package org.broadleafcommerce.cms.web.file;

import java.util.LinkedHashMap;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.broadleafcommerce.cms.common.AssetNotFoundException;
import org.broadleafcommerce.cms.file.service.StaticAssetStorageService;
import org.broadleafcommerce.cms.file.service.operation.NamedOperationComponent;
import org.broadleafcommerce.cms.file.service.operation.NamedOperationManager;
import org.broadleafcommerce.cms.file.service.operation.StaticMapNamedOperationComponent;
import org.broadleafcommerce.common.classloader.release.ThreadLocalManager;
import org.broadleafcommerce.common.util.BLCSystemProperty;
import org.broadleafcommerce.common.web.BroadleafRequestContext;
import org.broadleafcommerce.common.web.BroadleafSiteResolver;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;

/* loaded from: input_file:org/broadleafcommerce/cms/web/file/StaticAssetViewController.class */
public class StaticAssetViewController extends AbstractController {
    private static final Log LOG = LogFactory.getLog(StaticAssetViewController.class);
    protected String assetServerUrlPrefix;
    protected String viewResolverName;

    @Resource(name = "blStaticAssetStorageService")
    protected StaticAssetStorageService staticAssetStorageService;

    @Resource(name = "blSiteResolver")
    protected BroadleafSiteResolver siteResolver;

    @Resource
    protected NamedOperationManager namedOperationManager;

    @PostConstruct
    protected void init() {
        if (getAllowUnnamedImageManipulation()) {
            LOG.warn("Allowing image manipulation strictly through URL parameters that the application does not know about is not recommended and can be used maliciously for nefarious purposes. Instead, you should set up a map of known operations and the transformations associated with each operation. This behavior will default to false starting with Broadleaf 3.2.0-GA. For more information see the docs at http://www.broadleafcommerce.com/docs/core/current/broadleaf-concepts/additional-configuration/asset-server-configuration");
        }
    }

    protected Map<String, String> convertParameterMap(Map<String, String[]> map) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(map.size());
        for (Map.Entry<String, String[]> entry : map.entrySet()) {
            if (isAllowedUrlParameter(entry.getKey())) {
                linkedHashMap.put(entry.getKey(), StringUtils.join(entry.getValue(), ','));
            } else if (getAllowUnnamedImageManipulation()) {
                linkedHashMap.put(entry.getKey(), StringUtils.join(entry.getValue(), ','));
            } else {
                LOG.debug("Stripping URL image manipulation parameter " + entry.getKey() + " as it is not a known named operation.");
            }
        }
        return linkedHashMap;
    }

    protected boolean isAllowedUrlParameter(String str) {
        boolean z = false;
        for (NamedOperationComponent namedOperationComponent : this.namedOperationManager.getNamedOperationComponents()) {
            if (namedOperationComponent.getClass().isAssignableFrom(StaticMapNamedOperationComponent.class)) {
                z = ((StaticMapNamedOperationComponent) namedOperationComponent).getNamedOperations().containsKey(str);
            }
            if (z) {
                break;
            }
        }
        return z;
    }

    protected ModelAndView handleRequestInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String removeAssetPrefix = removeAssetPrefix(httpServletRequest.getRequestURI());
        BroadleafRequestContext.getBroadleafRequestContext().setSite(this.siteResolver.resolveSite(new ServletWebRequest(httpServletRequest, httpServletResponse)));
        try {
            try {
                ModelAndView modelAndView = new ModelAndView(this.viewResolverName, this.staticAssetStorageService.getCacheFileModel(removeAssetPrefix, convertParameterMap(httpServletRequest.getParameterMap())));
                ThreadLocalManager.remove();
                return modelAndView;
            } catch (AssetNotFoundException e) {
                httpServletResponse.setStatus(404);
                ThreadLocalManager.remove();
                return null;
            } catch (Exception e2) {
                LOG.error("Unable to retrieve static asset", e2);
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            ThreadLocalManager.remove();
            throw th;
        }
    }

    protected String removeAssetPrefix(String str) {
        String str2 = str;
        if (this.assetServerUrlPrefix != null) {
            str2 = str2.substring(str2.indexOf(this.assetServerUrlPrefix) + this.assetServerUrlPrefix.length());
            if (!str2.startsWith("/")) {
                str2 = "/" + str2;
            }
        }
        return str2;
    }

    public boolean getAllowUnnamedImageManipulation() {
        return BLCSystemProperty.resolveBooleanSystemProperty("asset.server.allow.unnamed.image.manipulation");
    }

    public String getAssetServerUrlPrefix() {
        return this.assetServerUrlPrefix;
    }

    public void setAssetServerUrlPrefix(String str) {
        this.assetServerUrlPrefix = str;
    }

    public String getViewResolverName() {
        return this.viewResolverName;
    }

    public void setViewResolverName(String str) {
        this.viewResolverName = str;
    }
}
