package com.day.cq.dam.core.impl.servlet;

import com.adobe.granite.xss.XSSAPI;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.ServletException;
import org.apache.commons.lang.StringUtils;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingSafeMethodsServlet;
import org.apache.sling.commons.json.JSONException;
import org.apache.sling.commons.json.JSONObject;
import org.apache.sling.commons.json.sling.JsonObjectCreator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service
@Component(metatype = true, label = "Adobe CQ DAM Asset Metadata Get Servlet", description = "Returns xss-protected metadata")
@Properties({@Property(name = "sling.servlet.resourceTypes", value = {"sling/servlet/default"}), @Property(name = "sling.servlet.methods", value = {"GET"}), @Property(name = "sling.servlet.extensions", value = {"json"}), @Property(name = "sling.servlet.selectors", value = {"filtermetadata"})})
/* loaded from: input_file:com/day/cq/dam/core/impl/servlet/MetadataGetServlet.class */
public class MetadataGetServlet extends SlingSafeMethodsServlet {
    private static final Logger log = LoggerFactory.getLogger(MetadataGetServlet.class);

    @Reference
    private XSSAPI xssAPI;

    protected void doGet(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws ServletException, IOException {
        try {
            createFilteredJSONResponse(slingHttpServletRequest, slingHttpServletResponse, "adobe_dam:restrictions", this.xssAPI, true);
        } catch (JSONException e) {
            log.error("Unable to return filtered metadata json.");
        }
    }

    private static void createFilteredJSONResponse(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, String str, XSSAPI xssapi, boolean z) throws JSONException, IOException {
        slingHttpServletResponse.setContentType("application/json");
        slingHttpServletResponse.setCharacterEncoding("utf-8");
        JSONObject create = JsonObjectCreator.create(slingHttpServletRequest.getResource(), getMaxRecursionLevel(slingHttpServletRequest));
        if (z) {
            filterJSONObject(create, str, xssapi);
        }
        slingHttpServletResponse.getWriter().write(create.toString());
    }

    private static int getMaxRecursionLevel(SlingHttpServletRequest slingHttpServletRequest) throws IllegalArgumentException {
        int i = 0;
        String[] selectors = slingHttpServletRequest.getRequestPathInfo().getSelectors();
        if (selectors.length > 0) {
            String str = selectors[selectors.length - 1];
            if ("infinity".equals(str)) {
                i = -1;
            } else {
                try {
                    i = Integer.parseInt(str);
                } catch (NumberFormatException e) {
                    if (!StringUtils.isNumeric(str)) {
                        throw new IllegalArgumentException("Invalid recursion selector value '" + str + "'");
                    }
                    i = -1;
                }
            }
        }
        return i;
    }

    private static void filterJSONObject(JSONObject jSONObject, String str, XSSAPI xssapi) throws JSONException {
        Iterator keys = jSONObject.keys();
        while (keys.hasNext()) {
            String str2 = (String) keys.next();
            Object obj = jSONObject.get(str2);
            if ((obj instanceof String) && str2.equals(str)) {
                jSONObject.put(str2, xssapi.filterHTML(jSONObject.getString(str2)));
            } else if (obj instanceof JSONObject) {
                filterJSONObject(jSONObject.getJSONObject(str2), str, xssapi);
            }
        }
    }

    protected void bindXssAPI(XSSAPI xssapi) {
        this.xssAPI = xssapi;
    }

    protected void unbindXssAPI(XSSAPI xssapi) {
        if (this.xssAPI == xssapi) {
            this.xssAPI = null;
        }
    }
}
