package org.alfresco.repo.web.scripts;

import java.io.IOException;
import java.net.SocketException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.transaction.UserTransaction;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.error.ExceptionStackUtil;
import org.alfresco.repo.model.Repository;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.transaction.AlfrescoTransactionSupport;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.repo.transaction.TooBusyException;
import org.alfresco.repo.web.scripts.bean.LoginPost;
import org.alfresco.repo.webdav.WebDAV;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.descriptor.DescriptorService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.TempFileProvider;
import org.apache.chemistry.opencmis.server.shared.TempStoreOutputStreamFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.extensions.webscripts.AbstractRuntimeContainer;
import org.springframework.extensions.webscripts.Authenticator;
import org.springframework.extensions.webscripts.Description;
import org.springframework.extensions.webscripts.ServerModel;
import org.springframework.extensions.webscripts.WebScript;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.WebScriptResponse;

/* loaded from: input_file:org/alfresco/repo/web/scripts/RepositoryContainer.class */
public class RepositoryContainer extends AbstractRuntimeContainer {
    protected static final Log logger = LogFactory.getLog(RepositoryContainer.class);
    private Repository repository;
    private RepositoryImageResolver imageResolver;
    private TransactionService transactionService;
    private RetryingTransactionHelper fallbackTransactionHelper;
    private AuthorityService authorityService;
    private DescriptorService descriptorService;
    private boolean encryptTempFiles = false;
    private String tempDirectoryName = null;
    private int memoryThreshold = 4194304;
    private long maxContentSize = 4294967296L;
    private TempStoreOutputStreamFactory streamFactory = null;
    private Class<?>[] notPublicExceptions = new Class[0];
    private Class<?>[] publicExceptions = new Class[0];

    public void setup() {
        this.streamFactory = TempStoreOutputStreamFactory.newInstance(TempFileProvider.getTempDir(this.tempDirectoryName), this.memoryThreshold, this.maxContentSize, this.encryptTempFiles);
    }

    public void setEncryptTempFiles(Boolean bool) {
        if (bool != null) {
            this.encryptTempFiles = bool.booleanValue();
        }
    }

    public void setTempDirectoryName(String str) {
        this.tempDirectoryName = str;
    }

    public void setMemoryThreshold(Integer num) {
        if (num != null) {
            this.memoryThreshold = num.intValue();
        }
    }

    public void setMaxContentSize(Long l) {
        if (l != null) {
            this.maxContentSize = l.longValue();
        }
    }

    public void setRepository(Repository repository) {
        this.repository = repository;
    }

    public void setRepositoryImageResolver(RepositoryImageResolver repositoryImageResolver) {
        this.imageResolver = repositoryImageResolver;
    }

    public void setTransactionService(TransactionService transactionService) {
        this.transactionService = transactionService;
    }

    public void setFallbackTransactionHelper(RetryingTransactionHelper retryingTransactionHelper) {
        this.fallbackTransactionHelper = retryingTransactionHelper;
    }

    public void setDescriptorService(DescriptorService descriptorService) {
        this.descriptorService = descriptorService;
    }

    public void setAuthorityService(AuthorityService authorityService) {
        this.authorityService = authorityService;
    }

    public void setNotPublicExceptions(List<Class<?>> list) {
        this.notPublicExceptions = new Class[0];
        if (null == list || list.isEmpty()) {
            return;
        }
        this.notPublicExceptions = (Class[]) list.toArray(this.notPublicExceptions);
    }

    public Class<?>[] getNotPublicExceptions() {
        return this.notPublicExceptions;
    }

    public void setPublicExceptions(List<Class<?>> list) {
        this.publicExceptions = new Class[0];
        if (null == list || list.isEmpty()) {
            return;
        }
        this.publicExceptions = (Class[]) list.toArray(this.publicExceptions);
    }

    public Class<?>[] getPublicExceptions() {
        return this.publicExceptions;
    }

    public ServerModel getDescription() {
        return new RepositoryServerModel(this.descriptorService.getCurrentRepositoryDescriptor(), this.descriptorService.getServerDescriptor());
    }

    public Map<String, Object> getScriptParameters() {
        HashMap hashMap = new HashMap();
        hashMap.putAll(super.getScriptParameters());
        addRepoParameters(hashMap);
        return hashMap;
    }

    public Map<String, Object> getTemplateParameters() {
        return (Map) this.fallbackTransactionHelper.doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Map<String, Object>>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.1
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Map<String, Object> m37execute() throws Throwable {
                HashMap hashMap = new HashMap();
                hashMap.putAll(RepositoryContainer.super.getTemplateParameters());
                hashMap.put("imageresolver", RepositoryContainer.this.imageResolver.getImageResolver());
                RepositoryContainer.this.addRepoParameters(hashMap);
                return hashMap;
            }
        }, true);
    }

    private void addRepoParameters(Map<String, Object> map) {
        if (AlfrescoTransactionSupport.getTransactionId() == null || AuthenticationUtil.getFullAuthentication() == null) {
            return;
        }
        Object rootHome = this.repository.getRootHome();
        if (rootHome != null) {
            map.put("roothome", rootHome);
        }
        Object companyHome = this.repository.getCompanyHome();
        if (companyHome != null) {
            map.put("companyhome", companyHome);
        }
        NodeRef fullyAuthenticatedPerson = this.repository.getFullyAuthenticatedPerson();
        if (fullyAuthenticatedPerson != null) {
            map.put("person", fullyAuthenticatedPerson);
            Object userHome = this.repository.getUserHome(fullyAuthenticatedPerson);
            if (userHome != null) {
                map.put("userhome", userHome);
            }
        }
    }

    public void executeScript(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse, Authenticator authenticator) throws IOException {
        try {
            executeScriptInternal(webScriptRequest, webScriptResponse, authenticator);
        } catch (RuntimeException e) {
            Throwable cause = ExceptionStackUtil.getCause(e, this.notPublicExceptions);
            if (ExceptionStackUtil.getCause(e, this.publicExceptions) != null || cause == null) {
                throw e;
            }
            String numericalId = (e instanceof AlfrescoRuntimeException ? (AlfrescoRuntimeException) e : new AlfrescoRuntimeException("WebScript execution failed", e)).getNumericalId();
            logger.error("Server error (" + numericalId + ")", e);
            throw new RuntimeException("Server error (" + numericalId + ").  Details can be found in the server logs.");
        }
    }

    protected void executeScriptInternal(WebScriptRequest webScriptRequest, WebScriptResponse webScriptResponse, final Authenticator authenticator) throws IOException {
        WebScript webScript = webScriptRequest.getServiceMatch().getWebScript();
        final Description description = webScript.getDescription();
        final boolean isDebugEnabled = logger.isDebugEnabled();
        Description.RequiredAuthentication requiredAuthentication = getRequiredAuthentication();
        final Description.RequiredAuthentication requiredAuthentication2 = (description.getRequiredAuthentication().compareTo(requiredAuthentication) >= 0 || authenticator.emptyCredentials()) ? description.getRequiredAuthentication() : requiredAuthentication;
        final boolean isGuest = webScriptRequest.isGuest();
        if (requiredAuthentication2 == Description.RequiredAuthentication.none) {
            transactionedExecuteAs(webScript, webScriptRequest, webScriptResponse);
            return;
        }
        if ((requiredAuthentication2 == Description.RequiredAuthentication.user || requiredAuthentication2 == Description.RequiredAuthentication.admin) && isGuest) {
            throw new WebScriptException(401, "Web Script " + description.getId() + " requires user authentication; however, a guest has attempted access.");
        }
        try {
            AuthenticationUtil.pushAuthentication();
            if (isDebugEnabled) {
                String fullyAuthenticatedUser = AuthenticationUtil.getFullyAuthenticatedUser();
                logger.debug("Current authentication: " + (fullyAuthenticatedUser == null ? "unauthenticated" : "authenticated as " + fullyAuthenticatedUser));
                logger.debug("Authentication required: " + requiredAuthentication2);
                logger.debug("Guest login requested: " + isGuest);
            }
            RetryingTransactionHelper.RetryingTransactionCallback<Boolean> retryingTransactionCallback = new RetryingTransactionHelper.RetryingTransactionCallback<Boolean>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.2
                /* renamed from: execute, reason: merged with bridge method [inline-methods] */
                public Boolean m38execute() throws Exception {
                    if (authenticator != null && !authenticator.authenticate(requiredAuthentication2, isGuest)) {
                        return false;
                    }
                    if (requiredAuthentication2 == Description.RequiredAuthentication.user || requiredAuthentication2 == Description.RequiredAuthentication.admin) {
                        String fullyAuthenticatedUser2 = AuthenticationUtil.getFullyAuthenticatedUser();
                        String runAsUser = AuthenticationUtil.getRunAsUser();
                        if (fullyAuthenticatedUser2 == null || ((fullyAuthenticatedUser2.equals(runAsUser) && RepositoryContainer.this.authorityService.hasGuestAuthority()) || (!fullyAuthenticatedUser2.equals(runAsUser) && RepositoryContainer.this.authorityService.isGuestAuthority(fullyAuthenticatedUser2)))) {
                            throw new WebScriptException(401, "Web Script " + description.getId() + " requires user authentication; however, a guest has attempted access.");
                        }
                    }
                    if (requiredAuthentication2 == Description.RequiredAuthentication.admin && !RepositoryContainer.this.authorityService.hasAdminAuthority() && !AuthenticationUtil.getFullyAuthenticatedUser().equals(AuthenticationUtil.getSystemUserName())) {
                        throw new WebScriptException(401, "Web Script " + description.getId() + " requires admin authentication; however, a non-admin has attempted access.");
                    }
                    if (isDebugEnabled) {
                        String fullyAuthenticatedUser3 = AuthenticationUtil.getFullyAuthenticatedUser();
                        RepositoryContainer.logger.debug("Authentication: " + (fullyAuthenticatedUser3 == null ? "unauthenticated" : "authenticated as " + fullyAuthenticatedUser3));
                    }
                    return true;
                }
            };
            boolean isReadOnly = this.transactionService.isReadOnly();
            if (!((Boolean) this.transactionService.getRetryingTransactionHelper().doInTransaction(retryingTransactionCallback, isReadOnly, !isReadOnly && AlfrescoTransactionSupport.getTransactionReadState() == AlfrescoTransactionSupport.TxnReadState.TXN_READ_ONLY)).booleanValue()) {
                throw new WebScriptException(401, "Authentication failed for Web Script " + description.getId());
            }
            transactionedExecuteAs(webScript, webScriptRequest, webScriptResponse);
            AuthenticationUtil.popAuthentication();
            if (isDebugEnabled) {
                String fullyAuthenticatedUser2 = AuthenticationUtil.getFullyAuthenticatedUser();
                logger.debug("Authentication reset: " + (fullyAuthenticatedUser2 == null ? "unauthenticated" : "authenticated as " + fullyAuthenticatedUser2));
            }
        } catch (Throwable th) {
            AuthenticationUtil.popAuthentication();
            if (isDebugEnabled) {
                String fullyAuthenticatedUser3 = AuthenticationUtil.getFullyAuthenticatedUser();
                logger.debug("Authentication reset: " + (fullyAuthenticatedUser3 == null ? "unauthenticated" : "authenticated as " + fullyAuthenticatedUser3));
            }
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    protected void transactionedExecute(final WebScript webScript, final WebScriptRequest webScriptRequest, final WebScriptResponse webScriptResponse) throws IOException {
        BufferedRequest bufferedRequest;
        BufferedResponse bufferedResponse;
        try {
            final Description description = webScript.getDescription();
            if (description.getRequiredTransaction() == Description.RequiredTransaction.none) {
                webScript.execute(webScriptRequest, webScriptResponse);
            } else {
                Description.RequiredTransactionParameters requiredTransactionParameters = description.getRequiredTransactionParameters();
                if (requiredTransactionParameters.getCapability() != Description.TransactionCapability.readwrite) {
                    bufferedRequest = null;
                    bufferedResponse = null;
                } else if (requiredTransactionParameters.getBufferSize() > 0) {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Creating Transactional Response for ReadWrite transaction; buffersize=" + requiredTransactionParameters.getBufferSize());
                    }
                    bufferedRequest = new BufferedRequest(webScriptRequest, this.streamFactory);
                    bufferedResponse = new BufferedResponse(webScriptResponse, requiredTransactionParameters.getBufferSize(), this.streamFactory);
                } else {
                    if (logger.isDebugEnabled()) {
                        logger.debug("Transactional Response bypassed for ReadWrite - buffersize=0");
                    }
                    bufferedRequest = null;
                    bufferedResponse = null;
                }
                final BufferedResponse bufferedResponse2 = bufferedResponse;
                final BufferedRequest bufferedRequest2 = bufferedRequest;
                RetryingTransactionHelper.RetryingTransactionCallback<Object> retryingTransactionCallback = new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.3
                    public Object execute() throws Exception {
                        try {
                            try {
                                if (RepositoryContainer.logger.isDebugEnabled()) {
                                    RepositoryContainer.logger.debug("Begin retry transaction block: " + description.getRequiredTransaction() + "," + description.getRequiredTransactionParameters().getCapability());
                                }
                                if (bufferedResponse2 == null) {
                                    webScript.execute(webScriptRequest, webScriptResponse);
                                } else {
                                    bufferedRequest2.reset();
                                    bufferedResponse2.reset();
                                    webScript.execute(bufferedRequest2, bufferedResponse2);
                                }
                                if (!RepositoryContainer.logger.isDebugEnabled()) {
                                    return null;
                                }
                                RepositoryContainer.logger.debug("End retry transaction block: " + description.getRequiredTransaction() + "," + description.getRequiredTransactionParameters().getCapability());
                                return null;
                            } catch (Exception e) {
                                if (RepositoryContainer.logger.isDebugEnabled()) {
                                    RepositoryContainer.logger.debug("Transaction exception: " + description.getRequiredTransaction() + ": " + e.getMessage());
                                    UserTransaction activeUserTransaction = RetryingTransactionHelper.getActiveUserTransaction();
                                    if (activeUserTransaction != null) {
                                        RepositoryContainer.logger.debug("Transaction status: " + activeUserTransaction.getStatus());
                                    }
                                }
                                UserTransaction activeUserTransaction2 = RetryingTransactionHelper.getActiveUserTransaction();
                                if (activeUserTransaction2 != null && activeUserTransaction2.getStatus() != 1) {
                                    if (RepositoryContainer.logger.isDebugEnabled()) {
                                        RepositoryContainer.logger.debug("Marking web script transaction for rollback");
                                    }
                                    try {
                                        activeUserTransaction2.setRollbackOnly();
                                    } catch (Throwable th) {
                                        if (RepositoryContainer.logger.isDebugEnabled()) {
                                            RepositoryContainer.logger.debug("Caught and ignoring exception during marking for rollback: " + th.getMessage());
                                        }
                                    }
                                }
                                throw e;
                            }
                        } catch (Throwable th2) {
                            if (RepositoryContainer.logger.isDebugEnabled()) {
                                RepositoryContainer.logger.debug("End retry transaction block: " + description.getRequiredTransaction() + "," + description.getRequiredTransactionParameters().getCapability());
                            }
                            throw th2;
                        }
                    }
                };
                boolean z = description.getRequiredTransactionParameters().getCapability() == Description.TransactionCapability.readonly;
                boolean z2 = description.getRequiredTransaction() == Description.RequiredTransaction.requiresnew;
                if (logger.isDebugEnabled() && !z && WebDAV.METHOD_GET.equalsIgnoreCase(description.getMethod())) {
                    logger.debug("Webscript with URL '" + webScriptRequest.getURL() + "' is a GET request but it's descriptor has declared a readwrite transaction is required");
                }
                try {
                    try {
                        RetryingTransactionHelper retryingTransactionHelper = this.transactionService.getRetryingTransactionHelper();
                        if (webScript instanceof LoginPost) {
                            retryingTransactionHelper.setForceWritable(true);
                        }
                        retryingTransactionHelper.doInTransaction(retryingTransactionCallback, z, z2);
                        if (bufferedRequest != null) {
                            bufferedRequest.close();
                        }
                        if (bufferedResponse != null) {
                            bufferedResponse.writeResponse();
                        }
                    } catch (Throwable th) {
                        if (bufferedRequest != null) {
                            bufferedRequest.close();
                        }
                        throw th;
                    }
                } catch (TooBusyException e) {
                    throw new WebScriptException(503, e.getMessage(), e);
                }
            }
        } catch (IOException e2) {
            Throwable cause = ExceptionStackUtil.getCause(e2, new Class[]{SocketException.class});
            Class<?> cls = null;
            try {
                cls = Class.forName("org.apache.catalina.connector.ClientAbortException");
            } catch (ClassNotFoundException e3) {
            }
            if ((cause == null || !cause.getMessage().contains("Broken pipe")) && (cls == null || ExceptionStackUtil.getCause(e2, new Class[]{cls}) == null)) {
                throw e2;
            }
            if (logger.isDebugEnabled()) {
                logger.warn("Client has cut off communication", e2);
            } else {
                logger.info("Client has cut off communication");
            }
        }
    }

    private void transactionedExecuteAs(final WebScript webScript, final WebScriptRequest webScriptRequest, final WebScriptResponse webScriptResponse) throws IOException {
        String runAs = webScript.getDescription().getRunAs();
        if (runAs == null) {
            transactionedExecute(webScript, webScriptRequest, webScriptResponse);
        } else {
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.4
                public Object doWork() throws Exception {
                    RepositoryContainer.this.transactionedExecute(webScript, webScriptRequest, webScriptResponse);
                    return null;
                }
            }, runAs);
        }
    }

    public void onApplicationEvent(ApplicationEvent applicationEvent) {
        ApplicationContext applicationContext;
        if ((applicationEvent instanceof ContextRefreshedEvent) && (applicationContext = ((ContextRefreshedEvent) applicationEvent).getApplicationContext()) != null && applicationContext.equals(this.applicationContext)) {
            AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.5
                public Object doWork() throws Exception {
                    RepositoryContainer.this.reset();
                    return null;
                }
            }, AuthenticationUtil.getSystemUserName());
        }
    }

    public Description.RequiredAuthentication getRequiredAuthentication() {
        return AuthenticationUtil.isMtEnabled() ? Description.RequiredAuthentication.guest : Description.RequiredAuthentication.none;
    }

    public boolean authenticate(Authenticator authenticator, Description.RequiredAuthentication requiredAuthentication) {
        if (authenticator == null) {
            return false;
        }
        AuthenticationUtil.clearCurrentSecurityContext();
        return authenticator.authenticate(requiredAuthentication, false);
    }

    public void reset() {
        this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Object>() { // from class: org.alfresco.repo.web.scripts.RepositoryContainer.6
            public Object execute() throws Exception {
                RepositoryContainer.this.internalReset();
                return null;
            }
        }, true, false);
    }

    private void internalReset() {
        super.reset();
    }
}
