package org.craftercms.engine.controller.rest.preview;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.lang3.ArrayUtils;
import org.bson.types.ObjectId;
import org.craftercms.commons.validation.ValidationException;
import org.craftercms.commons.validation.ValidationResult;
import org.craftercms.commons.validation.annotations.param.EsapiValidationType;
import org.craftercms.engine.util.ConfigUtils;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Validator;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"${crafter.core.rest.base.uri}/profile"})
@RestController
/* loaded from: input_file:WEB-INF/classes/org/craftercms/engine/controller/rest/preview/ProfileRestController.class */
public class ProfileRestController {
    public static final String URL_ROOT = "/profile";
    public static final int MAXIMUM_PROPERTY_COUNT = 100;
    public static final int MAXIMUM_PROPERTY_KEY_LENGTH = 64;
    public static final int MAXIMUM_PROPERTY_VALUE_LENGTH = 2048;
    public static final String PROFILE_SESSION_ATTRIBUTE = "_cr_profile_state";
    public static final String CLEANSE_ATTRS_CONFIG_KEY = "preview.targeting.cleanseAttributes";
    public static final String ERROR_MESSAGE_MODEL_ATTR_NAME = "message";
    private final Validator validator = ESAPI.validator();
    private final Encoder encoder = ESAPI.encoder();

    @RequestMapping(value = {"/get"}, method = {RequestMethod.GET})
    public Map<String, String> getProfile(HttpSession httpSession) {
        Map<String, String> map = (Map) httpSession.getAttribute(PROFILE_SESSION_ATTRIBUTE);
        if (map == null) {
            map = new HashMap();
            httpSession.setAttribute(PROFILE_SESSION_ATTRIBUTE, map);
        }
        return map;
    }

    @RequestMapping(value = {"/set"}, method = {RequestMethod.GET})
    public ResponseEntity<Map<String, String>> setProfile(HttpServletRequest httpServletRequest, HttpSession httpSession) {
        boolean shouldCleanseAttributes = shouldCleanseAttributes();
        Map<String, String[]> parameterMap = httpServletRequest.getParameterMap();
        if (parameterMap.size() > 100) {
            return ResponseEntity.badRequest().body(Collections.singletonMap("message", String.format("Parameter count should not exceed %d. %d parameters were found.", 100, Integer.valueOf(parameterMap.size()))));
        }
        HashMap hashMap = new HashMap(parameterMap.size());
        try {
            for (String str : parameterMap.keySet()) {
                String[] strArr = parameterMap.get(str);
                String str2 = ArrayUtils.isEmpty(strArr) ? null : strArr[0];
                if (str2 != null) {
                    String trim = str2.trim();
                    validateParameter(str, trim);
                    hashMap.put(str, shouldCleanseAttributes ? this.encoder.encodeForHTML(trim) : trim);
                }
            }
            hashMap.put("id", new ObjectId().toHexString());
            httpSession.setAttribute(PROFILE_SESSION_ATTRIBUTE, hashMap);
            return ResponseEntity.ok(hashMap);
        } catch (Exception e) {
            return ResponseEntity.badRequest().body(Collections.singletonMap("message", e.getMessage()));
        }
    }

    private void validateParameter(String str, String str2) throws Exception {
        String str3 = EsapiValidationType.HTTPParameterName.typeKey;
        this.validator.getValidInput(str3, str, str3, 64, false);
        if (str2.length() > 2048) {
            throw new ValidationException(new ValidationResult(String.format("Invalid input. The maximum length of %d characters was exceeded", 2048)));
        }
    }

    protected boolean shouldCleanseAttributes() {
        HierarchicalConfiguration currentConfig = ConfigUtils.getCurrentConfig();
        return currentConfig == null || currentConfig.getBoolean(CLEANSE_ATTRS_CONFIG_KEY, true);
    }
}
