package org.kaazing.gateway.transport.http.resource.impl;

import java.io.IOException;
import java.net.URI;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.nio.charset.CharsetEncoder;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.TimeUnit;
import org.jboss.netty.util.CharsetUtil;
import org.kaazing.gateway.resource.address.ResourceAddress;
import org.kaazing.gateway.resource.address.http.GatewayHttpOriginSecurity;
import org.kaazing.gateway.resource.address.http.HttpResourceAddress;
import org.kaazing.gateway.security.CrossSiteConstraintContext;
import org.kaazing.gateway.transport.http.HttpAcceptSession;
import org.kaazing.gateway.transport.http.HttpHeaders;
import org.kaazing.gateway.transport.http.HttpStatus;
import org.kaazing.gateway.transport.http.resource.HttpDynamicResource;
import org.kaazing.mina.core.buffer.IoBufferAllocatorEx;
import org.kaazing.mina.core.buffer.IoBufferEx;
import org.kaazing.mina.netty.util.threadlocal.VicariousThreadLocal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/transport/http/resource/impl/HttpClientAccessPolicyXml.class */
public final class HttpClientAccessPolicyXml extends HttpDynamicResource {
    private final ThreadLocal<ConcurrentMap<String, CachedResult>> cacheByAuthorityRef = new VicariousThreadLocal<ConcurrentMap<String, CachedResult>>() { // from class: org.kaazing.gateway.transport.http.resource.impl.HttpClientAccessPolicyXml.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: initialValue, reason: merged with bridge method [inline-methods] */
        public ConcurrentMap<String, CachedResult> m90initialValue() {
            return new ConcurrentHashMap();
        }
    };
    private static final URI NULL_ORIGIN = URI.create("null");
    private static final Logger LOGGER = LoggerFactory.getLogger(HttpClientAccessPolicyXml.class);

    /* loaded from: input_file:org/kaazing/gateway/transport/http/resource/impl/HttpClientAccessPolicyXml$CachedResult.class */
    private interface CachedResult {
        void writeFile(HttpAcceptSession httpAcceptSession);
    }

    /* loaded from: input_file:org/kaazing/gateway/transport/http/resource/impl/HttpClientAccessPolicyXml$InvalidResult.class */
    private static class InvalidResult implements CachedResult {
        private InvalidResult() {
        }

        @Override // org.kaazing.gateway.transport.http.resource.impl.HttpClientAccessPolicyXml.CachedResult
        public void writeFile(HttpAcceptSession httpAcceptSession) {
            httpAcceptSession.setStatus(HttpStatus.CLIENT_NOT_FOUND);
            httpAcceptSession.close(true);
        }
    }

    /* loaded from: input_file:org/kaazing/gateway/transport/http/resource/impl/HttpClientAccessPolicyXml$ValidResult.class */
    private static class ValidResult implements CachedResult {
        private final IoBufferEx result;
        private final Integer maxAge;

        public ValidResult(Integer num, IoBufferEx ioBufferEx) {
            this.maxAge = num;
            this.result = ioBufferEx;
        }

        @Override // org.kaazing.gateway.transport.http.resource.impl.HttpClientAccessPolicyXml.CachedResult
        public void writeFile(HttpAcceptSession httpAcceptSession) {
            if (this.maxAge != null) {
                httpAcceptSession.setWriteHeader(HttpHeaders.HEADER_MAX_AGE, String.valueOf(this.maxAge));
            }
            httpAcceptSession.setWriteHeader(HttpHeaders.HEADER_CONTENT_LENGTH, String.valueOf(this.result.remaining()));
            try {
                httpAcceptSession.write(this.result.duplicate()).await(10L, TimeUnit.SECONDS);
            } catch (InterruptedException e) {
                if (HttpClientAccessPolicyXml.LOGGER.isWarnEnabled()) {
                    HttpClientAccessPolicyXml.LOGGER.warn(String.format("Write future in %s never fired", HttpClientAccessPolicyXml.class));
                }
            }
            httpAcceptSession.close(true);
        }
    }

    @Override // org.kaazing.gateway.transport.http.resource.HttpDynamicResource
    public void writeFile(HttpAcceptSession httpAcceptSession) throws IOException {
        CharsetEncoder newEncoder = CharsetUtil.UTF_8.newEncoder();
        ResourceAddress localAddress = httpAcceptSession.getLocalAddress();
        URI resource = localAddress.getResource();
        String authority = resource.getAuthority();
        ConcurrentMap<String, CachedResult> concurrentMap = this.cacheByAuthorityRef.get();
        CachedResult cachedResult = concurrentMap.get(authority);
        if (cachedResult != null) {
            cachedResult.writeFile(httpAcceptSession);
            return;
        }
        List authorityToSetOfAcceptConstraintsByURI = ((GatewayHttpOriginSecurity) localAddress.getOption(HttpResourceAddress.GATEWAY_ORIGIN_SECURITY)).getAuthorityToSetOfAcceptConstraintsByURI();
        Integer num = null;
        IoBufferAllocatorEx bufferAllocator = httpAcceptSession.getBufferAllocator();
        IoBufferEx autoExpander = bufferAllocator.wrap(ByteBuffer.allocate(10240), 2).setAutoExpander(bufferAllocator);
        autoExpander.putString("<?xml version=\"1.0\" encoding=\"utf-8\"?>\n", newEncoder);
        autoExpander.putString("<access-policy>\n", newEncoder);
        autoExpander.putString("<cross-domain-access>\n", newEncoder);
        boolean z = false;
        HashSet hashSet = new HashSet();
        Iterator it = authorityToSetOfAcceptConstraintsByURI.iterator();
        while (it.hasNext()) {
            for (Map.Entry entry : ((Map) it.next()).entrySet()) {
                URI uri = (URI) entry.getKey();
                if (uri.getAuthority().equals(authority)) {
                    for (Map.Entry entry2 : ((Map) entry.getValue()).entrySet()) {
                        CrossSiteConstraintContext crossSiteConstraintContext = (CrossSiteConstraintContext) entry2.getValue();
                        if (!((String) entry2.getKey()).equals(resource.toString())) {
                            Integer maximumAge = crossSiteConstraintContext.getMaximumAge();
                            if (maximumAge != null) {
                                num = num == null ? maximumAge : Integer.valueOf(Math.min(maximumAge.intValue(), num.intValue()));
                            }
                            String path = uri.getPath();
                            String allowOrigin = crossSiteConstraintContext.getAllowOrigin();
                            String allowHeaders = crossSiteConstraintContext.getAllowHeaders();
                            String allowOrigin2 = crossSiteConstraintContext.getAllowOrigin();
                            String allowMethods = crossSiteConstraintContext.getAllowMethods();
                            String format = String.format("%s%s%s%s%s", allowOrigin, allowHeaders, allowOrigin2, allowMethods, path);
                            if (!hashSet.contains(format)) {
                                hashSet.add(format);
                                z = true;
                                autoExpander.putString("<policy>\n", newEncoder);
                                autoExpander.putString("<allow-from http-request-headers=\"", newEncoder);
                                autoExpander.putString("Authorization,", newEncoder);
                                autoExpander.putString("X-WebSocket-Extensions,", newEncoder);
                                autoExpander.putString("X-WebSocket-Version,", newEncoder);
                                autoExpander.putString("X-Origin,", newEncoder);
                                autoExpander.putString("X-Accept-Commands,", newEncoder);
                                autoExpander.putString("X-Sequence-No,", newEncoder);
                                autoExpander.putString(String.format("X-Origin-%s", ("*".equals(allowOrigin) ? NULL_ORIGIN : URI.create(URLEncoder.encode(allowOrigin, "UTF-8"))).toASCIIString()), newEncoder);
                                if (allowHeaders != null) {
                                    autoExpander.putString("," + allowHeaders, newEncoder);
                                }
                                autoExpander.putString("\">\n", newEncoder);
                                if ("*".equals(allowOrigin2)) {
                                    autoExpander.putString("<domain uri=\"http://*\"/>\n", newEncoder);
                                    autoExpander.putString("<domain uri=\"https://*\"/>\n", newEncoder);
                                    autoExpander.putString("<domain uri=\"file:///\"/>\n", newEncoder);
                                } else {
                                    autoExpander.putString("<domain uri=\"" + allowOrigin2 + "\"/>\n", newEncoder);
                                }
                                autoExpander.putString("</allow-from>\n", newEncoder);
                                autoExpander.putString("<grant-to>\n", newEncoder);
                                if (allowMethods != null) {
                                    for (String str : allowMethods.toLowerCase().split(",")) {
                                        autoExpander.putString("<resource path=\"/;" + str, newEncoder);
                                        autoExpander.putString(path, newEncoder);
                                        autoExpander.putString("\" include-subpaths=\"true\"/>\n", newEncoder);
                                    }
                                }
                                autoExpander.putString("</grant-to>\n", newEncoder);
                                autoExpander.putString("</policy>\n", newEncoder);
                            }
                        }
                    }
                }
            }
        }
        autoExpander.putString("</cross-domain-access>\n", newEncoder);
        autoExpander.putString("</access-policy>\n", newEncoder);
        autoExpander.flip();
        if (!z) {
            concurrentMap.put(authority, new InvalidResult());
            httpAcceptSession.setStatus(HttpStatus.CLIENT_NOT_FOUND);
            httpAcceptSession.close(true);
            return;
        }
        if (num != null) {
            httpAcceptSession.setWriteHeader(HttpHeaders.HEADER_MAX_AGE, String.valueOf(num));
        }
        httpAcceptSession.setWriteHeader(HttpHeaders.HEADER_CONTENT_LENGTH, String.valueOf(autoExpander.remaining()));
        ValidResult validResult = new ValidResult(num, autoExpander);
        CachedResult putIfAbsent = concurrentMap.putIfAbsent(authority, validResult);
        if (putIfAbsent == null) {
            putIfAbsent = validResult;
        }
        putIfAbsent.writeFile(httpAcceptSession);
    }
}
