package org.eclipse.scout.rt.server;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Date;
import java.util.regex.Pattern;
import org.eclipse.scout.commons.exception.ProcessingException;
import org.eclipse.scout.commons.exception.VetoException;
import org.eclipse.scout.commons.logger.IScoutLogger;
import org.eclipse.scout.commons.logger.ScoutLogManager;
import org.eclipse.scout.rt.server.admin.inspector.CallInspector;
import org.eclipse.scout.rt.server.admin.inspector.ProcessInspector;
import org.eclipse.scout.rt.server.admin.inspector.SessionInspector;
import org.eclipse.scout.rt.server.internal.Activator;
import org.eclipse.scout.rt.server.services.common.clientnotification.IClientNotificationService;
import org.eclipse.scout.rt.server.transaction.ITransaction;
import org.eclipse.scout.rt.shared.ScoutTexts;
import org.eclipse.scout.rt.shared.WebClientState;
import org.eclipse.scout.rt.shared.security.RemoteServiceAccessPermission;
import org.eclipse.scout.rt.shared.services.common.exceptionhandler.IExceptionHandlerService;
import org.eclipse.scout.rt.shared.services.common.security.ACCESS;
import org.eclipse.scout.rt.shared.servicetunnel.RemoteServiceAccessDenied;
import org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelAccessDenied;
import org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelRequest;
import org.eclipse.scout.rt.shared.servicetunnel.ServiceTunnelResponse;
import org.eclipse.scout.rt.shared.servicetunnel.VersionMismatchException;
import org.eclipse.scout.rt.shared.validate.DefaultValidator;
import org.eclipse.scout.rt.shared.validate.IValidationStrategy;
import org.eclipse.scout.rt.shared.validate.InputValidation;
import org.eclipse.scout.rt.shared.validate.OutputValidation;
import org.eclipse.scout.service.IService;
import org.eclipse.scout.service.IService2;
import org.eclipse.scout.service.SERVICES;
import org.eclipse.scout.service.ServiceUtility;
import org.osgi.framework.Bundle;
import org.osgi.framework.Version;

/* loaded from: input_file:org/eclipse/scout/rt/server/DefaultTransactionDelegate.class */
public class DefaultTransactionDelegate {
    private static final IScoutLogger LOG = ScoutLogManager.getLogger(DefaultTransactionDelegate.class);
    private static final Boolean VALIDATE_INPUT = Boolean.valueOf("true".equals(Activator.getDefault().getBundle().getBundleContext().getProperty("org.eclipse.scout.rt.server.validateInput")));
    private static final Boolean VALIDATE_OUTPUT = Boolean.valueOf("true".equals(Activator.getDefault().getBundle().getBundleContext().getProperty("org.eclipse.scout.rt.server.validateOutput")));
    public static final Pattern DEFAULT_QUERY_NAMES_PATTERN = Pattern.compile("(get|is|has|load|read|find|select)([A-Z].*)?");
    public static final Pattern DEFAULT_PROCESS_NAMES_PATTERN = Pattern.compile("(set|put|add|remove|store|write|create|insert|update|delete)([A-Z].*)?");
    private final Version m_requestMinVersion;
    private final boolean m_debug;
    private final Bundle[] m_loaderBundles;
    private long m_requestStart;
    private long m_requestEnd;

    public DefaultTransactionDelegate(Bundle[] bundleArr, Version version, boolean z) {
        this.m_loaderBundles = bundleArr;
        this.m_requestMinVersion = version;
        this.m_debug = z;
    }

    public ServiceTunnelResponse invoke(ServiceTunnelRequest serviceTunnelRequest) throws Exception {
        ServiceTunnelResponse serviceTunnelResponse;
        this.m_requestStart = System.nanoTime();
        try {
            try {
                serviceTunnelResponse = invokeImpl(serviceTunnelRequest);
                if (this.m_debug) {
                    LOG.debug("TIME " + serviceTunnelRequest.getServiceInterfaceClassName() + "." + serviceTunnelRequest.getOperation() + " " + ((this.m_requestEnd - this.m_requestStart) / 1000000) + "ms");
                }
            } catch (Throwable th) {
                ITransaction transaction = ThreadContext.getTransaction();
                if (transaction != null) {
                    try {
                        transaction.addFailure(th);
                    } catch (Throwable th2) {
                    }
                }
                if (transaction == null || !transaction.isCancelled()) {
                    if (th instanceof ProcessingException) {
                        th.addContextMessage("invoking " + serviceTunnelRequest.getServiceInterfaceClassName() + ":" + serviceTunnelRequest.getOperation());
                        ((IExceptionHandlerService) SERVICES.getService(IExceptionHandlerService.class)).handleException(th);
                    } else {
                        LOG.error("invoking " + serviceTunnelRequest.getServiceInterfaceClassName() + ":" + serviceTunnelRequest.getOperation(), th);
                    }
                }
                serviceTunnelResponse = new ServiceTunnelResponse((Object) null, (Object[]) null, replaceOutboundException(th));
                if (this.m_debug) {
                    LOG.debug("TIME " + serviceTunnelRequest.getServiceInterfaceClassName() + "." + serviceTunnelRequest.getOperation() + " " + ((this.m_requestEnd - this.m_requestStart) / 1000000) + "ms");
                }
            }
            this.m_requestEnd = System.nanoTime();
            serviceTunnelResponse.setProcessingDuration(Long.valueOf((this.m_requestEnd - this.m_requestStart) / 1000000));
            return serviceTunnelResponse;
        } catch (Throwable th3) {
            if (this.m_debug) {
                LOG.debug("TIME " + serviceTunnelRequest.getServiceInterfaceClassName() + "." + serviceTunnelRequest.getOperation() + " " + ((this.m_requestEnd - this.m_requestStart) / 1000000) + "ms");
            }
            throw th3;
        }
    }

    protected Throwable replaceOutboundException(Throwable th) {
        VetoException processingException;
        if (th instanceof VetoException) {
            VetoException vetoException = (VetoException) th;
            processingException = new VetoException(vetoException.getStatus().getTitle(), vetoException.getMessage(), vetoException.getStatus().getCode(), vetoException.getStatus().getSeverity());
        } else {
            processingException = new ProcessingException(ScoutTexts.get("RequestProblem", new String[0]));
        }
        processingException.setStackTrace(new StackTraceElement[0]);
        return processingException;
    }

    protected ServiceTunnelResponse invokeImpl(ServiceTunnelRequest serviceTunnelRequest) throws Throwable {
        String soapOperation = ServiceTunnelRequest.toSoapOperation(serviceTunnelRequest.getServiceInterfaceClassName(), serviceTunnelRequest.getOperation());
        IServerSession serverSession = ThreadContext.getServerSession();
        String userId = serverSession.getUserId();
        if (LOG.isDebugEnabled()) {
            LOG.debug("started " + serviceTunnelRequest.getServiceInterfaceClassName() + "." + serviceTunnelRequest.getOperation() + " by " + userId + " at " + new Date());
        }
        if (this.m_requestMinVersion != null) {
            String version = serviceTunnelRequest.getVersion();
            if (version == null) {
                version = "0.0.0";
            }
            Version parseVersion = Version.parseVersion(version);
            if (parseVersion.compareTo(this.m_requestMinVersion) < 0) {
                return new ServiceTunnelResponse((Object) null, (Object[]) null, new VersionMismatchException(parseVersion.toString(), this.m_requestMinVersion.toString()));
            }
        }
        SessionInspector sessionInspector = ProcessInspector.getDefault().getSessionInspector(serverSession, true);
        CallInspector requestCallInspector = sessionInspector != null ? sessionInspector.requestCallInspector(serviceTunnelRequest) : null;
        boolean isWebClientInCurrentThread = WebClientState.isWebClientInCurrentThread();
        try {
            WebClientState.setWebClientInCurrentThread(Boolean.valueOf(serviceTunnelRequest.getVirtualSessionId() != null));
            Class<?> cls = null;
            for (Bundle bundle : this.m_loaderBundles) {
                try {
                    cls = bundle.loadClass(serviceTunnelRequest.getServiceInterfaceClassName());
                    break;
                } catch (ClassNotFoundException e) {
                }
            }
            if (cls == null) {
                throw new ClassNotFoundException(serviceTunnelRequest.getServiceInterfaceClassName());
            }
            Method serviceOperation = ServiceUtility.getServiceOperation(cls, serviceTunnelRequest.getOperation(), serviceTunnelRequest.getParameterTypes());
            checkRemoteServiceAccessByInterface(cls, serviceOperation, serviceTunnelRequest.getArgs());
            Object service = SERVICES.getService(cls);
            if (service == null) {
                throw new SecurityException("service registry does not contain a service of type " + serviceTunnelRequest.getServiceInterfaceClassName());
            }
            checkRemoteServiceAccessByAnnotations(cls, service.getClass(), serviceOperation, serviceTunnelRequest.getArgs());
            checkRemoteServiceAccessByPermission(cls, service.getClass(), serviceOperation, serviceTunnelRequest.getArgs());
            if (serviceTunnelRequest.getArgs() != null && serviceTunnelRequest.getArgs().length > 0) {
                Class<? extends IValidationStrategy> findInputValidationStrategyByAnnotation = findInputValidationStrategyByAnnotation(service, serviceOperation);
                if (findInputValidationStrategyByAnnotation == null) {
                    findInputValidationStrategyByAnnotation = findInputValidationStrategyByPolicy(service, serviceOperation);
                }
                if (findInputValidationStrategyByAnnotation == null) {
                    throw new SecurityException("input validation failed (no strategy defined)");
                }
                validateInput(findInputValidationStrategyByAnnotation.newInstance(), service, serviceOperation, serviceTunnelRequest.getArgs());
            }
            Object invoke = ServiceUtility.invoke(serviceOperation, service, serviceTunnelRequest.getArgs());
            Object[] extractHolderArguments = ServiceUtility.extractHolderArguments(serviceTunnelRequest.getArgs());
            if (invoke != null || (extractHolderArguments != null && extractHolderArguments.length > 0)) {
                Class<? extends IValidationStrategy> findOutputValidationStrategyByAnnotation = findOutputValidationStrategyByAnnotation(service, serviceOperation);
                if (findOutputValidationStrategyByAnnotation == null) {
                    findOutputValidationStrategyByAnnotation = findOutputValidationStrategyByPolicy(service, serviceOperation);
                }
                if (findOutputValidationStrategyByAnnotation == null) {
                    throw new SecurityException("output validation failed");
                }
                validateOutput(findOutputValidationStrategyByAnnotation.newInstance(), service, serviceOperation, invoke, extractHolderArguments);
            }
            ServiceTunnelResponse serviceTunnelResponse = new ServiceTunnelResponse(invoke, extractHolderArguments, (Throwable) null);
            serviceTunnelResponse.setSoapOperation(soapOperation);
            serviceTunnelResponse.setClientNotifications(((IClientNotificationService) SERVICES.getService(IClientNotificationService.class)).getNextNotifications(0L));
            if (requestCallInspector != null) {
                try {
                    requestCallInspector.update();
                } catch (Throwable th) {
                    LOG.warn((String) null, th);
                }
                try {
                    requestCallInspector.close(serviceTunnelResponse);
                } catch (Throwable th2) {
                    LOG.warn((String) null, th2);
                }
                try {
                    requestCallInspector.getSessionInspector().update();
                } catch (Throwable th3) {
                    LOG.warn((String) null, th3);
                }
            }
            WebClientState.setWebClientInCurrentThread(Boolean.valueOf(isWebClientInCurrentThread));
            return serviceTunnelResponse;
        } catch (Throwable th4) {
            if (requestCallInspector != null) {
                try {
                    requestCallInspector.update();
                } catch (Throwable th5) {
                    LOG.warn((String) null, th5);
                }
                try {
                    requestCallInspector.close(null);
                } catch (Throwable th6) {
                    LOG.warn((String) null, th6);
                }
                try {
                    requestCallInspector.getSessionInspector().update();
                } catch (Throwable th7) {
                    LOG.warn((String) null, th7);
                }
            }
            WebClientState.setWebClientInCurrentThread(Boolean.valueOf(isWebClientInCurrentThread));
            throw th4;
        }
    }

    protected void checkRemoteServiceAccessByInterface(Class<?> cls, Method method, Object[] objArr) {
        if (!cls.isInterface()) {
            throw new SecurityException("access denied (code 1a).");
        }
        if (!IService.class.isAssignableFrom(cls)) {
            throw new SecurityException("access denied (code 1b).");
        }
        try {
            Method method2 = cls.getMethod(method.getName(), method.getParameterTypes());
            if (method2.getDeclaringClass() == IService.class || method2.getDeclaringClass() == IService2.class) {
                throw new SecurityException("access denied (code 1d).");
            }
        } catch (Throwable th) {
            throw new SecurityException("access denied (code 1c).");
        }
    }

    protected void checkRemoteServiceAccessByAnnotations(Class<?> cls, Class<?> cls2, Method method, Object[] objArr) {
        Class<?> cls3 = cls2;
        while (cls3 != null) {
            Method method2 = null;
            try {
                method2 = cls3.getMethod(method.getName(), method.getParameterTypes());
            } catch (Throwable th) {
            }
            if (method2 != null) {
                for (Annotation annotation : method2.getAnnotations()) {
                    if (annotation.annotationType() == ServiceTunnelAccessDenied.class) {
                        throw new SecurityException("access denied (code 2a).");
                    }
                    if (annotation.annotationType() == RemoteServiceAccessDenied.class) {
                        throw new SecurityException("access denied (code 2b).");
                    }
                }
            }
            for (Annotation annotation2 : cls3.getAnnotations()) {
                if (annotation2.annotationType() == RemoteServiceAccessDenied.class) {
                    throw new SecurityException("access denied (code 2c).");
                }
            }
            if (cls3 == cls) {
                return;
            }
            cls3 = cls3.getSuperclass();
            if (cls3 == Object.class) {
                cls3 = cls;
            }
        }
    }

    protected void checkRemoteServiceAccessByPermission(Class<?> cls, Class<?> cls2, Method method, Object[] objArr) {
        if (!ACCESS.check(new RemoteServiceAccessPermission(cls.getName(), method.getName()))) {
            throw new SecurityException("access denied (code 3a).");
        }
    }

    protected void validateInput(IValidationStrategy iValidationStrategy, Object obj, Method method, Object[] objArr) throws Exception {
    }

    protected void defaultValidateInput(IValidationStrategy iValidationStrategy, Object obj, Method method, Object[] objArr) throws Exception {
        new DefaultValidator(iValidationStrategy).validateMethodCall(method, objArr);
    }

    protected void validateOutput(IValidationStrategy iValidationStrategy, Object obj, Method method, Object obj2, Object[] objArr) throws Exception {
    }

    protected void defaultValidateOutput(IValidationStrategy iValidationStrategy, Object obj, Method method, Object obj2, Object[] objArr) throws Exception {
        if ((objArr == null || objArr.length <= 0) && obj2 == null) {
            return;
        }
        DefaultValidator defaultValidator = new DefaultValidator(iValidationStrategy);
        if (objArr != null && objArr.length > 0) {
            for (Object obj3 : objArr) {
                defaultValidator.validateParameter(obj3, (Collection) null);
            }
        }
        if (obj2 != null) {
            defaultValidator.validateParameter(obj2, (Collection) null);
        }
    }

    protected Class<? extends IValidationStrategy> findInputValidationStrategyByAnnotation(Object obj, Method method) {
        InputValidation annotation;
        Class<?> cls = obj.getClass();
        while (cls != null) {
            Method method2 = null;
            try {
                method2 = cls.getMethod(method.getName(), method.getParameterTypes());
            } catch (Throwable th) {
            }
            if (method2 != null && (annotation = method2.getAnnotation(InputValidation.class)) != null) {
                return annotation.value();
            }
            InputValidation annotation2 = cls.getAnnotation(InputValidation.class);
            if (annotation2 != null) {
                return annotation2.value();
            }
            if (cls == method.getDeclaringClass()) {
                return null;
            }
            cls = cls.getSuperclass();
            if (cls == Object.class) {
                cls = method.getDeclaringClass();
            }
        }
        return null;
    }

    protected Class<? extends IValidationStrategy> findInputValidationStrategyByPolicy(Object obj, Method method) {
        if (DEFAULT_QUERY_NAMES_PATTERN.matcher(method.getName()).matches()) {
            return IValidationStrategy.QUERY.class;
        }
        if (DEFAULT_PROCESS_NAMES_PATTERN.matcher(method.getName()).matches()) {
            return IValidationStrategy.PROCESS.class;
        }
        warnMissingInputValidation(obj, method);
        return IValidationStrategy.QUERY.class;
    }

    protected void warnMissingInputValidation(Object obj, Method method) {
        LOG.warn("Legacy security hint for: " + method.getDeclaringClass().getName() + "#" + method.getName() + ": missing either annotation " + InputValidation.class.getSimpleName() + " or override of server-side " + getClass().getSimpleName() + "#findInputValidationStrategyByPolicy. To support legacy the QUERY strategy is used.");
    }

    protected Class<? extends IValidationStrategy> findOutputValidationStrategyByAnnotation(Object obj, Method method) {
        OutputValidation annotation;
        Class<?> cls = obj.getClass();
        while (cls != null) {
            Method method2 = null;
            try {
                method2 = cls.getMethod(method.getName(), method.getParameterTypes());
            } catch (Throwable th) {
            }
            if (method2 != null && (annotation = method2.getAnnotation(OutputValidation.class)) != null) {
                return annotation.value();
            }
            OutputValidation annotation2 = cls.getAnnotation(OutputValidation.class);
            if (annotation2 != null) {
                return annotation2.value();
            }
            if (cls == method.getDeclaringClass()) {
                return null;
            }
            cls = cls.getSuperclass();
            if (cls == Object.class) {
                cls = method.getDeclaringClass();
            }
        }
        return null;
    }

    protected Class<? extends IValidationStrategy> findOutputValidationStrategyByPolicy(Object obj, Method method) {
        return IValidationStrategy.NO_CHECK.class;
    }
}
