package org.hippoecm.hst.cmsrest.container;

import java.io.IOException;
import java.security.SignatureException;
import javax.jcr.LoginException;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.lang.StringUtils;
import org.hippoecm.hst.container.valves.AbstractOrderableValve;
import org.hippoecm.hst.core.container.ContainerException;
import org.hippoecm.hst.core.container.ValveContext;
import org.hippoecm.hst.core.internal.HstMutableRequestContext;
import org.hippoecm.hst.core.request.HstRequestContext;
import org.hippoecm.hst.core.request.ResolvedVirtualHost;
import org.onehippo.sso.CredentialCipher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hst-cms-rest-2.28.07.jar:org/hippoecm/hst/cmsrest/container/CmsRestSecurityValve.class */
public class CmsRestSecurityValve extends AbstractOrderableValve {
    private static final Logger log = LoggerFactory.getLogger(CmsRestSecurityValve.class);
    private static final String CREDENTIAL_CIPHER_KEY = "ENC_DEC_KEY";
    private static final String HEADER_CMS_REST_CREDENTIALS = "X-CMSREST-CREDENTIALS";
    private static final String CMSREST_CMSHOST_HEADER = "X-CMSREST-CMSHOST";
    public static final String HOST_GROUP_NAME_FOR_CMS_HOST = "HOST_GROUP_NAME_FOR_CMS_HOST";
    private static final String ERROR_MESSAGE_NO_CMS_REST_CREDENTIALS_FOUND = "no CMS REST credentials found";
    private Repository repository;

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    @Override // org.hippoecm.hst.container.valves.AbstractValve, org.hippoecm.hst.core.container.Valve
    public void invoke(ValveContext valveContext) throws ContainerException {
        HttpServletRequest servletRequest = valveContext.getServletRequest();
        HttpServletResponse servletResponse = valveContext.getServletResponse();
        HstRequestContext requestContext = valveContext.getRequestContext();
        if (!requestContext.isCmsRequest()) {
            setResponseError(HttpStatus.SC_BAD_REQUEST, servletResponse, "Bad CMS REST call");
            return;
        }
        log.debug("Request '{}' is invoked from CMS context. Check for credentials and apply security rules or raise proper error!", servletRequest.getRequestURL());
        String header = servletRequest.getHeader(HEADER_CMS_REST_CREDENTIALS);
        if (StringUtils.isBlank(header)) {
            log.debug("No CMS REST credentials found");
            setResponseError(HttpStatus.SC_BAD_REQUEST, servletResponse, ERROR_MESSAGE_NO_CMS_REST_CREDENTIALS_FOUND);
            return;
        }
        Session session = null;
        try {
            try {
                try {
                    try {
                        Session login = this.repository.login(CredentialCipher.getInstance().decryptFromString(CREDENTIAL_CIPHER_KEY, header));
                        ((HstMutableRequestContext) requestContext).setSession(login);
                        String header2 = requestContext.getServletRequest().getHeader(CMSREST_CMSHOST_HEADER);
                        if (StringUtils.isEmpty(header2)) {
                            log.warn("Cannot proceed _cmsrest request because no header found for '{}'", CMSREST_CMSHOST_HEADER);
                            setResponseError(HttpStatus.SC_INTERNAL_SERVER_ERROR, servletResponse);
                            if (login != null) {
                                login.logout();
                                return;
                            }
                            return;
                        }
                        ResolvedVirtualHost matchVirtualHost = requestContext.getVirtualHost().getVirtualHosts().matchVirtualHost(header2);
                        if (matchVirtualHost == null) {
                            log.warn("Cannot match cmsHost '{}' to a host. Make sure '{}' is configured on a hst:virtualhostgroup node that belong to the correct environment for the cmsHost", header2, header2);
                            setResponseError(HttpStatus.SC_INTERNAL_SERVER_ERROR, servletResponse);
                            if (login != null) {
                                login.logout();
                                return;
                            }
                            return;
                        }
                        requestContext.setAttribute(HOST_GROUP_NAME_FOR_CMS_HOST, matchVirtualHost.getVirtualHost().getHostGroupName());
                        valveContext.invokeNext();
                        if (login != null) {
                            login.logout();
                        }
                    } catch (RepositoryException e) {
                        log.warn("RepositoryException ", e.toString());
                        setResponseError(HttpStatus.SC_INTERNAL_SERVER_ERROR, servletResponse);
                        if (0 != 0) {
                            session.logout();
                        }
                    }
                } catch (SignatureException e2) {
                    log.warn("SignatureException while processing CMS REST credentails : {}", e2.toString());
                    setResponseError(HttpStatus.SC_INTERNAL_SERVER_ERROR, servletResponse);
                    if (0 != 0) {
                        session.logout();
                    }
                }
            } catch (LoginException e3) {
                log.warn("LoginException ", e3.toString());
                setResponseError(HttpStatus.SC_INTERNAL_SERVER_ERROR, servletResponse);
                if (0 != 0) {
                    session.logout();
                }
            }
        } catch (Throwable th) {
            if (0 != 0) {
                session.logout();
            }
            throw th;
        }
    }

    protected void setResponseError(int i, HttpServletResponse httpServletResponse) {
        setResponseError(i, httpServletResponse, null);
    }

    protected void setResponseError(int i, HttpServletResponse httpServletResponse, String str) {
        try {
            if (StringUtils.isBlank(str)) {
                httpServletResponse.sendError(i);
            } else {
                httpServletResponse.sendError(i, str);
            }
        } catch (IOException e) {
            log.warn("Exception while sending HTTP error response", e);
        }
    }
}
