package org.georchestra.security;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Maps;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PipedInputStream;
import java.io.PipedOutputStream;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.UnknownHostException;
import java.nio.ByteBuffer;
import java.nio.channels.Channels;
import java.nio.channels.WritableByteChannel;
import java.nio.charset.Charset;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.stream.Collector;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import javax.annotation.PostConstruct;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpException;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.ProtocolException;
import org.apache.http.StatusLine;
import org.apache.http.client.RedirectStrategy;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpEntityEnclosingRequestBase;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpOptions;
import org.apache.http.client.methods.HttpPatch;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpTrace;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.concurrent.FutureCallback;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
import org.apache.http.impl.nio.client.CloseableHttpAsyncClient;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.impl.nio.client.HttpAsyncClients;
import org.apache.http.nio.ContentDecoder;
import org.apache.http.nio.IOControl;
import org.apache.http.nio.protocol.AbstractAsyncResponseConsumer;
import org.apache.http.nio.protocol.BasicAsyncRequestProducer;
import org.apache.http.protocol.HttpContext;
import org.apache.log4j.spi.LocationInfo;
import org.georchestra.commons.configuration.GeorchestraConfiguration;
import org.georchestra.commons.security.SecurityHeaders;
import org.georchestra.ds.orgs.Org;
import org.georchestra.ogcservstatistics.dataservices.LogColumns;
import org.georchestra.ogcservstatistics.log4j.OGCServiceMessageFormatter;
import org.georchestra.ogcservstatistics.log4j.OGCServicesAppender;
import org.georchestra.security.permissions.Permissions;
import org.georchestra.security.permissions.UriMatcher;
import org.json.JSONArray;
import org.json.JSONObject;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.jdbc.datasource.init.ScriptUtils;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
/* loaded from: input_file:WEB-INF/classes/org/georchestra/security/Proxy.class */
public class Proxy {
    private static final String SET_COOKIE_HEADER = "Set-Cookie";

    @Autowired
    private GeorchestraConfiguration georchestraConfiguration;

    @Autowired
    @Qualifier("ogcStatsDataSource")
    private DataSource ogcStatsDataSource;
    private String defaultTarget;
    private Permissions sameDomainPermissions;
    private String proxyPermissionsFile;
    private HttpAsyncClientBuilder httpAsyncClientBuilder;
    protected static final Log logger = LogFactory.getLog(Proxy.class.getPackage().getName());
    protected static final Log statsLogger = LogFactory.getLog(Proxy.class.getPackage().getName() + ".statistics");
    private static final RedirectStrategy NO_REDIRECT_STRATEGY = new RedirectStrategy() { // from class: org.georchestra.security.Proxy.1
        @Override // org.apache.http.client.RedirectStrategy
        public boolean isRedirected(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
            return false;
        }

        @Override // org.apache.http.client.RedirectStrategy
        public HttpUriRequest getRedirect(HttpRequest httpRequest, HttpResponse httpResponse, HttpContext httpContext) throws ProtocolException {
            return null;
        }
    };
    private static final Set<String> WEBDAV_VERBS = (Set) Stream.of((Object[]) new String[]{"COPY", "LOCK", "UNLOCK", "MKCOL", "MOVE", "PROPFIND", "PROPPATCH", "UNLOCK", "REPORT", "SEARCH"}).collect(Collectors.toSet());
    private String publicUrl = "https://georchestra.mydomain.org";
    private Map<String, String> targets = Collections.emptyMap();
    private HeadersManagementStrategy headerManagement = new HeadersManagementStrategy();
    private FilterRequestsStrategy strategyForFilteringRequests = new AcceptAllRequests();
    private List<String> requireCharsetContentTypes = Collections.emptyList();
    private String defaultCharset = "UTF-8";
    private org.springframework.security.web.RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
    private Permissions proxyPermissions = null;
    private int httpClientTimeoutMillis = 300000;
    private int entityEnclosedOrEmptyResponseTimeout = 20;
    private Gateway gateway = new Gateway();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/georchestra/security/Proxy$WebDAVRequest.class */
    public static class WebDAVRequest extends HttpEntityEnclosingRequestBase {
        private final String method;

        public WebDAVRequest(String str, URI uri) {
            this.method = str;
            setURI(uri);
        }

        @Override // org.apache.http.client.methods.HttpRequestBase, org.apache.http.client.methods.HttpUriRequest
        public String getMethod() {
            return this.method;
        }
    }

    public void setHttpClientTimeout(int i) {
        this.httpClientTimeoutMillis = i;
    }

    public void setEntityEnclosedOrEmptyResponseTimeout(int i) {
        this.entityEnclosedOrEmptyResponseTimeout = i;
    }

    public void setPublicUrl(String str) {
        this.publicUrl = str;
    }

    @PostConstruct
    public void init() throws Exception {
        OGCServicesAppender.setDataSource(this.ogcStatsDataSource);
        if (this.georchestraConfiguration != null && this.georchestraConfiguration.activated()) {
            logger.info("geOrchestra configuration detected, reconfiguration in progress ...");
            this.targets = Maps.fromProperties(this.georchestraConfiguration.loadCustomPropertiesFile("targets-mapping"));
            File file = new File(String.format("%s%s%s", this.georchestraConfiguration.getContextDataDir(), File.separator, "proxy-permissions.xml"));
            if (file.exists()) {
                logger.info("reading proxy permissions from " + file.getAbsolutePath());
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    try {
                        setProxyPermissions(Permissions.parse(fileInputStream));
                        fileInputStream.close();
                    } finally {
                    }
                } catch (Exception e) {
                    logger.error("Error during proxy permissions configuration from " + file.getAbsolutePath(), e);
                }
            }
            logger.info("Done.");
        }
        this.targets.forEach((str, str2) -> {
            String str = str + "=" + str2;
            logger.trace("verifying target mapping " + str);
            try {
                logger.trace("target mapping: " + str + "=" + new URL(str2));
            } catch (MalformedURLException e2) {
                throw new BeanInitializationException("Invalid target mapping: " + str, e2);
            }
        });
        String host = new URL(this.publicUrl).getHost();
        this.sameDomainPermissions = new Permissions();
        this.sameDomainPermissions.setDenied(Collections.singletonList(new UriMatcher(host)));
        this.sameDomainPermissions.setAllowByDefault(true);
        this.sameDomainPermissions.init();
        if (this.proxyPermissionsFile != null && this.proxyPermissions == null) {
            InputStream resourceAsStream = Proxy.class.getClassLoader().getResourceAsStream(this.proxyPermissionsFile);
            if (resourceAsStream == null) {
                throw new RuntimeException("ProxyPermissionsFile not found");
            }
            setProxyPermissions(Permissions.parse(resourceAsStream));
        }
        this.httpAsyncClientBuilder = createHttpAsyncClientBuilder();
    }

    @RequestMapping(value = {"/gateway"}, method = {RequestMethod.GET, RequestMethod.POST})
    public void gateway(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.gateway.loadCredentialsPage(httpServletRequest, httpServletResponse);
    }

    @RequestMapping(value = {"/testPage"}, method = {RequestMethod.GET})
    public void testPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        this.gateway.testPage(httpServletResponse);
    }

    @RequestMapping(value = {"/**"}, params = {"login"}, method = {RequestMethod.GET, RequestMethod.POST})
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException, URISyntaxException {
        URIBuilder uRIBuilder = new URIBuilder(httpServletRequest.getRequestURI());
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!"login".equals(str)) {
                for (String str2 : httpServletRequest.getParameterValues(str)) {
                    uRIBuilder.setParameter(str, str2);
                }
            }
        }
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, uRIBuilder.build().toString());
    }

    @RequestMapping(value = {"/**"}, params = {"login", Org.JSON_URL}, method = {RequestMethod.GET, RequestMethod.POST})
    public void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestParam("url") String str) throws ServletException, IOException {
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, str);
    }

    @RequestMapping(value = {"/proxy/"}, params = {Org.JSON_URL, "!login"})
    public void handleUrlParamRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @RequestParam("url") String str) throws IOException {
        testLegalContentType(httpServletRequest);
        try {
            URL url = new URL(str);
            if (this.sameDomainPermissions.isDenied(url) || this.proxyPermissions.isDenied(url)) {
                httpServletResponse.sendError(HttpStatus.SC_UNAUTHORIZED, "URL is not allowed.");
            } else {
                handleRequest(httpServletRequest, httpServletResponse, str, false);
            }
        } catch (MalformedURLException e) {
            httpServletResponse.sendError(400, e.getMessage());
        }
    }

    @RequestMapping(value = {"/**"}, params = {"!login"}, method = {RequestMethod.GET, RequestMethod.POST, RequestMethod.HEAD, RequestMethod.OPTIONS, RequestMethod.PUT, RequestMethod.PATCH, RequestMethod.DELETE, RequestMethod.TRACE})
    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handlePathEncodedRequests(httpServletRequest, httpServletResponse);
    }

    @RequestMapping(value = {"/"}, params = {"!url", "!login"})
    public void handleDefaultRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect(this.defaultTarget);
    }

    @RequestMapping(value = {"/whoami"}, method = {RequestMethod.GET}, produces = {MediaType.APPLICATION_JSON_UTF8_VALUE})
    @ResponseBody
    public String whoami(HttpServletRequest httpServletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String name = authentication.getName();
        JSONArray jSONArray = (JSONArray) authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collector.of(JSONArray::new, (v0, v1) -> {
            v0.put(v1);
        }, (v0, v1) -> {
            return v0.put(v1);
        }, new Collector.Characteristics[0]));
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("username", name);
        jSONObject.put(LogColumns.SECROLE_COLUMN, jSONArray);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("GeorchestraUser", jSONObject);
        return jSONObject2.toString();
    }

    private boolean urlIsProtected(HttpServletRequest httpServletRequest, URL url) throws IOException {
        if (!isSameServer(httpServletRequest, url)) {
            return false;
        }
        String[] splitRequestPath = splitRequestPath(url.getPath());
        Iterator<String> it = this.targets.values().iterator();
        while (it.hasNext()) {
            if (samePathPrefix(splitRequestPath, it.next())) {
                return true;
            }
        }
        return false;
    }

    private boolean isSameServer(HttpServletRequest httpServletRequest, URL url) {
        try {
            return InetAddress.getByName(httpServletRequest.getServerName()).equals(InetAddress.getByName(url.getHost()));
        } catch (UnknownHostException e) {
            logger.error(e.getMessage(), e);
            return false;
        }
    }

    private boolean samePathPrefix(String[] strArr, String str) throws MalformedURLException {
        String[] splitRequestPath = splitRequestPath(new URL(str).getPath());
        for (int i = 0; i < splitRequestPath.length; i++) {
            if (!splitRequestPath[i].equals(strArr[i])) {
                return false;
            }
        }
        return true;
    }

    private String[] splitRequestPath(String str) {
        return filter(str.split("/"));
    }

    private void testLegalContentType(HttpServletRequest httpServletRequest) {
        String contentType = httpServletRequest.getContentType();
        if (contentType == null) {
            return;
        }
        String str = contentType.split(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR)[0];
        Iterator<String> it = this.requireCharsetContentTypes.iterator();
        while (it.hasNext()) {
            if (!it.next().equals(str)) {
                return;
            }
        }
        throw new IllegalArgumentException("ContentType " + contentType + " is not permitted to be requested when the request is made through the URL parameter form.");
    }

    private String buildForwardRequestURL(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().replaceAll("//", "/");
    }

    private void handlePathEncodedRequests(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String str = httpServletRequest.getServletPath() + httpServletRequest.getContextPath();
            String buildForwardRequestURL = buildForwardRequestURL(httpServletRequest);
            logger.debug("handlePathEncodedRequests: -- Handling Request: " + HttpMethod.resolve(httpServletRequest.getMethod()) + ":" + buildForwardRequestURL + " from: " + httpServletRequest.getRemoteAddr());
            String findTarget = findTarget(buildForwardRequestURL);
            if (findTarget == null) {
                httpServletResponse.sendError(HttpStatus.SC_NOT_FOUND);
                return;
            }
            try {
                URL url = new URL(findTarget);
                try {
                    if (isSameHostAndPort(httpServletRequest, url) && (isRecursiveCallToProxy(buildForwardRequestURL, str) || isRecursiveCallToProxy(url.getPath(), str))) {
                        httpServletResponse.sendError(HttpStatus.SC_FORBIDDEN, buildForwardRequestURL + " is a recursive call to this service.  That is not a legal request");
                        return;
                    }
                    String queryString = httpServletRequest.getQueryString();
                    if (!(httpServletRequest.getParameter(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER) != null && httpServletRequest.getUserPrincipal() == null && urlIsProtected(httpServletRequest, new URL(findTarget)))) {
                        if (queryString != null) {
                            findTarget = findTarget + "?" + queryString;
                        }
                        handleRequest(httpServletRequest, httpServletResponse, findTarget, true);
                    } else {
                        Object[] objArr = new Object[3];
                        objArr[0] = httpServletRequest.getPathInfo();
                        objArr[1] = StringUtils.isEmpty(queryString) ? LocationInfo.NA : queryString;
                        objArr[2] = "login";
                        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, String.format("%s%s%s", objArr));
                    }
                } catch (UnknownHostException e) {
                    logger.error("Unknown host in requested URL", e);
                    httpServletResponse.sendError(503);
                }
            } catch (MalformedURLException e2) {
                throw new MalformedURLException(findTarget + " is not a valid URL");
            }
        } catch (IOException e3) {
            logger.error("Error connecting to client", e3);
        }
    }

    private boolean isSameHostAndPort(HttpServletRequest httpServletRequest, URL url) throws IOException {
        return isSameServer(httpServletRequest, url) && url.getPort() == httpServletRequest.getServerPort();
    }

    private String findTarget(String str) {
        String str2;
        String[] split = str.charAt(0) == '/' ? str.substring(1).split("/") : str.split("/");
        if (split.length == 0 || (str2 = this.targets.get(split[0])) == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder("/");
        for (int i = 1; i < split.length; i++) {
            sb.append(split[i]);
            if (i + 1 < split.length) {
                sb.append("/");
            }
        }
        if (str.endsWith("/") && sb.charAt(sb.length() - 1) != '/') {
            sb.append('/');
        }
        return concat(str2, sb);
    }

    private String concat(String str, StringBuilder sb) {
        if (str == null) {
            return null;
        }
        String str2 = str;
        if (str.endsWith("/")) {
            str2 = str.substring(0, str.length() - 1);
        }
        if (sb.charAt(0) != '/') {
            sb.insert(0, '/');
        }
        return str2 + sb;
    }

    private String findMatchingTarget(HttpServletRequest httpServletRequest) {
        String[] splitRequestPath = splitRequestPath(buildForwardRequestURL(httpServletRequest));
        if (splitRequestPath.length != 0 && this.targets.containsKey(splitRequestPath[0])) {
            return splitRequestPath[0];
        }
        return null;
    }

    private void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, boolean z) {
        Header extractHeaderSetCookie;
        try {
            try {
                CloseableHttpAsyncClient build = this.httpAsyncClientBuilder.build();
                try {
                    build.start();
                    try {
                        URL url = new URL(str);
                        if (!"http".equalsIgnoreCase(url.getProtocol()) && !PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT.equalsIgnoreCase(url.getProtocol())) {
                            httpServletResponse.sendError(400, "HTTP protocol expected. \"" + url.getProtocol() + "\" used.");
                            if (build != null) {
                                build.close();
                                return;
                            }
                            return;
                        }
                        if (!this.strategyForFilteringRequests.allowRequest(url)) {
                            httpServletResponse.sendError(400, "Host \"" + url.getHost() + "\" is not allowed to be requested");
                            if (build != null) {
                                build.close();
                                return;
                            }
                            return;
                        }
                        logger.debug("Final request -- " + str);
                        HttpRequestBase makeRequest = makeRequest(httpServletRequest, str);
                        String findMatchingTarget = findMatchingTarget(httpServletRequest);
                        logger.debug("Gathering headers for service " + findMatchingTarget);
                        this.headerManagement.configureRequestHeaders(httpServletRequest, makeRequest, z, findMatchingTarget);
                        try {
                            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                            String str2 = "";
                            for (Header header : makeRequest.getHeaders(SecurityHeaders.SEC_ORGNAME)) {
                                str2 = header.getValue();
                            }
                            if (!httpServletRequest.getRequestURI().startsWith("/proxy/")) {
                                String[] strArr = {""};
                                try {
                                    Header[] headers = makeRequest.getHeaders(SecurityHeaders.SEC_ROLES);
                                    if (headers.length > 0) {
                                        strArr = headers[0].getValue().split(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR);
                                    }
                                } catch (Exception e) {
                                    logger.error("Unable to compute roles");
                                }
                                String name = authentication.getName();
                                if (!name.equals("anonymousUser")) {
                                    name = name.toLowerCase();
                                }
                                statsLogger.info(OGCServiceMessageFormatter.format(name, str, str2, strArr));
                            }
                        } catch (Exception e2) {
                            logger.error("Unable to log the request into the statistics logger", e2);
                        }
                        HttpResponse executeHttpRequest = executeHttpRequest(build, makeRequest);
                        StatusLine statusLine = executeHttpRequest.getStatusLine();
                        int statusCode = statusLine.getStatusCode();
                        String reasonPhrase = statusLine.getReasonPhrase();
                        if (reasonPhrase != null && statusCode >= 400) {
                            logger.warn("Downstream server returned a status code which could be an error. Statuscode: " + statusCode + ", reason: " + reasonPhrase);
                            if (statusCode == 401) {
                                Header firstHeader = executeHttpRequest.getFirstHeader("WWW-Authenticate");
                                httpServletResponse.setHeader("WWW-Authenticate", firstHeader == null ? "Basic realm=\"Authentication required\"" : firstHeader.getValue());
                            }
                            if (statusCode == 404 || statusCode == 403) {
                                if (str.contains("/geonetwork/") && (extractHeaderSetCookie = extractHeaderSetCookie(executeHttpRequest)) != null) {
                                    httpServletResponse.addHeader(extractHeaderSetCookie.getName(), extractHeaderSetCookie.getValue());
                                }
                                httpServletResponse.sendError(statusCode);
                                if (build != null) {
                                    build.close();
                                    return;
                                }
                                return;
                            }
                        }
                        this.headerManagement.copyResponseHeaders(httpServletRequest, httpServletRequest.getRequestURI(), executeHttpRequest, httpServletResponse, this.targets);
                        if (statusCode == 301 || statusCode == 302) {
                            Optional<String> adjustLocation = adjustLocation(httpServletRequest, executeHttpRequest);
                            if (!adjustLocation.isPresent()) {
                                httpServletResponse.sendError(500, "Unable to proxify redirect URL");
                                if (build != null) {
                                    build.close();
                                    return;
                                }
                                return;
                            }
                            logger.debug("Handling redirect to " + adjustLocation.get());
                            httpServletResponse.setStatus(statusCode);
                            httpServletResponse.setHeader("Location", adjustLocation.get());
                        }
                        doHandleRequest(httpServletResponse, executeHttpRequest);
                        if (build != null) {
                            build.close();
                        }
                    } catch (MalformedURLException e3) {
                        httpServletResponse.sendError(400, e3.getMessage());
                        if (build != null) {
                            build.close();
                        }
                    }
                } catch (Throwable th) {
                    if (build != null) {
                        try {
                            build.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException | InterruptedException | ExecutionException e4) {
                logger.error(String.format("Exception occured when trying to connect to the remote url '%s'", str), e4);
                try {
                    if (e4.getCause() instanceof UnknownHostException) {
                        httpServletResponse.sendError(HttpStatus.SC_NOT_FOUND);
                    } else {
                        httpServletResponse.sendError(503);
                    }
                } catch (IOException e5) {
                    httpServletResponse.setStatus(500);
                }
            }
        } catch (TimeoutException e6) {
            logger.error(String.format("timeout on [%s] '%s'", httpServletRequest.getMethod(), str), e6);
            try {
                httpServletResponse.sendError(504);
            } catch (IOException e7) {
                logger.error(e7);
                httpServletResponse.setStatus(500);
            }
        }
    }

    private HttpAsyncClientBuilder createHttpAsyncClientBuilder() {
        HttpAsyncClientBuilder redirectStrategy = HttpAsyncClients.custom().setRedirectStrategy(NO_REDIRECT_STRATEGY);
        redirectStrategy.setDefaultRequestConfig(RequestConfig.custom().setSocketTimeout(this.httpClientTimeoutMillis).build());
        redirectStrategy.setRoutePlanner(new SystemDefaultRoutePlanner(ProxySelector.getDefault()));
        return redirectStrategy;
    }

    private Header extractHeaderSetCookie(HttpResponse httpResponse) {
        for (Header header : httpResponse.getAllHeaders()) {
            if (header.getName().equalsIgnoreCase("Set-Cookie")) {
                return header;
            }
        }
        return null;
    }

    @VisibleForTesting
    protected HttpResponse executeHttpRequest(CloseableHttpAsyncClient closeableHttpAsyncClient, HttpRequestBase httpRequestBase) throws IOException, TimeoutException, ExecutionException, InterruptedException {
        final CompletableFuture completableFuture = new CompletableFuture();
        closeableHttpAsyncClient.execute(new BasicAsyncRequestProducer(new HttpHost(httpRequestBase.getURI().getHost(), httpRequestBase.getURI().getPort(), httpRequestBase.getURI().getScheme()), httpRequestBase) { // from class: org.georchestra.security.Proxy.3
            @Override // org.apache.http.nio.protocol.BasicAsyncRequestProducer, org.apache.http.nio.protocol.HttpAsyncRequestProducer, org.apache.http.nio.protocol.HttpAsyncResponseConsumer
            public void failed(Exception exc) {
                completableFuture.completeExceptionally(exc);
            }
        }, new AbstractAsyncResponseConsumer<Boolean>() { // from class: org.georchestra.security.Proxy.2
            private HttpResponse httpResponse;
            private ByteBuffer bbuf = ByteBuffer.allocate(8192);
            private PipedOutputStream pos = new PipedOutputStream();
            private PipedInputStream pis = new PipedInputStream(this.pos);
            private WritableByteChannel channel = Channels.newChannel(this.pos);

            @Override // org.apache.http.nio.protocol.AbstractAsyncResponseConsumer
            protected void onEntityEnclosed(HttpEntity httpEntity, ContentType contentType) throws IOException {
                this.httpResponse.setEntity(new InputStreamEntity(this.pis, contentType));
                completableFuture.complete(this.httpResponse);
            }

            @Override // org.apache.http.nio.protocol.AbstractAsyncResponseConsumer
            protected void onContentReceived(ContentDecoder contentDecoder, IOControl iOControl) throws IOException {
                int read = contentDecoder.read(this.bbuf);
                while (read > 0) {
                    this.bbuf.flip();
                    while (this.bbuf.hasRemaining()) {
                        this.channel.write(this.bbuf);
                    }
                    this.bbuf.clear();
                    read = contentDecoder.read(this.bbuf);
                }
            }

            @Override // org.apache.http.nio.protocol.AbstractAsyncResponseConsumer
            protected void releaseResources() {
                try {
                    this.channel.close();
                    this.pos.close();
                } catch (IOException e) {
                }
            }

            @Override // org.apache.http.nio.protocol.AbstractAsyncResponseConsumer
            protected void onResponseReceived(HttpResponse httpResponse) throws HttpException, IOException {
                this.httpResponse = httpResponse;
                if (httpResponse.getEntity() == null) {
                    completableFuture.complete(httpResponse);
                }
            }

            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.http.nio.protocol.AbstractAsyncResponseConsumer
            public Boolean buildResult(HttpContext httpContext) throws Exception {
                return Boolean.TRUE;
            }
        }, (FutureCallback) null);
        return (HttpResponse) completableFuture.get(this.entityEnclosedOrEmptyResponseTimeout, TimeUnit.MINUTES);
    }

    @Nullable
    private String extractLocationHeader(HttpResponse httpResponse) {
        Header firstHeader = httpResponse.getFirstHeader("Location");
        if (firstHeader == null) {
            return null;
        }
        return firstHeader.getValue();
    }

    private Optional<String> adjustLocation(HttpServletRequest httpServletRequest, HttpResponse httpResponse) {
        logger.debug("adjustLocation called for request: " + httpServletRequest.getRequestURI());
        String findMatchingTarget = findMatchingTarget(httpServletRequest);
        String extractLocationHeader = extractLocationHeader(httpResponse);
        String str = extractLocationHeader;
        if (findMatchingTarget != null) {
            if (logger.isDebugEnabled()) {
                logger.debug("adjustLocation found target: " + findMatchingTarget + " for request: " + httpServletRequest.getRequestURI());
            }
            try {
                URI uri = new URI(this.targets.get(findMatchingTarget));
                logger.debug("adjustLocation process header: " + extractLocationHeader);
                URI resolve = uri.resolve(new URI(extractLocationHeader));
                logger.debug("Test location header: " + resolve.toString() + " against: " + uri.toString());
                if (resolve.toString().startsWith(uri.toString())) {
                    String substring = resolve.toString().substring(uri.toString().length());
                    String str2 = "/" + findMatchingTarget;
                    if (!substring.startsWith("/")) {
                        str2 = str2 + "/";
                    }
                    String str3 = str2 + substring;
                    logger.debug("adjustLocation from: " + extractLocationHeader + " to " + str3);
                    str = str3;
                }
            } catch (URISyntaxException e) {
                logger.info("Error creating baseURI from baseURL, leaving original Location header untouched", e);
            }
        }
        return Optional.ofNullable(str);
    }

    private void doHandleRequest(HttpServletResponse httpServletResponse, HttpResponse httpResponse) throws IOException {
        httpServletResponse.setStatus(httpResponse.getStatusLine().getStatusCode());
        HttpEntity entity = httpResponse.getEntity();
        if (entity != null) {
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                entity.writeTo(outputStream);
                outputStream.flush();
                outputStream.close();
            } catch (Throwable th) {
                outputStream.flush();
                outputStream.close();
                throw th;
            }
        }
    }

    URI buildUri(String str) throws IOException {
        try {
            URL url = new URL(str);
            URI uri = new URI(url.getProtocol(), url.getUserInfo(), url.getHost(), url.getPort(), url.getPath(), null, url.getRef());
            StringBuilder sb = new StringBuilder(url.getProtocol() + "://" + url.getHost());
            if (url.getPort() != -1) {
                sb.append(":" + String.valueOf(url.getPort()));
            }
            sb.append(uri.getPath());
            if (url.getQuery() != null) {
                sb.append("?" + url.getQuery());
            }
            return new URI(sb.toString());
        } catch (URISyntaxException e) {
            logger.error("ERROR creating URI from " + str, e);
            throw new IOException(e);
        }
    }

    protected HttpRequestBase makeRequest(HttpServletRequest httpServletRequest, String str) throws IOException {
        URI buildUri = buildUri(str);
        String upperCase = httpServletRequest.getMethod().toUpperCase();
        if (logger.isDebugEnabled()) {
            logger.debug("New request is: " + str + "\nRequest is " + upperCase);
        }
        WebDAVRequest makeWebDavRequest = isWebDavVerb(upperCase) ? makeWebDavRequest(httpServletRequest, buildUri, upperCase) : makeHttpRequest(httpServletRequest, buildUri, upperCase);
        if (makeWebDavRequest instanceof HttpEntityEnclosingRequestBase) {
            makeWebDavRequest.setEntity(new InputStreamEntity((InputStream) httpServletRequest.getInputStream(), httpServletRequest.getContentLength()));
        }
        return makeWebDavRequest;
    }

    private HttpRequestBase makeHttpRequest(HttpServletRequest httpServletRequest, URI uri, String str) {
        HttpMethod resolve = HttpMethod.resolve(str);
        if (resolve == null) {
            throw new IllegalArgumentException(str + " is not supported.");
        }
        switch (resolve) {
            case GET:
                return new HttpGet(uri);
            case POST:
                return new HttpPost(uri);
            case TRACE:
                return new HttpTrace(uri);
            case OPTIONS:
                return new HttpOptions(uri);
            case HEAD:
                return new HttpHead(uri);
            case PUT:
                return new HttpPut(uri);
            case DELETE:
                return new HttpDelete(uri);
            case PATCH:
                return new HttpPatch(uri);
            default:
                String str2 = resolve + " not yet supported";
                logger.error(str2);
                throw new IllegalArgumentException(str2);
        }
    }

    private boolean isWebDavVerb(String str) {
        return WEBDAV_VERBS.contains(str);
    }

    private WebDAVRequest makeWebDavRequest(HttpServletRequest httpServletRequest, URI uri, String str) {
        return new WebDAVRequest(str, uri);
    }

    protected String[] filter(String[] strArr) {
        return (String[]) Arrays.stream(strArr).filter(str -> {
            return str.length() > 0;
        }).toArray(i -> {
            return new String[i];
        });
    }

    protected boolean isRecursiveCallToProxy(String str, String str2) {
        String[] filter = filter(str.split("/"));
        String[] filter2 = filter(str2.split("/"));
        if (filter.length < filter2.length) {
            return false;
        }
        for (int i = 0; i < filter2.length && i < filter.length; i++) {
            if (!filter2[i].equalsIgnoreCase(filter[i])) {
                return false;
            }
        }
        return true;
    }

    public void setDefaultTarget(String str) {
        this.defaultTarget = str;
    }

    public void setTargets(Map<String, String> map) {
        this.targets = map == null ? ImmutableMap.of() : ImmutableMap.copyOf((Map) map);
    }

    public void setHeaderManagement(HeadersManagementStrategy headersManagementStrategy) {
        this.headerManagement = headersManagementStrategy;
    }

    public void setRequireCharsetContentTypes(List<String> list) {
        this.requireCharsetContentTypes = list;
    }

    public void setStrategyForFilteringRequests(FilterRequestsStrategy filterRequestsStrategy) {
        this.strategyForFilteringRequests = filterRequestsStrategy;
    }

    public void setDefaultCharset(String str) {
        try {
            Charset.forName(str);
            this.defaultCharset = str;
        } catch (Throwable th) {
            throw new IllegalArgumentException(str + " is not supported by current JVM");
        }
    }

    public void setRedirectStrategy(org.springframework.security.web.RedirectStrategy redirectStrategy) {
        this.redirectStrategy = redirectStrategy;
    }

    public void setProxyPermissionsFile(String str) {
        this.proxyPermissionsFile = str;
    }

    public void setProxyPermissions(Permissions permissions) throws UnknownHostException {
        this.proxyPermissions = permissions;
    }

    public Permissions getProxyPermissions() {
        return this.proxyPermissions;
    }

    @VisibleForTesting
    public void setOgcStatsDataSource(DataSource dataSource) {
        this.ogcStatsDataSource = dataSource;
    }
}
