package org.fao.geonet.common.search;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.zip.DeflaterInputStream;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.elasticsearch.index.query.BoolQueryBuilder;
import org.elasticsearch.index.query.functionscore.FunctionScoreQueryBuilder;
import org.elasticsearch.search.SearchHits;
import org.fao.geonet.common.MetricUtil;
import org.fao.geonet.common.search.domain.Profile;
import org.fao.geonet.common.search.domain.UserInfo;
import org.fao.geonet.common.search.domain.es.EsSearchResults;
import org.fao.geonet.common.search.processor.SearchResponseProcessor;
import org.osgi.framework.BundlePermission;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.http.MediaType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/gn-cloud-common-search-4.4.5-0.jar:org/fao/geonet/common/search/ElasticSearchProxy.class */
public class ElasticSearchProxy {
    private static final Logger log = LoggerFactory.getLogger("org.fao.geonet.searching");
    public static final String[] validContentTypes = {"application/json", "text/plain", MediaType.APPLICATION_RSS_XML_VALUE};
    public static final List<String> ignoredHeaders = Arrays.asList(BundlePermission.HOST, "x-xsrf-token", "cookie", "accept", "content-type");
    private HashMap<String, SearchResponseProcessor> responseProcessors;

    @Autowired
    ApplicationContext applicationContext;

    @Autowired
    SearchConfiguration searchConfiguration;

    @Autowired
    FilterBuilder filterBuilder;

    @Value("${gn.index.records:gn-cloud-records}")
    String defaultIndex;

    @Value("${gn.index.username}")
    private String username;

    @Value("${gn.index.password}")
    private String password;

    @Value("${gn.index.url}")
    String serverUrl;

    @PostConstruct
    public void init() {
        this.responseProcessors = new HashMap<>();
        this.searchConfiguration.getFormats().forEach(format -> {
            try {
                if (StringUtils.isNotEmpty(format.getResponseProcessor())) {
                    SearchResponseProcessor searchResponseProcessor = (SearchResponseProcessor) this.applicationContext.getBean(format.getResponseProcessor());
                    this.responseProcessors.put(format.getName(), searchResponseProcessor);
                    this.responseProcessors.put(format.getMimeType(), searchResponseProcessor);
                    if (this.searchConfiguration.getDefaultMimeType().equals(format.getMimeType())) {
                        this.responseProcessors.put("*/*", searchResponseProcessor);
                    }
                }
            } catch (Exception e) {
                log.error("Error while registering format {} with processor {}. Error is: {}.Check that the processor as a name eg. '@Component(\"JsonLdResponseProcessorImpl\")'", format.getName(), format.getResponseProcessor(), e.getMessage());
            }
        });
    }

    public void search(HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws Exception {
        UserInfo userInfo = getUserInfo();
        handleRequest(httpSession, httpServletRequest, httpServletResponse, processSearchQuery(str, str2, userInfo), userInfo, true, str2);
    }

    public EsSearchResults searchAndGetResultAsObject(HttpSession httpSession, HttpServletRequest httpServletRequest, String str, String str2) throws Exception {
        UserInfo userInfo = getUserInfo();
        return handleRequestAndGetObjectResult(httpSession, httpServletRequest, processSearchQuery(str, str2, userInfo), userInfo, true, str2);
    }

    public String searchAndGetResult(HttpSession httpSession, HttpServletRequest httpServletRequest, String str, String str2) throws Exception {
        UserInfo userInfo = getUserInfo();
        return handleRequestAndGetResult(httpSession, httpServletRequest, processSearchQuery(str, str2, userInfo), userInfo, true, str2);
    }

    private void addFilterToQuery(ObjectMapper objectMapper, JsonNode jsonNode, UserInfo userInfo) throws Exception {
        JsonNode readTree = objectMapper.readTree(this.filterBuilder.buildQueryFilter("", userInfo));
        JsonNode jsonNode2 = jsonNode.get("query");
        if (jsonNode2.get(FunctionScoreQueryBuilder.NAME) != null) {
            insertFilter((ObjectNode) jsonNode2.get(FunctionScoreQueryBuilder.NAME).get("query").get(BoolQueryBuilder.NAME), readTree);
            return;
        }
        if (jsonNode2.get(BoolQueryBuilder.NAME) != null) {
            insertFilter((ObjectNode) jsonNode2.get(BoolQueryBuilder.NAME), readTree);
            return;
        }
        ObjectNode objectNode = (ObjectNode) jsonNode.get("query").deepCopy();
        ObjectNode createObjectNode = objectMapper.createObjectNode();
        createObjectNode.set("must", objectNode);
        createObjectNode.set("filter", readTree);
        ((ObjectNode) jsonNode2).removeAll();
        ((ObjectNode) jsonNode2).set(BoolQueryBuilder.NAME, createObjectNode);
    }

    private void insertFilter(ObjectNode objectNode, JsonNode jsonNode) {
        JsonNode jsonNode2 = objectNode.get("filter");
        if (jsonNode2 == null || !jsonNode2.isArray()) {
            objectNode.set("filter", jsonNode);
        } else {
            ((ArrayNode) jsonNode2).add(jsonNode);
        }
    }

    /* JADX WARN: Finally extract failed */
    private void handleRequest(HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, UserInfo userInfo, boolean z, String str2) throws Exception {
        InputStream inputStream;
        OutputStream outputStream;
        String searchUrl = getSearchUrl();
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(searchUrl).openConnection();
            try {
                try {
                    httpURLConnection.setRequestMethod(isSearch(httpServletRequest) ? "POST" : httpServletRequest.getMethod());
                    copyHeadersToConnection(httpServletRequest, httpURLConnection);
                    if (StringUtils.isNotEmpty(this.username) && StringUtils.isNotEmpty(this.password)) {
                        httpURLConnection.setRequestProperty("Authorization", "Basic " + new String(Base64.getEncoder().encode((this.username + ":" + this.password).getBytes(StandardCharsets.UTF_8))));
                    }
                    httpURLConnection.setDoOutput(true);
                    log.debug(str);
                    httpURLConnection.getOutputStream().write(str.getBytes(Constants.ENCODING));
                    httpURLConnection.connect();
                    String contentEncoding = getContentEncoding(httpURLConnection.getHeaderFields());
                    int responseCode = httpURLConnection.getResponseCode();
                    if (responseCode != 200) {
                        httpServletResponse.sendError(responseCode, String.format("Error is: %s.\nRequest:\n%s.\nError:\n%s.", httpURLConnection.getResponseMessage(), str, IOUtils.toString(GzipHandler.GZIP.equalsIgnoreCase(contentEncoding) ? new GZIPInputStream(httpURLConnection.getErrorStream()) : httpURLConnection.getErrorStream())));
                        httpURLConnection.disconnect();
                        return;
                    }
                    String contentType = httpURLConnection.getContentType();
                    if (contentType == null) {
                        httpServletResponse.sendError(403, "Host url has been validated by proxy but content type given by remote host is null");
                        httpURLConnection.disconnect();
                        return;
                    }
                    if (!isContentTypeValid(contentType)) {
                        if (httpURLConnection.getResponseMessage() == null || !httpURLConnection.getResponseMessage().equalsIgnoreCase("Not Found")) {
                            httpServletResponse.sendError(403, "The content type of the remote host's response \"" + contentType + "\" is not allowed by the proxy rules");
                            httpURLConnection.disconnect();
                            return;
                        } else {
                            httpServletResponse.sendError(404, "Remote host not found");
                            httpURLConnection.disconnect();
                            return;
                        }
                    }
                    copyHeadersFromConnectionToResponse(httpServletResponse, httpURLConnection, "Content-Length");
                    if (!contentType.split(";")[0].equals("application/json")) {
                        z = false;
                    }
                    if (contentEncoding == null || !z) {
                        inputStream = httpURLConnection.getInputStream();
                        outputStream = httpServletResponse.getOutputStream();
                    } else if (GzipHandler.GZIP.equalsIgnoreCase(contentEncoding)) {
                        inputStream = new GZIPInputStream(httpURLConnection.getInputStream());
                        outputStream = new GZIPOutputStream(httpServletResponse.getOutputStream());
                    } else {
                        if (!GzipHandler.DEFLATE.equalsIgnoreCase(contentEncoding)) {
                            throw new UnsupportedOperationException("Please handle the stream when it is encoded in " + contentEncoding);
                        }
                        inputStream = new DeflaterInputStream(httpURLConnection.getInputStream());
                        outputStream = new DeflaterOutputStream(httpServletResponse.getOutputStream());
                    }
                    try {
                        processResponse(httpServletRequest, httpSession, inputStream, outputStream, z, str2, userInfo);
                        IOUtils.closeQuietly(inputStream);
                        httpURLConnection.disconnect();
                    } catch (Throwable th) {
                        IOUtils.closeQuietly(inputStream);
                        throw th;
                    }
                } catch (Throwable th2) {
                    httpURLConnection.disconnect();
                    throw th2;
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new Exception(String.format("Failed to connect to index at URL %s. %s", searchUrl, e.getMessage()), e);
            }
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new Exception(String.format("Failed to request index at URL %s. Check configuration.", searchUrl), e2);
        }
    }

    private String handleRequestAndGetResult(HttpSession httpSession, HttpServletRequest httpServletRequest, String str, UserInfo userInfo, boolean z, String str2) throws Exception {
        String searchUrl = getSearchUrl();
        try {
            URL url = new URL(searchUrl);
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
            try {
                try {
                    httpURLConnection.setRequestMethod(isSearch(httpServletRequest) ? "POST" : httpServletRequest.getMethod());
                    copyHeadersToConnection(httpServletRequest, httpURLConnection, Arrays.asList("accept-encoding"));
                    if (StringUtils.isNotEmpty(this.username) && StringUtils.isNotEmpty(this.password)) {
                        httpURLConnection.setRequestProperty("Authorization", "Basic " + new String(Base64.getEncoder().encode((this.username + ":" + this.password).getBytes(StandardCharsets.UTF_8))));
                        log.debug("Setting auth for user '{}'", this.username);
                    }
                    httpURLConnection.setDoOutput(true);
                    log.debug("Searching in '{}' query: {}", url, str);
                    httpURLConnection.getOutputStream().write(str.getBytes(Constants.ENCODING));
                    httpURLConnection.connect();
                    String contentEncoding = getContentEncoding(httpURLConnection.getHeaderFields());
                    if (httpURLConnection.getResponseCode() != 200) {
                        throw new Exception(String.format("Error is: %s.\nRequest:\n%s.\nError:\n%s.", httpURLConnection.getResponseMessage(), str, IOUtils.toString(GzipHandler.GZIP.equalsIgnoreCase(contentEncoding) ? new GZIPInputStream(httpURLConnection.getErrorStream()) : httpURLConnection.getErrorStream())));
                    }
                    String contentType = httpURLConnection.getContentType();
                    if (contentType == null) {
                        throw new Exception("Host url has been validated by proxy but content type given by remote host is null");
                    }
                    if (!isContentTypeValid(contentType)) {
                        if (httpURLConnection.getResponseMessage() == null || !httpURLConnection.getResponseMessage().equalsIgnoreCase("Not Found")) {
                            throw new Exception("The content type of the remote host's response \"" + contentType + "\" is not allowed by the proxy rules");
                        }
                        throw new Exception("Remote host not found");
                    }
                    if (!contentType.split(";")[0].equals("application/json")) {
                        z = false;
                    }
                    InputStream inputStream = httpURLConnection.getInputStream();
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    try {
                        processResponse(httpServletRequest, httpSession, inputStream, byteArrayOutputStream, z, str2, userInfo);
                        String obj = byteArrayOutputStream.toString();
                        IOUtils.closeQuietly(inputStream);
                        httpURLConnection.disconnect();
                        return obj;
                    } catch (Throwable th) {
                        IOUtils.closeQuietly(inputStream);
                        throw th;
                    }
                } catch (Throwable th2) {
                    httpURLConnection.disconnect();
                    throw th2;
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new Exception(String.format("Failed to connect to index at URL %s. %s", searchUrl, e.getMessage()), e);
            }
        } catch (IOException e2) {
            e2.printStackTrace();
            throw new Exception(String.format("Failed to request index at URL %s. Check configuration.", searchUrl), e2);
        }
    }

    private EsSearchResults handleRequestAndGetObjectResult(HttpSession httpSession, HttpServletRequest httpServletRequest, String str, UserInfo userInfo, boolean z, String str2) throws Exception {
        String handleRequestAndGetResult = handleRequestAndGetResult(httpSession, httpServletRequest, str, userInfo, z, str2);
        ObjectMapper objectMapper = new ObjectMapper();
        return (EsSearchResults) objectMapper.readValue(((JsonNode) objectMapper.readTree(objectMapper.getFactory().createParser(handleRequestAndGetResult))).get(SearchHits.Fields.HITS).toPrettyString(), EsSearchResults.class);
    }

    private boolean isSearch(HttpServletRequest httpServletRequest) {
        return this.responseProcessors.containsKey(getAcceptValue(httpServletRequest));
    }

    private String getAcceptValue(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("f");
        if (StringUtils.isEmpty(parameter)) {
            parameter = httpServletRequest.getHeader("Accept");
            if (StringUtils.isNotEmpty(parameter) && parameter.contains(",")) {
                return parameter.split(",")[0];
            }
        }
        return parameter;
    }

    private String getContentEncoding(Map<String, List<String>> map) {
        for (String str : map.keySet()) {
            if (str != null && "Content-Encoding".equalsIgnoreCase(str)) {
                List<String> list = map.get(str);
                StringBuilder sb = new StringBuilder();
                Objects.requireNonNull(sb);
                list.forEach(sb::append);
                return sb.toString().toLowerCase();
            }
        }
        return null;
    }

    private void copyHeadersFromConnectionToResponse(HttpServletResponse httpServletResponse, HttpURLConnection httpURLConnection, String... strArr) {
        Map<String, List<String>> headerFields = httpURLConnection.getHeaderFields();
        for (String str : headerFields.keySet()) {
            if (!isInIgnoreList(str, strArr)) {
                List<String> list = headerFields.get(str);
                StringBuilder sb = new StringBuilder();
                Objects.requireNonNull(sb);
                list.forEach(sb::append);
                if (str != null && (!"Transfer-Encoding".equalsIgnoreCase(str) || !"chunked".equalsIgnoreCase(sb.toString()))) {
                    httpServletResponse.addHeader(str, sb.toString());
                }
            }
        }
    }

    private boolean isInIgnoreList(String str, String[] strArr) {
        if (str == null) {
            return false;
        }
        for (String str2 : strArr) {
            if (str.equalsIgnoreCase(str2)) {
                return true;
            }
        }
        return false;
    }

    protected void copyHeadersToConnection(HttpServletRequest httpServletRequest, HttpURLConnection httpURLConnection) {
        copyHeadersToConnection(httpServletRequest, httpURLConnection, null);
    }

    protected void copyHeadersToConnection(HttpServletRequest httpServletRequest, HttpURLConnection httpURLConnection, List<String> list) {
        if (list == null) {
            list = new ArrayList();
        }
        Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String nextElement = headerNames.nextElement();
            String header = httpServletRequest.getHeader(nextElement);
            if (!ignoredHeaders.contains(nextElement.toLowerCase()) && !list.contains(nextElement.toLowerCase())) {
                httpURLConnection.setRequestProperty(nextElement, header);
            }
            httpURLConnection.setRequestProperty("accept", "application/json");
            httpURLConnection.setRequestProperty("content-type", "application/json");
        }
    }

    protected boolean isContentTypeValid(String str) {
        String str2 = str.split(";")[0];
        for (String str3 : validContentTypes) {
            if (str3.equals(str2)) {
                return true;
            }
        }
        return false;
    }

    private String getSearchUrl() {
        return this.serverUrl + "/" + this.defaultIndex + "/_search?";
    }

    private UserInfo getUserInfo() {
        UserInfo userInfo = new UserInfo();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication.getPrincipal().toString().equalsIgnoreCase("anonymousUser")) {
            userInfo.setViewingGroups(Collections.emptyList());
            userInfo.setEditingGroups(Collections.emptyList());
            return userInfo;
        }
        userInfo.setUserName(authentication.getName());
        GrantedAuthority grantedAuthority = authentication.getAuthorities().stream().findFirst().get();
        if (grantedAuthority.getAuthority().equals(MetricUtil.METRIC_PREFIX)) {
            Map<String, Object> attributes = ((OAuth2UserAuthority) grantedAuthority).getAttributes();
            String str = (String) attributes.get("highest_profile");
            if (StringUtils.isNotEmpty(str)) {
                userInfo.setHighestProfile(Profile.valueOf(str).name());
            }
            userInfo.setUserId((Integer) attributes.get("user_id"));
            userInfo.setViewingGroups((List) attributes.get(Profile.Reviewer.name()));
            userInfo.setEditingGroups((List) attributes.get(Profile.Editor.name()));
        }
        return userInfo;
    }

    private String processSearchQuery(String str, String str2, UserInfo userInfo) throws Exception {
        JsonNode jsonNode;
        ObjectMapper objectMapper = new ObjectMapper();
        MappingIterator readValues = objectMapper.readerFor(JsonNode.class).readValues(str);
        StringBuffer stringBuffer = new StringBuffer();
        while (readValues.hasNextValue()) {
            JsonNode jsonNode2 = (JsonNode) readValues.nextValue();
            if (jsonNode2.get("index") != null) {
                ((ObjectNode) jsonNode2).put("index", this.defaultIndex);
            } else {
                if (jsonNode2.get("query") != null) {
                    addFilterToQuery(objectMapper, jsonNode2, userInfo);
                    if (str2 != null) {
                    }
                }
                JsonNode jsonNode3 = jsonNode2.get("_source");
                if (jsonNode3 != null && (jsonNode = jsonNode3.get("includes")) != null && jsonNode.isArray()) {
                    ((ArrayNode) jsonNode).add("op*");
                }
            }
            stringBuffer.append(jsonNode2.toString()).append(System.lineSeparator());
        }
        return stringBuffer.toString();
    }

    private void processResponse(HttpServletRequest httpServletRequest, HttpSession httpSession, InputStream inputStream, OutputStream outputStream, boolean z, String str, UserInfo userInfo) throws Exception {
        String acceptValue = getAcceptValue(httpServletRequest);
        SearchResponseProcessor searchResponseProcessor = this.responseProcessors.get(httpServletRequest.getRequestURI().matches(".*/collections/.*/items/.*") && "dcat".equals(acceptValue) ? "json" : acceptValue);
        if (searchResponseProcessor == null) {
            throw new UnsupportedOperationException(String.format("No response processor configured for '%s'. Use one of %s.", acceptValue, this.responseProcessors.keySet().stream().collect(Collectors.joining(", "))));
        }
        searchResponseProcessor.setTransformation(acceptValue);
        searchResponseProcessor.processResponse(httpSession, inputStream, outputStream, userInfo, str, Boolean.valueOf(z));
        outputStream.flush();
    }

    public String getDefaultIndex() {
        return this.defaultIndex;
    }

    public void setDefaultIndex(String str) {
        this.defaultIndex = str;
    }

    public String getUsername() {
        return this.username;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public void setServerUrl(String str) {
        this.serverUrl = str;
    }
}
