package org.directwebremoting.dwrp;

import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.directwebremoting.ScriptBuffer;
import org.directwebremoting.WebContextFactory;
import org.directwebremoting.extend.AccessControl;
import org.directwebremoting.extend.Call;
import org.directwebremoting.extend.Calls;
import org.directwebremoting.extend.ConverterManager;
import org.directwebremoting.extend.Creator;
import org.directwebremoting.extend.CreatorManager;
import org.directwebremoting.extend.EnginePrivate;
import org.directwebremoting.extend.FormField;
import org.directwebremoting.extend.InboundContext;
import org.directwebremoting.extend.InboundVariable;
import org.directwebremoting.extend.MarshallException;
import org.directwebremoting.extend.Marshaller;
import org.directwebremoting.extend.PageNormalizer;
import org.directwebremoting.extend.RealScriptSession;
import org.directwebremoting.extend.RealWebContext;
import org.directwebremoting.extend.Replies;
import org.directwebremoting.extend.Reply;
import org.directwebremoting.extend.ScriptBufferUtil;
import org.directwebremoting.extend.ScriptConduit;
import org.directwebremoting.extend.ServerException;
import org.directwebremoting.extend.TypeHintContext;
import org.directwebremoting.io.FileTransfer;
import org.directwebremoting.util.DebuggingPrintWriter;
import org.directwebremoting.util.Messages;

/* loaded from: input_file:org/directwebremoting/dwrp/BaseCallMarshaller.class */
public abstract class BaseCallMarshaller implements Marshaller {
    protected boolean debugScriptOutput = false;
    protected boolean jsonOutput = false;
    protected String sessionCookieName = "JSESSIONID";
    private boolean allowGetForSafariButMakeForgeryEasier = false;
    protected boolean crossDomainSessionSecurity = true;
    protected PageNormalizer pageNormalizer = null;
    protected ConverterManager converterManager = null;
    protected CreatorManager creatorManager = null;
    protected AccessControl accessControl = null;
    protected static final String ATTRIBUTE_BATCH = "org.directwebremoting.dwrp.batch";
    protected static final Log log = LogFactory.getLog(BaseCallMarshaller.class);

    /* loaded from: input_file:org/directwebremoting/dwrp/BaseCallMarshaller$CallScriptConduit.class */
    protected class CallScriptConduit extends ScriptConduit {
        private final PrintWriter out;

        protected CallScriptConduit(PrintWriter printWriter) {
            super(5);
            if (printWriter == null) {
                throw new NullPointerException("out=null");
            }
            this.out = printWriter;
        }

        @Override // org.directwebremoting.extend.ScriptConduit
        public boolean addScript(ScriptBuffer scriptBuffer) throws IOException, MarshallException {
            BaseCallMarshaller.this.sendScript(this.out, ScriptBufferUtil.createOutput(scriptBuffer, BaseCallMarshaller.this.converterManager, BaseCallMarshaller.this.jsonOutput));
            return true;
        }
    }

    @Override // org.directwebremoting.extend.Marshaller
    public Calls marshallInbound(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServerException {
        RealWebContext realWebContext = (RealWebContext) WebContextFactory.get();
        Batch batch = new Batch(httpServletRequest);
        if (!this.allowGetForSafariButMakeForgeryEasier && batch.isGet()) {
            log.error("GET is disallowed because it makes request forgery easier. See http://getahead.org/dwr/security/allowGetForSafariButMakeForgeryEasier for more details.");
            throw new SecurityException("GET Disalowed");
        }
        if (this.crossDomainSessionSecurity) {
            checkNotCsrfAttack(httpServletRequest, batch);
        }
        httpServletRequest.setAttribute(ATTRIBUTE_BATCH, batch);
        realWebContext.checkPageInformation(this.pageNormalizer.normalizePage(batch.getPage()), batch.getScriptSessionId(), batch.getWindowName());
        storeParsedRequest(httpServletRequest, realWebContext, batch);
        return marshallInbound(batch);
    }

    private void checkNotCsrfAttack(HttpServletRequest httpServletRequest, Batch batch) {
        if (httpServletRequest.isRequestedSessionIdValid() && httpServletRequest.isRequestedSessionIdFromCookie()) {
            String requestedSessionId = httpServletRequest.getRequestedSessionId();
            if (requestedSessionId.length() > 0) {
                String httpSessionId = batch.getHttpSessionId();
                if (requestedSessionId.equals(httpSessionId)) {
                    return;
                }
                for (Cookie cookie : httpServletRequest.getCookies()) {
                    if (cookie.getName().equals(this.sessionCookieName) && cookie.getValue().equals(httpSessionId)) {
                        return;
                    }
                }
                log.error("A request has been denied as a potential CSRF attack.");
                throw new SecurityException("CSRF Security Error");
            }
        }
    }

    public Calls marshallInbound(Batch batch) {
        Calls calls = batch.getCalls();
        if (log.isDebugEnabled() && calls.getCallCount() > 0) {
            InboundContext inboundContext = batch.getInboundContexts().get(0);
            StringBuffer stringBuffer = new StringBuffer();
            Iterator<String> inboundVariableNames = inboundContext.getInboundVariableNames();
            while (inboundVariableNames.hasNext()) {
                String next = inboundVariableNames.next();
                InboundVariable inboundVariable = inboundContext.getInboundVariable(next);
                if (next.startsWith(ProtocolConstants.INBOUND_CALLNUM_PREFIX) && next.contains("-e")) {
                    stringBuffer.append(next);
                    stringBuffer.append('=');
                    stringBuffer.append(inboundVariable.toString());
                    stringBuffer.append(", ");
                }
            }
            if (stringBuffer.length() > 0) {
                log.debug("Environment:  " + stringBuffer.toString());
            }
        }
        for (int i = 0; i < calls.getCallCount(); i++) {
            Call call = calls.getCall(i);
            InboundContext inboundContext2 = batch.getInboundContexts().get(i);
            Creator creator = this.creatorManager.getCreator(call.getScriptName());
            Method findMethod = findMethod(call, inboundContext2);
            if (findMethod == null) {
                String string = Messages.getString("BaseCallMarshaller.UnknownMethod", call.getScriptName() + '.' + call.getMethodName());
                log.warn("Marshalling exception: " + string);
                call.setMethod(null);
                call.setParameters(null);
                call.setException(new IllegalArgumentException(string));
            } else {
                call.setMethod(findMethod);
                this.accessControl.assertExecutionIsPossible(creator, call.getScriptName(), findMethod);
                try {
                    inboundContext2.dereference();
                    Object[] objArr = new Object[findMethod.getParameterTypes().length];
                    for (int i2 = 0; i2 < findMethod.getParameterTypes().length; i2++) {
                        try {
                            objArr[i2] = this.converterManager.convertInbound(findMethod.getParameterTypes()[i2], inboundContext2.getParameter(i, i2), inboundContext2, new TypeHintContext(this.converterManager, findMethod, i2));
                        } catch (MarshallException e) {
                            log.warn("Marshalling exception", e);
                            call.setMethod(null);
                            call.setParameters(null);
                            call.setException(e);
                        }
                    }
                    call.setParameters(objArr);
                } catch (MarshallException e2) {
                    log.warn("Marshalling exception", e2);
                    call.setMethod(null);
                    call.setParameters(null);
                    call.setException(e2);
                }
            }
        }
        return calls;
    }

    private void storeParsedRequest(HttpServletRequest httpServletRequest, RealWebContext realWebContext, Batch batch) {
        Map<String, FormField> spareParameters = batch.getSpareParameters();
        if (spareParameters.isEmpty()) {
            return;
        }
        for (Map.Entry<String, FormField> entry : spareParameters.entrySet()) {
            String key = entry.getKey();
            FormField value = entry.getValue();
            Object fileTransfer = value.isFile() ? new FileTransfer(value.getName(), value.getMimeType(), value.getInputStream()) : value.getString();
            httpServletRequest.setAttribute(key, fileTransfer);
            log.debug("Moved param to request: " + key + ProtocolConstants.INBOUND_DECL_SEPARATOR + fileTransfer);
        }
    }

    private Method findMethod(Call call, InboundContext inboundContext) {
        if (call.getScriptName() == null) {
            throw new IllegalArgumentException(Messages.getString("BaseCallMarshaller.MissingClassParam"));
        }
        if (call.getMethodName() == null) {
            throw new IllegalArgumentException(Messages.getString("BaseCallMarshaller.MissingMethodParam"));
        }
        Creator creator = this.creatorManager.getCreator(call.getScriptName());
        ArrayList arrayList = new ArrayList();
        for (Method method : creator.getType().getMethods()) {
            if (method.getName().equals(call.getMethodName()) && method.getParameterTypes().length == inboundContext.getParameterCount()) {
                inboundContext.clearConverted();
                int i = 0;
                while (true) {
                    if (i >= method.getParameterTypes().length) {
                        arrayList.add(method);
                        break;
                    }
                    if (!this.converterManager.isConvertable(method.getParameterTypes()[i])) {
                        break;
                    }
                    i++;
                }
            }
        }
        if (arrayList.size() > 1) {
            log.warn("Warning multiple matching methods. Using first match.");
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (Method) arrayList.get(0);
    }

    @Override // org.directwebremoting.extend.Marshaller
    public void marshallOutbound(Replies replies, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType(getOutboundMimeType());
        PrintWriter debuggingPrintWriter = (this.debugScriptOutput && log.isDebugEnabled()) ? new DebuggingPrintWriter("", httpServletResponse.getWriter()) : httpServletResponse.getWriter();
        CallScriptConduit callScriptConduit = new CallScriptConduit(debuggingPrintWriter);
        if (debuggingPrintWriter instanceof DebuggingPrintWriter) {
            ((DebuggingPrintWriter) debuggingPrintWriter).setPrefix("out(" + callScriptConduit.hashCode() + "): ");
        }
        sendOutboundScriptPrefix(debuggingPrintWriter, replies.getBatchId());
        RealScriptSession realScriptSession = (RealScriptSession) WebContextFactory.get().getScriptSession();
        debuggingPrintWriter.println(ProtocolConstants.SCRIPT_CALL_INSERT);
        realScriptSession.writeScripts(callScriptConduit);
        debuggingPrintWriter.println(ProtocolConstants.SCRIPT_CALL_REPLY);
        String batchId = replies.getBatchId();
        for (int i = 0; i < replies.getReplyCount(); i++) {
            Reply reply = replies.getReply(i);
            String callId = reply.getCallId();
            try {
                if (reply.getThrowable() != null) {
                    Throwable throwable = reply.getThrowable();
                    EnginePrivate.remoteHandleException(callScriptConduit, batchId, callId, throwable);
                    log.warn("--Erroring: batchId[" + batchId + "] message[" + throwable.toString() + ']');
                } else {
                    EnginePrivate.remoteHandleCallback(callScriptConduit, batchId, callId, reply.getReply());
                }
            } catch (IOException e) {
                log.error("--Output Error: batchId[" + batchId + "] message[" + e.toString() + ']', e);
            } catch (MarshallException e2) {
                EnginePrivate.remoteHandleException(callScriptConduit, batchId, callId, e2);
                log.warn("--MarshallException: batchId=" + batchId + " class=" + e2.getConversionType().getName(), e2);
            } catch (Exception e3) {
                EnginePrivate.remoteHandleException(callScriptConduit, batchId, callId, e3);
                log.error("--MarshallException: batchId=" + batchId + " message=" + e3.toString());
            }
        }
        sendOutboundScriptSuffix(debuggingPrintWriter, replies.getBatchId());
    }

    @Override // org.directwebremoting.extend.Marshaller
    public void marshallException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        httpServletResponse.setContentType(getOutboundMimeType());
        PrintWriter writer = httpServletResponse.getWriter();
        Batch batch = (Batch) httpServletRequest.getAttribute(ATTRIBUTE_BATCH);
        String batchId = (batch == null || batch.getCalls() == null) ? null : batch.getCalls().getBatchId();
        sendOutboundScriptPrefix(writer, batchId);
        writer.print(EnginePrivate.getRemoteHandleBatchExceptionScript(batchId, exc));
        sendOutboundScriptSuffix(writer, batchId);
    }

    protected abstract void sendScript(PrintWriter printWriter, String str) throws IOException;

    protected abstract String getOutboundMimeType();

    protected abstract void sendOutboundScriptPrefix(PrintWriter printWriter, String str) throws IOException;

    protected abstract void sendOutboundScriptSuffix(PrintWriter printWriter, String str) throws IOException;

    @Override // org.directwebremoting.extend.Marshaller
    public boolean isConvertable(Class<?> cls) {
        return this.converterManager.isConvertable(cls);
    }

    public void setConverterManager(ConverterManager converterManager) {
        this.converterManager = converterManager;
    }

    public void setCreatorManager(CreatorManager creatorManager) {
        this.creatorManager = creatorManager;
    }

    public void setAccessControl(AccessControl accessControl) {
        this.accessControl = accessControl;
    }

    public void setPageNormalizer(PageNormalizer pageNormalizer) {
        this.pageNormalizer = pageNormalizer;
    }

    public void setCrossDomainSessionSecurity(boolean z) {
        this.crossDomainSessionSecurity = z;
    }

    public void setAllowGetForSafariButMakeForgeryEasier(boolean z) {
        this.allowGetForSafariButMakeForgeryEasier = z;
    }

    public void setSessionCookieName(String str) {
        this.sessionCookieName = str;
    }

    public boolean isJsonOutput() {
        return this.jsonOutput;
    }

    public void setJsonOutput(boolean z) {
        this.jsonOutput = z;
    }

    public void setDebugScriptOutput(boolean z) {
        this.debugScriptOutput = z;
    }
}
