package org.swordapp.server;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.security.NoSuchAlgorithmException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.abdera.Abdera;
import org.apache.abdera.model.Element;
import org.apache.abdera.model.Entry;
import org.apache.abdera.model.Generator;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.ParameterParser;
import org.apache.commons.fileupload.disk.DiskFileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.httpclient.auth.AuthState;
import org.apache.log4j.Logger;
import org.elasticsearch.common.netty.handler.codec.http.multipart.HttpPostBodyUtil;
import org.elasticsearch.index.mapper.core.CompletionFieldMapper;
import se.kb.oai.ore.OREConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/classes/org/swordapp/server/SwordAPIEndpoint.class
  input_file:WEB-INF/lib/dspace-swordv2-6.1-classes.jar:org/swordapp/server/SwordAPIEndpoint.class
 */
/* loaded from: input_file:WEB-INF/lib/sword2-server-1.0-classes.jar:org/swordapp/server/SwordAPIEndpoint.class */
public class SwordAPIEndpoint {
    protected SwordConfiguration config;
    private static Logger log = Logger.getLogger(SwordAPIEndpoint.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public SwordAPIEndpoint(SwordConfiguration swordConfiguration) {
        this.config = swordConfiguration;
    }

    public void get(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
    }

    public void post(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
    }

    public void put(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
    }

    public void delete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.setCharacterEncoding("UTF-8");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthCredentials getAuthCredentials(HttpServletRequest httpServletRequest) throws SwordAuthException {
        return getAuthCredentials(httpServletRequest, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthCredentials getAuthCredentials(HttpServletRequest httpServletRequest, boolean z) throws SwordAuthException {
        AuthCredentials authCredentials;
        String authType = this.config.getAuthType();
        log.info("Auth type = " + authType);
        if (authType.equalsIgnoreCase("none")) {
            log.debug("No Authentication Credentials supplied/required");
            authCredentials = new AuthCredentials(null, null, "");
        } else {
            String header = httpServletRequest.getHeader("Authorization");
            String header2 = httpServletRequest.getHeader("On-Behalf-Of");
            boolean equalsIgnoreCase = authType.equalsIgnoreCase(AuthState.PREEMPTIVE_AUTH_SCHEME);
            if (equalsIgnoreCase && (header == null || header.equals(""))) {
                if (!z) {
                    throw new SwordAuthException(true);
                }
                log.debug("No Authentication Credentials supplied/required");
                return new AuthCredentials(null, null, header2);
            }
            if (!equalsIgnoreCase) {
                throw new SwordAuthException("Server is not properly configured for authentication");
            }
            String[] decodeAuthHeader = decodeAuthHeader(header);
            authCredentials = new AuthCredentials(decodeAuthHeader[0], decodeAuthHeader[1], header2);
        }
        return authCredentials;
    }

    protected String[] decodeAuthHeader(String str) throws SwordAuthException {
        String[] split = str.split(" ");
        if (split.length != 2) {
            log.fatal("Malformed Authorization header");
            throw new SwordAuthException("Malformed Authorization header");
        }
        if (!"Basic".equalsIgnoreCase(split[0].trim())) {
            log.warn("Authentication method not supported: " + split[0]);
            throw new SwordAuthException("Authentication method not supported: " + split[0]);
        }
        String[] split2 = new String(Base64.decodeBase64(split[1].trim().getBytes())).split(":", 2);
        if (split2.length == 2) {
            return split2;
        }
        log.fatal("Malformed Authorization header; unable to determine username/password boundary");
        throw new SwordAuthException("Malformed Authorization header; unable to determine username/password boundary");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getFullUrl(HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && !"".equals(queryString)) {
            stringBuffer = stringBuffer + "?" + queryString;
        }
        return stringBuffer;
    }

    /* JADX WARN: Finally extract failed */
    protected void storeAndCheckBinary(Deposit deposit, SwordConfiguration swordConfiguration) throws SwordServerException, SwordError {
        if (deposit.getInputStream() == null) {
            throw new SwordServerException("Attempting to store and check deposit which has no input stream");
        }
        if (swordConfiguration.storeAndCheckBinary()) {
            String tempDirectory = swordConfiguration.getTempDirectory();
            if (tempDirectory == null) {
                throw new SwordServerException("Store and Check operation requested, but no tempDirectory specified in config");
            }
            String str = tempDirectory + File.separator + "SWORD-" + UUID.randomUUID().toString();
            try {
                InputStream inputStream = deposit.getInputStream();
                FileOutputStream fileOutputStream = new FileOutputStream(new File(str));
                try {
                    byte[] bArr = new byte[1024];
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read <= 0) {
                            break;
                        } else {
                            fileOutputStream.write(bArr, 0, read);
                        }
                    }
                    inputStream.close();
                    fileOutputStream.close();
                    File file = new File(str);
                    deposit.setFile(file);
                    long length = file.length();
                    if (swordConfiguration.getMaxUploadSize() != -1 && length > swordConfiguration.getMaxUploadSize()) {
                        throw new SwordError(UriRegistry.ERROR_MAX_UPLOAD_SIZE_EXCEEDED, "The uploaded file exceeded the maximum file size this server will accept (the file is " + length + " bytes but the server will only accept files as large as " + swordConfiguration.getMaxUploadSize() + " bytes)");
                    }
                    try {
                        String generateMD5 = ChecksumUtils.generateMD5(str);
                        log.debug("Received filechecksum: " + generateMD5);
                        String md5 = deposit.getMd5();
                        log.debug("Received file checksum header: " + md5);
                        if (md5 == null || md5.equals(generateMD5)) {
                            log.debug("Package temporarily stored as: " + str);
                        } else {
                            log.debug("Bad MD5 for file. Aborting with appropriate error message");
                            throw new SwordError(UriRegistry.ERROR_CHECKSUM_MISMATCH, "The received MD5 checksum for the deposited file did not match the checksum sent by the deposit client");
                        }
                    } catch (IOException e) {
                        throw new SwordServerException(e);
                    } catch (NoSuchAlgorithmException e2) {
                        throw new SwordServerException(e2);
                    }
                } catch (Throwable th) {
                    inputStream.close();
                    fileOutputStream.close();
                    throw th;
                }
            } catch (IOException e3) {
                throw new SwordServerException(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDepositPropertiesFromMultipart(Deposit deposit, HttpServletRequest httpServletRequest) throws ServletException, IOException, SwordError {
        for (DiskFileItem diskFileItem : getPartsFromRequest(httpServletRequest)) {
            String header = diskFileItem.getHeaders().getHeader("Content-Disposition");
            String contentDispositionValue = getContentDispositionValue(header, "name");
            if (OREConstants.ATOM_NS_PREFIX.equals(contentDispositionValue)) {
                deposit.setEntry((Entry) new Abdera().getParser().parse(diskFileItem.getInputStream()).getRoot());
            } else if (CompletionFieldMapper.Fields.CONTENT_FIELD_NAME_PAYLOAD.equals(contentDispositionValue)) {
                String header2 = diskFileItem.getHeaders().getHeader("Content-MD5");
                String header3 = diskFileItem.getHeaders().getHeader("Packaging");
                String contentDispositionValue2 = getContentDispositionValue(header, HttpPostBodyUtil.FILENAME);
                if (contentDispositionValue2 == null || "".equals(contentDispositionValue2)) {
                    throw new SwordError(UriRegistry.ERROR_BAD_REQUEST, "Filename could not be extracted from Content-Disposition");
                }
                String contentType = diskFileItem.getContentType();
                String trim = contentType != null ? contentType.split(";")[0].trim() : "application/octet-stream";
                InputStream inputStream = diskFileItem.getInputStream();
                deposit.setFilename(contentDispositionValue2);
                deposit.setInputStream(inputStream);
                deposit.setMimeType(trim);
                deposit.setMd5(header2);
                deposit.setPackaging(header3);
            } else {
                continue;
            }
        }
        try {
            storeAndCheckBinary(deposit, this.config);
        } catch (SwordServerException e) {
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanup(Deposit deposit) {
        File file;
        if (deposit == null || (file = deposit.getFile()) == null) {
            return;
        }
        file.delete();
        deposit.setFile(null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element getGenerator(SwordConfiguration swordConfiguration) {
        String generator = swordConfiguration.generator();
        String generatorVersion = swordConfiguration.generatorVersion();
        String administratorEmail = swordConfiguration.administratorEmail();
        if (generator == null || "".equals(generator)) {
            return null;
        }
        Generator newGenerator = new Abdera().getFactory().newGenerator();
        newGenerator.setAttributeValue("uri", generator);
        if (generatorVersion != null) {
            newGenerator.setAttributeValue("version", generatorVersion);
        }
        if (administratorEmail != null && !"".equals(administratorEmail)) {
            newGenerator.setText(administratorEmail);
        }
        return newGenerator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDepositPropertiesFromEntry(Deposit deposit, HttpServletRequest httpServletRequest) throws IOException {
        deposit.setEntry((Entry) new Abdera().getParser().parse(httpServletRequest.getInputStream()).getRoot());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDepositPropertiesFromBinary(Deposit deposit, HttpServletRequest httpServletRequest) throws ServletException, IOException, SwordError {
        String contentType = getContentType(httpServletRequest);
        String header = httpServletRequest.getHeader("Content-Disposition");
        String header2 = httpServletRequest.getHeader("Content-MD5");
        String header3 = httpServletRequest.getHeader("Packaging");
        if (header3 == null || "".equals(header3)) {
            header3 = UriRegistry.PACKAGE_BINARY;
        }
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        String contentDispositionValue = getContentDispositionValue(header, HttpPostBodyUtil.FILENAME);
        if (contentDispositionValue == null || "".equals(contentDispositionValue)) {
            throw new SwordError(UriRegistry.ERROR_BAD_REQUEST, "Filename could not be extracted from Content-Disposition");
        }
        deposit.setFilename(contentDispositionValue);
        deposit.setMd5(header2);
        deposit.setPackaging(header3);
        deposit.setInputStream(inputStream);
        deposit.setMimeType(contentType);
        try {
            storeAndCheckBinary(deposit, this.config);
        } catch (SwordServerException e) {
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void swordError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SwordError swordError) throws IOException, ServletException {
        try {
            if (!this.config.returnErrorBody() || !swordError.hasBody()) {
                httpServletResponse.setStatus(new ErrorDocument(swordError.getErrorUri(), swordError.getStatus()).getStatus());
                return;
            }
            String message = swordError.getMessage();
            String str = null;
            if (this.config.returnStackTraceInError()) {
                StringWriter stringWriter = new StringWriter();
                swordError.printStackTrace(new PrintWriter(stringWriter));
                str = stringWriter.getBuffer().toString();
            }
            ErrorDocument errorDocument = message == null ? new ErrorDocument(swordError.getErrorUri(), swordError.getStatus(), str) : new ErrorDocument(swordError.getErrorUri(), swordError.getStatus(), message, str);
            httpServletResponse.setStatus(errorDocument.getStatus());
            httpServletResponse.setHeader("Content-Type", "text/xml");
            errorDocument.writeTo(httpServletResponse.getWriter(), this.config);
            httpServletResponse.getWriter().flush();
        } catch (SwordServerException e) {
            throw new ServletException(e);
        }
    }

    protected String getContentDispositionValue(String str, String str2) {
        if (str == null || str2 == null) {
            return null;
        }
        return new ParameterParser().parse(str, ';').get(str2);
    }

    protected List<DiskFileItem> getPartsFromRequest(HttpServletRequest httpServletRequest) throws ServletException {
        try {
            return new ServletFileUpload(new DiskFileItemFactory()).parseRequest(httpServletRequest);
        } catch (FileUploadException e) {
            throw new ServletException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, String> getAcceptHeaders(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (str.toLowerCase().startsWith("accept")) {
                hashMap.put(str, httpServletRequest.getHeader(str));
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void copyInputToOutput(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[4096];
        while (true) {
            int read = inputStream.read(bArr, 0, 4096);
            if (-1 == read) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentType(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Content-Type");
        if (header == null) {
            header = "application/octet-stream";
        }
        return header;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getInProgress(HttpServletRequest httpServletRequest) throws SwordError {
        String header = httpServletRequest.getHeader("In-Progress");
        boolean z = false;
        if (header != null) {
            if (!"true".equals(header.trim()) && !"false".equals(header.trim())) {
                throw new SwordError(UriRegistry.ERROR_BAD_REQUEST, "The In-Progress header MUST be 'true' or 'false'");
            }
            z = "true".equals(header.trim());
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean getMetadataRelevant(HttpServletRequest httpServletRequest) throws SwordError {
        String header = httpServletRequest.getHeader("Metadata-Relevant");
        boolean z = false;
        if (header != null) {
            if (!"true".equals(header.trim()) && !"false".equals(header.trim())) {
                throw new SwordError(UriRegistry.ERROR_BAD_REQUEST, "The In-Progress header MUST be 'true' or 'false'");
            }
            z = "true".equals(header.trim());
        }
        return z;
    }
}
