package com.ecyrd.jspwiki.attachment;

import antlr.GrammarAnalyzer;
import com.ecyrd.jspwiki.Release;
import com.ecyrd.jspwiki.TextUtil;
import com.ecyrd.jspwiki.VariableManager;
import com.ecyrd.jspwiki.WikiContext;
import com.ecyrd.jspwiki.WikiEngine;
import com.ecyrd.jspwiki.WikiException;
import com.ecyrd.jspwiki.WikiPage;
import com.ecyrd.jspwiki.WikiSession;
import com.ecyrd.jspwiki.auth.AuthorizationManager;
import com.ecyrd.jspwiki.auth.permissions.PagePermission;
import com.ecyrd.jspwiki.auth.permissions.PermissionFactory;
import com.ecyrd.jspwiki.dav.AttachmentDavProvider;
import com.ecyrd.jspwiki.dav.DavPath;
import com.ecyrd.jspwiki.dav.DavProvider;
import com.ecyrd.jspwiki.dav.WebdavServlet;
import com.ecyrd.jspwiki.dav.methods.PropFindMethod;
import com.ecyrd.jspwiki.filters.RedirectException;
import com.ecyrd.jspwiki.i18n.InternationalizationManager;
import com.ecyrd.jspwiki.providers.AbstractFileProvider;
import com.ecyrd.jspwiki.providers.ProviderException;
import com.ecyrd.jspwiki.ui.progress.ProgressItem;
import com.ecyrd.jspwiki.util.HttpUtil;
import com.opensymphony.oscache.web.filter.CacheFilter;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.SocketException;
import java.security.Principal;
import java.util.Properties;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.antlr.runtime.debug.DebugEventListener;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/ecyrd/jspwiki/attachment/AttachmentServlet.class */
public class AttachmentServlet extends WebdavServlet {
    private static final int BUFFER_SIZE = 8192;
    private static final long serialVersionUID = 3257282552187531320L;
    private WikiEngine m_engine;
    static Logger log = Logger.getLogger(AttachmentServlet.class.getName());
    private static final String HDR_VERSION = "version";
    protected static final long DEFAULT_EXPIRY = 86400000;
    private String m_tmpDir;
    private DavProvider m_attachmentProvider;
    private int m_maxSize = GrammarAnalyzer.NONDETERMINISTIC;
    private String[] m_allowedPatterns;
    private String[] m_forbiddenPatterns;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ecyrd/jspwiki/attachment/AttachmentServlet$UploadListener.class */
    public static class UploadListener extends ProgressItem implements ProgressListener {
        public long m_currentBytes;
        public long m_totalBytes;

        private UploadListener() {
        }

        public void update(long j, long j2, int i) {
            this.m_currentBytes = j;
            this.m_totalBytes = j2;
        }

        @Override // com.ecyrd.jspwiki.ui.progress.ProgressItem
        public int getProgress() {
            return (int) (((((float) this.m_currentBytes) / ((float) this.m_totalBytes)) * 100.0f) + 0.5d);
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        this.m_engine = WikiEngine.getInstance(servletConfig);
        Properties wikiProperties = this.m_engine.getWikiProperties();
        this.m_attachmentProvider = new AttachmentDavProvider(this.m_engine);
        this.m_tmpDir = this.m_engine.getWorkDir() + File.separator + "attach-tmp";
        this.m_maxSize = TextUtil.getIntegerProperty(wikiProperties, AttachmentManager.PROP_MAXSIZE, GrammarAnalyzer.NONDETERMINISTIC);
        String stringProperty = TextUtil.getStringProperty(wikiProperties, AttachmentManager.PROP_ALLOWEDEXTENSIONS, null);
        if (stringProperty == null || stringProperty.length() <= 0) {
            this.m_allowedPatterns = new String[0];
        } else {
            this.m_allowedPatterns = stringProperty.toLowerCase().split("\\s");
        }
        String stringProperty2 = TextUtil.getStringProperty(wikiProperties, AttachmentManager.PROP_FORDBIDDENEXTENSIONS, null);
        if (stringProperty2 == null || stringProperty2.length() <= 0) {
            this.m_forbiddenPatterns = new String[0];
        } else {
            this.m_forbiddenPatterns = stringProperty2.toLowerCase().split("\\s");
        }
        File file = new File(this.m_tmpDir);
        if (!file.exists()) {
            file.mkdirs();
        } else if (!file.isDirectory()) {
            log.fatal("A file already exists where the temporary dir is supposed to be: " + this.m_tmpDir + ".  Please remove it.");
        }
        log.debug("UploadServlet initialized. Using " + this.m_tmpDir + " for temporary storage.");
    }

    private boolean isTypeAllowed(String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < this.m_forbiddenPatterns.length; i++) {
            if (lowerCase.endsWith(this.m_forbiddenPatterns[i]) && this.m_forbiddenPatterns[i].length() > 0) {
                return false;
            }
        }
        for (int i2 = 0; i2 < this.m_allowedPatterns.length; i2++) {
            if (lowerCase.endsWith(this.m_allowedPatterns[i2]) && this.m_allowedPatterns[i2].length() > 0) {
                return true;
            }
        }
        return this.m_allowedPatterns.length == 0;
    }

    @Override // com.ecyrd.jspwiki.dav.WebdavServlet
    public void doPropFind(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        new PropFindMethod(this.m_attachmentProvider).execute(httpServletRequest, httpServletResponse, new DavPath(new String(httpServletRequest.getPathInfo().getBytes(AbstractFileProvider.DEFAULT_ENCODING), "UTF-8")));
    }

    protected void doOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("DAV", DebugEventListener.PROTOCOL_VERSION);
        httpServletResponse.setHeader("Allow", "GET, PUT, POST, OPTIONS, PROPFIND, PROPPATCH, MOVE, COPY, DELETE");
        httpServletResponse.setStatus(200);
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        WikiContext createContext = this.m_engine.createContext(httpServletRequest, WikiContext.ATTACH);
        String parameter = httpServletRequest.getParameter("version");
        String parameter2 = httpServletRequest.getParameter("nextpage");
        int i = -1;
        AttachmentManager attachmentManager = this.m_engine.getAttachmentManager();
        AuthorizationManager authorizationManager = this.m_engine.getAuthorizationManager();
        String name = createContext.getPage().getName();
        if (name == null) {
            log.info("Invalid attachment name.");
            httpServletResponse.sendError(400);
            return;
        }
        OutputStream outputStream = null;
        InputStream inputStream = null;
        try {
            try {
                try {
                    try {
                        log.debug("Attempting to download att " + name + ", version " + parameter);
                        if (parameter != null) {
                            i = Integer.parseInt(parameter);
                        }
                        Attachment attachmentInfo = attachmentManager.getAttachmentInfo(name, i);
                        if (attachmentInfo == null) {
                            String str = "Attachment '" + name + "', version " + i + " does not exist.";
                            log.info(str);
                            httpServletResponse.sendError(404, str);
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (IOException e) {
                                }
                            }
                            if (0 != 0) {
                                try {
                                    outputStream.close();
                                    return;
                                } catch (IOException e2) {
                                    return;
                                }
                            }
                            return;
                        }
                        if (!authorizationManager.checkPermission(createContext.getWikiSession(), PermissionFactory.getPagePermission(attachmentInfo, "view"))) {
                            log.debug("User does not have permission for this");
                            httpServletResponse.sendError(403);
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (IOException e3) {
                                }
                            }
                            if (0 != 0) {
                                try {
                                    outputStream.close();
                                    return;
                                } catch (IOException e4) {
                                    return;
                                }
                            }
                            return;
                        }
                        if (HttpUtil.checkFor304(httpServletRequest, attachmentInfo)) {
                            log.debug("Client has latest version already, sending 304...");
                            httpServletResponse.sendError(304);
                            if (0 != 0) {
                                try {
                                    inputStream.close();
                                } catch (IOException e5) {
                                }
                            }
                            if (0 != 0) {
                                try {
                                    outputStream.close();
                                    return;
                                } catch (IOException e6) {
                                    return;
                                }
                            }
                            return;
                        }
                        httpServletResponse.setContentType(getMimeType(createContext, attachmentInfo.getFileName()));
                        httpServletResponse.addHeader("Content-Disposition", "inline; filename=\"" + attachmentInfo.getFileName() + "\";");
                        httpServletResponse.addDateHeader(CacheFilter.HEADER_LAST_MODIFIED, attachmentInfo.getLastModified().getTime());
                        if (!attachmentInfo.isCacheable()) {
                            httpServletResponse.addHeader("Pragma", "no-cache");
                            httpServletResponse.addHeader("Cache-control", "no-cache");
                        }
                        if (attachmentInfo.getSize() >= 0) {
                            httpServletResponse.setContentLength((int) attachmentInfo.getSize());
                        }
                        ServletOutputStream outputStream2 = httpServletResponse.getOutputStream();
                        InputStream attachmentStream = attachmentManager.getAttachmentStream(createContext, attachmentInfo);
                        byte[] bArr = new byte[BUFFER_SIZE];
                        while (true) {
                            int read = attachmentStream.read(bArr);
                            if (read <= -1) {
                                break;
                            } else {
                                outputStream2.write(bArr, 0, read);
                            }
                        }
                        if (log.isDebugEnabled()) {
                            log.debug("Attachment " + attachmentInfo.getFileName() + " sent to " + httpServletRequest.getRemoteUser() + " on " + httpServletRequest.getRemoteAddr());
                        }
                        if (parameter2 != null) {
                            httpServletResponse.sendRedirect(parameter2);
                        }
                        if (attachmentStream != null) {
                            try {
                                attachmentStream.close();
                            } catch (IOException e7) {
                            }
                        }
                        if (outputStream2 != null) {
                            try {
                                outputStream2.close();
                            } catch (IOException e8) {
                            }
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                inputStream.close();
                            } catch (IOException e9) {
                            }
                        }
                        if (0 != 0) {
                            try {
                                outputStream.close();
                            } catch (IOException e10) {
                            }
                        }
                        throw th;
                    }
                } catch (SocketException e11) {
                    log.debug("I/O exception during download", e11);
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (IOException e12) {
                        }
                    }
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (IOException e13) {
                        }
                    }
                }
            } catch (NumberFormatException e14) {
                httpServletResponse.sendError(400, "Invalid version number (" + parameter + ")");
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (IOException e15) {
                    }
                }
                if (0 != 0) {
                    try {
                        outputStream.close();
                    } catch (IOException e16) {
                    }
                }
            }
        } catch (ProviderException e17) {
            String str2 = "Provider error: " + e17.getMessage();
            log.debug("Provider failed while reading", e17);
            try {
                httpServletResponse.sendError(500, str2);
            } catch (IllegalStateException e18) {
            }
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e19) {
                }
            }
            if (0 != 0) {
                try {
                    outputStream.close();
                } catch (IOException e20) {
                }
            }
        } catch (IOException e21) {
            String str3 = "Error: " + e21.getMessage();
            log.debug("I/O exception during download", e21);
            try {
                httpServletResponse.sendError(500, str3);
            } catch (IllegalStateException e22) {
            }
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e23) {
                }
            }
            if (0 != 0) {
                try {
                    outputStream.close();
                } catch (IOException e24) {
                }
            }
        }
    }

    private static String getMimeType(WikiContext wikiContext, String str) {
        ServletContext servletContext;
        String str2 = null;
        HttpServletRequest httpRequest = wikiContext.getHttpRequest();
        if (httpRequest != null && (servletContext = httpRequest.getSession().getServletContext()) != null) {
            str2 = servletContext.getMimeType(str.toLowerCase());
        }
        if (str2 == null) {
            str2 = "application/binary";
        }
        return str2;
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        try {
            String upload = upload(httpServletRequest);
            httpServletRequest.getSession().removeAttribute(VariableManager.VAR_MSG);
            httpServletResponse.sendRedirect(upload);
        } catch (RedirectException e) {
            WikiSession.getWikiSession(this.m_engine, httpServletRequest).addMessage(e.getMessage());
            httpServletRequest.getSession().setAttribute(VariableManager.VAR_MSG, e.getMessage());
            httpServletResponse.sendRedirect(e.getRedirect());
        }
    }

    public void doPut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        this.m_engine.getURL(WikiContext.ERROR, Release.BUILD, null, false);
        DavPath davPath = new DavPath(new String(httpServletRequest.getPathInfo().getBytes(AbstractFileProvider.DEFAULT_ENCODING), "UTF-8"));
        try {
            ServletInputStream inputStream = httpServletRequest.getInputStream();
            WikiContext createContext = this.m_engine.createContext(httpServletRequest, WikiContext.UPLOAD);
            String str = davPath.get(0);
            if (executeUpload(createContext, inputStream, davPath.getName(), createContext.getURL(WikiContext.UPLOAD, str), str, null, httpServletRequest.getContentLength())) {
                httpServletResponse.sendError(201);
            } else {
                httpServletResponse.sendError(200);
            }
        } catch (RedirectException e) {
            httpServletResponse.sendError(500, e.getMessage());
        } catch (ProviderException e2) {
            httpServletResponse.sendError(500, e2.getMessage());
        }
    }

    private String validateNextPage(String str, String str2) {
        if (str.indexOf("://") != -1 && !str.startsWith(this.m_engine.getBaseURL())) {
            log.warn("Detected phishing attempt by redirecting to an unsecure location: " + str);
            str = str2;
        }
        return str;
    }

    protected String upload(HttpServletRequest httpServletRequest) throws RedirectException, IOException {
        String url = this.m_engine.getURL(WikiContext.ERROR, Release.BUILD, null, false);
        String str = url;
        String parameter = httpServletRequest.getParameter("progressid");
        try {
            if (!ServletFileUpload.isMultipartContent(httpServletRequest)) {
                throw new RedirectException("Not a file upload", url);
            }
            try {
                try {
                    DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
                    WikiContext createContext = this.m_engine.createContext(httpServletRequest, WikiContext.ATTACH);
                    UploadListener uploadListener = new UploadListener();
                    this.m_engine.getProgressManager().startProgress(uploadListener, parameter);
                    ServletFileUpload servletFileUpload = new ServletFileUpload(diskFileItemFactory);
                    servletFileUpload.setHeaderEncoding("UTF-8");
                    if (!createContext.hasAdminPermissions()) {
                        servletFileUpload.setFileSizeMax(this.m_maxSize);
                    }
                    servletFileUpload.setProgressListener(uploadListener);
                    String str2 = null;
                    String str3 = null;
                    FileItem fileItem = null;
                    for (FileItem fileItem2 : servletFileUpload.parseRequest(httpServletRequest)) {
                        if (!fileItem2.isFormField()) {
                            fileItem = fileItem2;
                        } else if (fileItem2.getFieldName().equals("page")) {
                            str2 = fileItem2.getString("UTF-8");
                            int indexOf = str2.indexOf("/");
                            if (indexOf != -1) {
                                str2 = str2.substring(0, indexOf);
                            }
                        } else if (fileItem2.getFieldName().equals(WikiPage.CHANGENOTE)) {
                            str3 = fileItem2.getString("UTF-8");
                            if (str3 != null) {
                                str3 = TextUtil.replaceEntities(str3);
                            }
                        } else if (fileItem2.getFieldName().equals("nextpage")) {
                            str = validateNextPage(fileItem2.getString("UTF-8"), url);
                        }
                    }
                    if (fileItem == null) {
                        throw new RedirectException("Broken file upload", url);
                    }
                    String name = fileItem.getName();
                    long size = fileItem.getSize();
                    InputStream inputStream = fileItem.getInputStream();
                    try {
                        executeUpload(createContext, inputStream, name, str, str2, str3, size);
                        inputStream.close();
                        return str;
                    } catch (Throwable th) {
                        inputStream.close();
                        throw th;
                    }
                } catch (ProviderException e) {
                    String str4 = "Upload failed because the provider failed: " + e.getMessage();
                    log.warn(str4 + " (attachment: (unknown))", e);
                    throw new IOException(str4);
                }
            } catch (IOException e2) {
                log.warn(("Upload failure: " + e2.getMessage()) + " (attachment: (unknown))", e2);
                throw e2;
            } catch (FileUploadException e3) {
                String str5 = "Upload failure: " + e3.getMessage();
                log.warn(str5 + " (attachment: (unknown))", e3);
                throw new IOException(str5);
            }
        } finally {
            this.m_engine.getProgressManager().stopProgress(parameter);
        }
    }

    protected boolean executeUpload(WikiContext wikiContext, InputStream inputStream, String str, String str2, String str3, String str4, long j) throws RedirectException, IOException, ProviderException {
        boolean z = false;
        try {
            String validateFileName = AttachmentManager.validateFileName(str);
            if (!wikiContext.hasAdminPermissions()) {
                if (j > this.m_maxSize) {
                    throw new RedirectException("File exceeds maximum size (" + this.m_maxSize + " bytes)", str2);
                }
                if (!isTypeAllowed(validateFileName)) {
                    throw new RedirectException("Files of this type may not be uploaded to this wiki", str2);
                }
            }
            Principal currentUser = wikiContext.getCurrentUser();
            AttachmentManager attachmentManager = this.m_engine.getAttachmentManager();
            log.debug("file=" + validateFileName);
            if (inputStream == null) {
                log.error("File could not be opened.");
                throw new RedirectException("File could not be opened.", str2);
            }
            Attachment attachmentInfo = attachmentManager.getAttachmentInfo(wikiContext.getPage().getName());
            if (attachmentInfo == null) {
                attachmentInfo = new Attachment(this.m_engine, str3, validateFileName);
                z = true;
            }
            attachmentInfo.setSize(j);
            if (!this.m_engine.getAuthorizationManager().checkPermission(wikiContext.getWikiSession(), PermissionFactory.getPagePermission(attachmentInfo, PagePermission.UPLOAD_ACTION))) {
                throw new RedirectException("No permission to upload a file", str2);
            }
            if (currentUser != null) {
                attachmentInfo.setAuthor(currentUser.getName());
            }
            if (str4 != null && str4.length() > 0) {
                attachmentInfo.setAttribute(WikiPage.CHANGENOTE, str4);
            }
            try {
                this.m_engine.getAttachmentManager().storeAttachment(attachmentInfo, inputStream);
                log.info("User " + currentUser + " uploaded attachment to " + str3 + " called " + validateFileName + ", size " + attachmentInfo.getSize());
                return z;
            } catch (ProviderException e) {
                throw new ProviderException(wikiContext.getBundle(InternationalizationManager.CORE_BUNDLE).getString(e.getMessage()));
            }
        } catch (WikiException e2) {
            throw new RedirectException(wikiContext.getBundle(InternationalizationManager.CORE_BUNDLE).getString(e2.getMessage()), str2);
        }
    }
}
