package com.google.gerrit.httpd;

import com.google.common.base.Strings;
import com.google.common.collect.Iterators;
import com.google.common.collect.Maps;
import com.google.common.net.HttpHeaders;
import com.google.gerrit.httpd.RestTokenVerifier;
import com.google.gerrit.server.CurrentUser;
import com.google.gerrit.server.IdentifiedUser;
import com.google.gerrit.server.OutputFormat;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParseException;
import com.google.gson.JsonParser;
import com.google.gwtjsonrpc.common.JsonConstants;
import com.google.inject.Inject;
import com.google.inject.Provider;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.Enumeration;
import java.util.Map;
import javax.annotation.Nullable;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/TokenVerifiedRestApiServlet.class */
public abstract class TokenVerifiedRestApiServlet extends RestApiServlet {
    private static final long serialVersionUID = 1;
    private static final String FORM_ENCODED = "application/x-www-form-urlencoded";
    private static final String UTF_8 = "UTF-8";
    private static final String AUTHKEY_NAME = "_authkey";
    private static final String AUTHKEY_HEADER = "X-authkey";
    private final Gson gson;
    private final Provider<CurrentUser> userProvider;
    private final RestTokenVerifier verifier;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/TokenVerifiedRestApiServlet$ParsedBody.class */
    public static class ParsedBody {
        HttpServletRequest req;
        String _authkey;
        JsonObject json;

        private ParsedBody() {
        }
    }

    /* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/TokenVerifiedRestApiServlet$TokenInfo.class */
    private static class TokenInfo {
        String _authkey;

        private TokenInfo() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/gerrit-httpd-2.5.2.jar:com/google/gerrit/httpd/TokenVerifiedRestApiServlet$WrappedRequest.class */
    public static class WrappedRequest extends HttpServletRequestWrapper {
        private Map parameters;

        WrappedRequest(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public String getParameter(String str) {
            if (TokenVerifiedRestApiServlet.AUTHKEY_NAME.equals(str)) {
                return null;
            }
            return super.getParameter(str);
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public String[] getParameterValues(String str) {
            if (TokenVerifiedRestApiServlet.AUTHKEY_NAME.equals(str)) {
                return null;
            }
            return super.getParameterValues(str);
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public Map getParameterMap() {
            Map map = this.parameters;
            if (map == null) {
                map = super.getParameterMap();
                if (map.containsKey(TokenVerifiedRestApiServlet.AUTHKEY_NAME)) {
                    map = Maps.newHashMap(map);
                    map.remove(TokenVerifiedRestApiServlet.AUTHKEY_NAME);
                }
                this.parameters = map;
            }
            return map;
        }

        @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
        public Enumeration getParameterNames() {
            return Iterators.asEnumeration(getParameterMap().keySet().iterator());
        }
    }

    @Inject
    protected TokenVerifiedRestApiServlet(Provider<CurrentUser> provider, RestTokenVerifier restTokenVerifier) {
        super(provider);
        this.gson = OutputFormat.JSON_COMPACT.newGson();
        this.userProvider = provider;
        this.verifier = restTokenVerifier;
    }

    protected abstract void doRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable JsonObject jsonObject) throws IOException, ServletException;

    @Override // javax.servlet.http.HttpServlet
    protected final void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        CurrentUser currentUser = this.userProvider.get();
        if (!(currentUser instanceof IdentifiedUser)) {
            sendError(httpServletResponse, 401, "API requires authentication");
            return;
        }
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo._authkey = this.verifier.sign(((IdentifiedUser) currentUser).getAccountId(), computeUrl(httpServletRequest));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byteArrayOutputStream.write(JSON_MAGIC);
        if (acceptsJson(httpServletRequest)) {
            str = JsonConstants.JSON_TYPE;
            byteArrayOutputStream.write(this.gson.toJson(tokenInfo).getBytes("UTF-8"));
        } else {
            str = "application/x-www-form-urlencoded";
            byteArrayOutputStream.write(String.format("%s=%s", AUTHKEY_NAME, URLEncoder.encode(tokenInfo._authkey, "UTF-8")).getBytes("UTF-8"));
        }
        httpServletResponse.setContentType(str);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader(HttpHeaders.CONTENT_DISPOSITION, "attachment");
        send(httpServletRequest, httpServletResponse, byteArrayOutputStream.toByteArray());
    }

    @Override // javax.servlet.http.HttpServlet
    protected final void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        ParsedBody parseForm;
        CurrentUser currentUser = this.userProvider.get();
        if (!(currentUser instanceof IdentifiedUser)) {
            sendError(httpServletResponse, 401, "API requires authentication");
            return;
        }
        if (JsonConstants.JSON_TYPE.equals(httpServletRequest.getContentType())) {
            parseForm = parseJson(httpServletRequest, httpServletResponse);
        } else {
            if (!"application/x-www-form-urlencoded".equals(httpServletRequest.getContentType())) {
                sendError(httpServletResponse, 400, String.format("Expected Content-Type: %s or %s", JsonConstants.JSON_TYPE, "application/x-www-form-urlencoded"));
                return;
            }
            parseForm = parseForm(httpServletRequest, httpServletResponse);
        }
        if (parseForm == null) {
            return;
        }
        if (Strings.isNullOrEmpty(parseForm._authkey)) {
            String header = httpServletRequest.getHeader(AUTHKEY_HEADER);
            if (Strings.isNullOrEmpty(header)) {
                sendError(httpServletResponse, 400, String.format("Expected %s in request body or %s in HTTP headers", AUTHKEY_NAME, AUTHKEY_HEADER));
                return;
            }
            parseForm._authkey = URLDecoder.decode(header, "UTF-8");
        }
        try {
            this.verifier.verify(((IdentifiedUser) currentUser).getAccountId(), computeUrl(httpServletRequest), parseForm._authkey);
            doRequest(parseForm.req, httpServletResponse, parseForm.json);
        } catch (RestTokenVerifier.InvalidTokenException e) {
            sendError(httpServletResponse, 400, String.format("Invalid or expired %s", AUTHKEY_NAME));
        }
    }

    private static ParsedBody parseJson(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            JsonElement parse = new JsonParser().parse(httpServletRequest.getReader());
            if (!parse.isJsonObject()) {
                sendError(httpServletResponse, 400, "Expected JSON object in request body");
                return null;
            }
            ParsedBody parsedBody = new ParsedBody();
            parsedBody.req = httpServletRequest;
            parsedBody.json = (JsonObject) parse;
            JsonElement remove = parsedBody.json.remove(AUTHKEY_NAME);
            if (remove != null && remove.isJsonPrimitive() && remove.getAsJsonPrimitive().isString()) {
                parsedBody._authkey = remove.getAsString();
            }
            return parsedBody;
        } catch (JsonParseException e) {
            sendError(httpServletResponse, 400, "Invalid JSON object in request body");
            return null;
        }
    }

    private static ParsedBody parseForm(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        ParsedBody parsedBody = new ParsedBody();
        parsedBody.req = new WrappedRequest(httpServletRequest);
        parsedBody._authkey = httpServletRequest.getParameter(AUTHKEY_NAME);
        return parsedBody;
    }

    private static String computeUrl(HttpServletRequest httpServletRequest) {
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String queryString = httpServletRequest.getQueryString();
        if (!Strings.isNullOrEmpty(queryString)) {
            requestURL.append('?').append(queryString);
        }
        return requestURL.toString();
    }
}
