            }
            URI validateUrl = validateUrl(httpServletRequest.getParameter(URL_PARAM));
            String method = httpServletRequest.getMethod();
            if ("POST".equals(method)) {
                method = getParameter(httpServletRequest, METHOD_PARAM, "GET");
                bArr = getParameter(httpServletRequest, POST_DATA_PARAM, "").getBytes();
                String parameter = httpServletRequest.getParameter(HEADERS_PARAM);
                if (parameter == null || parameter.length() == 0) {
                    treeMap = Collections.emptyMap();
                } else {
                    treeMap = new TreeMap((Comparator<? super String>) String.CASE_INSENSITIVE_ORDER);
                    for (String str : parameter.split("&")) {
                        String[] split = str.split("=");
                        if (split.length != 2) {
                            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "malformed header specified");
                        }
                        treeMap.put(URLDecoder.decode(split[0], characterEncoding), Arrays.asList(URLDecoder.decode(split[1], characterEncoding)));
                    }
                }
            } else {
                bArr = null;
                treeMap = new TreeMap((Comparator<? super String>) String.CASE_INSENSITIVE_ORDER);
                Enumeration headerNames = httpServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    String str2 = (String) headerNames.nextElement();
                    treeMap.put(str2, Collections.list(httpServletRequest.getHeaders(str2)));
                }
            }
            removeUnsafeHeaders(treeMap);
            RemoteContentRequest.Options options = new RemoteContentRequest.Options();
            options.ignoreCache = "1".equals(httpServletRequest.getParameter(NOCACHE_PARAM));
            return new RemoteContentRequest(method, validateUrl, treeMap, bArr, options);
        } catch (UnsupportedEncodingException e) {
            throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, e);
        }
    }

    private ContentFetcher getContentFetcher(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws GadgetException {
        switch (Auth.parse(getParameter(httpServletRequest, Preload.AUTHZ_ATTR, ""))) {
            case NONE:
                return this.contentFetcherFactory.m3get();
            case SIGNED:
                return this.contentFetcherFactory.getSigningFetcher(extractAndValidateToken(httpServletRequest));
            case AUTHENTICATED:
                return this.contentFetcherFactory.getOAuthFetcher(extractAndValidateToken(httpServletRequest), new OAuthRequestParams(httpServletRequest));
            default:
                return this.contentFetcherFactory.m3get();
        }
    }

    private String serializeJsonResponse(HttpServletRequest httpServletRequest, RemoteContent remoteContent) {
        try {
            JSONObject jSONObject = new JSONObject();
            if (remoteContent != null) {
                jSONObject.put("body", remoteContent.getResponseAsString());
                jSONObject.put("rc", remoteContent.getHttpStatusCode());
            }
            for (Map.Entry<String, String> entry : remoteContent.getMetadata().entrySet()) {
                jSONObject.put(entry.getKey(), entry.getValue());
            }
            return UNPARSEABLE_CRUFT + new JSONObject().put(httpServletRequest.getParameter(URL_PARAM), jSONObject).toString();
        } catch (JSONException e) {
            return "";
        }
    }

    public void fetch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, GadgetException {
        if (httpServletRequest.getHeader("If-Modified-Since") != null) {
            httpServletResponse.setStatus(304);
            return;
        }
        RemoteContent fetch = this.contentFetcherFactory.m3get().fetch(buildRemoteContentRequest(httpServletRequest));
        int httpStatusCode = fetch.getHttpStatusCode();
        httpServletResponse.setStatus(httpStatusCode);
        if (httpStatusCode == 200) {
            Map<String, List<String>> allHeaders = fetch.getAllHeaders();
            if (allHeaders.get("Cache-Control") == null) {
                HttpUtil.setCachingHeaders(httpServletResponse, 3600);
            }
            for (Map.Entry<String, List<String>> entry : allHeaders.entrySet()) {
                String key = entry.getKey();
                List<String> value = entry.getValue();
                if (key != null && value != null && !DISALLOWED_RESPONSE_HEADERS.contains(key.toLowerCase())) {
                    Iterator<String> it = value.iterator();
                    while (it.hasNext()) {
                        httpServletResponse.addHeader(key, it.next());
                    }
                }
            }
            httpServletResponse.getOutputStream().write(InputStreamConsumer.readToByteArray(fetch.getResponse()));
        }
    }

    private void removeUnsafeHeaders(Map<String, List<String>> map) {
        for (String str : new String[]{"Host", "Accept", "Accept-Encoding"}) {
            map.remove(str);
        }
    }

    public URI validateUrl(String str) throws GadgetException {
        if (str == null) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "url parameter is missing.");
        }
        try {
            URI uri = new URI(str);
            if (!"http".equals(uri.getScheme()) && !"https".equals(uri.getScheme())) {
                throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "Invalid request url scheme; only \"http\" and \"https\" supported.");
            }
            if (uri.getPath() == null || uri.getPath().length() == 0) {
                uri = new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), "/", uri.getQuery(), uri.getFragment());
            }
            return uri;
        } catch (URISyntaxException e) {
            throw new GadgetException(GadgetException.Code.INVALID_PARAMETER, "url parameter is not a valid url.");
        }
    }

    private GadgetToken extractAndValidateToken(HttpServletRequest httpServletRequest) throws GadgetException {
        return this.gadgetTokenDecoder.createToken(getParameter(httpServletRequest, SECURITY_TOKEN_PARAM, ""));
    }

    private static String getParameter(HttpServletRequest httpServletRequest, String str, String str2) {
        String parameter = httpServletRequest.getParameter(str);
        return parameter == null ? str2 : parameter;
    }

    static {
        DISALLOWED_RESPONSE_HEADERS.add("set-cookie");
        DISALLOWED_RESPONSE_HEADERS.add("content-length");
        DISALLOWED_RESPONSE_HEADERS.add("content-encoding");
        DISALLOWED_RESPONSE_HEADERS.add("etag");
        DISALLOWED_RESPONSE_HEADERS.add("last-modified");
        DISALLOWED_RESPONSE_HEADERS.add("accept-ranges");
        DISALLOWED_RESPONSE_HEADERS.add("vary");
    }
}
