package com.liferay.portal.struts;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.json.JSONFactoryUtil;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.access.control.AccessControlUtil;
import com.liferay.portal.kernel.security.auth.AuthTokenUtil;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.servlet.ServletContextPool;
import com.liferay.portal.kernel.util.ClassUtil;
import com.liferay.portal.kernel.util.GetterUtil;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PortalUtil;
import com.liferay.portal.kernel.util.SetUtil;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.portal.servlet.SharedSessionServletRequest;
import com.liferay.portal.struts.constants.ActionConstants;
import com.liferay.portal.struts.model.ActionForward;
import com.liferay.portal.struts.model.ActionMapping;
import com.liferay.portal.util.PropsValues;
import java.util.Set;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/liferay/portal/struts/JSONAction.class */
public abstract class JSONAction implements Action {
    private static final Log _log = LogFactoryUtil.getLog(JSONAction.class);
    private final Set<String> _hostsAllowed = SetUtil.fromArray(PropsValues.JSON_SERVICE_AUTH_TOKEN_HOSTS_ALLOWED);
    private ServletContext _servletContext;

    @Override // com.liferay.portal.struts.Action
    public ActionForward execute(ActionMapping actionMapping, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String serializeThrowable;
        if (rerouteExecute(httpServletRequest, httpServletResponse)) {
            return null;
        }
        String string = ParamUtil.getString(httpServletRequest, "callback");
        try {
            checkAuthToken(httpServletRequest);
            serializeThrowable = getJSON(httpServletRequest, httpServletResponse);
            if (Validator.isNotNull(string)) {
                StringBundler stringBundler = new StringBundler(5);
                stringBundler.append("/**/");
                stringBundler.append(string);
                stringBundler.append("(");
                stringBundler.append(serializeThrowable);
                stringBundler.append(")");
                serializeThrowable = stringBundler.toString();
            }
        } catch (PrincipalException e) {
            _log.error(e.getMessage());
            PortalUtil.sendError(403, e, httpServletRequest, httpServletResponse);
            return null;
        } catch (SecurityException e2) {
            if (_log.isWarnEnabled()) {
                _log.warn(e2.getMessage());
            }
            if (!PropsValues.JSON_SERVICE_SERIALIZE_THROWABLE) {
                PortalUtil.sendError(500, e2, httpServletRequest, httpServletResponse);
                return null;
            }
            serializeThrowable = JSONFactoryUtil.serializeThrowable(e2);
        } catch (Exception e3) {
            _log.error(e3.getMessage());
            PortalUtil.sendError(500, e3, httpServletRequest, httpServletResponse);
            return null;
        }
        if (ParamUtil.getBoolean(httpServletRequest, "refresh")) {
            return actionMapping.getActionForward(ActionConstants.COMMON_REFERER);
        }
        if (!Validator.isNotNull(serializeThrowable)) {
            return null;
        }
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json");
        httpServletResponse.setHeader("Cache-Control", "private, no-cache, no-store, must-revalidate");
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        Throwable th = null;
        try {
            outputStream.write(serializeThrowable.getBytes("UTF-8"));
            if (outputStream == null) {
                return null;
            }
            if (0 == 0) {
                outputStream.close();
                return null;
            }
            try {
                outputStream.close();
                return null;
            } catch (Throwable th2) {
                th.addSuppressed(th2);
                return null;
            }
        } catch (Throwable th3) {
            if (outputStream != null) {
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    outputStream.close();
                }
            }
            throw th3;
        }
    }

    public abstract String getJSON(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception;

    public void setServletContext(ServletContext servletContext) {
        this._servletContext = servletContext;
    }

    protected void checkAuthToken(HttpServletRequest httpServletRequest) throws PortalException {
        String string = GetterUtil.getString(httpServletRequest.getAuthType());
        if (AccessControlUtil.getAccessControlContext() == null) {
            if (string.equals("BASIC") || string.equals("DIGEST")) {
                return;
            }
        } else if (!string.equals("FORM")) {
            return;
        }
        if (!PropsValues.JSON_SERVICE_AUTH_TOKEN_ENABLED || AccessControlUtil.isAccessAllowed(httpServletRequest, this._hostsAllowed)) {
            return;
        }
        AuthTokenUtil.checkCSRFToken(httpServletRequest, getCSRFOrigin(httpServletRequest));
    }

    protected String getCSRFOrigin(HttpServletRequest httpServletRequest) {
        return ClassUtil.getClassName(this);
    }

    protected String getReroutePath() {
        return null;
    }

    protected boolean rerouteExecute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        ServletContext servletContext;
        RequestDispatcher requestDispatcher;
        String reroutePath = getReroutePath();
        if (Validator.isNull(reroutePath)) {
            return false;
        }
        String string = ParamUtil.getString(httpServletRequest, "servletContextName");
        if (Validator.isNull(string)) {
            return false;
        }
        ServletContext servletContext2 = this._servletContext;
        if (servletContext2 == null) {
            servletContext2 = (ServletContext) httpServletRequest.getAttribute("CTX");
        }
        if (GetterUtil.getString(servletContext2.getServletContextName()).equals(string) || (servletContext = ServletContextPool.get(string)) == null || (requestDispatcher = servletContext.getRequestDispatcher(reroutePath)) == null) {
            return false;
        }
        requestDispatcher.forward(new SharedSessionServletRequest(httpServletRequest, true), httpServletResponse);
        return true;
    }
}
