package com.day.cq.wcm.foundation.forms;

import com.adobe.granite.activitystreams.Verbs;
import com.day.cq.wcm.foundation.security.SaferSlingPostValidator;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ResourceWrapper;
import org.apache.sling.api.resource.ValueMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/day/cq/wcm/foundation/forms/FormsHandlingServletHelper.class */
public class FormsHandlingServletHelper {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    protected static final String ATTR_RESOURCE = FormsHandlingServletHelper.class.getName() + "/resource";
    private String[] parameterNameWhitelist;
    private boolean allowExpressions;
    private SaferSlingPostValidator validator;
    private Set<String> formResourceTypes;
    private FormStructureHelperFactory formStructureHelperFactory;

    public FormsHandlingServletHelper(String[] strArr, SaferSlingPostValidator saferSlingPostValidator, Set<String> set, boolean z, FormStructureHelperFactory formStructureHelperFactory) {
        this.parameterNameWhitelist = strArr;
        this.validator = saferSlingPostValidator;
        this.formResourceTypes = set;
        this.allowExpressions = z;
        this.formStructureHelperFactory = formStructureHelperFactory;
    }

    public void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws IOException, ServletException {
        ValidationInfo validationInfo;
        if (this.validator.reject(slingHttpServletRequest, this.parameterNameWhitelist)) {
            slingHttpServletResponse.sendError(400);
            return;
        }
        if (ResourceUtil.isNonExistingResource(slingHttpServletRequest.getResource()) || slingHttpServletRequest.getAttribute(ATTR_RESOURCE) == null) {
            this.logger.debug("Received fake request!");
            slingHttpServletResponse.setStatus(500);
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Validating POST request with form definition stored at {}.", slingHttpServletRequest.getResource().getPath());
        }
        FormsHandlingRequest formsHandlingRequest = new FormsHandlingRequest(slingHttpServletRequest);
        FormsHandlingResponse formsHandlingResponse = new FormsHandlingResponse(slingHttpServletResponse);
        slingHttpServletRequest.setAttribute(FormsHelper.REQ_ATTR_EXPRESSIONS_ENABLED, Boolean.valueOf(this.allowExpressions));
        Resource resource = slingHttpServletRequest.getResource();
        FormsHelper.getFormId(slingHttpServletRequest);
        validate(formsHandlingRequest, formsHandlingResponse, resource);
        ValueMap valueMap = ResourceUtil.getValueMap(resource);
        String str = valueMap == null ? "" : (String) valueMap.get(FormsConstants.START_PROPERTY_ACTION_TYPE, "");
        if (str.length() == 0) {
            validationInfo = ValidationInfo.createValidationInfo(slingHttpServletRequest);
            validationInfo.addErrorMessage(null, "Unable to process the form: missing actionType");
        } else {
            slingHttpServletRequest.setAttribute(FormsHelper.REQ_ATTR_PROP_WHITELIST, this.parameterNameWhitelist);
            FormsHelper.runAction(str, FormsConstants.SCRIPT_FORM_SERVER_VALIDATION, resource, formsHandlingRequest, formsHandlingResponse);
            validationInfo = ValidationInfo.getValidationInfo(slingHttpServletRequest);
        }
        if (validationInfo != null) {
            this.logger.debug("Form {} is not valid: {}", resource.getPath(), validationInfo);
            Resource resource2 = (Resource) slingHttpServletRequest.getAttribute(ATTR_RESOURCE);
            slingHttpServletRequest.removeAttribute(ATTR_RESOURCE);
            slingHttpServletRequest.getRequestDispatcher(resource2).forward(formsHandlingRequest, slingHttpServletResponse);
            return;
        }
        FormsHelper.runAction(str, "forward", resource, formsHandlingRequest, formsHandlingResponse);
        String forwardPath = FormsHelper.getForwardPath(slingHttpServletRequest);
        if (forwardPath == null || forwardPath.length() <= 0) {
            FormsHelper.runAction(str, Verbs.POST, resource, slingHttpServletRequest, slingHttpServletResponse);
            return;
        }
        if (FormsHelper.isRedirectToReferrer(slingHttpServletRequest) && slingHttpServletRequest.getParameter(":redirect") == null) {
            slingHttpServletRequest = new RedirectRequest(slingHttpServletRequest, getReferrerPath(slingHttpServletRequest));
        }
        String forwardRedirect = FormsHelper.getForwardRedirect(slingHttpServletRequest);
        if (forwardRedirect != null) {
            slingHttpServletRequest = new RedirectRequest(slingHttpServletRequest, forwardRedirect);
        }
        if (forwardPath.endsWith("/")) {
            forwardPath = forwardPath + '*';
        }
        slingHttpServletRequest.getRequestDispatcher(slingHttpServletRequest.getResourceResolver().resolve(forwardPath), FormsHelper.getForwardOptions(slingHttpServletRequest)).forward(slingHttpServletRequest, slingHttpServletResponse);
        FormsHelper.runAction(str, "cleanup", resource, formsHandlingRequest, formsHandlingResponse);
    }

    private boolean checkFormResourceType(Resource resource, ResourceResolver resourceResolver) {
        boolean z = false;
        Iterator<String> it = this.formResourceTypes.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (resourceResolver.isResourceType(resource, it.next())) {
                z = true;
                break;
            }
        }
        return z;
    }

    public void handleFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, String str, String str2) throws IOException, ServletException {
        if (servletRequest instanceof SlingHttpServletRequest) {
            SlingHttpServletRequest slingHttpServletRequest = (SlingHttpServletRequest) servletRequest;
            if ("POST".equalsIgnoreCase(slingHttpServletRequest.getMethod()) && slingHttpServletRequest.getParameter(":formstart") != null) {
                ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
                String parameter = slingHttpServletRequest.getParameter(":formstart");
                Resource resource = ((SlingHttpServletRequest) servletRequest).getResourceResolver().getResource(parameter);
                if (resource != null && checkFormResourceType(resource, resourceResolver)) {
                    slingHttpServletRequest.setAttribute(ATTR_RESOURCE, slingHttpServletRequest.getResource());
                    slingHttpServletRequest.setAttribute(FormsHelper.REQ_ATTR_FORM_STRUCTURE_HELPER, this.formStructureHelperFactory.getFormStructureHelper(resource));
                    StringBuilder sb = new StringBuilder();
                    if (!parameter.startsWith("/")) {
                        sb.append(slingHttpServletRequest.getResource().getPath());
                        sb.append('/');
                    }
                    sb.append(parameter);
                    sb.append('.');
                    sb.append(str2);
                    sb.append('.');
                    sb.append(str);
                    slingHttpServletRequest.getRequestDispatcher(sb.toString()).forward(servletRequest, servletResponse);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private String getReferrerPath(SlingHttpServletRequest slingHttpServletRequest) {
        String str = null;
        String referrer = FormsHelper.getReferrer(slingHttpServletRequest);
        if (referrer != null) {
            try {
                str = new URI(referrer).getPath();
            } catch (URISyntaxException e) {
                this.logger.warn("given redirect target ({}) is not a valid uri: {}", referrer, e);
                return null;
            }
        }
        return str;
    }

    private ValidationInfo validate(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, final Resource resource) throws ServletException, IOException {
        for (Resource resource2 : this.formStructureHelperFactory.getFormStructureHelper(resource).getFormElements(resource)) {
            FieldHelper.initializeField(slingHttpServletRequest, slingHttpServletResponse, resource2);
            FormsHelper.includeResource(slingHttpServletRequest, slingHttpServletResponse, resource2, FormsConstants.SCRIPT_SERVER_VALIDATION);
        }
        final String str = (String) ResourceUtil.getValueMap(resource).get(FormsConstants.START_PROPERTY_VALIDATION_RT, resource.getResourceType());
        if (str != null && str.length() > 0) {
            Resource resource3 = resource;
            if (!resource.getResourceType().equals(str)) {
                resource3 = new ResourceWrapper(resource) { // from class: com.day.cq.wcm.foundation.forms.FormsHandlingServletHelper.1
                    @Override // org.apache.sling.api.resource.ResourceWrapper, org.apache.sling.api.resource.Resource
                    public String getResourceType() {
                        return str;
                    }

                    @Override // org.apache.sling.api.resource.ResourceWrapper, org.apache.sling.api.resource.Resource
                    public String getResourceSuperType() {
                        return resource.getResourceType();
                    }
                };
            }
            FormsHelper.includeResource(slingHttpServletRequest, slingHttpServletResponse, resource3, FormsConstants.SCRIPT_FORM_SERVER_VALIDATION);
        }
        return ValidationInfo.getValidationInfo(slingHttpServletRequest);
    }
}
