package com.inet.helpdesk.plugins.livesupport.server.webapi;

import com.inet.config.ConfigValue;
import com.inet.helpdesk.core.ticketmanager.model.ReaStepVO;
import com.inet.helpdesk.core.ticketmanager.model.Tickets;
import com.inet.helpdesk.plugins.livesupport.server.LiveSupportServlet;
import com.inet.helpdesk.plugins.livesupport.server.notifications.LiveSupportNotificationGenerator;
import com.inet.helpdesk.plugins.livesupport.server.session.LiveSupportPreflightSessionCache;
import com.inet.helpdesk.plugins.livesupport.server.session.LiveSupportSessionClearer;
import com.inet.helpdesk.plugins.livesupport.server.ticket.LiveSupportTicketActionExtension;
import com.inet.helpdesk.plugins.livesupport.structure.LiveSupportStructureProvider;
import com.inet.helpdesk.plugins.livesupport.utils.HmacUtils;
import com.inet.helpdesk.plugins.livesupport.utils.LiveSupportAttachmentHelper;
import com.inet.helpdesk.webapi.HelpDeskTicketWebAPIExtension;
import com.inet.helpdesk.webapi.data.step.TicketStepEntryResponseData;
import com.inet.helpdesk.webapi.ticket.HelpDeskTicketActionApplyHandler;
import com.inet.helpdesk.webapi.ticket.HelpDeskTicketActionListHandler;
import com.inet.helpdesk.webapi.ticket.HelpDeskTicketCreateHandler;
import com.inet.helpdesk.webapi.ticket.HelpDeskTicketIdHandler;
import com.inet.helpdesk.webapi.ticket.step.HelpDeskTicketStepIdHandler;
import com.inet.helpdesk.webapi.ticket.step.HelpDeskTicketStepsHandler;
import com.inet.helpdesk.webapi.util.HelpDeskWebAPIHelper;
import com.inet.http.ClientMessageException;
import com.inet.http.ExpandableHttpSessionListener;
import com.inet.http.servlet.SessionStore;
import com.inet.id.GUID;
import com.inet.lib.util.StringFunctions;
import com.inet.plugin.webapi.WebAPICoreServerPlugin;
import com.inet.plugin.webapi.api.PathTokenizer;
import com.inet.plugin.webapi.api.ResponseWriter;
import com.inet.plugin.webapi.api.WebAPIAccessProvider;
import com.inet.plugin.webapi.api.WebAPIExtension;
import com.inet.plugin.webapi.api.handler.RequestHandlerBase;
import com.inet.usersandgroups.api.user.UserAccountScope;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.SuppressFBWarnings;

/* loaded from: input_file:com/inet/helpdesk/plugins/livesupport/server/webapi/LiveSupportWebAPIAccessProvider.class */
public class LiveSupportWebAPIAccessProvider implements WebAPIAccessProvider {
    private static final String X_TICKET_TOKEN = "X-Ticket-Token";
    public static final String LIVE_SUPPORT_WEB_API_ACCESS = "LiveSupportWebAPIAccess";
    public static final String TICKET_TOKEN_NAME = "current-livesupport-ticket";
    public static final String TICKET_TOKEN_SECRET = "current-livesupport-secret";
    private static final int[] CLOSE_ACTIONS = {LiveSupportTicketActionExtension.LIVE_SUPPORT_FINISH_CONVERT_TO_TICKET.getId(), 2, 7};
    private static final int[] AS_LIST = {LiveSupportTicketActionExtension.LIVE_SUPPORT_SUPPORTER_ACTION.getId(), LiveSupportTicketActionExtension.LIVE_SUPPORT_FINISH_CONVERT_TO_TICKET.getId(), -12, 2, 7, -22};
    private static ConfigValue<GUID> DISPATCH_TO = new ConfigValue<>(LiveSupportStructureProvider.LIVE_SUPPORT_DISPATCH_TO);

    public boolean isWebApiAccessGranted(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        List list = (List) PathTokenizer.convertPathToTokens(httpServletRequest.getPathInfo()).stream().map(str -> {
            return str.toLowerCase();
        }).collect(Collectors.toList());
        if (list.isEmpty() || list.size() == 1) {
            return false;
        }
        if (list.size() <= 1 || "ticket".equalsIgnoreCase((String) list.get(0))) {
            return true;
        }
        return LiveSupportServlet.hasAttachments() && LiveSupportAttachmentHelper.isAttachmentWebAPIExtensionName((String) list.get(0));
    }

    public boolean isAccessToExtensionGranted(WebAPIExtension webAPIExtension, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<String> list) {
        return ((webAPIExtension instanceof HelpDeskTicketWebAPIExtension) || (LiveSupportServlet.hasAttachments() && LiveSupportAttachmentHelper.isAttachmentWebAPIExtension(webAPIExtension))) && checkAccess(httpServletRequest, httpServletResponse);
    }

    public UserAccountScope getUserAccountScopeForHandler(RequestHandlerBase<?, ?> requestHandlerBase, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<String> list) {
        if (!(requestHandlerBase instanceof HelpDeskTicketCreateHandler) && !(requestHandlerBase instanceof HelpDeskTicketIdHandler) && !(requestHandlerBase instanceof HelpDeskTicketActionApplyHandler) && !(requestHandlerBase instanceof HelpDeskTicketStepsHandler) && !(requestHandlerBase instanceof HelpDeskTicketActionListHandler) && !(requestHandlerBase instanceof HelpDeskTicketStepIdHandler) && (!LiveSupportServlet.hasAttachments() || !LiveSupportAttachmentHelper.isAttachmentHandler(requestHandlerBase))) {
            return super.getUserAccountScopeForHandler(requestHandlerBase, httpServletRequest, httpServletResponse, list);
        }
        HelpDeskWebAPIHelper.setRequestRequiresEncodedTicketId();
        if (requestHandlerBase instanceof HelpDeskTicketStepIdHandler) {
            httpServletRequest.setAttribute("inlineImages", "true");
        }
        return UserAccountScope.createPrivileged();
    }

    private boolean checkAccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        List list = (List) PathTokenizer.convertPathToTokens(httpServletRequest.getPathInfo()).stream().map(str -> {
            return str.toLowerCase();
        }).collect(Collectors.toList());
        if (list.size() == 2 && "create".equalsIgnoreCase((String) list.get(1))) {
            if (((Boolean) LiveSupportServlet.CAN_PROVIDE_SUPPORT.get()).booleanValue()) {
                return prepareAPI(isCreateRequestAllowed());
            }
            ResponseWriter.unavailable(httpServletResponse);
            throw new ClientMessageException("Support hours ended");
        }
        if (list.size() == 5 && LiveSupportServlet.hasAttachments() && LiveSupportAttachmentHelper.isAttachmentWebAPIExtensionName((String) list.get(0))) {
            int decodeTicketID = Tickets.decodeTicketID((String) list.get(2), false);
            if (decodeTicketID == -1) {
                return false;
            }
            LiveSupportSessionClearer.registerLiveSupportSession(Integer.valueOf(decodeTicketID));
            return prepareAPI(true);
        }
        if (list.size() >= 2) {
            int decodeTicketID2 = Tickets.decodeTicketID((String) list.get(1), true);
            if (decodeTicketID2 == -1) {
                return false;
            }
            try {
                if (!Integer.valueOf(decodeTicketID2).equals(getSessionTicketToken())) {
                    return false;
                }
                HelpDeskWebAPIHelper.setRequestRequiresEncodedTicketId();
                LiveSupportSessionClearer.registerLiveSupportSession(Integer.valueOf(decodeTicketID2));
            } catch (IllegalArgumentException e) {
                return false;
            }
        }
        if (list.size() == 3 && "apply".equalsIgnoreCase((String) list.get(2))) {
            return prepareAPI(true);
        }
        if (list.size() == 3 && "actions".equalsIgnoreCase((String) list.get(2))) {
            return prepareAPI(true);
        }
        if (list.size() < 3 || "steps".equalsIgnoreCase((String) list.get(2))) {
            return prepareAPI(true);
        }
        return false;
    }

    private boolean isCreateRequestAllowed() {
        if (getSessionTicketToken() != null) {
            return false;
        }
        HttpSession httpSession = SessionStore.getHttpSession(false);
        HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
        if (httpSession == null || httpServletRequest == null) {
            WebAPICoreServerPlugin.LOGGER.debug("There is no session or request to check if the ticket create request is allowed.");
            return false;
        }
        String header = httpServletRequest.getHeader(X_TICKET_TOKEN);
        if (StringFunctions.isEmpty(header)) {
            return false;
        }
        try {
            String[] split = LiveSupportServlet.decode(((String) Objects.requireNonNullElse(header, "")).trim()).split("§");
            GUID valueOf = GUID.valueOf(split[0]);
            if (valueOf == null || split.length != 2) {
                return false;
            }
            return LiveSupportPreflightSessionCache.sessionHasAuthToken(LiveSupportServlet.decode(split[1]), valueOf);
        } catch (Exception e) {
            return false;
        }
    }

    private Integer getSessionTicketToken() {
        try {
            return (Integer) SessionStore.getHttpSession().getAttribute(TICKET_TOKEN_NAME);
        } catch (ClassCastException | NullPointerException e) {
            return null;
        }
    }

    public static boolean isLiveSupportAPIAccess() {
        HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
        return (httpServletRequest == null || httpServletRequest.getAttribute(LIVE_SUPPORT_WEB_API_ACCESS) == null) ? false : true;
    }

    private boolean prepareAPI(boolean z) {
        HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
        if (httpServletRequest == null) {
            return false;
        }
        if (z && httpServletRequest != null) {
            httpServletRequest.setAttribute(LIVE_SUPPORT_WEB_API_ACCESS, Boolean.TRUE);
        }
        return z;
    }

    public <R> void postProcessRequest(RequestHandlerBase<?, R> requestHandlerBase, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable R r) {
        if (!httpServletResponse.isCommitted()) {
            httpServletResponse.setHeader("Set-Cookie", (String) null);
            httpServletResponse.setHeader("X-User", (String) null);
        }
        if ((requestHandlerBase instanceof HelpDeskTicketCreateHandler) && r != null) {
            processCreateResponse((Integer) ((HelpDeskTicketCreateHandler) requestHandlerBase).getTypedResponse(r), httpServletResponse);
        }
        if (requestHandlerBase instanceof HelpDeskTicketActionApplyHandler) {
            processApplyResponse((ReaStepVO) ((HelpDeskTicketActionApplyHandler) requestHandlerBase).getTypedResponse(r), httpServletResponse);
        }
        if (requestHandlerBase instanceof HelpDeskTicketStepsHandler) {
            processStepsResponse((List) ((HelpDeskTicketStepsHandler) requestHandlerBase).getTypedResponse(r), httpServletResponse);
        }
        if (requestHandlerBase instanceof HelpDeskTicketStepIdHandler) {
            processStepIdResponse((ReaStepVO) ((HelpDeskTicketStepIdHandler) requestHandlerBase).getTypedResponse(r), httpServletResponse);
        }
    }

    private void processStepsResponse(List<ReaStepVO> list, HttpServletResponse httpServletResponse) {
        httpServletResponse.resetBuffer();
        ArrayList arrayList = new ArrayList(list);
        arrayList.removeIf(reaStepVO -> {
            return !Arrays.stream(AS_LIST).anyMatch(i -> {
                return i == reaStepVO.getActionID();
            });
        });
        try {
            ResponseWriter.json(httpServletResponse, TicketStepEntryResponseData.from(arrayList));
        } catch (IOException e) {
            throw new ClientMessageException(e.getMessage());
        }
    }

    private void processApplyResponse(ReaStepVO reaStepVO, HttpServletResponse httpServletResponse) {
        checkReaStepIsClosed(reaStepVO, httpServletResponse);
    }

    private void processStepIdResponse(ReaStepVO reaStepVO, HttpServletResponse httpServletResponse) {
        checkReaStepIsClosed(reaStepVO, httpServletResponse);
    }

    private void checkReaStepIsClosed(ReaStepVO reaStepVO, HttpServletResponse httpServletResponse) {
        if (reaStepVO == null || !Arrays.stream(CLOSE_ACTIONS).anyMatch(i -> {
            return reaStepVO.getActionID() == i;
        })) {
            return;
        }
        SessionStore.getHttpSession().removeAttribute(TICKET_TOKEN_NAME);
        LiveSupportSessionClearer.unregisterLiveSupportSession();
        httpServletResponse.setStatus(200);
    }

    @SuppressFBWarnings(value = {"TRUST_BOUNDARY_VIOLATION"}, justification = "data are save")
    private void processCreateResponse(Integer num, HttpServletResponse httpServletResponse) {
        GUID generateNew = GUID.generateNew();
        HttpSession httpSession = SessionStore.getHttpSession();
        httpSession.setAttribute(TICKET_TOKEN_NAME, num);
        httpSession.setAttribute(TICKET_TOKEN_SECRET, generateNew);
        LiveSupportSessionClearer.registerLiveSupportSession(num);
        httpServletResponse.setHeader(X_TICKET_TOKEN, generateToken(num, generateNew));
        httpServletResponse.setHeader("Access-Control-Expose-Headers", X_TICKET_TOKEN);
        LiveSupportNotificationGenerator.createNotification(num);
    }

    public static GUID getDispatchToRessource() {
        GUID guid = null;
        try {
            HttpServletRequest httpServletRequest = SessionStore.getHttpServletRequest();
            if (httpServletRequest != null) {
                guid = GUID.valueOf(httpServletRequest.getParameter("dispatchTo"));
            }
        } catch (Throwable th) {
        }
        if (guid == null) {
            guid = (GUID) DISPATCH_TO.get();
        }
        return guid;
    }

    private String generateToken(@Nonnull Integer num, @Nonnull GUID guid) {
        StringBuilder sb = new StringBuilder();
        sb.append(Tickets.encodeTicketId(num.intValue()));
        sb.append(".");
        sb.append(LiveSupportServlet.encode(SessionStore.getHttpSession().getId()));
        try {
            String generateHMAC = HmacUtils.generateHMAC(sb.toString(), guid.toString().getBytes());
            sb.append(".");
            sb.append(generateHMAC);
            return LiveSupportServlet.encode(sb.toString());
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new ClientMessageException("Error while creating the authentication token: " + e.getMessage());
        }
    }

    public static HttpSession sessionForRequest(HttpServletRequest httpServletRequest) {
        String pathInfo;
        String header = httpServletRequest.getHeader(X_TICKET_TOKEN);
        if (header == null || header.isEmpty() || "null".equals(header)) {
            return null;
        }
        String[] split = LiveSupportServlet.decode(header).split("\\.", 3);
        if (split.length != 3) {
            return null;
        }
        String str = split[0];
        String str2 = split[1];
        String decode = LiveSupportServlet.decode(str2);
        String str3 = split[2];
        Optional findFirst = ExpandableHttpSessionListener.getActiveSessions().parallelStream().filter(httpSession -> {
            return httpSession.getId().equals(decode);
        }).findFirst();
        if (!findFirst.isPresent()) {
            return null;
        }
        HttpSession httpSession2 = (HttpSession) findFirst.get();
        try {
            if (!HmacUtils.verifyHMAC(str3, String.join(".", str, str2), httpSession2.getAttribute(TICKET_TOKEN_SECRET).toString().getBytes()) || Tickets.decodeTicketID(str, true) != ((Integer) httpSession2.getAttribute(TICKET_TOKEN_NAME)).intValue() || (pathInfo = httpServletRequest.getPathInfo()) == null) {
                return null;
            }
            if (pathInfo.contains(str)) {
                return httpSession2;
            }
            return null;
        } catch (ClassCastException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
            return null;
        }
    }

    @Nonnull
    public String getExtensionName() {
        return LIVE_SUPPORT_WEB_API_ACCESS;
    }
}
