package org.exist.http.servlets;

import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Optional;
import java.util.Properties;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.EXistException;
import org.exist.client.InteractiveClient;
import org.exist.debuggee.DebuggeeFactory;
import org.exist.dom.persistent.XMLUtil;
import org.exist.http.Descriptor;
import org.exist.security.AuthenticationException;
import org.exist.security.PermissionDeniedException;
import org.exist.security.Subject;
import org.exist.security.internal.web.HttpAccount;
import org.exist.source.FileSource;
import org.exist.source.Source;
import org.exist.source.SourceFactory;
import org.exist.source.StringSource;
import org.exist.storage.DBBroker;
import org.exist.util.Configuration;
import org.exist.util.MimeTable;
import org.exist.util.serializer.XQuerySerializer;
import org.exist.webstart.JnlpWriter;
import org.exist.xmldb.XmldbURI;
import org.exist.xmlrpc.RpcAPI;
import org.exist.xquery.CompiledXQuery;
import org.exist.xquery.XPathException;
import org.exist.xquery.XQuery;
import org.exist.xquery.XQueryContext;
import org.exist.xquery.value.Item;
import org.exist.xquery.value.Sequence;

/* loaded from: input_file:org/exist/http/servlets/XQueryServlet.class */
public class XQueryServlet extends AbstractExistHttpServlet {
    private static final long serialVersionUID = 5266794852401553015L;
    public static final String ATTR_XQUERY_USER = "xquery.user";
    public static final String ATTR_XQUERY_PASSWORD = "xquery.password";
    public static final String ATTR_XQUERY_SOURCE = "xquery.source";
    public static final String ATTR_XQUERY_URL = "xquery.url";
    public static final String ATTR_XQUERY_REPORT_ERRORS = "xquery.report-errors";
    public static final String ATTR_XQUERY_ATTRIBUTE = "xquery.attribute";
    public static final String ATTR_TIMEOUT = "xquery.timeout";
    public static final String ATTR_MAX_NODES = "xquery.max-nodes";
    public static final String ATTR_MODULE_LOAD_PATH = "xquery.module-load-path";
    public static final String DEFAULT_CONTENT_TYPE = "text/html";
    public static final String DRIVER = "org.exist.xmldb.DatabaseImpl";
    private XmldbURI collectionURI = null;
    private String encoding = null;
    private String contentType = null;
    private boolean hideErrorMessages = false;
    private static final Logger LOG = LogManager.getLogger(XQueryServlet.class);
    public static final XmldbURI DEFAULT_URI = XmldbURI.EMBEDDED_SERVER_URI.append(XmldbURI.ROOT_COLLECTION_URI);

    @Override // org.exist.http.servlets.AbstractExistHttpServlet
    public Logger getLog() {
        return LOG;
    }

    @Override // org.exist.http.servlets.AbstractExistHttpServlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        String initParameter = servletConfig.getInitParameter("uri");
        if (initParameter == null) {
            this.collectionURI = DEFAULT_URI;
        } else {
            try {
                this.collectionURI = XmldbURI.xmldbUriFor(initParameter);
            } catch (URISyntaxException e) {
                throw new ServletException("Invalid XmldbURI for parameter 'uri': " + e.getMessage(), e);
            }
        }
        this.encoding = servletConfig.getInitParameter("encoding");
        if (this.encoding == null) {
            this.encoding = AbstractExistHttpServlet.DEFAULT_ENCODING;
        }
        getLog().info("encoding = " + this.encoding);
        this.contentType = servletConfig.getInitParameter(JnlpWriter.CONTENT_TYPE);
        if (this.contentType == null) {
            this.contentType = DEFAULT_CONTENT_TYPE;
        }
        this.hideErrorMessages = ((Boolean) Optional.ofNullable(servletConfig.getInitParameter("hide-error-messages")).map(Boolean::parseBoolean).orElse(false)).booleanValue();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpServletRequest httpServletRequest2 = null;
        try {
            Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
            httpServletRequest2 = descriptorSingleton != null ? descriptorSingleton.allowRequestLogging() ? new HttpServletRequestWrapper(() -> {
                return (String) getPool().getConfiguration().getProperty(Configuration.BINARY_CACHE_CLASS_PROPERTY);
            }, httpServletRequest, getFormEncoding()) : httpServletRequest : httpServletRequest;
            process(httpServletRequest2, httpServletResponse);
        } finally {
            if (httpServletRequest2 != null && (httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                ((HttpServletRequestWrapper) httpServletRequest2).close();
            }
        }
    }

    protected void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpServletRequest httpServletRequest2 = null;
        try {
            Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
            httpServletRequest2 = descriptorSingleton != null ? descriptorSingleton.allowRequestLogging() ? new HttpServletRequestWrapper(() -> {
                return (String) getPool().getConfiguration().getProperty(Configuration.BINARY_CACHE_CLASS_PROPERTY);
            }, httpServletRequest, getFormEncoding()) : httpServletRequest : httpServletRequest;
            process(httpServletRequest2, httpServletResponse);
        } finally {
            if (httpServletRequest2 != null && (httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                ((HttpServletRequestWrapper) httpServletRequest2).close();
            }
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        process(httpServletRequest, httpServletResponse);
    }

    /* JADX WARN: Finally extract failed */
    protected void process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String sessionAttribute;
        String sessionAttribute2;
        Throwable th;
        Throwable th2;
        XQueryContext context;
        String stringValue;
        String pathTranslated = httpServletRequest.getPathTranslated();
        if (pathTranslated == null) {
            String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
            int lastIndexOf = substring.lastIndexOf(59);
            if (lastIndexOf != -1) {
                substring = substring.substring(0, lastIndexOf);
            }
            pathTranslated = getServletContext().getRealPath(substring);
        }
        Descriptor descriptorSingleton = Descriptor.getDescriptorSingleton();
        if (descriptorSingleton != null && !descriptorSingleton.requestsFiltered()) {
            descriptorSingleton.doLogRequestInReplayLog(httpServletRequest);
            pathTranslated = descriptorSingleton.mapPath(pathTranslated);
        }
        PrintWriter printWriter = new PrintWriter(new OutputStreamWriter((OutputStream) httpServletResponse.getOutputStream(), getFormEncoding()));
        httpServletResponse.addHeader("pragma", "no-cache");
        httpServletResponse.addHeader("Cache-Control", "no-cache");
        String requestURI = httpServletRequest.getRequestURI();
        int lastIndexOf2 = requestURI.lastIndexOf(47);
        if (lastIndexOf2 != -1) {
            requestURI = requestURI.substring(0, lastIndexOf2);
        }
        Object attribute = httpServletRequest.getAttribute(ATTR_MODULE_LOAD_PATH);
        String value = attribute != null ? getValue(attribute) : getServletContext().getRealPath(requestURI.substring(httpServletRequest.getContextPath().length()));
        Subject defaultUser = getDefaultUser();
        Object attribute2 = httpServletRequest.getAttribute("xquery.user");
        HttpSession session = httpServletRequest.getSession(false);
        if (attribute2 != null || (session != null && httpServletRequest.isRequestedSessionIdValid())) {
            Object attribute3 = httpServletRequest.getAttribute("xquery.password");
            if (attribute2 != null) {
                sessionAttribute = getValue(attribute2);
                sessionAttribute2 = getValue(attribute3);
            } else {
                sessionAttribute = getSessionAttribute(session, "user");
                sessionAttribute2 = getSessionAttribute(session, InteractiveClient.PASSWORD);
            }
            if (sessionAttribute != null && sessionAttribute2 != null) {
                try {
                    Subject authenticate = getPool().getSecurityManager().authenticate(sessionAttribute, sessionAttribute2);
                    if (authenticate != null) {
                        if (authenticate.isAuthenticated()) {
                            defaultUser = authenticate;
                        }
                    }
                } catch (AuthenticationException unused) {
                    getLog().error("User can not be authenticated (" + sessionAttribute + ").");
                }
            }
        }
        if (defaultUser == getDefaultUser()) {
            Subject userFromServletRequest = HttpAccount.getUserFromServletRequest(httpServletRequest);
            if (userFromServletRequest != null) {
                defaultUser = userFromServletRequest;
            } else {
                Subject authenticate2 = getAuthenticator().authenticate(httpServletRequest, httpServletResponse, false);
                if (authenticate2 != null) {
                    defaultUser = authenticate2;
                }
            }
        }
        Source source = null;
        Object attribute4 = httpServletRequest.getAttribute(ATTR_XQUERY_SOURCE);
        Object attribute5 = httpServletRequest.getAttribute(ATTR_XQUERY_URL);
        if (attribute4 != null) {
            if (attribute4 instanceof Item) {
                try {
                    stringValue = ((Item) attribute4).getStringValue();
                } catch (XPathException e) {
                    throw new ServletException("Failed to read XQuery source string from request attribute 'xquery.source': " + e.getMessage(), e);
                }
            } else {
                stringValue = attribute4.toString();
            }
            source = new StringSource(stringValue);
        } else if (attribute5 != null) {
            th = null;
            try {
                try {
                    DBBroker dBBroker = getPool().get(Optional.ofNullable(defaultUser));
                    try {
                        source = SourceFactory.getSource(dBBroker, value, attribute5.toString(), true);
                        if (source == null) {
                            String str = "Could not read source: context=" + value + ", location=" + attribute5.toString();
                            getLog().error(str);
                            httpServletResponse.setStatus(500);
                            sendError(printWriter, "Error", str);
                        }
                        if (dBBroker != null) {
                            dBBroker.close();
                        }
                    } catch (Throwable th3) {
                        if (dBBroker != null) {
                            dBBroker.close();
                        }
                        throw th3;
                    }
                } finally {
                }
            } catch (Exception e2) {
                getLog().error(e2.getMessage(), e2);
                httpServletResponse.setStatus(500);
                sendError(printWriter, "Error", e2.getMessage());
            }
        } else {
            Path path = Paths.get(pathTranslated, new String[0]);
            if (!Files.isReadable(path)) {
                httpServletResponse.setStatus(404);
                sendError(printWriter, "Cannot read source file", pathTranslated);
                return;
            }
            source = new FileSource(path, Charset.forName(this.encoding), true);
        }
        if (source == null) {
            httpServletResponse.setStatus(404);
            sendError(printWriter, "Source not found", pathTranslated);
        }
        boolean z = false;
        String str2 = (String) httpServletRequest.getAttribute(ATTR_XQUERY_REPORT_ERRORS);
        if (str2 != null) {
            z = str2.equalsIgnoreCase("YES");
        }
        if ("GET".equals(httpServletRequest.getMethod().toUpperCase())) {
            boolean z2 = false;
            String parameter = httpServletRequest.getParameter("_source");
            if (parameter != null) {
                z2 = "yes".equals(parameter);
            }
            if (z2 && descriptorSingleton != null) {
                if (!descriptorSingleton.allowSource(pathTranslated)) {
                    httpServletResponse.sendError(403, "Permission to view XQuery source for: " + pathTranslated + " denied. Must be explicitly defined in descriptor.xml");
                    return;
                }
                try {
                    source.validate(defaultUser, 4);
                    httpServletResponse.setContentType("text/plain; charset=" + getFormEncoding());
                    printWriter.write(source.getContent());
                    printWriter.flush();
                    return;
                } catch (PermissionDeniedException unused2) {
                    if (getDefaultUser().equals(defaultUser)) {
                        getAuthenticator().sendChallenge(httpServletRequest, httpServletResponse);
                        return;
                    } else {
                        httpServletResponse.sendError(403, "Permission to view XQuery source for: " + pathTranslated + " denied. (no read access)");
                        return;
                    }
                }
            }
        }
        String str3 = (String) httpServletRequest.getAttribute(ATTR_XQUERY_ATTRIBUTE);
        th = null;
        try {
            try {
                DBBroker dBBroker2 = getPool().get(Optional.ofNullable(defaultUser));
                try {
                    XQuery xQueryService = dBBroker2.getBrokerPool().getXQueryService();
                    CompiledXQuery borrowCompiledXQuery = getPool().getXQueryPool().borrowCompiledXQuery(dBBroker2, source);
                    if (borrowCompiledXQuery == null) {
                        context = new XQueryContext(getPool());
                        context.setModuleLoadPath(value);
                        try {
                            borrowCompiledXQuery = xQueryService.compile(dBBroker2, context, source);
                        } catch (IOException e3) {
                            throw new EXistException("I/O exception while compiling xquery: " + e3.getMessage(), e3);
                        } catch (XPathException e4) {
                            throw new EXistException("Cannot compile xquery: " + e4.getMessage(), e4);
                        }
                    } else {
                        context = borrowCompiledXQuery.getContext();
                        context.setModuleLoadPath(value);
                        context.prepareForReuse();
                    }
                    Properties properties = new Properties();
                    properties.put(RpcAPI.BASE_URI, this.collectionURI.toString());
                    context.setHttpContext(new XQueryContext.HttpContext(new HttpRequestWrapper(httpServletRequest, getFormEncoding(), getContainerEncoding()), new HttpResponseWrapper(httpServletResponse), session != null ? new HttpSessionWrapper(session) : null));
                    String str4 = (String) httpServletRequest.getAttribute(ATTR_TIMEOUT);
                    if (str4 != null) {
                        try {
                            context.getWatchDog().setTimeout(Long.parseLong(str4));
                        } catch (NumberFormatException unused3) {
                            throw new EXistException("Bad timeout option: " + str4);
                        }
                    }
                    String str5 = (String) httpServletRequest.getAttribute(ATTR_MAX_NODES);
                    if (str5 != null) {
                        try {
                            context.getWatchDog().setMaxNodes(Integer.parseInt(str5));
                        } catch (NumberFormatException unused4) {
                            throw new EXistException("Bad max-nodes option: " + str5);
                        }
                    }
                    DebuggeeFactory.checkForDebugRequest(httpServletRequest, context);
                    try {
                        Sequence execute = xQueryService.execute(dBBroker2, borrowCompiledXQuery, (Sequence) null, properties);
                        context.runCleanupTasks();
                        getPool().getXQueryPool().returnCompiledXQuery(source, borrowCompiledXQuery);
                        String property = properties.getProperty("media-type");
                        if (property == null) {
                            String str6 = this.contentType;
                            try {
                                try {
                                    String mimeType = getServletContext().getMimeType(pathTranslated);
                                    if (mimeType == null) {
                                        mimeType = this.contentType;
                                    }
                                    if (MimeTable.getInstance().isTextContent(mimeType)) {
                                        mimeType = String.valueOf(mimeType) + "; charset=" + getFormEncoding();
                                    }
                                    httpServletResponse.setContentType(mimeType);
                                } catch (Throwable th4) {
                                    if (MimeTable.getInstance().isTextContent(str6)) {
                                        str6 = String.valueOf(str6) + "; charset=" + getFormEncoding();
                                    }
                                    httpServletResponse.setContentType(str6);
                                    throw th4;
                                }
                            } catch (Throwable unused5) {
                                String str7 = this.contentType;
                                if (MimeTable.getInstance().isTextContent(str7)) {
                                    str7 = String.valueOf(str7) + "; charset=" + getFormEncoding();
                                }
                                httpServletResponse.setContentType(str7);
                            }
                        } else if (!httpServletResponse.isCommitted()) {
                            if (MimeTable.getInstance().isTextContent(property)) {
                                httpServletResponse.setContentType(String.valueOf(property) + "; charset=" + getFormEncoding());
                                httpServletResponse.setCharacterEncoding(getFormEncoding());
                            } else {
                                httpServletResponse.setContentType(property);
                            }
                        }
                        if (str3 == null || !XmldbURI.API_LOCAL.equals(this.collectionURI.getApiName())) {
                            new XQuerySerializer(dBBroker2, properties, printWriter).serialize(execute);
                        } else {
                            httpServletRequest.setAttribute(str3, execute);
                        }
                        if (dBBroker2 != null) {
                            dBBroker2.close();
                        }
                    } catch (Throwable th5) {
                        context.runCleanupTasks();
                        getPool().getXQueryPool().returnCompiledXQuery(source, borrowCompiledXQuery);
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (dBBroker2 != null) {
                        dBBroker2.close();
                    }
                    throw th6;
                }
            } finally {
            }
        } catch (PermissionDeniedException unused6) {
            if (getDefaultUser().equals(defaultUser)) {
                getAuthenticator().sendChallenge(httpServletRequest, httpServletResponse);
                return;
            } else {
                httpServletResponse.sendError(403, "No permission to execute XQuery for: " + pathTranslated + " denied.");
                return;
            }
        } catch (XPathException e5) {
            Logger log = getLog();
            if (log.isDebugEnabled()) {
                log.debug(e5.getMessage(), e5);
            }
            if (z) {
                writeError(printWriter, e5);
            } else {
                httpServletResponse.setStatus(500);
                sendError(printWriter, "Error", e5.getMessage());
            }
        } catch (Throwable th7) {
            getLog().error(th7.getMessage(), th7);
            if (z) {
                writeError(printWriter, th7);
            } else {
                httpServletResponse.setStatus(500);
                sendError(printWriter, "Error", th7.getMessage());
            }
        }
        printWriter.flush();
        printWriter.close();
    }

    private String getSessionAttribute(HttpSession httpSession, String str) {
        return getValue(httpSession.getAttribute(str));
    }

    private String getValue(Object obj) {
        if (obj == null) {
            return null;
        }
        if (!(obj instanceof Sequence)) {
            return obj.toString();
        }
        try {
            return ((Sequence) obj).getStringValue();
        } catch (XPathException unused) {
            return null;
        }
    }

    private void writeError(PrintWriter printWriter, Throwable th) {
        printWriter.print("<error>");
        if (th.getMessage() != null && !this.hideErrorMessages) {
            printWriter.print(XMLUtil.encodeAttrMarkup(th.getMessage()));
        }
        printWriter.println("</error>");
    }

    private void sendError(PrintWriter printWriter, String str, String str2) {
        printWriter.print("<html><head>");
        printWriter.print("<title>XQueryServlet Error</title>");
        printWriter.print("<link rel=\"stylesheet\" type=\"text/css\" href=\"error.css\"></link></head>");
        printWriter.println("<body><h1>Error found</h1>");
        printWriter.print("<div class='message'><b>Message: </b>");
        printWriter.print(str);
        printWriter.print("</div>");
        if (!this.hideErrorMessages) {
            printWriter.print("<div class='description'><pre>");
            printWriter.print(str2);
            printWriter.print("</pre></div>");
        }
        printWriter.print("</body></html>");
        printWriter.flush();
    }
}
