package org.alfresco.repo.web.scripts.links;

import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.alfresco.query.PagingRequest;
import org.alfresco.repo.web.scripts.workflow.WorkflowModelBuilder;
import org.alfresco.repo.webdav.WebDAV;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.links.LinksService;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ScriptPagingDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;

/* loaded from: input_file:org/alfresco/repo/web/scripts/links/AbstractLinksWebScript.class */
public abstract class AbstractLinksWebScript extends DeclarativeWebScript {
    public static final String LINKS_SERVICE_ACTIVITY_APP_NAME = "links";
    protected static final String PARAM_MESSAGE = "message";
    protected static final String PARAM_ITEM = "item";
    private static Log logger = LogFactory.getLog(AbstractLinksWebScript.class);
    protected NodeService nodeService;
    protected SiteService siteService;
    protected LinksService linksService;
    protected PersonService personService;
    protected ActivityService activityService;
    private String protocolsWhiteList = "http,https,ftp,mailto";
    private ArrayList<String> allowedProtocols;
    private ArrayList<Pattern> xssPatterns;

    public void setNodeService(NodeService nodeService) {
        this.nodeService = nodeService;
    }

    public void setSiteService(SiteService siteService) {
        this.siteService = siteService;
    }

    public void setLinksService(LinksService linksService) {
        this.linksService = linksService;
    }

    public void setPersonService(PersonService personService) {
        this.personService = personService;
    }

    public void setActivityService(ActivityService activityService) {
        this.activityService = activityService;
    }

    public void setProtocolsWhiteList(String str) {
        this.protocolsWhiteList = str;
    }

    public void setXssRegexp(ArrayList<String> arrayList) {
        this.xssPatterns = new ArrayList<>(arrayList.size());
        Iterator<String> it = arrayList.iterator();
        while (it.hasNext()) {
            this.xssPatterns.add(Pattern.compile(it.next()));
        }
    }

    private boolean isProtocolAllowed(String str) {
        if (str.length() == 0) {
            return true;
        }
        if (this.allowedProtocols == null) {
            this.allowedProtocols = new ArrayList<>();
            for (String str2 : this.protocolsWhiteList.split(WebDAV.HEADER_VALUE_SEPARATOR)) {
                if (str2.trim().length() != 0) {
                    this.allowedProtocols.add(str2.trim());
                }
            }
        }
        return this.allowedProtocols.contains(str);
    }

    private boolean isPossibleXSS(String str) {
        if (this.xssPatterns == null) {
            return false;
        }
        boolean z = false;
        Iterator<Pattern> it = this.xssPatterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(str).matches()) {
                z = true;
            }
        }
        return z;
    }

    private boolean isUrlCorrect(String str) {
        if (str == null) {
            return true;
        }
        if (str.trim().length() == 0 || isPossibleXSS(str)) {
            return false;
        }
        int indexOf = str.indexOf(":");
        int i = indexOf > 0 ? indexOf : 0;
        boolean isProtocolAllowed = isProtocolAllowed(str.substring(0, i));
        if (!isProtocolAllowed) {
            String substring = str.substring(i + 1);
            int indexOf2 = substring.indexOf("/");
            if (Pattern.compile("^[0-9]*$").matcher(substring.substring(0, indexOf2 > 0 ? indexOf2 : substring.length())).matches()) {
                isProtocolAllowed = true;
            }
        }
        return isProtocolAllowed;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getOrNull(JSONObject jSONObject, String str) {
        if (jSONObject.containsKey(str)) {
            return (String) jSONObject.get(str);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getTags(JSONObject jSONObject) {
        ArrayList arrayList = null;
        if (jSONObject.containsKey("tags")) {
            if (jSONObject.get("tags") instanceof String) {
                String str = (String) jSONObject.get("tags");
                if ("".equals(str)) {
                    return null;
                }
                logger.warn("Unexpected tag data: " + str);
                return null;
            }
            arrayList = new ArrayList();
            JSONArray jSONArray = (JSONArray) jSONObject.get("tags");
            for (int i = 0; i < jSONArray.size(); i++) {
                arrayList.add((String) jSONArray.get(i));
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PagingRequest buildPagingRequest(WebScriptRequest webScriptRequest) {
        if (webScriptRequest.getParameter("page") == null || webScriptRequest.getParameter("pageSize") == null) {
            throw new WebScriptException(400, "Paging size parameters missing");
        }
        return new ScriptPagingDetails(webScriptRequest, 100);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addActivityEntry(String str, LinkInfo linkInfo, SiteInfo siteInfo, WebScriptRequest webScriptRequest, JSONObject jSONObject) {
        String parameter = webScriptRequest.getParameter("page");
        if (parameter == null && jSONObject != null && jSONObject.containsKey("page")) {
            parameter = (String) jSONObject.get("page");
        }
        if (parameter == null) {
            parameter = LINKS_SERVICE_ACTIVITY_APP_NAME;
        }
        try {
            StringWriter stringWriter = new StringWriter();
            JSONWriter jSONWriter = new JSONWriter(stringWriter);
            jSONWriter.startObject();
            jSONWriter.writeValue("title", linkInfo.getTitle());
            jSONWriter.writeValue("page", parameter + "?linkId=" + linkInfo.getSystemName());
            jSONWriter.endObject();
            this.activityService.postActivity("org.alfresco.links.link-" + str, siteInfo.getShortName(), LINKS_SERVICE_ACTIVITY_APP_NAME, stringWriter.toString());
        } catch (Exception e) {
            logger.warn("Error adding link " + str + " to activities feed", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> renderLink(LinkInfo linkInfo) {
        HashMap hashMap = new HashMap();
        hashMap.put(WorkflowModelBuilder.TASK_DEFINITION_NODE, linkInfo.getNodeRef());
        hashMap.put("name", linkInfo.getSystemName());
        hashMap.put("title", linkInfo.getTitle());
        hashMap.put("description", linkInfo.getDescription());
        hashMap.put("url", linkInfo.getURL());
        hashMap.put("createdOn", linkInfo.getCreatedAt());
        hashMap.put("modifiedOn", linkInfo.getModifiedAt());
        hashMap.put("tags", linkInfo.getTags());
        hashMap.put("internal", Boolean.valueOf(linkInfo.isInternal()));
        String creator = linkInfo.getCreator();
        hashMap.put("creator", (null == creator || !this.personService.personExists(creator)) ? "" : this.personService.getPerson(creator));
        for (String str : hashMap.keySet()) {
            if (hashMap.get(str) == null) {
                hashMap.put(str, "");
            }
        }
        return hashMap;
    }

    protected Map<String, Object> executeImpl(WebScriptRequest webScriptRequest, Status status, Cache cache) {
        Map templateVars = webScriptRequest.getServiceMatch().getTemplateVars();
        if (templateVars == null) {
            throw new WebScriptException(400, "No parameters supplied");
        }
        JSONObject jSONObject = null;
        String contentType = webScriptRequest.getContentType();
        if (contentType != null && contentType.indexOf(59) != -1) {
            contentType = contentType.substring(0, contentType.indexOf(59));
        }
        if ("application/json".equals(contentType)) {
            try {
                jSONObject = (JSONObject) new JSONParser().parse(webScriptRequest.getContent().getContent());
            } catch (IOException e) {
                throw new WebScriptException(400, "Invalid JSON: " + e.getMessage());
            } catch (ParseException e2) {
                throw new WebScriptException(400, "Invalid JSON: " + e2.getMessage());
            }
        }
        String str = (String) templateVars.get("site");
        if (str == null) {
            str = webScriptRequest.getParameter("site");
        }
        if (str == null && jSONObject != null) {
            if (jSONObject.containsKey("siteid")) {
                str = (String) jSONObject.get("siteid");
            } else if (jSONObject.containsKey("site")) {
                str = (String) jSONObject.get("site");
            }
        }
        if (str == null) {
            throw new WebScriptException(400, "No site given");
        }
        SiteInfo site = this.siteService.getSite(str);
        if (site == null) {
            throw new WebScriptException(404, "Could not find site: " + str);
        }
        String str2 = (String) templateVars.get("path");
        if (jSONObject == null || isUrlCorrect(getOrNull(jSONObject, "url"))) {
            return executeImpl(site, str2, webScriptRequest, jSONObject, status, cache);
        }
        throw new WebScriptException(400, "Url not allowed");
    }

    protected abstract Map<String, Object> executeImpl(SiteInfo siteInfo, String str, WebScriptRequest webScriptRequest, JSONObject jSONObject, Status status, Cache cache);
}
