package pt.digitalis.dif.controller.http;

import com.google.inject.Inject;
import com.newrelic.api.agent.Trace;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.io.FilenameUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import pt.digitalis.dif.controller.AbstractChAL;
import pt.digitalis.dif.controller.interfaces.IDIFRequest;
import pt.digitalis.dif.controller.interfaces.IDIFResponse;
import pt.digitalis.dif.controller.interfaces.IDIFSession;
import pt.digitalis.dif.controller.interfaces.IDispatcherErrorHandler;
import pt.digitalis.dif.controller.objects.ClientDescriptor;
import pt.digitalis.dif.controller.objects.ControllerExecutionStep;
import pt.digitalis.dif.controller.objects.DIFContext;
import pt.digitalis.dif.controller.objects.DIFRequest;
import pt.digitalis.dif.controller.objects.DIFSessionConstants;
import pt.digitalis.dif.controller.security.managers.ISessionManager;
import pt.digitalis.dif.dem.annotations.controller.Channel;
import pt.digitalis.dif.exception.BusinessException;
import pt.digitalis.dif.exception.controller.ControllerException;
import pt.digitalis.dif.exception.security.IllegalFileUploadException;
import pt.digitalis.dif.presentation.config.PresentationConfiguration;
import pt.digitalis.dif.startup.DIFGeneralConfigurationParameters;
import pt.digitalis.dif.utils.extensions.document.DocumentRepositoryEntry;
import pt.digitalis.dif.utils.http.HttpUtils;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.dif.utils.security.HTTPSecurityConfiguration;
import pt.digitalis.siges.users.preferences.AbstractNetpaUserPreferences;
import pt.digitalis.utils.common.StringUtils;
import pt.digitalis.utils.config.IConfigurations;

@Channel("http")
/* loaded from: input_file:WEB-INF/lib/dif-presentation-core-2.1.9-19.jar:pt/digitalis/dif/controller/http/ChALHTTPImpl.class */
public class ChALHTTPImpl extends AbstractChAL<HttpServletRequest, HttpServletResponse> {
    private static final String BROWSER_LANGUAGE_TAG = "Language";
    private static final String BROWSER_LOCALE_TAG = "Locale";
    private static final String BROWSER_MAIN_VERSION_TAG = "MainVersion";
    private static final String BROWSER_MINOR_VERSION_TAG = "MinorVersion";
    private static final String CLIENT_REMOTE_ADDR = "ClientRemoteAddress";
    private static final String JSESSIONID_TAG = "JSESSIONID";
    private final HTTPControllerConfiguration config;
    ISessionManager sessionManager;

    public static String getSanitizedParameterValue(AntiSamy antiSamy, DIFRequest dIFRequest, String str, String str2) throws Exception {
        return getSanitizedParameterValue(antiSamy, dIFRequest, str, str2, true);
    }

    public static String getSanitizedParameterValue(AntiSamy antiSamy, DIFRequest dIFRequest, String str, String str2, boolean z) throws Exception {
        return getSanitizedParameterValue(antiSamy, dIFRequest, str, str2, true, null);
    }

    public static String getSanitizedParameterValue(AntiSamy antiSamy, DIFRequest dIFRequest, String str, String str2, boolean z, Map<String, Object> map) throws Exception {
        if (!HTTPSecurityConfiguration.getInstance().getXssParameterSanitization().booleanValue() || antiSamy == null) {
            return str2;
        }
        CleanResults cleanResults = null;
        String str3 = str2;
        DIFContext dIFContext = null;
        if (dIFRequest != null) {
            dIFContext = new DIFContext();
            dIFContext.setRequest(dIFRequest);
        }
        try {
            cleanResults = antiSamy.scan(str2);
        } catch (PolicyException e) {
            if (z) {
                DIFLogger.getLogger().warn(new BusinessException(e).addToExceptionContext(dIFContext).addToExceptionContext((Map<String, ?>) map).addToExceptionContext("Parameter ID", str).addToExceptionContext("Original parameter value", str2).getRenderedExceptionContext());
            }
        } catch (ScanException e2) {
            if (z) {
                DIFLogger.getLogger().warn(new BusinessException(e2).addToExceptionContext(dIFContext).addToExceptionContext((Map<String, ?>) map).addToExceptionContext("Parameter ID", str).addToExceptionContext("Parameter value", str2).getRenderedExceptionContext());
            }
        }
        if (cleanResults != null && cleanResults.getNumberOfErrors() > 0) {
            if (z) {
                DIFLogger.getLogger().warn(new BusinessException("Errors detected on parameter parsing").addToExceptionContext(dIFContext).addToExceptionContext((Map<String, ?>) map).addToExceptionContext("Parameter ID", str).addToExceptionContext("Parameter value", str2).addToExceptionContext("Sanitized parameter value", str3).addToExceptionContext("Errors", cleanResults.getErrorMessages()).getRenderedExceptionContext());
            }
            str3 = cleanResults.getCleanHTML();
        }
        return str3;
    }

    @Inject
    public ChALHTTPImpl(ISessionManager iSessionManager, IConfigurations iConfigurations) throws Exception {
        this.sessionManager = iSessionManager;
        this.config = (HTTPControllerConfiguration) iConfigurations.readConfiguration(HTTPControllerConfiguration.class);
    }

    private AntiSamy getAntiSamyInstance() throws PolicyException {
        return new AntiSamy(Policy.getInstance(Thread.currentThread().getContextClassLoader().getResourceAsStream("antisamyDIF.xml")));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.AbstractChAL
    public ClientDescriptor getClientDescriptor(HttpServletRequest httpServletRequest) throws ControllerException {
        ClientDescriptor clientDescriptor = null;
        WebBrowserInfo webBrowserInfo = null;
        try {
            clientDescriptor = new ClientDescriptor();
            webBrowserInfo = new WebBrowserInfo(httpServletRequest);
            clientDescriptor.setHardware(webBrowserInfo.getOS());
            clientDescriptor.setName(webBrowserInfo.getName());
            clientDescriptor.setSoftware(webBrowserInfo.getName());
            clientDescriptor.setVendor(webBrowserInfo.getCompany());
            clientDescriptor.setVersion(webBrowserInfo.getVersion());
            clientDescriptor.addAttribute(BROWSER_MAIN_VERSION_TAG, webBrowserInfo.getMainVersion());
            clientDescriptor.addAttribute(BROWSER_MINOR_VERSION_TAG, webBrowserInfo.getMinorVersion());
            clientDescriptor.addAttribute(BROWSER_LANGUAGE_TAG, webBrowserInfo.getLanguage());
            clientDescriptor.addAttribute(BROWSER_LOCALE_TAG, webBrowserInfo.getLocale());
            clientDescriptor.addAttribute(CLIENT_REMOTE_ADDR, webBrowserInfo.getRemoteAddr());
            clientDescriptor.setClientSupportedLanguages(webBrowserInfo.getClientSupportedLanguages());
            if (HTTPControllerConfiguration.getInstance().getCompatibleBrowserValidation().booleanValue()) {
                clientDescriptor.setSupportedBrowser(Boolean.valueOf(webBrowserInfo.isSupportedBrowser()));
            } else {
                clientDescriptor.setSupportedBrowser(true);
            }
            if (httpServletRequest.getCookies() != null) {
                for (Cookie cookie : httpServletRequest.getCookies()) {
                    clientDescriptor.addAttribute(cookie.getName(), cookie.getValue());
                }
            }
            return clientDescriptor;
        } catch (RuntimeException e) {
            ControllerException controllerException = new ControllerException(ControllerExecutionStep.CHAL_CLIENT_AGENT_IDENTIFICATION, e);
            controllerException.addToExceptionContext(IDispatcherErrorHandler.ORIGINAL_REQUEST, httpServletRequest);
            controllerException.addToExceptionContext("Client Agent", clientDescriptor);
            controllerException.addToExceptionContext("Web Browser Info", webBrowserInfo);
            throw controllerException;
        }
    }

    @Override // pt.digitalis.dif.controller.interfaces.IChAL
    @Trace(metricName = "DIF:HTTPChAL:Publish", dispatcher = true)
    public void publish(IDIFResponse iDIFResponse, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (iDIFResponse.getRequest() != null) {
            Map<String, Object> attributes = iDIFResponse.getRequest().getClient().getAttributes();
            for (String str : attributes.keySet()) {
                if (!str.equals(BROWSER_MAIN_VERSION_TAG) && !str.equals(BROWSER_MINOR_VERSION_TAG) && !str.equals(BROWSER_LANGUAGE_TAG) && !str.equals(BROWSER_LOCALE_TAG) && !str.equals(JSESSIONID_TAG)) {
                    Object obj = attributes.get(str);
                    if (obj == null) {
                        obj = "";
                    }
                    Cookie cookie = new Cookie(str, obj.toString());
                    cookie.setMaxAge(31536000);
                    cookie.setPath("/");
                    httpServletResponse.addCookie(cookie);
                }
            }
        }
        httpServletRequest.setAttribute(HTTPConstants.RESPONSE_ATTRIBUTE, iDIFResponse);
    }

    private String selectActiveLanguage(List<String> list) {
        String str = null;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (this.messageManager.isLanguageSupported(next)) {
                str = next;
                break;
            }
        }
        if (str == null) {
            str = DIFGeneralConfigurationParameters.getInstance().getDefaultLanguage();
        }
        return str;
    }

    @Override // pt.digitalis.dif.controller.interfaces.IChAL
    @Trace(metricName = "DIF:HTTPChAL:Translate", dispatcher = true)
    public DIFRequest translateRequest(HttpServletRequest httpServletRequest) throws ControllerException {
        DIFRequest dIFRequest = null;
        IDIFSession iDIFSession = null;
        try {
            AntiSamy antiSamyInstance = HTTPSecurityConfiguration.getInstance().getXssParameterSanitization().booleanValue() ? getAntiSamyInstance() : null;
            dIFRequest = new DIFRequest();
            String parameter = httpServletRequest.getParameter(HTTPConstants.STAGE_PARAMETER);
            String parameter2 = httpServletRequest.getParameter("format");
            dIFRequest.setStage((parameter == null || "".equals(parameter)) ? this.config.getHomeStageID() : getSanitizedParameterValue(antiSamyInstance, dIFRequest, HTTPConstants.STAGE_PARAMETER, parameter, false));
            dIFRequest.setFormat(parameter2);
            dIFRequest.setComponentMode(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.COMPONENT_MODE_PARAMETER)));
            dIFRequest.setAjaxMode(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.AJAX_MODE_PARAMETER)));
            dIFRequest.setRestCall(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.REST_URL_PARAMETER)));
            dIFRequest.setPopupMode(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.POPUP_MODE_PARAMETER)));
            dIFRequest.setHelpMode(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.HELP_MODE_PARAMETER)));
            dIFRequest.setTemplateMode(Boolean.parseBoolean(httpServletRequest.getParameter(HTTPConstants.TEMPLATE_MODE_PARAMETER)));
            dIFRequest.addAttribute(IDIFRequest.CLIENT_VALIDATIONS_ATTRIBUTE_ID, httpServletRequest.getAttribute(IDIFRequest.CLIENT_VALIDATIONS_ATTRIBUTE_ID));
            dIFRequest.addAttribute(DIFRequest.ORIGINAL_REQUEST, httpServletRequest);
            ClientDescriptor clientDescriptor = getClientDescriptor(httpServletRequest);
            dIFRequest.setClient(clientDescriptor);
            iDIFSession = this.sessionManager.createSession(HttpUtils.buildSessionId(httpServletRequest.getSession()));
            if (iDIFSession.getLanguage() == null) {
                if (dIFRequest.getClient().getAttribute("ApplicationLanguageCookie") != null && !PresentationConfiguration.getInstance().getIgnoreBrowserDefaultLanguage().booleanValue()) {
                    iDIFSession.setLanguage(dIFRequest.getClient().getAttribute("ApplicationLanguageCookie").toString());
                } else if (PresentationConfiguration.getInstance().getIgnoreBrowserDefaultLanguage() == null || !PresentationConfiguration.getInstance().getIgnoreBrowserDefaultLanguage().booleanValue()) {
                    iDIFSession.setLanguage(selectActiveLanguage(clientDescriptor.getClientSupportedLanguages()));
                } else {
                    iDIFSession.setLanguage(DIFGeneralConfigurationParameters.getInstance().getDefaultLanguage());
                }
            }
            String parameter3 = httpServletRequest.getParameter("language");
            if (parameter3 != null && this.messageManager.isLanguageSupported(parameter3)) {
                dIFRequest.getClient().addAttribute("ApplicationLanguageCookie", parameter3);
                iDIFSession.setLanguage(parameter3);
            }
            String parameter4 = httpServletRequest.getParameter(HTTPConstants.WEBUI_MODE);
            String parameter5 = httpServletRequest.getParameter(HTTPConstants.WEBUI_DEBUG_MODE);
            String parameter6 = httpServletRequest.getParameter(HTTPConstants.WEBUI_COMPAT_MODE);
            if (parameter4 != null) {
                iDIFSession.addAttribute(HTTPConstants.WEBUI_MODE, parameter4);
            }
            if (parameter5 != null) {
                iDIFSession.addAttribute(HTTPConstants.WEBUI_DEBUG_MODE, parameter5);
            }
            if (parameter6 != null) {
                iDIFSession.addAttribute(HTTPConstants.WEBUI_COMPAT_MODE, parameter6);
            }
            dIFRequest.setSession(iDIFSession);
            String parameter7 = httpServletRequest.getParameter(HTTPConstants.FORM_FIELD_NAMES);
            if (StringUtils.isNotBlank(parameter7)) {
                for (String str : parameter7.split(",")) {
                    dIFRequest.addParameter(str.toLowerCase(), null);
                }
            }
            if (ServletFileUpload.isMultipartContent(httpServletRequest)) {
                Integer num = (Integer) iDIFSession.getAttribute(DIFSessionConstants.MAX_DOCUMENT_SIZE);
                if (num == null) {
                    throw new IllegalFileUploadException(ControllerExecutionStep.CHAL_TRANSLATE_REQUEST);
                }
                for (FileItem fileItem : new ServletFileUpload(new DiskFileItemFactory()).parseRequest(httpServletRequest)) {
                    try {
                        if (fileItem.isFormField()) {
                            String fieldName = fileItem.getFieldName();
                            String string = fileItem.getString(HTTPControllerConfiguration.getInstance().getCharset());
                            if (string != null && !"".equals(string)) {
                                dIFRequest.addParameter(fieldName, getSanitizedParameterValue(antiSamyInstance, dIFRequest, fieldName, string));
                            }
                        } else {
                            if (fileItem.getSize() > num.intValue() * 1024) {
                                throw new FileUploadException("The file " + fileItem.getName() + " exceeds its maximum permitted size of " + (num.intValue() * 1024) + " characters");
                                break;
                            }
                            if (fileItem.getSize() != 0) {
                                String fieldName2 = fileItem.getFieldName();
                                byte[] bArr = fileItem.get();
                                String name = FilenameUtils.getName(fileItem.getName());
                                DocumentRepositoryEntry documentRepositoryEntry = new DocumentRepositoryEntry();
                                documentRepositoryEntry.setName(fieldName2);
                                documentRepositoryEntry.setFileName(name);
                                documentRepositoryEntry.calculateMimeType();
                                documentRepositoryEntry.setBytes(bArr);
                                if (iDIFSession.isLogged()) {
                                    documentRepositoryEntry.setCreatorID(iDIFSession.getUser().getID());
                                }
                                dIFRequest.addParameter(fieldName2, documentRepositoryEntry);
                            }
                        }
                    } catch (FileUploadException e) {
                        e.printStackTrace();
                        dIFRequest.addAttribute(HTTPConstants.UPLOAD_FILE_SIZE_ERROR + fileItem.getFieldName(), true);
                    }
                }
            }
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            if (parameterNames != null) {
                while (parameterNames.hasMoreElements()) {
                    String str2 = (String) parameterNames.nextElement();
                    String parameter8 = httpServletRequest.getParameter(str2);
                    if (!StringUtils.isNotEmpty(parameter8) || "null".equalsIgnoreCase(parameter8)) {
                        dIFRequest.addParameter(str2, null);
                    } else {
                        dIFRequest.addParameter(str2, getSanitizedParameterValue(antiSamyInstance, dIFRequest, str2, parameter8));
                    }
                }
            }
            Enumeration attributeNames = httpServletRequest.getAttributeNames();
            if (attributeNames != null) {
                while (attributeNames.hasMoreElements()) {
                    String str3 = (String) attributeNames.nextElement();
                    dIFRequest.addAttribute(str3, httpServletRequest.getAttribute(str3));
                }
            }
            if ("true".equals(dIFRequest.getParameter(IDIFRequest.LOGOUT_PARAMETER_ID))) {
                httpServletRequest.getSession().removeAttribute(AbstractNetpaUserPreferences.NETPA_USER_PREFERENCES_SESSION_NAME);
            }
            return dIFRequest;
        } catch (Exception e2) {
            ControllerException controllerException = new ControllerException(ControllerExecutionStep.CHAL_TRANSLATE_REQUEST, e2);
            controllerException.addToExceptionContext(IDispatcherErrorHandler.ORIGINAL_REQUEST, httpServletRequest);
            controllerException.addToExceptionContext("DIF request", dIFRequest);
            controllerException.addToExceptionContext("DIF Session", iDIFSession);
            throw controllerException;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // pt.digitalis.dif.controller.AbstractChAL
    public boolean validateRequest(HttpServletRequest httpServletRequest) throws ControllerException {
        return true;
    }
}
