package org.hippoecm.hst.core.container;

import java.io.IOException;
import javax.jcr.Credentials;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.hippoecm.hst.configuration.hosting.Mount;
import org.hippoecm.hst.configuration.sitemap.HstSiteMapItem;
import org.hippoecm.hst.container.valves.AbstractOrderableValve;
import org.hippoecm.hst.core.jcr.RuntimeRepositoryException;
import org.hippoecm.hst.core.request.HstRequestContext;
import org.hippoecm.hst.util.HstRequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/hippoecm/hst/core/container/AbstractHttpsSchemeValve.class */
public abstract class AbstractHttpsSchemeValve extends AbstractOrderableValve {
    protected static final Logger log = LoggerFactory.getLogger(AbstractHttpsSchemeValve.class);
    public static final String HTTPS_SCHEME = "https";
    public static final String HTTP_SCHEME = "http";
    protected Repository repository;
    protected Credentials configReaderCredentials;
    protected int redirectStatusCode = 301;

    public void setRedirectStatusCode(int i) {
        if (i == 301 || i == 307 || i == 302) {
            this.redirectStatusCode = i;
        } else {
            log.warn("Ignoring invalid redirect status code '{}'. Only 301, 302 and 307 are supported.", String.valueOf(i));
        }
    }

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void setConfigReaderCredentials(Credentials credentials) {
        this.configReaderCredentials = credentials;
    }

    public abstract boolean requiresHttps(ValveContext valveContext);

    public void invoke(ValveContext valveContext) throws ContainerException {
        HstRequestContext requestContext = valveContext.getRequestContext();
        if (requestContext.isCmsRequest()) {
            valveContext.invokeNext();
            return;
        }
        HstSiteMapItem hstSiteMapItem = requestContext.getResolvedSiteMapItem() == null ? null : requestContext.getResolvedSiteMapItem().getHstSiteMapItem();
        Mount mount = requestContext.getResolvedMount().getMount();
        if (hstSiteMapItem != null && hstSiteMapItem.isSchemeAgnostic()) {
            valveContext.invokeNext();
            return;
        }
        if (mount.isSchemeAgnostic()) {
            valveContext.invokeNext();
            return;
        }
        if (HTTPS_SCHEME.equalsIgnoreCase(HstRequestUtils.getFarthestRequestScheme(valveContext.getServletRequest()))) {
            valveContext.invokeNext();
            return;
        }
        log.debug("Invoking #requiresHttps to find out whether request should be over https.");
        if (!requiresHttps(valveContext)) {
            valveContext.invokeNext();
            return;
        }
        String createURLWithExplicitSchemeForRequest = HstRequestUtils.createURLWithExplicitSchemeForRequest(HTTP_SCHEME, mount, valveContext.getServletRequest());
        if (!HTTPS_SCHEME.equalsIgnoreCase(hstSiteMapItem == null ? mount.getScheme() : hstSiteMapItem.getScheme()) && !mount.getVirtualHost().isCustomHttpsSupported()) {
            log.warn("Current URL '{}' is over http but '{}' indicated preference over 'https' but virtualhost '{}' does not have'{}' = true. Set this property to true support url over https. Request will now be rendered over http.", new String[]{createURLWithExplicitSchemeForRequest, getClass().getName() + "#requiresHttps", mount.getVirtualHost().getHostName(), "hst:customhttpssupport"});
            valveContext.invokeNext();
            return;
        }
        HttpServletResponse servletResponse = valveContext.getServletResponse();
        String createURLWithExplicitSchemeForRequest2 = HstRequestUtils.createURLWithExplicitSchemeForRequest(HTTPS_SCHEME, mount, valveContext.getServletRequest());
        log.info("Client side redirect request '{}' to '{}'", createURLWithExplicitSchemeForRequest, createURLWithExplicitSchemeForRequest2);
        if (getRedirectStatusCode() == 301) {
            servletResponse.setStatus(301);
            servletResponse.setHeader("Location", createURLWithExplicitSchemeForRequest2);
        } else {
            try {
                servletResponse.sendRedirect(createURLWithExplicitSchemeForRequest2);
            } catch (IOException e) {
                throw new ContainerException("Could not redirect", e);
            }
        }
    }

    protected int getRedirectStatusCode() {
        return this.redirectStatusCode;
    }

    protected boolean isSchemeHttps(HttpServletRequest httpServletRequest) {
        return HTTPS_SCHEME.equalsIgnoreCase(getScheme(httpServletRequest));
    }

    protected String getScheme(HttpServletRequest httpServletRequest) {
        return HstRequestUtils.getFarthestRequestScheme(httpServletRequest);
    }

    protected Session getHstConfigSession() {
        if (this.repository == null || this.configReaderCredentials == null) {
            throw new IllegalStateException("No repository or configReaderCredentials are set");
        }
        try {
            return this.repository.login(this.configReaderCredentials);
        } catch (RepositoryException e) {
            throw new RuntimeRepositoryException("Could not login config user.", e);
        }
    }
}
