package com.atlassian.plugins.search.opensearch;

import com.atlassian.plugins.search.SearchResultsMarshaller;
import com.atlassian.plugins.search.SearchResultsMarshallerFactory;
import com.atlassian.plugins.util.Check;
import com.atlassian.plugins.util.TokenExtractor;
import com.atlassian.sal.api.ApplicationProperties;
import com.atlassian.sal.api.search.SearchProvider;
import com.atlassian.sal.api.search.SearchResults;
import com.atlassian.sal.api.user.UserManager;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.text.MessageFormat;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/lib/opensearch-1.0.8.jar:com/atlassian/plugins/search/opensearch/OpenSearchServlet.class */
public class OpenSearchServlet extends HttpServlet {
    private static final Logger log = LoggerFactory.getLogger(OpenSearchServlet.class);
    private SearchProvider searchProvider;
    private UserManager userManager;
    private ApplicationProperties applicationProperties;
    private SearchResultsMarshallerFactory searchResultsMarshallerFactory;
    public static final String QUERY_PARAM = "query";
    public static final String START_PARAM = "start";
    public static final String COUNT_PARAM = "count";
    public static final String FEED_TYPE_PARAM = "format";
    public static final String SHOULD_IMPERSONATE_PARAM = "impersonation";
    public static final String IMPERSONATE_USER_PARAM = "user";
    public static final String DEFAULT_COUNT = "10";
    public static final String DEFAULT_FEED_TYPE = "rss_2.0";
    public static final String SEARCH_URL_ENCODING = "UTF-8";

    public OpenSearchServlet(SearchProvider searchProvider, UserManager userManager, ApplicationProperties applicationProperties, SearchResultsMarshallerFactory searchResultsMarshallerFactory) {
        this.searchProvider = (SearchProvider) Check.notNull(searchProvider, "searchProvider");
        this.userManager = (UserManager) Check.notNull(userManager, "userManager");
        this.applicationProperties = (ApplicationProperties) Check.notNull(applicationProperties, "applicationProperties");
        this.searchResultsMarshallerFactory = (SearchResultsMarshallerFactory) Check.notNull(searchResultsMarshallerFactory, "searchResultsMarshallerFactory");
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Map<String, String> extractParams = extractParams(httpServletRequest);
        if (log.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Incoming OpenSearch query parameters: ");
            for (Map.Entry<String, String> entry : extractParams.entrySet()) {
                sb.append(entry.getKey()).append("=").append(entry.getValue()).append(" | ");
            }
            log.debug(sb.toString());
        }
        String extractParam = extractParam(extractParams, QUERY_PARAM, (String) null, true);
        String remoteUsername = this.userManager.getRemoteUsername();
        boolean extractParam2 = extractParam(extractParams, SHOULD_IMPERSONATE_PARAM, false, false);
        String extractParam3 = extractParam(extractParams, IMPERSONATE_USER_PARAM, "", false);
        if (extractParam2 && !StringUtils.isBlank(extractParam3) && StringUtils.isBlank(remoteUsername)) {
            String format = String.format("Anonymous search request is not permitted to impersonate user %s - try authenticating first.", extractParam3);
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentType("text/plain");
            PrintWriter writer = httpServletResponse.getWriter();
            writer.write(format);
            writer.close();
            log.error(format);
            return;
        }
        String searchUser = getSearchUser(extractParam2, extractParam3, remoteUsername, httpServletResponse);
        String buildSearchUrl = buildSearchUrl(extractParam, extractParams);
        log.debug(String.format("Running OpenSearch query %s for user %s", buildSearchUrl, searchUser));
        SearchResults search = this.searchProvider.search(searchUser, buildSearchUrl);
        log.debug(String.format("OpenSearch query completed. Found %s results (search time: %s)", Integer.valueOf(search.getTotalResults()), Long.valueOf(search.getSearchTime())));
        String extractParam4 = extractParam(extractParams, FEED_TYPE_PARAM, DEFAULT_FEED_TYPE, true);
        log.debug(String.format("Marshalling search results to %s", extractParam4));
        SearchResultsMarshaller create = this.searchResultsMarshallerFactory.create(extractParam4);
        httpServletResponse.setContentType(getContentType(extractParam4));
        create.marshalTo(search, this.applicationProperties.getBaseUrl(), extractParam, httpServletResponse.getWriter());
    }

    protected String getSearchUser(boolean z, String str, String str2, HttpServletResponse httpServletResponse) throws IllegalArgumentException, SecurityException {
        if (!z) {
            log.debug("Search query did not request impersonation - executing search as " + str2);
            return str2;
        }
        if (StringUtils.isBlank(str)) {
            log.debug("Search query requested impersonation but did not specify a username - impersonating the anonymous user context.");
            return "";
        }
        if (!this.userManager.isSystemAdmin(str2)) {
            httpServletResponse.setStatus(403);
            String format = String.format("%s cannot be impersonated because %s is not a System Administrator", str, str2);
            log.error(format);
            throw new SecurityException(format);
        }
        if (this.userManager.resolve(str) == null) {
            log.warn(String.format("%s requested to impersonate %s, but that user does not exist. Impersonating the anonymous user context instead.", str2, str));
            return "";
        }
        log.debug(String.format("%s has been permitted to impersonate %s", str2, str));
        return str;
    }

    protected String buildSearchUrl(String str, Map<String, String> map) {
        try {
            return MessageFormat.format("{0}&startIndex={1}&maxhits={2}", URLEncoder.encode(str, SEARCH_URL_ENCODING), URLEncoder.encode(extractParam(map, START_PARAM, "0", true), SEARCH_URL_ENCODING), URLEncoder.encode(extractParam(map, COUNT_PARAM, DEFAULT_COUNT, true), SEARCH_URL_ENCODING));
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException("Failed to encode query URL", e);
        }
    }

    protected boolean extractParam(Map<String, String> map, String str, boolean z, boolean z2) {
        return Boolean.parseBoolean(extractParam(map, str, Boolean.toString(z), z2));
    }

    protected String extractParam(Map<String, String> map, String str, String str2, boolean z) {
        String str3 = map.get(str);
        if (!StringUtils.isBlank(str3)) {
            return str3;
        }
        if (str2 != null) {
            return str2;
        }
        if (z) {
            throw new IllegalArgumentException("Parameter " + str + " must be supplied");
        }
        return null;
    }

    private Map<String, String> extractParams(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        for (String str : parameterMap.keySet()) {
            hashMap.put(str, ((String[]) parameterMap.get(str))[0]);
        }
        TokenExtractor tokenExtractor = new TokenExtractor((String) hashMap.get(QUERY_PARAM));
        hashMap.put(QUERY_PARAM, tokenExtractor.getRemaining());
        for (String str2 : tokenExtractor.getTokens().keySet()) {
            if (hashMap.containsKey(str2)) {
                throw new RuntimeException("Duplicate parameter " + str2);
            }
            hashMap.put(str2, tokenExtractor.getTokens().get(str2));
        }
        return hashMap;
    }

    private String getContentType(String str) {
        return str.startsWith("atom") ? "application/atom+xml" : str.startsWith("rss") ? "application/rss+xml" : "text/xml";
    }
}
