package org.zaproxy.zap.extension.api;

import java.io.IOException;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import net.sf.json.JSONObject;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.model.Model;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpInputStream;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpOutputStream;
import org.parosproxy.paros.network.HttpRequestHeader;
import org.parosproxy.paros.view.View;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.zaproxy.zap.extension.api.ApiException;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/api/API.class */
public class API {
    private static final String CALL_BACK_URL = "/zapCallBackUrl/";
    private Map<String, ApiImplementor> implementors = new HashMap();
    private WebUI webUI = new WebUI(this);
    private Map<String, ApiImplementor> callBacks = new HashMap();
    private Map<String, ApiImplementor> shortcuts = new HashMap();
    private Random random = new Random();
    public static String API_DOMAIN = "zap";
    public static String API_URL = HttpHeader.SCHEME_HTTP + API_DOMAIN + "/";
    public static String API_KEY_PARAM = "apikey";
    private static Pattern patternParam = Pattern.compile("&", 2);
    private static API api = null;
    private static final Logger logger = Logger.getLogger(API.class);

    /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/api/API$Format.class */
    public enum Format {
        XML,
        HTML,
        JSON,
        JSONP,
        UI,
        OTHER
    }

    /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/api/API$RequestType.class */
    public enum RequestType {
        action,
        view,
        other
    }

    private static synchronized API newInstance() {
        if (api == null) {
            api = new API();
        }
        return api;
    }

    public static API getInstance() {
        if (api == null) {
            newInstance();
        }
        return api;
    }

    public void registerApiImplementor(ApiImplementor apiImplementor) {
        if (this.implementors.get(apiImplementor.getPrefix()) != null) {
            logger.error("Second attempt to register API implementor with prefix of " + apiImplementor.getPrefix());
            return;
        }
        this.implementors.put(apiImplementor.getPrefix(), apiImplementor);
        for (String str : apiImplementor.getApiShortcuts()) {
            logger.debug("Registering API shortcut: " + str);
            if (this.shortcuts.containsKey(str)) {
                logger.error("Duplicate API shortcut: " + str);
            }
            this.shortcuts.put("/" + str, apiImplementor);
        }
    }

    public void removeApiImplementor(ApiImplementor apiImplementor) {
        if (this.implementors.containsKey(apiImplementor.getPrefix())) {
            this.implementors.remove(apiImplementor.getPrefix());
        } else {
            logger.warn("Attempting to remove an API implementor not registered, with prefix: " + apiImplementor.getPrefix());
        }
    }

    public boolean isEnabled() {
        return !View.isInitialised() || Model.getSingleton().getOptionsParam().getApiParam().isEnabled();
    }

    public boolean handleApiRequest(HttpRequestHeader httpRequestHeader, HttpInputStream httpInputStream, HttpOutputStream httpOutputStream) throws IOException {
        return handleApiRequest(httpRequestHeader, httpInputStream, httpOutputStream, false);
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:187:0x0186. Please report as an issue. */
    /* JADX WARN: Failed to find 'out' block for switch in B:82:0x02b0. Please report as an issue. */
    public boolean handleApiRequest(HttpRequestHeader httpRequestHeader, HttpInputStream httpInputStream, HttpOutputStream httpOutputStream, boolean z) throws IOException {
        List<String> mandatoryParamNames;
        List<String> mandatoryParamNames2;
        String uri = httpRequestHeader.getURI().toString();
        Format format = Format.OTHER;
        ApiImplementor apiImplementor = null;
        ApiImplementor apiImplementor2 = null;
        if (uri.contains(CALL_BACK_URL)) {
            logger.debug("handleApiRequest Callback: " + uri);
            Iterator<Map.Entry<String, ApiImplementor>> it = this.callBacks.entrySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Map.Entry<String, ApiImplementor> next = it.next();
                if (uri.startsWith(next.getKey())) {
                    apiImplementor = next.getValue();
                    break;
                }
            }
        }
        String path = httpRequestHeader.getURI().getPath();
        if (path != null) {
            Iterator<Map.Entry<String, ApiImplementor>> it2 = this.shortcuts.entrySet().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                Map.Entry<String, ApiImplementor> next2 = it2.next();
                if (path.startsWith(next2.getKey())) {
                    apiImplementor2 = next2.getValue();
                    break;
                }
            }
        }
        if (apiImplementor2 == null && apiImplementor == null && !uri.startsWith(API_URL) && !z) {
            return false;
        }
        logger.debug("handleApiRequest " + uri);
        HttpMessage httpMessage = new HttpMessage();
        httpMessage.setRequestHeader(httpRequestHeader);
        String str = null;
        ApiImplementor apiImplementor3 = null;
        RequestType requestType = null;
        String str2 = "text/plain; charset=UTF-8";
        String str3 = Constant.USER_AGENT;
        String str4 = null;
        try {
            JSONObject params = getParams(httpRequestHeader.getURI().getEscapedQuery());
            if (apiImplementor2 == null) {
                if (apiImplementor == null) {
                    String[] split = uri.split("/");
                    if (split.length > 3) {
                        try {
                            format = Format.valueOf(split[3].toUpperCase());
                            switch (format) {
                                case JSON:
                                    str2 = "application/json; charset=UTF-8";
                                    break;
                                case JSONP:
                                    str2 = "application/javascript; charset=UTF-8";
                                    break;
                                case XML:
                                    str2 = "text/xml; charset=UTF-8";
                                    break;
                                case HTML:
                                    str2 = "text/html; charset=UTF-8";
                                    break;
                                case UI:
                                    str2 = "text/html; charset=UTF-8";
                                    break;
                            }
                        } catch (IllegalArgumentException e) {
                            throw new ApiException(ApiException.Type.BAD_FORMAT);
                        }
                    }
                    if (split.length > 4) {
                        str = split[4];
                        apiImplementor3 = this.implementors.get(str);
                        if (apiImplementor3 == null) {
                            throw new ApiException(ApiException.Type.NO_IMPLEMENTOR);
                        }
                    }
                    if (split.length > 5) {
                        try {
                            requestType = RequestType.valueOf(split[5]);
                        } catch (IllegalArgumentException e2) {
                            throw new ApiException(ApiException.Type.BAD_TYPE);
                        }
                    }
                    if (split.length > 6) {
                        str4 = split[6];
                        if (str4 != null && str4.indexOf("?") > 0) {
                            str4 = str4.substring(0, str4.indexOf("?"));
                        }
                    }
                    if (!format.equals(Format.UI)) {
                        if (str4 != null) {
                            if (!isEnabled()) {
                                throw new ApiException(ApiException.Type.DISABLED);
                            }
                            String apiKey = getApiKey();
                            switch (requestType) {
                                case action:
                                    if (apiKey != null && apiKey.length() > 0 && (!params.has(API_KEY_PARAM) || !apiKey.equals(params.getString(API_KEY_PARAM)))) {
                                        throw new ApiException(ApiException.Type.BAD_API_KEY);
                                    }
                                    ApiAction apiAction = apiImplementor3.getApiAction(str4);
                                    if (apiAction != null && (mandatoryParamNames2 = apiAction.getMandatoryParamNames()) != null) {
                                        for (String str5 : mandatoryParamNames2) {
                                            if (!params.has(str5) || params.getString(str5).length() == 0) {
                                                throw new ApiException(ApiException.Type.MISSING_PARAMETER, str5);
                                            }
                                        }
                                    }
                                    ApiResponse handleApiOptionAction = apiImplementor3.handleApiOptionAction(str4, params);
                                    if (handleApiOptionAction == null) {
                                        handleApiOptionAction = apiImplementor3.handleApiAction(str4, params);
                                    }
                                    switch (format) {
                                        case JSON:
                                            str3 = handleApiOptionAction.toJSON().toString();
                                            break;
                                        case JSONP:
                                            str3 = getJsonpWrapper(handleApiOptionAction.toJSON().toString());
                                            break;
                                        case XML:
                                            str3 = responseToXml(str4, handleApiOptionAction);
                                            break;
                                        case HTML:
                                            str3 = responseToHtml(str4, handleApiOptionAction);
                                            break;
                                    }
                                    break;
                                    break;
                                case view:
                                    ApiView apiView = apiImplementor3.getApiView(str4);
                                    if (apiView != null && (mandatoryParamNames = apiView.getMandatoryParamNames()) != null) {
                                        for (String str6 : mandatoryParamNames) {
                                            if (!params.has(str6) || params.getString(str6).length() == 0) {
                                                throw new ApiException(ApiException.Type.MISSING_PARAMETER, str6);
                                            }
                                        }
                                    }
                                    ApiResponse handleApiOptionView = apiImplementor3.handleApiOptionView(str4, params);
                                    if (handleApiOptionView == null) {
                                        handleApiOptionView = apiImplementor3.handleApiView(str4, params);
                                    }
                                    switch (format) {
                                        case JSON:
                                            str3 = handleApiOptionView.toJSON().toString();
                                            break;
                                        case JSONP:
                                            str3 = getJsonpWrapper(handleApiOptionView.toJSON().toString());
                                            break;
                                        case XML:
                                            str3 = responseToXml(str4, handleApiOptionView);
                                            break;
                                        case HTML:
                                            str3 = responseToHtml(str4, handleApiOptionView);
                                            break;
                                    }
                                    break;
                                case other:
                                    ApiOther apiOther = apiImplementor3.getApiOther(str4);
                                    if (apiOther != null) {
                                        if (apiKey != null && apiKey.length() > 0 && apiOther.isRequiresApiKey() && (!params.has(API_KEY_PARAM) || !apiKey.equals(params.getString(API_KEY_PARAM)))) {
                                            throw new ApiException(ApiException.Type.BAD_API_KEY);
                                        }
                                        List<String> mandatoryParamNames3 = apiOther.getMandatoryParamNames();
                                        if (mandatoryParamNames3 != null) {
                                            for (String str7 : mandatoryParamNames3) {
                                                if (!params.has(str7) || params.getString(str7).length() == 0) {
                                                    throw new ApiException(ApiException.Type.MISSING_PARAMETER, str7);
                                                }
                                            }
                                        }
                                    }
                                    httpMessage = apiImplementor3.handleApiOther(httpMessage, str4, params);
                                    break;
                            }
                        } else {
                            str3 = this.webUI.handleRequest(httpRequestHeader.getURI(), isEnabled());
                            format = Format.UI;
                            str2 = "text/html; charset=UTF-8";
                        }
                    } else {
                        if (!isEnabled()) {
                            throw new ApiException(ApiException.Type.DISABLED);
                        }
                        str3 = this.webUI.handleRequest(str, apiImplementor3, requestType, str4);
                        str2 = "text/html; charset=UTF-8";
                    }
                } else {
                    str3 = apiImplementor.handleCallBack(httpMessage);
                }
            } else {
                httpMessage = apiImplementor2.handleShortcut(httpMessage);
            }
            logger.debug("handleApiRequest returning: " + str3);
        } catch (ApiException e3) {
            str3 = e3.toString(format);
            logger.warn("handleApiRequest error: " + str3, e3);
        }
        if (format == null || (!format.equals(Format.OTHER) && apiImplementor2 == null)) {
            httpMessage.setResponseHeader(getDefaultResponseHeader(str2));
            httpMessage.setResponseBody(str3);
            httpMessage.getResponseHeader().setContentLength(httpMessage.getResponseBody().length());
        }
        httpOutputStream.write(httpMessage.getResponseHeader());
        httpOutputStream.write(httpMessage.getResponseBody().getBytes());
        httpOutputStream.flush();
        httpOutputStream.close();
        httpInputStream.close();
        return true;
    }

    public String getBaseURL(Format format, String str, RequestType requestType, String str2, boolean z) {
        String apiKey = getApiKey();
        String str3 = API_URL;
        if (!z) {
            str3 = HttpHeader.SCHEME_HTTP + Model.getSingleton().getOptionsParam().getProxyParam().getProxyIp() + ":" + Model.getSingleton().getOptionsParam().getProxyParam().getProxyPort() + "/";
        }
        return (RequestType.view.equals(requestType) || apiKey.length() <= 0) ? str3 + format.name() + "/" + str + "/" + requestType.name() + "/" + str2 + "/?" : str3 + format.name() + "/" + str + "/" + requestType.name() + "/" + str2 + "/?" + API_KEY_PARAM + "=" + apiKey + "&";
    }

    private String responseToHtml(String str, ApiResponse apiResponse) {
        StringBuilder sb = new StringBuilder();
        sb.append("<head>\n");
        sb.append("</head>\n");
        sb.append("<body>\n");
        apiResponse.toHTML(sb);
        sb.append("</body>\n");
        return sb.toString();
    }

    private String responseToXml(String str, ApiResponse apiResponse) {
        try {
            Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
            Element createElement = newDocument.createElement(str);
            newDocument.appendChild(createElement);
            apiResponse.toXML(newDocument, createElement);
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            DOMSource dOMSource = new DOMSource(newDocument);
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(dOMSource, new StreamResult(stringWriter));
            return stringWriter.toString();
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            return Constant.USER_AGENT;
        }
    }

    public static JSONObject getParams(String str) throws ApiException {
        JSONObject jSONObject = new JSONObject();
        if (str == null || str.length() == 0) {
            return jSONObject;
        }
        String[] split = patternParam.split(str);
        for (int i = 0; i < split.length; i++) {
            int indexOf = split[i].indexOf(61);
            if (indexOf > 0) {
                try {
                    jSONObject.put(URLDecoder.decode(split[i].substring(0, indexOf), "UTF-8"), URLDecoder.decode(split[i].substring(indexOf + 1), "UTF-8"));
                } catch (UnsupportedEncodingException | IllegalArgumentException e) {
                    ApiException apiException = new ApiException(ApiException.Type.BAD_FORMAT, str, e);
                    logger.error(apiException.getMessage(), apiException);
                }
            } else {
                ApiException apiException2 = new ApiException(ApiException.Type.BAD_FORMAT, str);
                logger.error(apiException2.getMessage(), apiException2);
            }
        }
        return jSONObject;
    }

    private String getJsonpWrapper(String str) {
        return "zapJsonpResult (" + str + " )";
    }

    public Map<String, ApiImplementor> getImplementors() {
        return Collections.unmodifiableMap(this.implementors);
    }

    public String getCallBackUrl(ApiImplementor apiImplementor, String str) {
        String str2 = str + CALL_BACK_URL + this.random.nextLong();
        this.callBacks.put(str2, apiImplementor);
        return str2;
    }

    public String getApiKey() {
        return Model.getSingleton().getOptionsParam().getApiParam().getKey();
    }

    public static String getDefaultResponseHeader(String str) {
        return getDefaultResponseHeader(str, 0);
    }

    public static String getDefaultResponseHeader(String str, int i) {
        StringBuilder sb = new StringBuilder(250);
        sb.append("HTTP/1.1 200 OK\r\n");
        sb.append("Pragma: no-cache\r\n");
        sb.append("Cache-Control: no-cache\r\n");
        sb.append("Access-Control-Allow-Origin: *\r\n");
        sb.append("Access-Control-Allow-Methods: GET,POST,OPTIONS\r\n");
        sb.append("Access-Control-Allow-Headers: ZAP-Header\r\n");
        sb.append("Content-Length: ").append(i).append(HttpHeader.CRLF);
        sb.append("Content-Type: ").append(str).append(HttpHeader.CRLF);
        return sb.toString();
    }
}
