package org.artifactory.webapp.servlet;

import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.artifactory.addon.npm.NpmAuditRequestWrapper;
import org.artifactory.api.build.BuildService;
import org.artifactory.api.context.ArtifactoryContext;
import org.artifactory.api.context.ContextHelper;
import org.artifactory.api.repo.exception.FileExpectedException;
import org.artifactory.api.request.ArtifactoryResponse;
import org.artifactory.api.request.DownloadService;
import org.artifactory.api.request.UploadService;
import org.artifactory.api.webdav.WebdavService;
import org.artifactory.exception.CancelException;
import org.artifactory.exception.SQLIntegrityException;
import org.artifactory.mime.NamingUtils;
import org.artifactory.repo.RepoPath;
import org.artifactory.request.ArtifactoryRequest;
import org.artifactory.request.RepoRequests;
import org.artifactory.security.HttpAuthenticationDetails;
import org.artifactory.util.HttpUtils;
import org.artifactory.util.UiRequestUtils;
import org.jfrog.client.util.PathUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;

/* loaded from: input_file:org/artifactory/webapp/servlet/RepoFilter.class */
public class RepoFilter extends DelayedFilterBase {
    private static final Logger log = LoggerFactory.getLogger(RepoFilter.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/artifactory/webapp/servlet/RepoFilter$DockerMalformedRequestWrapper.class */
    public static class DockerMalformedRequestWrapper extends HttpServletRequestWrapper {
        DockerMalformedRequestWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public Enumeration<String> getHeaders(String str) {
            if (!str.equalsIgnoreCase("Content-Type") || !StringUtils.isBlank(getRequest().getContentType())) {
                return super.getHeaders(str);
            }
            RepoFilter.log.debug("Returning fixed Docker Content-Type header {}", str);
            return Collections.enumeration(Lists.newArrayList(new String[]{"application/octet-stream"}));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/artifactory/webapp/servlet/RepoFilter$GitLfsMalformedRequestWrapper.class */
    public static class GitLfsMalformedRequestWrapper extends HttpServletRequestWrapper {
        GitLfsMalformedRequestWrapper(HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
        }

        public Enumeration<String> getHeaders(String str) {
            if (!str.equalsIgnoreCase("Accept") && !str.equalsIgnoreCase("Content-Type")) {
                return super.getHeaders(str);
            }
            RepoFilter.log.debug("Returning fixed Git LFS header {}", str);
            return Collections.enumeration(Lists.newArrayList(new String[]{"application/vnd.git-lfs+json"}));
        }
    }

    @Override // org.artifactory.webapp.servlet.DelayedFilterBase
    public void initLater(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter("nonUiPathPrefixes");
        String initParameter2 = filterConfig.getInitParameter("UiPathPrefixes");
        List delimitedListToStringList = PathUtils.delimitedListToStringList(initParameter, ",");
        UiRequestUtils.setNonUiPathPrefixes(delimitedListToStringList);
        RequestUtils.setNonUiPathPrefixes(delimitedListToStringList);
        List delimitedListToStringList2 = PathUtils.delimitedListToStringList(initParameter2, ",");
        delimitedListToStringList2.add("webapp");
        RequestUtils.setUiPathPrefixes(delimitedListToStringList2);
        UiRequestUtils.setUiPathPrefixes(delimitedListToStringList2);
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (shouldSkipFilter(servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            execute(filterChain, httpServletRequest, (HttpServletResponse) servletResponse, RequestUtils.getServletPathFromRequest(httpServletRequest));
        }
    }

    private void execute(FilterChain filterChain, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        if (log.isDebugEnabled()) {
            log.debug("Entering request {}.", requestDebugString(httpServletRequest));
        }
        boolean z = str != null && RequestUtils.isRepoRequest(httpServletRequest, true);
        if (z && str.startsWith("/list") && str.endsWith("/")) {
            doRepoListing(httpServletRequest, httpServletResponse, str, new HttpArtifactoryRequest(httpServletRequest));
            return;
        }
        String intern = httpServletRequest.getMethod().toLowerCase().intern();
        if (isBuildInfoDeploymentRequest(z, str, intern)) {
            doBuildUploadRedirect(httpServletRequest, httpServletResponse);
            return;
        }
        if (isNpmAuditRequest(z, str, intern)) {
            filterChain.doFilter(new NpmAuditRequestWrapper(httpServletRequest), httpServletResponse);
        }
        if (z) {
            HttpArtifactoryRequest httpArtifactoryRequest = new HttpArtifactoryRequest(httpServletRequest);
            ArtifactoryResponse httpArtifactoryResponse = new HttpArtifactoryResponse(httpServletResponse);
            if (checkNoUrlInPath(httpArtifactoryRequest, httpArtifactoryResponse)) {
                return;
            }
            if (httpArtifactoryRequest.isDirectoryRequest() && isGetOrHeadRequest(intern)) {
                if (httpArtifactoryRequest.isRecursive()) {
                    httpArtifactoryResponse.sendError(404, "Recursive call detected for '" + httpServletRequest + "'. Returning nothing.", log);
                    return;
                } else {
                    log.debug("Serving a directory get request.");
                    doRepoListing(httpServletRequest, httpServletResponse, str, httpArtifactoryRequest);
                    return;
                }
            }
            try {
                initRequestContext(intern, httpArtifactoryRequest, httpArtifactoryResponse);
                if (isGetOrHeadRequest(intern)) {
                    if (httpArtifactoryRequest.getParameter("trace") != null) {
                        httpArtifactoryResponse = new TraceLoggingResponse(httpArtifactoryResponse);
                        initRequestContext(intern, httpArtifactoryRequest, httpArtifactoryResponse);
                    }
                    if (httpArtifactoryRequest.getParameter("properties") != null) {
                        httpArtifactoryResponse.setPropertiesMediaType(MediaType.APPLICATION_JSON.toString());
                    }
                    if (httpArtifactoryRequest.getParameter("propertiesXml") != null) {
                        httpArtifactoryResponse.setPropertiesMediaType(MediaType.APPLICATION_XML.toString());
                    }
                    doDownload(httpServletRequest, httpServletResponse, intern, httpArtifactoryRequest, httpArtifactoryResponse);
                    return;
                }
                if ("put".equals(intern)) {
                    doUpload(httpArtifactoryRequest, httpArtifactoryResponse);
                    return;
                } else {
                    doWebDavMethod(httpServletRequest, httpServletResponse, intern, httpArtifactoryRequest, httpArtifactoryResponse);
                    RepoRequests.destroy();
                }
            } finally {
                RepoRequests.destroy();
            }
        } else if (!httpServletResponse.isCommitted()) {
            if (RequestUtils.isWebdavRequest(httpServletRequest)) {
                httpServletResponse.setStatus(403);
                if (log.isDebugEnabled()) {
                    log.debug("Received webdav request on " + str + " which is not a repository!\nReturning 403");
                }
            } else {
                filterChain.doFilter(wrapRequestIfNeeded(httpServletRequest), httpServletResponse);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Exiting request {}", requestDebugString(httpServletRequest));
        }
    }

    private boolean checkNoUrlInPath(ArtifactoryRequest artifactoryRequest, ArtifactoryResponse artifactoryResponse) throws IOException {
        if (HttpUtils.isValidUrl(artifactoryRequest.getPath())) {
            artifactoryResponse.sendError(400, "Forbidden Url in path: " + artifactoryRequest.getPath(), log);
            return true;
        }
        if (StringUtils.isNotBlank(artifactoryRequest.getParameter("artifactory.alternativeRemoteSiteUrl"))) {
            artifactoryResponse.sendError(400, "Forbidden Url in path: " + artifactoryRequest.getParameter("artifactory.alternativeRemoteSiteUrl"), log);
            return true;
        }
        if (!StringUtils.isNotBlank(artifactoryRequest.getParameter("artifactory.alternativeRemoteDownloadUrl"))) {
            return false;
        }
        artifactoryResponse.sendError(400, "Forbidden Url in path: " + artifactoryRequest.getParameter("artifactory.alternativeRemoteDownloadUrl"), log);
        return true;
    }

    private boolean isNpmAuditRequest(boolean z, String str, String str2) {
        return !z && str2.equals("post") && (str.endsWith("/npm/v1/security/audits") || str.endsWith("/npm/v1/security/audits/quick"));
    }

    private boolean isBuildInfoDeploymentRequest(boolean z, String str, String str2) {
        return z && str.startsWith("/" + getBuildService().getBuildInfoRepoKey()) && !str.endsWith("/") && HttpMethod.PUT.name().equalsIgnoreCase(str2);
    }

    private void doBuildUploadRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log.debug("Forwarding internally to an build resource upload redirect endpoint");
        String servletPathFromRequest = RequestUtils.getServletPathFromRequest(httpServletRequest);
        log.debug("Original servlet path inferred as '{}'", servletPathFromRequest);
        httpServletRequest.getRequestDispatcher("/api/build/buildUploadRedirect" + servletPathFromRequest).forward(httpServletRequest, httpServletResponse);
    }

    private boolean isGetOrHeadRequest(String str) {
        return "get".equals(str) || "head".equals(str);
    }

    private void initRequestContext(String str, ArtifactoryRequest artifactoryRequest, ArtifactoryResponse artifactoryResponse) {
        RepoRequests.set(str, getContext().getAuthorizationService().currentUsername(), artifactoryRequest, artifactoryResponse);
    }

    private void doWebDavMethod(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, ArtifactoryRequest artifactoryRequest, ArtifactoryResponse artifactoryResponse) throws IOException {
        if (getWebdavService().handleRequest(str, artifactoryRequest, artifactoryResponse)) {
            return;
        }
        httpServletResponse.setStatus(405);
        httpServletResponse.setHeader("Allow", PathUtils.collectionToDelimitedString(getWebdavService().supportedMethods()));
        log.info("Received unsupported request method: {} from: {}", str, httpServletRequest.getRemoteAddr());
    }

    private void doUpload(ArtifactoryRequest artifactoryRequest, ArtifactoryResponse artifactoryResponse) throws IOException {
        try {
            log.debug("Serving an upload request.");
            getUploadEngine().upload(artifactoryRequest, artifactoryResponse);
        } catch (CancelException e) {
            log.error("Upload request has been canceled: {}", e.getMessage());
            artifactoryResponse.sendInternalError(e, log);
        } catch (Exception e2) {
            log.error("Upload request of {} failed due to {}", artifactoryRequest.getRepoPath(), e2);
            artifactoryResponse.sendInternalError(e2, log);
        } catch (SQLIntegrityException e3) {
            log.error("Upload request has been failed: {}", e3.getMessage());
            artifactoryResponse.sendError(409, e3.getMessage(), log);
        }
    }

    private void doDownload(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, ArtifactoryRequest artifactoryRequest, ArtifactoryResponse artifactoryResponse) throws IOException {
        if (redirectLegacyMetadataRequest(httpServletRequest, httpServletResponse, artifactoryRequest)) {
            return;
        }
        try {
            RepoRequests.logToContext("Received request", new Object[0]);
            getDownloadService().process(artifactoryRequest, artifactoryResponse);
        } catch (FileExpectedException e) {
            String servletPathFromRequest = RequestUtils.getServletPathFromRequest(httpServletRequest);
            if (!servletPathFromRequest.endsWith("/")) {
                String str2 = HttpUtils.getServletContextUrl(httpServletRequest) + servletPathFromRequest + "/";
                RepoRequests.logToContext("Redirecting to the directory path '%s'", new Object[]{str2});
                httpServletResponse.sendRedirect(str2);
            } else if ("head".equals(str)) {
                RepoRequests.logToContext("Handling directory HEAD request ", new Object[0]);
            } else {
                RepoRequests.logToContext("Expected file but received a directory - returning a %s response", new Object[]{404});
                artifactoryResponse.sendError(404, "Expected file response but received a directory response: " + e.getRepoPath(), log);
            }
        } catch (Exception e2) {
            RepoRequests.logToContext("Error handling request: %s - returning a %s response", new Object[]{e2.getMessage(), 500});
            if (!(e2 instanceof IOException) && !artifactoryResponse.isCommitted()) {
                artifactoryResponse.sendError(500, "Could not process download request: " + e2.getMessage(), log);
            }
            log.debug("Could not process download request: " + e2.getMessage(), e2);
        } catch (CancelException e3) {
            RepoRequests.logToContext("Request has been canceled", new Object[]{e3.getMessage(), Integer.valueOf(e3.getErrorCode())});
            artifactoryResponse.sendError(e3.getErrorCode(), "Download request has been canceled: " + e3.getMessage(), log);
            log.debug("Download request has been canceled" + e3.getMessage(), e3);
        }
    }

    private void doRepoListing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, ArtifactoryRequest artifactoryRequest) throws ServletException, IOException {
        log.debug("Forwarding internally to an apache-style listing page.");
        if (!str.endsWith("/")) {
            httpServletResponse.sendRedirect(HttpUtils.getServletContextUrl(httpServletRequest) + str + "/");
            return;
        }
        httpServletRequest.setAttribute("artifactory.repository_path", artifactoryRequest.getRepoPath());
        httpServletRequest.setAttribute("artifactory.request_properties", artifactoryRequest.getProperties());
        httpServletRequest.getRequestDispatcher("/api/nativeBrowser").forward(httpServletRequest, httpServletResponse);
    }

    private ArtifactoryContext getContext() {
        return ContextHelper.get();
    }

    private WebdavService getWebdavService() {
        return (WebdavService) getContext().beanForType(WebdavService.class);
    }

    private DownloadService getDownloadService() {
        return (DownloadService) getContext().beanForType(DownloadService.class);
    }

    private UploadService getUploadEngine() {
        return (UploadService) getContext().beanForType(UploadService.class);
    }

    private BuildService getBuildService() {
        return (BuildService) getContext().beanForType(BuildService.class);
    }

    private static String requestDebugString(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        return httpServletRequest.getMethod() + " (" + new HttpAuthenticationDetails(httpServletRequest).getRemoteAddress() + ") " + RequestUtils.getServletPathFromRequest(httpServletRequest) + (queryString != null ? queryString : "");
    }

    private boolean redirectLegacyMetadataRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ArtifactoryRequest artifactoryRequest) throws IOException {
        if (!NamingUtils.isProperties(artifactoryRequest.getPath())) {
            return false;
        }
        RepoPath repoPath = artifactoryRequest.getRepoPath();
        log.debug("Deprecated metadata download detected: {}", httpServletRequest.getRequestURL());
        String str = HttpUtils.getServletContextUrl(httpServletRequest) + "/api/storage/" + repoPath.getRepoKey() + "/" + NamingUtils.stripMetadataFromPath(repoPath.getPath()) + "?" + NamingUtils.getMetadataName(artifactoryRequest.getPath()) + "Xml";
        RepoRequests.logToContext("Redirecting to path '%s'", new Object[]{str});
        httpServletResponse.sendRedirect(HttpUtils.encodeQuery(str));
        return true;
    }

    private HttpServletRequest wrapRequestIfNeeded(HttpServletRequest httpServletRequest) {
        if (isGitLfsRequest(httpServletRequest)) {
            log.debug("Identified '/api/lfs' in incoming ServletRequest path. Wrapping it with a GitLfsMalformedRequestWrapper");
            return new GitLfsMalformedRequestWrapper(httpServletRequest);
        }
        if (!isDockerRequest(httpServletRequest)) {
            return httpServletRequest;
        }
        log.debug("Identified '/api/docker' in incoming ServletRequest path. Wrapping it with a DockerMalformedRequestWrapper");
        return new DockerMalformedRequestWrapper(httpServletRequest);
    }

    private boolean isGitLfsRequest(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getServletPath() + httpServletRequest.getPathInfo()).contains("/api/lfs") || httpServletRequest.getRequestURL().toString().contains("/api/lfs");
    }

    private boolean isDockerRequest(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getServletPath() + httpServletRequest.getPathInfo()).contains("/api/docker") || httpServletRequest.getRequestURL().toString().contains("/api/docker");
    }
}
