package com.openexchange.ajax;

import com.openexchange.ajax.container.Response;
import com.openexchange.ajax.requesthandler.Dispatchers;
import com.openexchange.ajax.requesthandler.responseRenderers.APIResponseRenderer;
import com.openexchange.configuration.ServerConfig;
import com.openexchange.database.DatabaseService;
import com.openexchange.exception.OXException;
import com.openexchange.groupware.upload.impl.UploadException;
import com.openexchange.log.LogProperties;
import com.openexchange.server.services.ServerServiceRegistry;
import com.openexchange.session.Session;
import com.openexchange.session.SessionThreadCounter;
import com.openexchange.sessiond.SessionExceptionCodes;
import com.openexchange.sessiond.SessiondService;
import com.openexchange.sessiond.impl.ThreadLocalSessionHolder;
import com.openexchange.tools.servlet.AjaxExceptionCodes;
import com.openexchange.tools.servlet.http.Tools;
import com.openexchange.tools.servlet.ratelimit.RateLimitedException;
import com.openexchange.tools.session.ServerSession;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpStatus;
import org.json.JSONException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/openexchange/ajax/SessionServlet.class */
public abstract class SessionServlet extends AJAXServlet {
    private static final long serialVersionUID = -8308340875362868795L;
    private static final Logger LOG = LoggerFactory.getLogger(SessionServlet.class);
    public static final String SESSION_KEY = "sessionObject";
    public static final String SESSION_WHITELIST_FILE = "noipcheck.cnf";
    private final String sessionErrorPrefix;
    private static final String USM_USER_AGENT = "Open-Xchange USM HTTP Client";
    private static volatile Integer maxConcurrentRequests;

    /* JADX INFO: Access modifiers changed from: protected */
    public SessionServlet() {
        SessionUtility.initialize();
        this.sessionErrorPrefix = SessionExceptionCodes.getErrorPrefix();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initializeSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws OXException {
        SessionUtility.defaultInitializeSession(httpServletRequest, httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.openexchange.ajax.AJAXServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Tools.disableCaching(httpServletResponse);
        AtomicInteger atomicInteger = null;
        SessionThreadCounter sessionThreadCounter = (SessionThreadCounter) SessionThreadCounter.REFERENCE.get();
        String str = null;
        try {
            try {
                httpServletResponse.setStatus(200);
                httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_JAVASCRIPT);
                initializeSession(httpServletRequest, httpServletResponse);
                ServerSession sessionObject = SessionUtility.getSessionObject(httpServletRequest, true);
                if (null != sessionObject) {
                    String str2 = (String) sessionObject.getParameter(LogProperties.Name.DATABASE_SCHEMA.getName());
                    if (str2 == null) {
                        str2 = ((DatabaseService) ServerServiceRegistry.getServize(DatabaseService.class, true)).getSchemaName(sessionObject.getContextId());
                        sessionObject.setParameter(LogProperties.Name.DATABASE_SCHEMA.getName(), str2);
                    }
                    LogProperties.put(LogProperties.Name.DATABASE_SCHEMA, str2);
                    LogProperties.putSessionProperties(sessionObject);
                    int maxConcurrentRequests2 = getMaxConcurrentRequests(sessionObject);
                    if (maxConcurrentRequests2 > 0) {
                        atomicInteger = (AtomicInteger) sessionObject.getParameter(Session.PARAM_COUNTER);
                        if (null != atomicInteger && atomicInteger.incrementAndGet() > maxConcurrentRequests2) {
                            LOG.info("User {} in context {} exceeded max. concurrent requests ({}).", new Object[]{Integer.valueOf(sessionObject.getUserId()), Integer.valueOf(sessionObject.getContextId()), Integer.valueOf(maxConcurrentRequests2)});
                            throw AjaxExceptionCodes.TOO_MANY_REQUESTS.create();
                        }
                    }
                    ThreadLocalSessionHolder.getInstance().setSession(sessionObject);
                    if (null != sessionThreadCounter) {
                        str = sessionObject.getSessionID();
                        sessionThreadCounter.increment(str);
                    }
                    Iterator it = SessionServletInterceptorRegistry.getInstance().getInterceptors().iterator();
                    while (it.hasNext()) {
                        ((SessionServletInterceptor) it.next()).intercept(sessionObject);
                    }
                }
                super.service(httpServletRequest, httpServletResponse);
                if (null != str && null != sessionThreadCounter) {
                    sessionThreadCounter.decrement(str);
                }
                ThreadLocalSessionHolder.getInstance().clear();
                LogProperties.removeSessionProperties();
                LogProperties.removeProperty(LogProperties.Name.DATABASE_SCHEMA);
                if (null != atomicInteger) {
                    atomicInteger.getAndDecrement();
                }
            } catch (RateLimitedException e) {
                httpServletResponse.setContentType("text/plain; charset=UTF-8");
                if (e.getRetryAfter() > 0) {
                    httpServletResponse.setHeader("Retry-After", String.valueOf(e.getRetryAfter()));
                }
                httpServletResponse.sendError(429, "Too Many Requests - Your request is being rate limited.");
                if (0 != 0 && null != sessionThreadCounter) {
                    sessionThreadCounter.decrement((String) null);
                }
                ThreadLocalSessionHolder.getInstance().clear();
                LogProperties.removeSessionProperties();
                LogProperties.removeProperty(LogProperties.Name.DATABASE_SCHEMA);
                if (0 != 0) {
                    atomicInteger.getAndDecrement();
                }
            } catch (OXException e2) {
                handleOXException(e2, httpServletRequest, httpServletResponse);
                if (0 != 0 && null != sessionThreadCounter) {
                    sessionThreadCounter.decrement((String) null);
                }
                ThreadLocalSessionHolder.getInstance().clear();
                LogProperties.removeSessionProperties();
                LogProperties.removeProperty(LogProperties.Name.DATABASE_SCHEMA);
                if (0 != 0) {
                    atomicInteger.getAndDecrement();
                }
            }
        } catch (Throwable th) {
            if (0 != 0 && null != sessionThreadCounter) {
                sessionThreadCounter.decrement((String) null);
            }
            ThreadLocalSessionHolder.getInstance().clear();
            LogProperties.removeSessionProperties();
            LogProperties.removeProperty(LogProperties.Name.DATABASE_SCHEMA);
            if (0 != 0) {
                atomicInteger.getAndDecrement();
            }
            throw th;
        }
    }

    protected void superService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        super.service(httpServletRequest, httpServletResponse);
    }

    protected void handleSessiondException(OXException oXException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            if (SessionUtility.isIpCheckError(oXException)) {
                try {
                    SessiondService sessiondService = (SessiondService) ServerServiceRegistry.getInstance().getService(SessiondService.class);
                    String sessionId = SessionUtility.getSessionId(httpServletRequest);
                    SessionUtility.removeOXCookies(SessionUtility.getSession(httpServletRequest, sessionId, sessiondService).getHash(), httpServletRequest, httpServletResponse);
                    SessionUtility.removeJSESSIONID(httpServletRequest, httpServletResponse);
                    sessiondService.removeSession(sessionId);
                    LogProperties.removeSessionProperties();
                } catch (Exception e) {
                    LOG.error("Cookies could not be removed.", e);
                    LogProperties.removeSessionProperties();
                }
            }
        } catch (Throwable th) {
            LogProperties.removeSessionProperties();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void writeErrorAsJsCallback(OXException oXException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            APIResponseRenderer.writeJsCallback(new Response().setException(oXException), Dispatchers.getActionFrom(httpServletRequest), httpServletRequest, httpServletResponse);
        } catch (JSONException e) {
            LOG.error("", oXException);
            try {
                httpServletResponse.sendError(500, "A JSON error occurred: " + oXException.getMessage());
            } catch (IOException e2) {
                LOG.error("", e2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handleOXException(OXException oXException, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        handleOXException(oXException, 500, "An error occurred inside the server which prevented it from fulfilling the request.", httpServletRequest, httpServletResponse);
    }

    protected void handleOXException(OXException oXException, int i, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (UploadException.UploadCode.MAX_UPLOAD_SIZE_EXCEEDED.equals(oXException) || UploadException.UploadCode.MAX_UPLOAD_FILE_SIZE_EXCEEDED.equals(oXException)) {
            LOG.debug("", oXException);
            httpServletResponse.sendError(413, oXException.getMessage());
            return;
        }
        if (!this.sessionErrorPrefix.equals(oXException.getPrefix())) {
            oXException.log(LOG);
            if (Dispatchers.isApiOutputExpectedFor(httpServletRequest)) {
                APIResponseRenderer.writeResponse(new Response().setException(oXException), Dispatchers.getActionFrom(httpServletRequest), httpServletRequest, httpServletResponse);
                return;
            } else {
                if (USM_USER_AGENT.equals(httpServletRequest.getHeader(Tools.HEADER_AGENT))) {
                    writeErrorAsJsCallback(oXException, httpServletRequest, httpServletResponse);
                    return;
                }
                String str2 = null == str ? "An error occurred inside the server which prevented it from fulfilling the request." : str;
                httpServletResponse.setStatus(i);
                writeErrorPage(i, str2, httpServletResponse);
                return;
            }
        }
        LOG.debug("", oXException);
        handleSessiondException(oXException, httpServletRequest, httpServletResponse);
        if (Dispatchers.isApiOutputExpectedFor(httpServletRequest)) {
            APIResponseRenderer.writeResponse(new Response().setException(oXException), Dispatchers.getActionFrom(httpServletRequest), httpServletRequest, httpServletResponse);
        } else {
            if (USM_USER_AGENT.equals(httpServletRequest.getHeader(Tools.HEADER_AGENT))) {
                writeErrorAsJsCallback(oXException, httpServletRequest, httpServletResponse);
                return;
            }
            String message = oXException.getMessage();
            httpServletResponse.setStatus(403);
            writeErrorPage(403, message, httpServletResponse);
        }
    }

    public static void writeErrorPage(int i, String str, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType(AJAXServlet.CONTENTTYPE_HTML);
        httpServletResponse.setHeader("Content-Disposition", "inline");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.write(getErrorPage(i, null, str));
        writer.flush();
    }

    protected String getErrorPage(int i) {
        return getErrorPage(i, null, null);
    }

    public static String getErrorPage(int i, String str, String str2) {
        String statusText = null == str ? HttpStatus.getStatusText(i) : str;
        StringBuilder sb = new StringBuilder(512);
        String property = System.getProperty("line.separator");
        sb.append("<!DOCTYPE html>").append(property);
        sb.append("<html><head>").append(property);
        sb.append("<title>").append(i);
        if (null != statusText) {
            sb.append(' ').append(statusText);
        }
        sb.append("</title>").append(property);
        sb.append("</head><body>").append(property);
        sb.append("<h1>");
        if (null == statusText) {
            sb.append(i);
        } else {
            sb.append(statusText);
        }
        sb.append("</h1>").append(property);
        String str3 = null == str2 ? statusText : str2;
        if (null != str3) {
            sb.append("<p>").append(str3).append("</p>").append(property);
        }
        sb.append("</body></html>").append(property);
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerSession getSessionObject(ServletRequest servletRequest) {
        return SessionUtility.getSessionObject(servletRequest, false);
    }

    protected ServerSession getSessionObject(ServletRequest servletRequest, boolean z) {
        return SessionUtility.getSessionObject(servletRequest, z);
    }

    private static int getMaxConcurrentRequests(ServerSession serverSession) {
        Integer num = maxConcurrentRequests;
        if (null == num) {
            synchronized (SessionServlet.class) {
                num = maxConcurrentRequests;
                if (null == num) {
                    Integer valueOf = Integer.valueOf(getMaxConcurrentRequests0(serverSession));
                    maxConcurrentRequests = valueOf;
                    num = valueOf;
                }
            }
        }
        return num.intValue();
    }

    private static int getMaxConcurrentRequests0(ServerSession serverSession) {
        if (serverSession == null) {
            return 0;
        }
        Set<String> set = serverSession.getUser().getAttributes().get("ajax.maxCount");
        if (null == set || set.isEmpty()) {
            try {
                return ServerConfig.getInt(ServerConfig.Property.DEFAULT_MAX_CONCURRENT_AJAX_REQUESTS);
            } catch (OXException e) {
                return Integer.parseInt(ServerConfig.Property.DEFAULT_MAX_CONCURRENT_AJAX_REQUESTS.getDefaultValue());
            }
        }
        try {
            return Integer.parseInt(set.iterator().next());
        } catch (NumberFormatException e2) {
            try {
                return ServerConfig.getInt(ServerConfig.Property.DEFAULT_MAX_CONCURRENT_AJAX_REQUESTS);
            } catch (OXException e3) {
                return Integer.parseInt(ServerConfig.Property.DEFAULT_MAX_CONCURRENT_AJAX_REQUESTS.getDefaultValue());
            }
        }
    }
}
