package com.worklight.gadgets.serving.handler;

import com.ibm.json.java.JSONObject;
import com.worklight.common.log.WorklightLogger;
import com.worklight.common.log.WorklightServerLogger;
import com.worklight.common.type.Environment;
import com.worklight.common.util.FileTemplate;
import com.worklight.gadgets.GadgetRuntimeException;
import com.worklight.gadgets.api.GadgetAPIRequestCoder;
import com.worklight.gadgets.bean.AppVersionAccessData;
import com.worklight.gadgets.bean.Gadget;
import com.worklight.gadgets.serving.GadgetAPIServlet;
import com.worklight.gadgets.utils.GadgetUtils;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.io.ClassPathResource;

/* loaded from: input_file:com/worklight/gadgets/serving/handler/AuthenticationHandler.class */
public class AuthenticationHandler extends APIMethodHandler {
    private static final String PARAM_NAME_PARENT_URL = "parent";
    private static final String PARAM_NAME_ACTION = "action";
    private static final String PARAM_VALUE_ACTION_POPUP = "popup";
    private static final String PARAM_VALUE_ACTION_TEST = "test";
    private static final String PARAM_VALUE_ACTION_TEST_IMAGE = "test_img";
    private String testReplyTemplateHtml;
    private String popupReplyTemplateHtml;
    private byte[] imageBytes;
    private String sessionId;
    private static final WorklightServerLogger logger = new WorklightServerLogger(AuthenticationHandler.class, WorklightLogger.MessagesBundles.CORE);

    @Override // com.worklight.gadgets.serving.handler.APIMethodHandler
    public void init(ServletConfig servletConfig) throws IOException {
        super.init(servletConfig);
        this.testReplyTemplateHtml = GadgetUtils.copyFileToString("welcome/authTestReply.template.html");
        this.popupReplyTemplateHtml = GadgetUtils.copyFileToString("welcome/authPopupReply.html");
        this.imageBytes = GadgetUtils.copyFileToByteArray(new ClassPathResource("welcome/blank.gif"));
    }

    @Override // com.worklight.gadgets.serving.handler.APIMethodHandler
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GadgetAPIRequestCoder.GadgetRequestInfo gadgetRequestInfo) throws ServletException, IOException {
        try {
            String parameter = httpServletRequest.getParameter(PARAM_NAME_ACTION);
            this.sessionId = httpServletRequest.getSession().getId();
            if (PARAM_VALUE_ACTION_TEST.equals(parameter)) {
                handleAuthenticationTest(httpServletRequest, httpServletResponse, gadgetRequestInfo);
                logAuthActivity(gadgetRequestInfo);
            } else if ("popup".equals(parameter)) {
                handleAuthenticationPopup(httpServletResponse);
                logAuthActivity(gadgetRequestInfo);
            } else if (PARAM_VALUE_ACTION_TEST_IMAGE.equals(parameter)) {
                handleAuthenticationTestImage(httpServletResponse);
                logAuthActivity(gadgetRequestInfo);
            }
        } catch (IOException e) {
            throw new GadgetRuntimeException("Failed to create authentication response");
        }
    }

    private void logAuthActivity(GadgetAPIRequestCoder.GadgetRequestInfo gadgetRequestInfo) {
        logGadgetActivity(GadgetUtils.getGadgetApplicationFrom(gadgetRequestInfo), GadgetAPIRequestCoder.REQ_PATH_AUTHENTICATION, gadgetRequestInfo.getUserAgent(), gadgetRequestInfo.getIpAddress(), this.sessionId);
    }

    private void handleAuthenticationPopup(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletResponse.getWriter().print(this.popupReplyTemplateHtml.toString());
        httpServletResponse.getWriter().close();
    }

    private void handleAuthenticationTest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GadgetAPIRequestCoder.GadgetRequestInfo gadgetRequestInfo) throws IOException {
        if (GadgetAPIServlet.isAjaxRequest(httpServletRequest)) {
            JSONObject jSONObject = new JSONObject();
            processRule(httpServletRequest, gadgetRequestInfo, jSONObject);
            jSONObject.put("success", "success");
            sendJSONObject(httpServletResponse, jSONObject);
            return;
        }
        FileTemplate fileTemplate = new FileTemplate(this.testReplyTemplateHtml);
        String parameter = httpServletRequest.getParameter(PARAM_NAME_PARENT_URL);
        String cleanXSS = GadgetUtils.cleanXSS(parameter);
        if (!parameter.equals(cleanXSS)) {
            logger.warn("handleAuthenticationTest", "logger.parentValueCleaned", new Object[]{parameter});
        }
        if (!GadgetUtils.isURLPattern(cleanXSS)) {
            logger.error("handleAuthenticationTest", "logger.parentURLPatterInvalid", new Object[]{cleanXSS});
            cleanXSS = "";
        }
        fileTemplate.replaceToken("parentURL", cleanXSS);
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletResponse.getWriter().print(fileTemplate.getContent());
        httpServletResponse.getWriter().close();
    }

    private void handleAuthenticationTestImage(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("image/gif");
        httpServletResponse.setHeader("Cache-Control", "no-cache, must-revalidate");
        httpServletResponse.setHeader("Expires", "Sat, 26 Jul 1997 05:00:00 GMT");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        outputStream.write(this.imageBytes);
        outputStream.flush();
        outputStream.close();
    }

    private void processRule(HttpServletRequest httpServletRequest, GadgetAPIRequestCoder.GadgetRequestInfo gadgetRequestInfo, JSONObject jSONObject) {
        AppVersionAccessData appVersionRule = getAppVersionRule(GadgetUtils.getGadgetApplicationFrom(gadgetRequestInfo).getGadget(), gadgetRequestInfo.getGadgetEnvironment(), httpServletRequest);
        if (appVersionRule != null) {
            AppVesionAccessHandler.populateJSON(appVersionRule, jSONObject, httpServletRequest.getSession().getId());
        }
    }

    private AppVersionAccessData getAppVersionRule(Gadget gadget, Environment environment, HttpServletRequest httpServletRequest) {
        AppVersionAccessData appVersionAccessData = null;
        String header = httpServletRequest.getHeader("x-wl-app-version");
        if (header != null) {
            appVersionAccessData = GadgetUtils.getAppVersionAccessService().getAppVersionAccessData(gadget, environment, header);
        }
        return appVersionAccessData;
    }
}
