package hirondelle.web4j;

import hirondelle.web4j.action.Action;
import hirondelle.web4j.action.ResponsePage;
import hirondelle.web4j.database.DAOException;
import hirondelle.web4j.database.DbConfig;
import hirondelle.web4j.model.AppException;
import hirondelle.web4j.model.BadRequestException;
import hirondelle.web4j.model.ConvertParamImpl;
import hirondelle.web4j.model.DateTime;
import hirondelle.web4j.model.Decimal;
import hirondelle.web4j.model.Id;
import hirondelle.web4j.readconfig.ConfigReader;
import hirondelle.web4j.readconfig.InitParam;
import hirondelle.web4j.request.RequestParser;
import hirondelle.web4j.request.RequestParserImpl;
import hirondelle.web4j.security.ApplicationFirewallImpl;
import hirondelle.web4j.security.FetchIdentifierOwner;
import hirondelle.web4j.security.UntrustedProxyForUserIdImpl;
import hirondelle.web4j.util.Consts;
import hirondelle.web4j.util.Stopwatch;
import hirondelle.web4j.util.Util;
import hirondelle.web4j.util.WebUtil;
import hirondelle.web4j.webmaster.EmailerImpl;
import hirondelle.web4j.webmaster.TroubleTicket;
import java.io.IOException;
import java.math.RoundingMode;
import java.util.Enumeration;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.TimeZone;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.JspFactory;
import org.apache.axis.constants.Scope;
import org.eclipse.wst.xml.ui.internal.contentassist.XMLRelevanceConstants;

/* loaded from: input_file:resources/lib/web4j.jar:hirondelle/web4j/Controller.class */
public class Controller extends HttpServlet {
    public static final String WEB4J_VERSION = "WEB4J/4.6.0";
    public static final String CHARACTER_ENCODING = "web4j_key_for_character_encoding";
    public static final String WEBMASTER = "web4j_key_for_webmaster";
    public static final String LOCALE = "web4j_key_for_locale";
    public static final String TIME_ZONE = "web4j_key_for_time_zone";
    public static final String MOST_RECENT_TROUBLE_TICKET = "web4j_key_for_most_recent_trouble_ticket";
    public static final String START_TIME = "web4j_key_for_start_time";
    public static final String CURRENT_URI = "web4j_key_for_current_uri";
    private static boolean fDbStartupSuccess;
    private static boolean fHasInitedDefaultImpls;
    private static ServletConfig fConfig;
    private static long fPOOR_PERFORMANCE_THRESHOLD;
    private static String fCHARACTER_ENCODING;
    private static String fDEFAULT_LOCALE;
    private static String fDEFAULT_TIME_ZONE;
    private static String fWEBMASTER;
    private static final boolean DO_NOT_CREATE_SESSION = false;
    private static final String OWNERSHIP_NO_SESSION = "According to the configured UntrustedProxyForUserId implementation, the requested operation has an ownership constraint. However, this request has no session, and ownership constraints work only when the user has logged in.";
    private static final String OWNERSHIP_NO_LOGIN = "According to the configured UntrustedProxyForUserId implementation, the requested operation has an ownership constraint. A session exists, but there is no valid login, and ownership constraints work only when the user has logged in.";
    private static final InitParam fPoorPerformanceThreshold = new InitParam("PoorPerformanceThreshold", "20");
    private static final InitParam fCharacterEncoding = new InitParam("CharacterEncoding", "UTF-8");
    private static final InitParam fDefaultLocale = new InitParam("DefaultLocale", "en");
    private static final InitParam fDefaultTimeZone = new InitParam("DefaultUserTimeZone", "GMT");
    private static final InitParam fWebmaster = new InitParam("Webmaster");
    private static final InitParam fDecimalStyle = new InitParam("DecimalStyle", "HALF_EVEN,2");
    private static final Logger fLogger = Util.getLogger(Controller.class);

    public final void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        fConfig = servletConfig;
        Stopwatch stopwatch = new Stopwatch();
        stopwatch.start();
        BuildImpl.init(servletConfig);
        displaySystemProperties();
        displayConfigInfo(servletConfig);
        setPoorPerformanceThreshold(servletConfig);
        setCharacterEncodingAndPutIntoAppScope(servletConfig);
        putWebmasterEmailAddressIntoAppScope(servletConfig);
        putDefaultLocaleIntoAppScope(servletConfig);
        putDefaultTimeZoneIntoAppScope(servletConfig);
        putStartTimeIntoAppScope(servletConfig);
        fLogger.fine("System properties and first app scope items completed " + stopwatch + " after start.");
        ConfigReader.init(servletConfig);
        RequestParser.initUiLayer(servletConfig);
        WebUtil.init(servletConfig);
        ApplicationInfo forApplicationInfo = BuildImpl.forApplicationInfo();
        displayVersionInfo(servletConfig, forApplicationInfo);
        placeAppInfoIntoAppScope(servletConfig, forApplicationInfo);
        TroubleTicket.init(servletConfig, forApplicationInfo);
        initMoney(servletConfig);
        fLogger.config("Calling ConnectionSource.init(ServletConfig).");
        BuildImpl.forConnectionSource().init(servletConfig);
        fLogger.fine("Init of internal classes, ConnectionSource completed " + stopwatch + " after start.");
        tryDatabaseInitAndStartupTasks();
        fLogger.fine("Database init and startup tasks completed " + stopwatch + " after start.");
        new CheckModelObjects().performChecks();
        stopwatch.stop();
        fLogger.fine("Cross-Site Scripting scan completed " + stopwatch + " after start.");
        fLogger.config("*** SUCCESS : STARTUP COMPLETED SUCCESSFULLY. *** Total startup time : " + stopwatch);
    }

    public void destroy() {
        ApplicationInfo forApplicationInfo = BuildImpl.forApplicationInfo();
        fLogger.config("Shutting Down Controller for " + forApplicationInfo.getName() + "/" + forApplicationInfo.getVersion());
    }

    public final void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logClasses(httpServletRequest, httpServletResponse);
        processRequest(httpServletRequest, httpServletResponse);
    }

    public final void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logClasses(httpServletRequest, httpServletResponse);
        processRequest(httpServletRequest, httpServletResponse);
    }

    protected void processRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Stopwatch stopwatch = new Stopwatch();
        stopwatch.start();
        httpServletRequest.setCharacterEncoding(fCHARACTER_ENCODING);
        httpServletResponse.setCharacterEncoding(fCHARACTER_ENCODING);
        addCurrentUriToRequest(httpServletRequest, httpServletResponse);
        RequestParser requestParser = RequestParser.getInstance(httpServletRequest, httpServletResponse);
        try {
            new LoginTasksHelper().reactToNewLogins(httpServletRequest);
            Action webAction = requestParser.getWebAction();
            BuildImpl.forApplicationFirewall().doHardValidation(webAction, requestParser);
            logAttributesForAllScopes(httpServletRequest);
            ensureDatabasesOk();
            ResponsePage checkOwnershipThenExecuteAction = checkOwnershipThenExecuteAction(webAction, requestParser);
            if (checkOwnershipThenExecuteAction.hasBinaryData().booleanValue()) {
                fLogger.fine("Serving binary data. Controller not performing a forward or redirect.");
            } else if (checkOwnershipThenExecuteAction.getIsRedirect().booleanValue()) {
                redirect(checkOwnershipThenExecuteAction, httpServletResponse);
            } else {
                forward(checkOwnershipThenExecuteAction, httpServletRequest, httpServletResponse);
            }
        } catch (BadRequestException e) {
            if (Util.textHasContent(e.getErrorMessage())) {
                httpServletResponse.sendError(e.getStatusCode(), e.getErrorMessage());
            } else {
                httpServletResponse.sendError(e.getStatusCode());
            }
        } catch (Throwable th) {
            logAndEmailSeriousProblem(th, httpServletRequest);
            httpServletResponse.sendError(503);
        }
        stopwatch.stop();
        if (stopwatch.toValue() >= fPOOR_PERFORMANCE_THRESHOLD) {
            logAndEmailPerformanceProblem(stopwatch.toValue(), httpServletRequest);
        }
    }

    protected ResponsePage swapResponsePage(ResponsePage responsePage, Locale locale) {
        return null;
    }

    protected final void logAndEmailSeriousProblem(Throwable th, HttpServletRequest httpServletRequest) throws AppException {
        TroubleTicket troubleTicket = new TroubleTicket(th, httpServletRequest);
        fLogger.severe("TOP LEVEL CATCHING Throwable");
        fLogger.severe(troubleTicket.toString());
        log("SERIOUS PROBLEM OCCURRED.");
        log(troubleTicket.toString());
        fConfig.getServletContext().setAttribute(MOST_RECENT_TROUBLE_TICKET, troubleTicket);
        troubleTicket.mailToWebmaster();
    }

    protected final void logAndEmailPerformanceProblem(long j, HttpServletRequest httpServletRequest) throws AppException {
        TroubleTicket troubleTicket = new TroubleTicket(new Throwable("Response time of web application exceeds configured performance threshold." + Consts.NEW_LINE + "Time : " + j + " milliseconds."), httpServletRequest);
        fLogger.severe("Poor response time : " + j + " milliseconds");
        fLogger.severe(troubleTicket.toString());
        log("Poor response time : " + j + " milliseconds");
        log(troubleTicket.toString());
        troubleTicket.mailToWebmaster();
    }

    private void logClasses(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        fLogger.finest("Request class :" + httpServletRequest.getClass());
        fLogger.finest("Response class :" + httpServletResponse.getClass());
    }

    private void redirect(ResponsePage responsePage, HttpServletResponse httpServletResponse) throws IOException {
        String encodeRedirectURL = httpServletResponse.encodeRedirectURL(responsePage.toString());
        fLogger.fine("REDIRECT: " + Util.quote(encodeRedirectURL));
        httpServletResponse.sendRedirect(encodeRedirectURL);
    }

    private void forward(ResponsePage responsePage, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ResponsePage possiblyAlterForLocale = possiblyAlterForLocale(responsePage, httpServletRequest);
        RequestDispatcher requestDispatcher = httpServletRequest.getRequestDispatcher(possiblyAlterForLocale.toString());
        fLogger.fine("Forward : " + possiblyAlterForLocale);
        requestDispatcher.forward(httpServletRequest, httpServletResponse);
    }

    private ResponsePage possiblyAlterForLocale(ResponsePage responsePage, HttpServletRequest httpServletRequest) {
        ResponsePage swapResponsePage = swapResponsePage(responsePage, BuildImpl.forLocaleSource().get(httpServletRequest));
        if (swapResponsePage == null || !swapResponsePage.getIsRedirect().booleanValue()) {
            return swapResponsePage != null ? swapResponsePage : responsePage;
        }
        throw new RuntimeException("A 'forward' ResponsePage has been altered for Locale, but is no longer a forward : " + swapResponsePage);
    }

    private void displaySystemProperties() {
        fLogger.config("System Properties " + Util.logOnePerLine(System.getProperties()));
    }

    private void displayVersionInfo(ServletConfig servletConfig, ApplicationInfo applicationInfo) {
        ServletContext servletContext = servletConfig.getServletContext();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(Scope.APPLICATION_STR, applicationInfo.getName() + "/" + applicationInfo.getVersion());
        linkedHashMap.put("Server", servletContext.getServerInfo());
        linkedHashMap.put("Servlet API Version", servletContext.getMajorVersion() + Consts.PERIOD + servletContext.getMinorVersion());
        if (JspFactory.getDefaultFactory() != null) {
            linkedHashMap.put("Java Server Page API Version", JspFactory.getDefaultFactory().getEngineInfo().getSpecificationVersion());
        }
        linkedHashMap.put("Java Runtime Environment (JRE)", System.getProperty("java.version"));
        linkedHashMap.put("Operating System", System.getProperty("os.name") + "/" + System.getProperty("os.version"));
        linkedHashMap.put("WEB4J Version", WEB4J_VERSION);
        fLogger.config("Versions" + Util.logOnePerLine(linkedHashMap));
    }

    private void displayConfigInfo(ServletConfig servletConfig) {
        fLogger.config("Context Name : " + Util.quote(servletConfig.getServletContext().getServletContextName()));
        Enumeration initParameterNames = servletConfig.getServletContext().getInitParameterNames();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            linkedHashMap.put(str, servletConfig.getServletContext().getInitParameter(str));
        }
        fLogger.config("Context Params : " + Util.logOnePerLine(linkedHashMap));
        Enumeration initParameterNames2 = servletConfig.getInitParameterNames();
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        while (initParameterNames2.hasMoreElements()) {
            String str2 = (String) initParameterNames2.nextElement();
            linkedHashMap2.put(str2, servletConfig.getInitParameter(str2));
        }
        fLogger.config("Servlet Params : " + Util.logOnePerLine(linkedHashMap2));
    }

    private void initMoney(ServletConfig servletConfig) {
        StringTokenizer stringTokenizer = new StringTokenizer(fDecimalStyle.fetch(servletConfig).getValue(), ",");
        Decimal.init(RoundingMode.valueOf(stringTokenizer.nextToken()), Integer.valueOf(stringTokenizer.nextToken()).intValue());
    }

    private void setPoorPerformanceThreshold(ServletConfig servletConfig) {
        fPOOR_PERFORMANCE_THRESHOLD = Integer.valueOf(fPoorPerformanceThreshold.fetch(servletConfig).getValue()).intValue() * 1000;
    }

    private void setCharacterEncodingAndPutIntoAppScope(ServletConfig servletConfig) {
        fCHARACTER_ENCODING = fCharacterEncoding.fetch(servletConfig).getValue();
        servletConfig.getServletContext().setAttribute(CHARACTER_ENCODING, fCHARACTER_ENCODING);
    }

    private void putWebmasterEmailAddressIntoAppScope(ServletConfig servletConfig) {
        fWEBMASTER = fWebmaster.fetch(servletConfig).getValue();
        servletConfig.getServletContext().setAttribute(WEBMASTER, fWEBMASTER);
    }

    private void putDefaultLocaleIntoAppScope(ServletConfig servletConfig) {
        fDEFAULT_LOCALE = fDefaultLocale.fetch(servletConfig).getValue();
        servletConfig.getServletContext().setAttribute(LOCALE, Util.buildLocale(fDEFAULT_LOCALE));
    }

    private void putDefaultTimeZoneIntoAppScope(ServletConfig servletConfig) {
        fDEFAULT_TIME_ZONE = fDefaultTimeZone.fetch(servletConfig).getValue();
        servletConfig.getServletContext().setAttribute(TIME_ZONE, TimeZone.getTimeZone(fDEFAULT_TIME_ZONE));
    }

    private void putStartTimeIntoAppScope(ServletConfig servletConfig) {
        servletConfig.getServletContext().setAttribute(START_TIME, DateTime.now(getTimeZone()));
    }

    private void placeAppInfoIntoAppScope(ServletConfig servletConfig, ApplicationInfo applicationInfo) {
        servletConfig.getServletContext().setAttribute(ApplicationInfo.KEY, applicationInfo);
    }

    private void logAttributesForAllScopes(HttpServletRequest httpServletRequest) {
        if (fLogger.getLevel() == null || !fLogger.getLevel().equals(Level.FINEST)) {
            return;
        }
        fLogger.finest("Application Scope Items " + Util.logOnePerLine(getApplicationScopeObjectsForLogging(httpServletRequest)));
        fLogger.finest("Session Scope Items " + Util.logOnePerLine(getSessionScopeObjectsForLogging(httpServletRequest)));
        fLogger.finest("Request Parameter Names " + Util.logOnePerLine(getRequestParamNamesForLogging(httpServletRequest)));
    }

    private Map<String, Object> getApplicationScopeObjectsForLogging(HttpServletRequest httpServletRequest) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            ServletContext servletContext = session.getServletContext();
            Enumeration attributeNames = servletContext.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                linkedHashMap.put(str, servletContext.getAttribute(str));
            }
        }
        return linkedHashMap;
    }

    private Map<String, Object> getSessionScopeObjectsForLogging(HttpServletRequest httpServletRequest) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            linkedHashMap.put("(Session Created) : ", DateTime.forInstant(session.getCreationTime(), getTimeZone()));
            linkedHashMap.put("(Session Timeout - seconds) : ", new Integer(session.getMaxInactiveInterval()));
            Enumeration attributeNames = session.getAttributeNames();
            while (attributeNames.hasMoreElements()) {
                String str = (String) attributeNames.nextElement();
                linkedHashMap.put(str, session.getAttribute(str));
            }
        }
        return linkedHashMap;
    }

    private TimeZone getTimeZone() {
        return TimeZone.getTimeZone(fDEFAULT_TIME_ZONE);
    }

    private Map<String, Object> getRequestParamNamesForLogging(HttpServletRequest httpServletRequest) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (String str : httpServletRequest.getParameterMap().keySet()) {
            linkedHashMap.put(str, httpServletRequest.getAttribute(str));
        }
        return linkedHashMap;
    }

    private void addCurrentUriToRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.setAttribute(CURRENT_URI, WebUtil.getOriginalRequestURL(httpServletRequest, httpServletResponse));
    }

    private synchronized void ensureDatabasesOk() throws DAOException, AppException {
        if (!fDbStartupSuccess) {
            tryDatabaseInitAndStartupTasks();
        }
        if (!fDbStartupSuccess) {
            throw new RuntimeException("Cannot connect to one or more databases!! Cannot execute request.");
        }
    }

    private void tryDatabaseInitAndStartupTasks() throws DAOException, AppException {
        if (BuildImpl.forConnectionSource().getDatabaseNames().isEmpty()) {
            fLogger.config("No databases in this application, since ConnectionSource returns an empty Set for database names.");
            fDbStartupSuccess = true;
        } else {
            fLogger.config("Attempting data layer startup tasks.");
            fDbStartupSuccess = DbConfig.initDataLayer(getServletConfig(), DbConfig.UseInformalConfig.NO);
        }
        initDefaultImplementations(fConfig);
        if (fDbStartupSuccess) {
            fLogger.config("Performing app startup tasks specific to this web application, using its implementation of the StartupTasks interface.");
            BuildImpl.forStartupTasks().startApplication(fConfig);
        } else {
            fLogger.severe("Failure: detected that at least one database is down.");
            fLogger.severe("Will attempt to reconnect to databases for each request. When all databases known to be OK, then will run StartupTasks.");
        }
    }

    private void initDefaultImplementations(ServletConfig servletConfig) {
        if (fHasInitedDefaultImpls) {
            fLogger.config("Web4j default implementations already initialized.");
            return;
        }
        fLogger.config("Initializing web4j default implementations.");
        ConvertParamImpl.init(servletConfig);
        EmailerImpl.init(servletConfig);
        ApplicationFirewallImpl.init(servletConfig);
        UntrustedProxyForUserIdImpl.init(servletConfig);
        RequestParserImpl.initWebActionMappings(servletConfig);
        fHasInitedDefaultImpls = true;
    }

    private ResponsePage checkOwnershipThenExecuteAction(Action action, RequestParser requestParser) throws AppException, BadRequestException {
        if (BuildImpl.forOwnershipFirewall().usesUntrustedIdentifier(requestParser)) {
            fLogger.fine("This request has an ownership constraint.");
            enforceOwnershipConstraint(action, requestParser);
        } else {
            fLogger.fine("No ownership constraint detected.");
            if (action instanceof FetchIdentifierOwner) {
                fLogger.warning("Action implements FetchIdentifierOwner, but no ownership constraint is defined in web.xml for this specific operation.");
            }
        }
        return action.execute();
    }

    private void enforceOwnershipConstraint(Action action, RequestParser requestParser) throws AppException, BadRequestException {
        if (action instanceof FetchIdentifierOwner) {
            Id fetchOwner = ((FetchIdentifierOwner) action).fetchOwner();
            String rawString = fetchOwner == null ? null : fetchOwner.getRawString();
            if (requestParser.getRequest().getSession(false) == null) {
                ownershipConstraintNotImplementedCorrectly(OWNERSHIP_NO_SESSION);
            }
            if (requestParser.getRequest().getUserPrincipal() == null) {
                ownershipConstraintNotImplementedCorrectly(OWNERSHIP_NO_LOGIN);
            }
            String name = requestParser.getRequest().getUserPrincipal().getName();
            if (!name.equals(rawString)) {
                fLogger.severe("Violation of an ownership constraint! The currently logged in user-name ('" + name + "') does not match the name of the data-owner ('" + rawString + "').");
                throw new BadRequestException(XMLRelevanceConstants.R_CDATA, "Ownership Constraint has been violated.");
            }
        } else {
            ownershipConstraintNotImplementedCorrectly("According to the configured UntrustedProxyForUserId implementation, the requested operation has an ownership constraint. Such constraints require the Action to implement the FetchIdentifierOwner interface, but this Action doesn't implement that interface.");
        }
        fLogger.fine("Ownership constraint has been validated.");
    }

    private void ownershipConstraintNotImplementedCorrectly(String str) {
        fLogger.severe(str + " Please see the User Guide for more information on Ownership Constraints.");
        throw new RuntimeException("Ownership Constraint not implemented correctly.");
    }
}
