package com.google.apphosting.utils.remoteapi;

import com.google.appengine.api.datastore.Entities;
import com.google.appengine.api.oauth.OAuthRequestException;
import com.google.appengine.api.oauth.OAuthService;
import com.google.appengine.api.oauth.OAuthServiceFactory;
import com.google.appengine.api.users.UserService;
import com.google.appengine.api.users.UserServiceFactory;
import com.google.appengine.repackaged.com.google.io.protocol.HtmlFormGenerator;
import com.google.appengine.repackaged.com.google.io.protocol.ProtocolMessage;
import com.google.appengine.repackaged.org.apache.commons.codec.digest.MessageDigestAlgorithms;
import com.google.appengine.repackaged.org.apache.commons.httpclient.methods.multipart.StringPart;
import com.google.apphosting.api.ApiBasePb;
import com.google.apphosting.api.ApiProxy;
import com.google.apphosting.api.DatastorePb;
import com.google.apphosting.utils.remoteapi.RemoteApiPb;
import com.google.storage.onestore.v3.OnestoreEntity;
import fi.hoski.datastore.ReferencesImpl;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectOutputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.tools.ant.taskdefs.optional.vss.MSVSSConstants;

/* loaded from: input_file:com/google/apphosting/utils/remoteapi/RemoteApiServlet.class */
public class RemoteApiServlet extends HttpServlet {
    private static final Logger log;
    private static final String[] OAUTH_SCOPES;
    private static final String INBOUND_APP_SYSTEM_PROPERTY = "HTTP_X_APPENGINE_INBOUND_APPID";
    private static final String INBOUND_APP_HEADER_NAME = "X-AppEngine-Inbound-AppId";
    private HashSet<String> allowedApps;
    private final OAuthService oauthService;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/google/apphosting/utils/remoteapi/RemoteApiServlet$UnknownPythonServerException.class */
    public static class UnknownPythonServerException extends RuntimeException {
        public UnknownPythonServerException(String str) {
            super(str);
        }
    }

    public RemoteApiServlet() {
        this(OAuthServiceFactory.getOAuthService());
    }

    RemoteApiServlet(OAuthService oAuthService) {
        this.allowedApps = null;
        this.oauthService = oAuthService;
    }

    private static boolean toBoolean(String str) {
        String trim = str.trim();
        return trim.equalsIgnoreCase("true") || trim.equals("1");
    }

    boolean checkIsValidRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (checkIsKnownInbound(httpServletRequest) || checkIsAdmin(httpServletRequest, httpServletResponse)) {
            return checkIsValidHeader(httpServletRequest, httpServletResponse);
        }
        return false;
    }

    private synchronized boolean checkIsKnownInbound(HttpServletRequest httpServletRequest) throws IOException {
        if (this.allowedApps == null) {
            this.allowedApps = new HashSet<>();
            String property = System.getProperty(INBOUND_APP_SYSTEM_PROPERTY);
            if (property != null) {
                for (String str : property.split(",")) {
                    this.allowedApps.add(str);
                }
            }
        }
        String header = httpServletRequest.getHeader(INBOUND_APP_HEADER_NAME);
        return header != null && this.allowedApps.contains(header);
    }

    private boolean checkIsValidHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getHeader("X-appcfg-api-version") != null) {
            return true;
        }
        httpServletResponse.setStatus(403);
        httpServletResponse.setContentType(StringPart.DEFAULT_CONTENT_TYPE);
        httpServletResponse.getWriter().println("This request did not contain a necessary header");
        return false;
    }

    private boolean checkIsAdmin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        UserService userService = UserServiceFactory.getUserService();
        if (userService.getCurrentUser() != null) {
            if (userService.isUserAdmin()) {
                return true;
            }
            respondNotAdmin(httpServletResponse);
            return false;
        }
        try {
            if (this.oauthService.isUserAdmin(OAUTH_SCOPES)) {
                return true;
            }
            respondNotAdmin(httpServletResponse);
            return false;
        } catch (OAuthRequestException e) {
            httpServletResponse.sendRedirect(userService.createLoginURL(httpServletRequest.getRequestURI()));
            return false;
        }
    }

    private void respondNotAdmin(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(401);
        httpServletResponse.setContentType(StringPart.DEFAULT_CONTENT_TYPE);
        httpServletResponse.getWriter().println("You must be logged in as an administrator, or access from an approved application.");
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (checkIsValidRequest(httpServletRequest, httpServletResponse)) {
            httpServletResponse.setContentType(StringPart.DEFAULT_CONTENT_TYPE);
            httpServletResponse.getWriter().println(new StringBuilder().append("{rtok: ").append(httpServletRequest.getParameter("rtok")).append(", app_id: ").append(ApiProxy.getCurrentEnvironment().getAppId()).append("}"));
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (checkIsValidRequest(httpServletRequest, httpServletResponse)) {
            httpServletResponse.setContentType("application/octet-stream");
            RemoteApiPb.Response response = new RemoteApiPb.Response();
            try {
                response.setResponseAsBytes(executeRequest(httpServletRequest));
                httpServletResponse.setStatus(200);
            } catch (Exception e) {
                Logger logger = log;
                String valueOf = String.valueOf(e);
                logger.warning(new StringBuilder(53 + String.valueOf(valueOf).length()).append("Caught exception while executing remote_api command:\n").append(valueOf).toString());
                httpServletResponse.setStatus(200);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
                objectOutputStream.writeObject(e);
                objectOutputStream.close();
                response.setJavaExceptionAsBytes(byteArrayOutputStream.toByteArray());
                if (e instanceof ApiProxy.ApplicationException) {
                    ApiProxy.ApplicationException applicationException = (ApiProxy.ApplicationException) e;
                    RemoteApiPb.ApplicationError mutableApplicationError = response.getMutableApplicationError();
                    mutableApplicationError.setCode(applicationException.getApplicationError());
                    mutableApplicationError.setDetail(applicationException.getErrorDetail());
                }
            }
            httpServletResponse.getOutputStream().write(response.toByteArray());
        }
    }

    private byte[] executeRunQuery(RemoteApiPb.Request request) {
        DatastorePb.Query query = new DatastorePb.Query();
        parseFromBytes(query, request.getRequestAsBytes());
        int max = Math.max(1000, query.getLimit());
        query.setCount(max);
        DatastorePb.QueryResult queryResult = new DatastorePb.QueryResult();
        parseFromBytes(queryResult, ApiProxy.makeSyncCall("datastore_v3", "RunQuery", request.getRequestAsBytes()));
        if (query.hasLimit()) {
            while (queryResult.isMoreResults()) {
                DatastorePb.NextRequest nextRequest = new DatastorePb.NextRequest();
                nextRequest.getMutableCursor().mergeFrom(queryResult.getCursor());
                nextRequest.setCount(max);
                parseFromBytes(queryResult, ApiProxy.makeSyncCall("datastore_v3", ReferencesImpl.NEXT, nextRequest.toByteArray()));
            }
        }
        return queryResult.toByteArray();
    }

    private byte[] executeTxQuery(RemoteApiPb.Request request) {
        RemoteApiPb.TransactionQueryResult transactionQueryResult = new RemoteApiPb.TransactionQueryResult();
        DatastorePb.Query query = new DatastorePb.Query();
        parseFromBytes(query, request.getRequestAsBytes());
        if (!query.hasAncestor()) {
            throw new ApiProxy.ApplicationException(DatastorePb.Error.ErrorCode.BAD_REQUEST.getValue(), "No ancestor in transactional query.");
        }
        OnestoreEntity.Reference mergeFrom = transactionQueryResult.getMutableEntityGroupKey().mergeFrom(query.getAncestor());
        mergeFrom.getMutablePath().clearElement().addElement(mergeFrom.getPath().getElement(0));
        OnestoreEntity.Path.Element element = new OnestoreEntity.Path.Element();
        element.setType(Entities.ENTITY_GROUP_METADATA_KIND).setId(1L);
        mergeFrom.getMutablePath().addElement(element);
        byte[] beginTransaction = beginTransaction(false);
        parseFromBytes(query.getMutableTransaction(), beginTransaction);
        parseFromBytes(transactionQueryResult.getMutableResult(), ApiProxy.makeSyncCall("datastore_v3", "RunQuery", query.toByteArray()));
        DatastorePb.GetRequest getRequest = new DatastorePb.GetRequest();
        getRequest.addKey(mergeFrom);
        DatastorePb.GetResponse txGet = txGet(beginTransaction, getRequest);
        if (txGet.getEntity(0).hasEntity()) {
            transactionQueryResult.setEntityGroup(txGet.getEntity(0).getEntity());
        }
        rollback(beginTransaction);
        return transactionQueryResult.toByteArray();
    }

    private void assertEntityResultMatchesPrecondition(DatastorePb.GetResponse.Entity entity, RemoteApiPb.TransactionRequest.Precondition precondition) {
        if (precondition.hasHash() != entity.hasEntity()) {
            throw new ApiProxy.ApplicationException(DatastorePb.Error.ErrorCode.CONCURRENT_TRANSACTION.getValue(), "Transaction precondition failed");
        }
        if (entity.hasEntity()) {
            OnestoreEntity.EntityProto entity2 = entity.getEntity();
            if (Arrays.equals(precondition.getHashAsBytes(), computeSha1(entity2))) {
                return;
            }
            if (!Arrays.equals(precondition.getHashAsBytes(), computeSha1OmittingLastByteForBackwardsCompatibility(entity2))) {
                throw new ApiProxy.ApplicationException(DatastorePb.Error.ErrorCode.CONCURRENT_TRANSACTION.getValue(), "Transaction precondition failed");
            }
        }
    }

    private byte[] executeTx(RemoteApiPb.Request request) {
        RemoteApiPb.TransactionRequest transactionRequest = new RemoteApiPb.TransactionRequest();
        parseFromBytes(transactionRequest, request.getRequestAsBytes());
        byte[] beginTransaction = beginTransaction(transactionRequest.isAllowMultipleEg());
        List<RemoteApiPb.TransactionRequest.Precondition> preconditions = transactionRequest.preconditions();
        if (!preconditions.isEmpty()) {
            DatastorePb.GetRequest getRequest = new DatastorePb.GetRequest();
            Iterator<RemoteApiPb.TransactionRequest.Precondition> it = preconditions.iterator();
            while (it.hasNext()) {
                getRequest.addKey().mergeFrom(it.next().getKey());
            }
            List<DatastorePb.GetResponse.Entity> entitys = txGet(beginTransaction, getRequest).entitys();
            if (!$assertionsDisabled && entitys.size() != preconditions.size()) {
                throw new AssertionError();
            }
            for (int i = 0; i < entitys.size(); i++) {
                assertEntityResultMatchesPrecondition(entitys.get(i), preconditions.get(i));
            }
        }
        byte[] byteArray = new ApiBasePb.VoidProto().toByteArray();
        if (transactionRequest.hasPuts()) {
            DatastorePb.PutRequest puts = transactionRequest.getPuts();
            parseFromBytes(puts.getMutableTransaction(), beginTransaction);
            byteArray = ApiProxy.makeSyncCall("datastore_v3", "Put", puts.toByteArray());
        }
        if (transactionRequest.hasDeletes()) {
            DatastorePb.DeleteRequest deletes = transactionRequest.getDeletes();
            parseFromBytes(deletes.getMutableTransaction(), beginTransaction);
            ApiProxy.makeSyncCall("datastore_v3", HtmlFormGenerator.Constants.DELETE_ACTION, deletes.toByteArray());
        }
        ApiProxy.makeSyncCall("datastore_v3", "Commit", beginTransaction);
        return byteArray;
    }

    private byte[] executeGetIDs(RemoteApiPb.Request request, boolean z) {
        DatastorePb.PutRequest putRequest = new DatastorePb.PutRequest();
        parseFromBytes(putRequest, request.getRequestAsBytes());
        for (OnestoreEntity.EntityProto entityProto : putRequest.entitys()) {
            if (!$assertionsDisabled && entityProto.propertySize() != 0) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && entityProto.rawPropertySize() != 0) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && entityProto.getEntityGroup().elementSize() != 0) {
                throw new AssertionError();
            }
            List<OnestoreEntity.Path.Element> elements = entityProto.getKey().getPath().elements();
            OnestoreEntity.Path.Element element = elements.get(elements.size() - 1);
            if (!$assertionsDisabled && element.getId() != 0) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && element.hasName()) {
                throw new AssertionError();
            }
        }
        byte[] beginTransaction = beginTransaction(z);
        parseFromBytes(putRequest.getMutableTransaction(), beginTransaction);
        byte[] makeSyncCall = ApiProxy.makeSyncCall("datastore_v3", "Put", putRequest.toByteArray());
        rollback(beginTransaction);
        return makeSyncCall;
    }

    private byte[] executeRequest(HttpServletRequest httpServletRequest) throws IOException {
        RemoteApiPb.Request request = new RemoteApiPb.Request();
        parseFromInputStream(request, httpServletRequest.getInputStream());
        String serviceName = request.getServiceName();
        String method = request.getMethod();
        log.fine(new StringBuilder(19 + String.valueOf(serviceName).length() + String.valueOf(method).length()).append("remote API call: ").append(serviceName).append(", ").append(method).toString());
        if (!serviceName.equals("remote_datastore")) {
            return ApiProxy.makeSyncCall(serviceName, method, request.getRequestAsBytes());
        }
        if (method.equals("RunQuery")) {
            return executeRunQuery(request);
        }
        if (method.equals("Transaction")) {
            return executeTx(request);
        }
        if (method.equals("TransactionQuery")) {
            return executeTxQuery(request);
        }
        if (method.equals("GetIDs")) {
            return executeGetIDs(request, false);
        }
        if (method.equals("GetIDsXG")) {
            return executeGetIDs(request, true);
        }
        throw new ApiProxy.CallNotFoundException(serviceName, method);
    }

    private static byte[] beginTransaction(boolean z) {
        return ApiProxy.makeSyncCall("datastore_v3", "BeginTransaction", new DatastorePb.BeginTransactionRequest().setApp(ApiProxy.getCurrentEnvironment().getAppId()).setAllowMultipleEg(z).toByteArray());
    }

    private static void rollback(byte[] bArr) {
        ApiProxy.makeSyncCall("datastore_v3", "Rollback", bArr);
    }

    private static DatastorePb.GetResponse txGet(byte[] bArr, DatastorePb.GetRequest getRequest) {
        parseFromBytes(getRequest.getMutableTransaction(), bArr);
        DatastorePb.GetResponse getResponse = new DatastorePb.GetResponse();
        parseFromBytes(getResponse, ApiProxy.makeSyncCall("datastore_v3", MSVSSConstants.COMMAND_GET, getRequest.toByteArray()));
        return getResponse;
    }

    static byte[] computeSha1(OnestoreEntity.EntityProto entityProto) {
        byte[] byteArray = entityProto.toByteArray();
        return computeSha1(byteArray, byteArray.length);
    }

    static byte[] computeSha1OmittingLastByteForBackwardsCompatibility(OnestoreEntity.EntityProto entityProto) {
        byte[] byteArray = entityProto.toByteArray();
        return computeSha1(byteArray, byteArray.length - 1);
    }

    private static byte[] computeSha1(byte[] bArr, int i) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_1);
            messageDigest.update(bArr, 0, i);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new ApiProxy.ApplicationException(DatastorePb.Error.ErrorCode.CONCURRENT_TRANSACTION.getValue(), "Transaction precondition could not be computed");
        }
    }

    private static void parseFromBytes(ProtocolMessage<?> protocolMessage, byte[] bArr) {
        checkParse(protocolMessage, protocolMessage.parseFrom(bArr));
    }

    private static void parseFromInputStream(ProtocolMessage<?> protocolMessage, InputStream inputStream) {
        checkParse(protocolMessage, protocolMessage.parseFrom(inputStream));
    }

    private static void checkParse(ProtocolMessage<?> protocolMessage, boolean z) {
        String str;
        if (!z) {
            throw new ApiProxy.ApiProxyException("Could not parse protobuf");
        }
        String findInitializationError = protocolMessage.findInitializationError();
        if (findInitializationError != null) {
            String valueOf = String.valueOf(findInitializationError);
            if (valueOf.length() != 0) {
                str = "Could not parse protobuf: ".concat(valueOf);
            } else {
                str = r3;
                String str2 = new String("Could not parse protobuf: ");
            }
            throw new ApiProxy.ApiProxyException(str);
        }
    }

    static {
        $assertionsDisabled = !RemoteApiServlet.class.desiredAssertionStatus();
        log = Logger.getLogger(RemoteApiServlet.class.getName());
        OAUTH_SCOPES = new String[]{"https://www.googleapis.com/auth/appengine.apis", "https://www.googleapis.com/auth/cloud-platform"};
    }
}
