package com.dynfi.proxy;

import com.dynfi.services.ProxyService;
import com.dynfi.services.dto.DeviceProxyUiSettings;
import com.dynfi.storage.entities.Device;
import com.dynfi.storage.entities.ProxyCredentials;
import com.dynfi.storage.entities.ProxySettings;
import com.dynfi.storage.entities.User;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpCookie;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Inject;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.message.BasicHttpEntityEnclosingRequest;
import org.apache.http.message.BasicHttpRequest;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;
import org.owasp.encoder.Encoders;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/dynfi/proxy/ProxyServlet.class */
public class ProxyServlet extends org.mitre.dsmiley.httpproxy.ProxyServlet {
    public static final String PREFIX = "/proxy";
    public static final String AUTH_DFMDV_COOKIE_NAME = "authDFMDV";
    private static final Pattern REMOVE_DFMDV_COOKIE_PATTERN = Pattern.compile("((; )?authDFMDV=[\\w-.]+)");
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ProxyServlet.class);
    private static final Pattern PFSENSE_CSRF_PATTERN = Pattern.compile("csrfMagicToken = \"(?<value>.*)\";var csrfMagicName = \"(?<name>\\w*)\";</script>");
    private static final Pattern OPNSENSE_CSRF_PATTERN = Pattern.compile("<input type=\"hidden\" name=\"(?<name>\\w*)\" value=\"(?<value>\\w*)\"( autocomplete=\"new-password\")? />");
    private static String ATTR_DEVICE_ID = "deviceId";
    private final List<String> serverUris;

    @Inject
    private ProxyService proxyService;

    public ProxyServlet(List<String> list) {
        this.serverUris = list;
    }

    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    protected HttpClient createHttpClient() {
        try {
            HttpClientBuilder defaultSocketConfig = HttpClientBuilder.create().setDefaultRequestConfig(buildRequestConfig()).setDefaultSocketConfig(buildSocketConfig());
            defaultSocketConfig.setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContextBuilder.create().loadTrustMaterial((x509CertificateArr, str) -> {
                return true;
            }).build(), new NoopHostnameVerifier()));
            defaultSocketConfig.setMaxConnTotal(this.proxyService.getMaxOutgoingConnections());
            defaultSocketConfig.setMaxConnPerRoute(this.proxyService.getMaxOutgoingConnections());
            if (this.useSystemProperties) {
                defaultSocketConfig.useSystemProperties();
            }
            return defaultSocketConfig.build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet, javax.servlet.http.HttpServlet
    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logIncomingRequest(httpServletRequest);
        ProxySettings proxySettings = this.proxyService.getProxySettings();
        if (proxySettings == null) {
            handleMissingConfiguration(httpServletResponse);
            return;
        }
        if (!proxySettings.isProxyEnabled()) {
            handleDisabled(httpServletResponse);
            return;
        }
        Optional<String> authCookieValue = getAuthCookieValue(httpServletRequest);
        if (authCookieValue.isEmpty()) {
            handleNoCookie(httpServletRequest, httpServletResponse);
            return;
        }
        User user = (User) authCookieValue.map(str -> {
            return this.proxyService.getUserIfAuthorizedToUseProxy(str);
        }).orElse(null);
        if (user == null) {
            handleNotAuthorized(httpServletRequest, httpServletResponse, null, null);
            return;
        }
        if (logger.isTraceEnabled()) {
            logger.trace("Authenticated and authorized user {}.", user.getId());
        }
        if (!refererOrOriginIsOkay(httpServletRequest, proxySettings)) {
            handleIncorrectReferer(httpServletRequest, httpServletResponse);
            return;
        }
        UUID deviceIdFromRequest = getDeviceIdFromRequest(httpServletRequest);
        if (deviceIdFromRequest == null) {
            handleBadRequest(httpServletResponse);
            return;
        }
        if (!this.proxyService.currentUserCanAccessDevice(user, deviceIdFromRequest)) {
            handleNotAuthorized(httpServletRequest, httpServletResponse, user, deviceIdFromRequest);
            return;
        }
        try {
            DeviceProxyUiSettings deviceProxySettings = this.proxyService.getDeviceProxySettings(deviceIdFromRequest);
            String url = deviceProxySettings.url();
            httpServletRequest.setAttribute(ATTR_TARGET_URI, url);
            httpServletRequest.setAttribute(ATTR_TARGET_HOST, URIUtils.extractHost(getDeviceUri(url)));
            ProxyCredentials loginCredentials = getLoginCredentials(deviceIdFromRequest, user);
            if (logoutRequested(httpServletRequest)) {
                makeLogoutAttempt(httpServletRequest, httpServletResponse, deviceProxySettings);
                return;
            }
            Pair<HttpResponse, String> pair = null;
            try {
                BasicHttpRequest createProxyRequest = createProxyRequest(httpServletRequest);
                copyRequestHeaders(httpServletRequest, createProxyRequest);
                try {
                    try {
                        pair = Pair.of(doExecute(httpServletRequest, httpServletResponse, createProxyRequest), null);
                        if (!requestWasLogOut(httpServletRequest) && loginDataPresentAndTypeIndicatesHtml(loginCredentials, pair.getLeft())) {
                            pair = makeAutomaticLoginAttempt(pair, httpServletRequest, createProxyRequest, deviceProxySettings.os(), loginCredentials, deviceIdFromRequest, user);
                        }
                        processAndSendResponse(httpServletRequest, httpServletResponse, deviceIdFromRequest, deviceProxySettings, pair);
                        if (pair != null && pair.getLeft() != null) {
                            EntityUtils.consumeQuietly(pair.getLeft().getEntity());
                        }
                    } catch (Throwable th) {
                        if (0 != 0 && pair.getLeft() != null) {
                            EntityUtils.consumeQuietly(pair.getLeft().getEntity());
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    handleRequestException(createProxyRequest, pair != null ? pair.getLeft() : null, e);
                    if (pair != null && pair.getLeft() != null) {
                        EntityUtils.consumeQuietly(pair.getLeft().getEntity());
                    }
                }
            } catch (IOException e2) {
                if (pair == null || pair.getLeft() == null || !pair.getLeft().getEntity().isChunked()) {
                    handleNoResponse(httpServletResponse, deviceIdFromRequest, e2, deviceProxySettings.usingConAg());
                }
            }
            logOutgoingResponse(httpServletResponse);
        } catch (Exception e3) {
            handleNoDevice(deviceIdFromRequest, httpServletResponse);
        }
    }

    private void makeLogoutAttempt(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, DeviceProxyUiSettings deviceProxyUiSettings) throws IOException {
        BasicHttpRequest basicHttpRequest;
        HttpHost create = HttpHost.create(deviceProxyUiSettings.url());
        switch (deviceProxyUiSettings.os()) {
            case pfSense:
                BasicHttpRequest basicHttpRequest2 = new BasicHttpRequest("GET", "/status_services.php");
                copyRequestHeaders(httpServletRequest, basicHttpRequest2);
                HttpResponse execute = getProxyClient().execute(create, basicHttpRequest2);
                if (execute.getStatusLine().getStatusCode() == 200) {
                    Matcher matcherForOs = getMatcherForOs(getBodyText(execute), deviceProxyUiSettings.os());
                    if (matcherForOs != null && matcherForOs.find()) {
                        basicHttpRequest = new BasicHttpEntityEnclosingRequest("POST", "/index.php");
                        copyRequestHeaders(httpServletRequest, basicHttpRequest);
                        ArrayList arrayList = new ArrayList();
                        arrayList.add(new BasicNameValuePair(matcherForOs.group("name"), matcherForOs.group("value")));
                        arrayList.add(new BasicNameValuePair("logout", ""));
                        ((BasicHttpEntityEnclosingRequest) basicHttpRequest).setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
                        break;
                    } else {
                        httpServletResponse.sendError(406);
                        return;
                    }
                } else {
                    httpServletResponse.setStatus(execute.getStatusLine().getStatusCode());
                    return;
                }
            case OPNsense:
            case DynFiFirewall:
                basicHttpRequest = new BasicHttpRequest("GET", "/index.php?logout");
                copyRequestHeaders(httpServletRequest, basicHttpRequest);
                break;
            default:
                logger.warn("OS not supported, please contact dev team [{}].", deviceProxyUiSettings.os());
                throw new IllegalArgumentException("OS not supported. " + String.valueOf(deviceProxyUiSettings.os()));
        }
        HttpResponse httpResponse = null;
        try {
            try {
                httpResponse = getProxyClient().execute(create, basicHttpRequest);
                httpServletResponse.setStatus(httpResponse.getStatusLine().getStatusCode());
                copyResponseHeaders(httpResponse, httpServletRequest, httpServletResponse);
                if (httpResponse != null) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
            } catch (IOException e) {
                httpServletResponse.sendError(400);
                if (httpResponse != null) {
                    EntityUtils.consumeQuietly(httpResponse.getEntity());
                }
            }
        } catch (Throwable th) {
            if (httpResponse != null) {
                EntityUtils.consumeQuietly(httpResponse.getEntity());
            }
            throw th;
        }
    }

    private boolean logoutRequested(HttpServletRequest httpServletRequest) {
        return StringUtils.contains(httpServletRequest.getQueryString(), "DFMDV-LOGOUT");
    }

    private void processAndSendResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, UUID uuid, DeviceProxyUiSettings deviceProxyUiSettings, Pair<HttpResponse, String> pair) throws IOException {
        byte[] byteArray;
        int statusInServletResponse = setStatusInServletResponse(httpServletResponse, pair.getLeft());
        copyResponseHeaders(pair.getLeft(), httpServletRequest, httpServletResponse);
        if (statusInServletResponse == 304) {
            httpServletResponse.setIntHeader("Content-Length", 0);
            return;
        }
        HttpEntity entity = pair.getLeft().getEntity();
        if (entity == null) {
            return;
        }
        if (!entity.isChunked() || !entity.getContentType().getValue().contains(MediaType.SERVER_SENT_EVENTS)) {
            if (pair.getRight() != null) {
                byteArray = pair.getRight().getBytes(getResponseCharser(entity));
            } else {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                entity.writeTo(byteArrayOutputStream);
                byteArray = byteArrayOutputStream.toByteArray();
            }
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            if (!responseTypeIndicatesRewrite(pair.getLeft())) {
                outputStream.write(byteArray);
                return;
            }
            byte[] applyResponseRewrites = applyResponseRewrites(byteArray, uuid, deviceProxyUiSettings.os(), getResponseCharser(entity));
            httpServletResponse.setHeader("Content-Length", applyResponseRewrites.length);
            outputStream.write(applyResponseRewrites);
            return;
        }
        InputStream content = entity.getContent();
        ServletOutputStream outputStream2 = httpServletResponse.getOutputStream();
        byte[] bArr = new byte[10240];
        while (true) {
            int read = content.read(bArr);
            if (read == -1) {
                return;
            }
            outputStream2.write(bArr, 0, read);
            if (content.available() == 0) {
                outputStream2.flush();
            }
        }
    }

    private Charset getResponseCharser(HttpEntity httpEntity) {
        return (httpEntity == null || httpEntity.getContentType() == null || ArrayUtils.isEmpty(httpEntity.getContentType().getElements())) ? StandardCharsets.UTF_8 : (Charset) Stream.of((Object[]) httpEntity.getContentType().getElements()).filter(headerElement -> {
            return headerElement.getName().equalsIgnoreCase(MediaType.CHARSET_PARAMETER);
        }).findFirst().map(headerElement2 -> {
            return Charset.forName(headerElement2.getValue());
        }).orElse(StandardCharsets.UTF_8);
    }

    private Pair<HttpResponse, String> makeAutomaticLoginAttempt(Pair<HttpResponse, String> pair, HttpServletRequest httpServletRequest, HttpRequest httpRequest, Device.DeviceOs deviceOs, ProxyCredentials proxyCredentials, UUID uuid, User user) throws IOException {
        Pair<HttpResponse, String> of = Pair.of(pair.getLeft(), getBodyText(pair.getLeft()));
        if (bodyContainsLoginForm(of.getRight())) {
            Optional<HttpRequest> createLoginRequest = createLoginRequest(of, httpServletRequest, httpRequest.getRequestLine().getUri(), deviceOs, proxyCredentials);
            if (createLoginRequest.isPresent()) {
                logOutgoingRequest(createLoginRequest.get());
                HttpResponse execute = getProxyClient().execute(getTargetHost(httpServletRequest), createLoginRequest.get());
                logIncomingResponse(execute, httpRequest);
                EntityUtils.consumeQuietly(of.getLeft().getEntity());
                of = Pair.of(execute, null);
                if (execute.getStatusLine().getStatusCode() == 302) {
                    logger.debug("Login for device {} with user {} was successful", uuid, proxyCredentials.getUsername());
                } else {
                    logger.debug("Login for device {} with user {} not successful, skipping", uuid, proxyCredentials.getUsername());
                    deleteLoginCredentials(uuid, user);
                }
            }
        }
        return of;
    }

    private boolean requestWasLogOut(HttpServletRequest httpServletRequest) {
        return "GET".equals(httpServletRequest.getMethod()) && StringUtils.endsWith(httpServletRequest.getQueryString(), "logout");
    }

    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    protected void copyResponseHeaders(HttpResponse httpResponse, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean isPfSenseLogout = isPfSenseLogout(httpResponse, httpServletRequest);
        for (Header header : httpResponse.getAllHeaders()) {
            copyResponseHeader(httpServletRequest, httpServletResponse, header, isPfSenseLogout);
        }
    }

    private boolean isPfSenseLogout(HttpResponse httpResponse, HttpServletRequest httpServletRequest) {
        if (!"POST".equals(httpServletRequest.getMethod()) || httpResponse.getStatusLine().getStatusCode() != 302) {
            return false;
        }
        for (Header header : httpResponse.getHeaders("Set-Cookie")) {
            if (header.getValue().startsWith("PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT;")) {
                return true;
            }
        }
        return false;
    }

    private void copyResponseHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Header header, boolean z) {
        String name = header.getName();
        if (hopByHopHeaders.containsHeader(name)) {
            return;
        }
        String value = header.getValue();
        if (name.equalsIgnoreCase("Set-Cookie") || name.equalsIgnoreCase("Set-Cookie2")) {
            copyProxyCookie(httpServletRequest, httpServletResponse, value);
            return;
        }
        if (!name.equalsIgnoreCase("Location")) {
            httpServletResponse.addHeader(name, value);
            return;
        }
        String rewriteUrlFromResponse = rewriteUrlFromResponse(httpServletRequest, value);
        if (z) {
            rewriteUrlFromResponse = rewriteUrlFromResponse + "?logout";
        }
        httpServletResponse.addHeader(name, rewriteUrlFromResponse);
    }

    private void deleteLoginCredentials(UUID uuid, User user) {
        logger.info("Deleting saved credentials for device {} for user {}.", uuid, user.getId());
        this.proxyService.deleteLoginCredentials(uuid, user);
    }

    private Optional<HttpRequest> createLoginRequest(Pair<HttpResponse, String> pair, HttpServletRequest httpServletRequest, String str, Device.DeviceOs deviceOs, ProxyCredentials proxyCredentials) throws UnsupportedEncodingException {
        BasicHttpEntityEnclosingRequest basicHttpEntityEnclosingRequest = new BasicHttpEntityEnclosingRequest("POST", str);
        Matcher matcherForOs = getMatcherForOs(pair.getRight(), deviceOs);
        if (matcherForOs == null || !matcherForOs.find()) {
            logger.debug("CSRF values not found");
            return Optional.empty();
        }
        copyRequestHeaders(httpServletRequest, basicHttpEntityEnclosingRequest);
        copySessionCookies(pair.getLeft(), basicHttpEntityEnclosingRequest);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair(matcherForOs.group("name"), matcherForOs.group("value")));
        arrayList.add(new BasicNameValuePair("usernamefld", proxyCredentials.getUsername()));
        arrayList.add(new BasicNameValuePair("passwordfld", proxyCredentials.getPassword().getValue()));
        arrayList.add(new BasicNameValuePair("login", deviceOs == Device.DeviceOs.pfSense ? "Sign In" : "1"));
        basicHttpEntityEnclosingRequest.setEntity(new UrlEncodedFormEntity((List<? extends NameValuePair>) arrayList));
        return Optional.of(basicHttpEntityEnclosingRequest);
    }

    private void copySessionCookies(HttpResponse httpResponse, BasicHttpEntityEnclosingRequest basicHttpEntityEnclosingRequest) {
        Header[] headers = httpResponse.getHeaders("Set-Cookie");
        if (headers == null) {
            return;
        }
        String str = (String) Stream.of((Object[]) headers).map(header -> {
            return HttpCookie.parse(header.getValue());
        }).flatMap((v0) -> {
            return v0.stream();
        }).map(httpCookie -> {
            return httpCookie.getName() + "=" + httpCookie.getValue();
        }).collect(Collectors.joining(";"));
        if (StringUtils.isNotEmpty(str)) {
            basicHttpEntityEnclosingRequest.setHeader("Cookie", str);
        }
    }

    private Matcher getMatcherForOs(String str, Device.DeviceOs deviceOs) {
        Matcher matcher;
        if (deviceOs == Device.DeviceOs.pfSense) {
            matcher = PFSENSE_CSRF_PATTERN.matcher(str);
        } else if (deviceOs == Device.DeviceOs.OPNsense || deviceOs == Device.DeviceOs.DynFiFirewall) {
            matcher = OPNSENSE_CSRF_PATTERN.matcher(str);
        } else {
            logger.info("Could not handle the OS {}, please contact the dev team", deviceOs);
            matcher = null;
        }
        return matcher;
    }

    private String getBodyText(HttpResponse httpResponse) throws IOException {
        HttpEntity entity = httpResponse.getEntity();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        entity.writeTo(byteArrayOutputStream);
        return byteArrayOutputStream.toString();
    }

    private boolean bodyContainsLoginForm(String str) {
        boolean containsAny = StringUtils.containsAny(str, "<body class=\"page-login\">", "<body id=\"login\" >");
        if (containsAny) {
            logger.trace("Response body contains login form");
        }
        return containsAny;
    }

    private boolean loginDataPresentAndTypeIndicatesHtml(ProxyCredentials proxyCredentials, HttpResponse httpResponse) {
        return (proxyCredentials == null || httpResponse.getEntity() == null || httpResponse.getStatusLine().getStatusCode() == 302 || !StringUtils.containsIgnoreCase("text/html", httpResponse.getEntity().getContentType().getElements()[0].getName())) ? false : true;
    }

    private BasicHttpRequest createProxyRequest(HttpServletRequest httpServletRequest) throws IOException {
        String method = httpServletRequest.getMethod();
        String rewriteUrlFromRequest = rewriteUrlFromRequest(httpServletRequest);
        return (BasicHttpRequest) ((httpServletRequest.getHeader("Content-Length") == null && httpServletRequest.getHeader("Transfer-Encoding") == null) ? new BasicHttpRequest(method, rewriteUrlFromRequest) : newProxyRequestWithEntity(method, rewriteUrlFromRequest, httpServletRequest));
    }

    private int setStatusInServletResponse(HttpServletResponse httpServletResponse, HttpResponse httpResponse) {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        httpServletResponse.setStatus(statusCode);
        return statusCode;
    }

    private ProxyCredentials getLoginCredentials(UUID uuid, User user) {
        return this.proxyService.getLoginCredentials(uuid, user);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    public HttpResponse doExecute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpRequest httpRequest) throws IOException {
        logOutgoingRequest(httpRequest);
        HttpResponse doExecute = super.doExecute(httpServletRequest, httpServletResponse, httpRequest);
        logIncomingResponse(doExecute, httpRequest);
        return doExecute;
    }

    private void logIncomingResponse(HttpResponse httpResponse, HttpRequest httpRequest) {
        if (logger.isTraceEnabled()) {
            logger.trace("Received the response {} to request {}.", httpResponse.getStatusLine(), httpRequest.getRequestLine());
            logger.trace("Received headers: \n{}", Stream.of((Object[]) httpResponse.getAllHeaders()).map(header -> {
                return header.getName() + ": " + header.getValue();
            }).collect(Collectors.joining("\n")));
        }
    }

    private void logOutgoingRequest(HttpRequest httpRequest) {
        if (logger.isTraceEnabled()) {
            logger.trace("Going to make the request {}.", httpRequest.getRequestLine());
            logger.trace("Sending headers: \n{}", Stream.of((Object[]) httpRequest.getAllHeaders()).map(header -> {
                return header.getName() + ": " + header.getValue();
            }).collect(Collectors.joining("\n")));
        }
    }

    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    protected RequestConfig buildRequestConfig() {
        return RequestConfig.custom().setRedirectsEnabled(this.doHandleRedirects).setCookieSpec("ignoreCookies").setConnectTimeout(this.proxyService.getConnectTimeoutMilliseconds()).setSocketTimeout(this.proxyService.getSocketTimeoutMilliseconds()).setConnectionRequestTimeout(this.proxyService.getConnectionRequestTimeoutMilliseconds()).build();
    }

    private void logIncomingRequest(HttpServletRequest httpServletRequest) {
        if (logger.isDebugEnabled()) {
            String queryString = httpServletRequest.getQueryString();
            logger.debug("Received request. Method [{}], URL [{}], from [{}].", httpServletRequest.getMethod(), String.valueOf(httpServletRequest.getRequestURL()) + (StringUtils.isNotEmpty(queryString) ? "?" + queryString : ""), httpServletRequest.getRemoteAddr());
        }
        if (logger.isTraceEnabled()) {
            logger.trace("Received from browser the following headers:\n{}", Collections.list(httpServletRequest.getHeaderNames()).stream().map(str -> {
                return str + ": " + String.join("; ", Collections.list(httpServletRequest.getHeaders(str)));
            }).collect(Collectors.joining("\n")));
        }
    }

    private void logOutgoingResponse(HttpServletResponse httpServletResponse) {
        if (logger.isTraceEnabled()) {
            logger.trace("Sending to browser the following headers:\n{}", httpServletResponse.getHeaderNames().stream().map(str -> {
                return str + ": " + String.join("; ", httpServletResponse.getHeaders(str));
            }).collect(Collectors.joining("\n")));
        }
    }

    private boolean refererOrOriginIsOkay(HttpServletRequest httpServletRequest, ProxySettings proxySettings) {
        String header = httpServletRequest.getHeader("Referer");
        String header2 = httpServletRequest.getHeader("Origin");
        if (StringUtils.isAllEmpty(header, header2)) {
            return proxySettings.isPermitMissingOrigin();
        }
        for (String str : this.serverUris) {
            if (StringUtils.startsWith(header, str) || StringUtils.startsWith(header2, str)) {
                return true;
            }
        }
        Iterator<URI> it = proxySettings.getAllowedOrigins().iterator();
        while (it.hasNext()) {
            String uri = it.next().toString();
            if (StringUtils.startsWith(header, uri) || StringUtils.startsWith(header2, uri)) {
                return true;
            }
        }
        return false;
    }

    private Optional<String> getAuthCookieValue(HttpServletRequest httpServletRequest) {
        return Arrays.stream(httpServletRequest.getCookies()).filter(cookie -> {
            return cookie.getName().equals(AUTH_DFMDV_COOKIE_NAME);
        }).findFirst().map((v0) -> {
            return v0.getValue();
        });
    }

    private void handleIncorrectReferer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        logger.info("Referer and/or Origin headers incorrect or missing. Referer [{}], Origin[{}].", httpServletRequest.getHeader("Referer"), httpServletRequest.getHeader("Origin"));
        httpServletResponse.setStatus(403);
        httpServletResponse.getWriter().println("Missing or incorrect Referer and Origin. \nCheck documentation for further details: https://dynfi.com/documentation/direct-view.html#settings-of-direct-view");
    }

    private void handleNotAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user, UUID uuid) throws IOException {
        logger.warn("Unauthorized attempt to access proxy from {}.", httpServletRequest.getRemoteAddr());
        if (user != null) {
            logger.info("Current user: {}, device ID: {}", user.getId(), uuid);
        }
        httpServletResponse.setStatus(401);
        httpServletResponse.getWriter().println("Not authenticated or not authorized, or device does not exist.");
    }

    private void handleDisabled(HttpServletResponse httpServletResponse) throws IOException {
        logger.info("Proxy not enabled");
        httpServletResponse.setStatus(503);
        httpServletResponse.getWriter().println("Not enabled.");
    }

    private void handleNotImplemented(HttpServletResponse httpServletResponse) throws IOException {
        logger.info("Attempt to use not supported feature.");
        httpServletResponse.setStatus(501);
        httpServletResponse.getWriter().println("Not supported yet.");
    }

    private void handleNoCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        logger.warn("Unauthorized attempt to access proxy from {}, no cookie detected.", httpServletRequest.getRemoteAddr());
        httpServletResponse.setStatus(401);
        httpServletResponse.getWriter().println("Not authenticated or not authorized, or cookie not sent.");
    }

    private void handleMissingConfiguration(HttpServletResponse httpServletResponse) throws IOException {
        logger.info("Missing configuration of proxy");
        httpServletResponse.setStatus(501);
        httpServletResponse.getWriter().println("Configuration missing.");
    }

    private void handleNoDevice(UUID uuid, HttpServletResponse httpServletResponse) throws IOException {
        logger.debug("Device not found. ID: [{}].", uuid);
        httpServletResponse.setStatus(404);
        httpServletResponse.getWriter().println("Not authenticated or not authorized, or device does not exist.");
    }

    private void handleBadRequest(HttpServletResponse httpServletResponse) throws IOException {
        logger.warn("Bad request detected. Use /proxy/device-uuid/.");
        httpServletResponse.setStatus(400);
        httpServletResponse.getWriter().println("Bad request, use /proxy/device-uuid/.");
    }

    private void handleNoResponse(HttpServletResponse httpServletResponse, UUID uuid, IOException iOException, boolean z) throws IOException {
        logger.info("Cannot connect to device [{}]", uuid, iOException);
        httpServletResponse.setStatus(504);
        httpServletResponse.getWriter().println("Cannot connect to device.");
        if (z) {
            this.proxyService.terminateConAgSessionIfNeeded(uuid, iOException);
        }
    }

    private UUID getDeviceIdFromRequest(HttpServletRequest httpServletRequest) {
        try {
            String str = httpServletRequest.getRequestURL().toString().split("/proxy/")[1];
            UUID fromString = UUID.fromString(str.substring(0, str.indexOf("/")));
            httpServletRequest.setAttribute(ATTR_DEVICE_ID, fromString);
            return fromString;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    public String rewritePathInfoFromRequest(HttpServletRequest httpServletRequest) {
        return super.rewritePathInfoFromRequest(httpServletRequest).substring(37);
    }

    private URI getDeviceUri(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    protected void copyProxyCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String str2 = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
        String str3 = str2.isEmpty() ? "/" : str2 + "/" + String.valueOf((UUID) httpServletRequest.getAttribute(ATTR_DEVICE_ID)) + "/";
        if (str.equals("PHPSESSID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/")) {
            httpServletResponse.addHeader("Set-Cookie", str + str3.substring(1));
            return;
        }
        for (HttpCookie httpCookie : HttpCookie.parse(str)) {
            Cookie cookie = new Cookie(this.doPreserveCookies ? httpCookie.getName() : getCookieNamePrefix(httpCookie.getName()) + httpCookie.getName(), httpCookie.getValue());
            cookie.setComment(httpCookie.getComment());
            cookie.setMaxAge((int) httpCookie.getMaxAge());
            cookie.setPath(str3);
            cookie.setSecure(this.proxyService.hostedViaHttps() || requestMadeViaHttps(httpServletRequest));
            cookie.setVersion(httpCookie.getVersion());
            cookie.setHttpOnly(httpCookie.isHttpOnly());
            httpServletResponse.addCookie(cookie);
        }
    }

    private boolean requestMadeViaHttps(HttpServletRequest httpServletRequest) {
        return StringUtils.startsWithIgnoreCase(httpServletRequest.getHeader("Referer"), "HTTPS") || StringUtils.startsWithIgnoreCase(httpServletRequest.getHeader("Origin"), "HTTPS");
    }

    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    protected void copyRequestHeader(HttpServletRequest httpServletRequest, HttpRequest httpRequest, String str) {
        if (str.equalsIgnoreCase("Content-Length") || hopByHopHeaders.containsHeader(str)) {
            return;
        }
        Enumeration<String> headers = httpServletRequest.getHeaders(str);
        while (headers.hasMoreElements()) {
            String nextElement = headers.nextElement();
            if (!this.doPreserveHost && str.equalsIgnoreCase("Host")) {
                HttpHost targetHost = getTargetHost(httpServletRequest);
                nextElement = targetHost.getHostName();
                if (targetHost.getPort() != -1) {
                    nextElement = nextElement + ":" + targetHost.getPort();
                }
            } else if (!this.doPreserveCookies && str.equalsIgnoreCase("Cookie")) {
                nextElement = getRealCookie(nextElement);
            } else if (!str.equalsIgnoreCase("Referer") && !str.equalsIgnoreCase("Origin")) {
                if (str.equalsIgnoreCase("Cookie")) {
                    nextElement = REMOVE_DFMDV_COOKIE_PATTERN.matcher(nextElement).replaceFirst("");
                }
            }
            httpRequest.addHeader(str, nextElement);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.mitre.dsmiley.httpproxy.ProxyServlet
    public String rewriteUrlFromResponse(HttpServletRequest httpServletRequest, String str) {
        UUID uuid = (UUID) httpServletRequest.getAttribute(ATTR_DEVICE_ID);
        String rewriteUrlFromResponse = super.rewriteUrlFromResponse(httpServletRequest, str);
        return "/proxy/" + String.valueOf(uuid) + (rewriteUrlFromResponse.startsWith("/") ? "" : "/") + rewriteUrlFromResponse;
    }

    private boolean responseTypeIndicatesRewrite(HttpResponse httpResponse) {
        return StringUtils.containsAny(httpResponse.getEntity().getContentType().getElements()[0].getName(), "text/", Encoders.JAVASCRIPT);
    }

    private byte[] applyResponseRewrites(byte[] bArr, UUID uuid, Device.DeviceOs deviceOs, Charset charset) {
        String str = new String(bArr, charset);
        for (Pair<String, String> pair : getRewrites(uuid, deviceOs)) {
            str = str.replaceAll(pair.getLeft(), pair.getRight());
        }
        return str.getBytes(charset);
    }

    private List<Pair<String, String>> getRewrites(UUID uuid, Device.DeviceOs deviceOs) {
        String str = "/proxy/" + String.valueOf(uuid) + "/";
        return (deviceOs == Device.DeviceOs.OPNsense || deviceOs == Device.DeviceOs.DynFiFirewall) ? Arrays.asList(Pair.of("action=\"/", "action=\"" + str), Pair.of("src=\"/", "src=\"" + str), Pair.of("src='/", "src='" + str), Pair.of("href=\"/", "href=\"" + str), Pair.of("href='/", "href='" + str), Pair.of("url\\(/", "url(" + str), Pair.of("open\\(\"/", "open\\(\"" + str), Pair.of("open\\('/", "open\\('" + str), Pair.of("'/api", "'" + str + "api"), Pair.of("\"/api", "\"" + str + "api"), Pair.of("`/api", "`" + str + "api"), Pair.of("window\\.location = '/", "window\\.location = '" + str), Pair.of("\\.post\\('/", "\\.post\\('" + str)) : Arrays.asList(Pair.of("action=\"/", "action=\"" + str), Pair.of("src=\"/", "src=\"" + str), Pair.of("href=\"/", "href=\"" + str), Pair.of("url\\(/", "url(" + str), Pair.of("\\(\"/", "\\(\"" + str), Pair.of(".url = \"/", ".url = \"" + str), Pair.of("url: \"/", "url: \"" + str), Pair.of("url: '/", "url: '" + str), Pair.of("url\\(../../vendor/tree", "url\\(/vendor/tree"), Pair.of("\"/vpn_openvpn_export\\.php\"", "\"" + str + "vpn_openvpn_export.php\""));
    }
}
