package org.apache.ofbiz.webapp.event;

import java.util.HashMap;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TimeZone;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.ofbiz.base.util.Debug;
import org.apache.ofbiz.base.util.UtilGenerics;
import org.apache.ofbiz.base.util.UtilHttp;
import org.apache.ofbiz.base.util.UtilValidate;
import org.apache.ofbiz.entity.Delegator;
import org.apache.ofbiz.entity.GenericValue;
import org.apache.ofbiz.entity.util.EntityUtilProperties;
import org.apache.ofbiz.service.DispatchContext;
import org.apache.ofbiz.service.GenericServiceException;
import org.apache.ofbiz.service.LocalDispatcher;
import org.apache.ofbiz.service.ModelParam;
import org.apache.ofbiz.service.ModelService;
import org.apache.ofbiz.service.ServiceAuthException;
import org.apache.ofbiz.service.ServiceValidationException;
import org.apache.ofbiz.webapp.control.ConfigXMLReader;
import org.apache.ofbiz.webapp.control.ControlActivationEventListener;
import org.apache.ofbiz.widget.renderer.VisualTheme;

/* loaded from: input_file:org/apache/ofbiz/webapp/event/ServiceEventHandler.class */
public class ServiceEventHandler implements EventHandler {
    public static final String module = ServiceEventHandler.class.getName();
    public static final String SYNC = "sync";
    public static final String ASYNC = "async";

    @Override // org.apache.ofbiz.webapp.event.EventHandler
    public void init(ServletContext servletContext) throws EventHandlerException {
    }

    @Override // org.apache.ofbiz.webapp.event.EventHandler
    public String invoke(ConfigXMLReader.Event event, ConfigXMLReader.RequestMap requestMap, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws EventHandlerException {
        String str;
        Object obj;
        LocalDispatcher localDispatcher = (LocalDispatcher) httpServletRequest.getAttribute("dispatcher");
        if (localDispatcher == null) {
            throw new EventHandlerException("The local service dispatcher is null");
        }
        DispatchContext dispatchContext = localDispatcher.getDispatchContext();
        if (dispatchContext == null) {
            throw new EventHandlerException("Dispatch context cannot be found");
        }
        String str2 = UtilValidate.isEmpty(event.path) ? "sync" : event.path;
        String str3 = event.invoke;
        if (str3 == null) {
            throw new EventHandlerException("Service name (eventMethod) cannot be null");
        }
        if (Debug.verboseOn()) {
            Debug.logVerbose("[Set mode/service]: " + str2 + "/" + str3, module);
        }
        Locale locale = UtilHttp.getLocale(httpServletRequest);
        TimeZone timeZone = UtilHttp.getTimeZone(httpServletRequest);
        VisualTheme visualTheme = UtilHttp.getVisualTheme(httpServletRequest);
        HttpSession session = httpServletRequest.getSession();
        GenericValue genericValue = (GenericValue) session.getAttribute("userLogin");
        try {
            ModelService modelService = dispatchContext.getModelService(str3);
            if (modelService == null) {
                throw new EventHandlerException("Problems getting the service model");
            }
            if (Debug.verboseOn()) {
                Debug.logVerbose("[Processing]: SERVICE Event", module);
                Debug.logVerbose("[Using delegator]: " + localDispatcher.getDelegator().getDelegatorName(), module);
            }
            Map<String, Object> combinedMap = UtilHttp.getCombinedMap(httpServletRequest);
            Map checkMap = UtilGenerics.checkMap(httpServletRequest.getAttribute("multiPartMap"));
            Set<String> keySet = UtilHttp.getUrlOnlyParameterMap(httpServletRequest).keySet();
            HashMap hashMap = new HashMap();
            for (ModelParam modelParam : modelService.getInModelParamList()) {
                String str4 = modelParam.name;
                if (!"userLogin".equals(str4) && !"locale".equals(str4) && !"timeZone".equals(str4) && !"visualTheme".equals(str4)) {
                    if (UtilValidate.isNotEmpty(modelParam.stringMapPrefix)) {
                        Map<String, Object> makeParamMapWithPrefix = UtilHttp.makeParamMapWithPrefix(httpServletRequest, (Map<String, ? extends Object>) checkMap, modelParam.stringMapPrefix, (String) null);
                        obj = makeParamMapWithPrefix;
                        if (Debug.verboseOn()) {
                            Debug.logVerbose("Set [" + modelParam.name + "]: " + makeParamMapWithPrefix, module);
                        }
                    } else if (UtilValidate.isNotEmpty(modelParam.stringListSuffix)) {
                        obj = UtilHttp.makeParamListWithSuffix(httpServletRequest, checkMap, modelParam.stringListSuffix, null);
                    } else {
                        obj = checkMap.get(str4);
                        if (UtilValidate.isEmpty(obj)) {
                            Object attribute = httpServletRequest.getAttribute(UtilValidate.isEmpty(modelParam.requestAttributeName) ? str4 : modelParam.requestAttributeName);
                            if (attribute != null) {
                                obj = attribute;
                            }
                        }
                        if (UtilValidate.isEmpty(obj)) {
                            checkSecureParameter(requestMap, keySet, str4, session, str3, dispatchContext.getDelegator());
                            obj = "any".equals(modelParam.allowHtml) ? httpServletRequest.getParameter(str4) : combinedMap.get(str4);
                            if (obj == null) {
                                obj = UtilHttp.makeParamValueFromComposite(httpServletRequest, str4, locale);
                            }
                        }
                        if (UtilValidate.isEmpty(obj)) {
                            Object attribute2 = httpServletRequest.getSession().getAttribute(UtilValidate.isEmpty(modelParam.sessionAttributeName) ? str4 : modelParam.sessionAttributeName);
                            if (attribute2 != null) {
                                obj = attribute2;
                            }
                        }
                        if (obj != null) {
                            if ((obj instanceof String) && ((String) obj).length() == 0) {
                                obj = null;
                            }
                        }
                    }
                    hashMap.put(str4, obj);
                }
            }
            LinkedList linkedList = new LinkedList();
            Map<String, ? extends Object> makeValid = modelService.makeValid(hashMap, ModelService.IN_PARAM, true, linkedList, timeZone, locale);
            if (linkedList.size() > 0) {
                httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST_", linkedList);
                return "error";
            }
            if (genericValue != null) {
                makeValid.put("userLogin", genericValue);
            }
            if (locale != null) {
                makeValid.put("locale", locale);
            }
            if (timeZone != null) {
                makeValid.put("timeZone", timeZone);
            }
            if (visualTheme != null) {
                makeValid.put("visualTheme", visualTheme);
            }
            Map<String, Object> map = null;
            try {
                if ("async".equalsIgnoreCase(str2)) {
                    localDispatcher.runAsync(str3, makeValid);
                } else {
                    map = localDispatcher.runSync(str3, makeValid);
                }
                if (map == null) {
                    str = ModelService.RESPOND_SUCCESS;
                } else {
                    str = !map.containsKey(ModelService.RESPONSE_MESSAGE) ? ModelService.RESPOND_SUCCESS : (String) map.get(ModelService.RESPONSE_MESSAGE);
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST_", map.get(ModelService.ERROR_MESSAGE_LIST));
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_MAP_", map.get(ModelService.ERROR_MESSAGE_MAP));
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_", map.get(ModelService.ERROR_MESSAGE));
                    httpServletRequest.setAttribute("_EVENT_MESSAGE_LIST_", map.get(ModelService.SUCCESS_MESSAGE_LIST));
                    httpServletRequest.setAttribute("_EVENT_MESSAGE_", map.get(ModelService.SUCCESS_MESSAGE));
                    for (Map.Entry<String, Object> entry : map.entrySet()) {
                        String key = entry.getKey();
                        Object value = entry.getValue();
                        if (key != null && !ModelService.RESPONSE_MESSAGE.equals(key) && !ModelService.ERROR_MESSAGE.equals(key) && !ModelService.ERROR_MESSAGE_LIST.equals(key) && !ModelService.ERROR_MESSAGE_MAP.equals(key) && !ModelService.SUCCESS_MESSAGE.equals(key) && !ModelService.SUCCESS_MESSAGE_LIST.equals(key)) {
                            httpServletRequest.setAttribute(key, value);
                        }
                    }
                }
                if (Debug.verboseOn()) {
                    Debug.logVerbose("[Event Return]: " + str, module);
                }
                return str;
            } catch (ServiceAuthException e) {
                httpServletRequest.setAttribute("_ERROR_MESSAGE_", e.getNonNestedMessage());
                return "error";
            } catch (ServiceValidationException e2) {
                httpServletRequest.setAttribute("serviceValidationException", e2);
                if (e2.getMessageList() != null) {
                    httpServletRequest.setAttribute("_ERROR_MESSAGE_LIST_", e2.getMessageList());
                    return "error";
                }
                httpServletRequest.setAttribute("_ERROR_MESSAGE_", e2.getNonNestedMessage());
                return "error";
            } catch (GenericServiceException e3) {
                Debug.logError(e3, "Service invocation error", module);
                throw new EventHandlerException("Service invocation error", e3.getNested());
            }
        } catch (GenericServiceException e4) {
            throw new EventHandlerException("Problems getting the service model", e4);
        }
    }

    public static void checkSecureParameter(ConfigXMLReader.RequestMap requestMap, Set<String> set, String str, HttpSession httpSession, String str2, Delegator delegator) throws EventHandlerException {
        if (requestMap != null && requestMap.securityHttps && set.contains(str)) {
            String str3 = "Found URL parameter [" + str + "] passed to secure (https) request-map with uri [" + requestMap.uri + "] with an event that calls service [" + str2 + "]; this is not allowed for security reasons! The data should be encrypted by making it part of the request body (a form field) instead of the request URL. Moreover it would be kind if you could create a Jira sub-task of https://issues.apache.org/jira/browse/OFBIZ-2330 (check before if a sub-task for this error does not exist). If you are not sure how to create a Jira issue please have a look before at https://cwiki.apache.org/confluence/display/OFBIZ/OFBiz+Contributors+Best+Practices Thank you in advance for your help.";
            Debug.logError("=============== " + str3 + "; In session [" + ControlActivationEventListener.showSessionId(httpSession) + "]; Note that this can be changed using the service.http.parameters.require.encrypted property in the url.properties file", module);
            if (!EntityUtilProperties.propertyValueEqualsIgnoreCase("url", "service.http.parameters.require.encrypted", "N", delegator)) {
                throw new EventHandlerException(str3);
            }
        }
    }
}
