package org.apache.archiva.upload;

import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import javax.ws.rs.ClientErrorException;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.services.UserService;
import org.apache.archiva.redback.rest.services.AbstractRestServicesTest;
import org.apache.archiva.rest.api.services.ArchivaRestServiceException;
import org.apache.archiva.test.utils.ArchivaBlockJUnit4ClassRunner;
import org.apache.archiva.web.api.FileUploadService;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.deploy.ApplicationParameter;
import org.apache.catalina.startup.Tomcat;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.SystemUtils;
import org.apache.cxf.jaxrs.client.JAXRSClientFactory;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.ext.multipart.AttachmentBuilder;
import org.apache.cxf.jaxrs.ext.multipart.ContentDisposition;
import org.apache.cxf.jaxrs.ext.multipart.MultipartBody;
import org.apache.cxf.message.Message;
import org.apache.cxf.transport.servlet.CXFServlet;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.bridge.SLF4JBridgeHandler;
import org.springframework.web.context.ContextLoaderListener;

@RunWith(ArchivaBlockJUnit4ClassRunner.class)
/* loaded from: input_file:org/apache/archiva/upload/UploadArtifactsTest.class */
public class UploadArtifactsTest extends AbstractRestServicesTest {
    private Tomcat tomcat;

    @Before
    public void startServer() throws Exception {
        System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true");
        System.setProperty("appserver.base", Paths.get("target/appserver-base", new String[0]).toAbsolutePath().toString());
        Path path = Paths.get("target/appserver-base", new String[0]);
        FileUtils.deleteDirectory(path.toAbsolutePath().toFile());
        Path resolve = path.resolve("conf");
        if (!Files.exists(resolve, new LinkOption[0])) {
            Files.createDirectories(resolve, new FileAttribute[0]);
        }
        Path path2 = Paths.get("src/test/resources/log4j2-test.xml", new String[0]);
        Files.copy(path2, resolve.resolve(path2.getFileName()), StandardCopyOption.REPLACE_EXISTING);
        Path path3 = Paths.get("src/test/resources/archiva.xml", new String[0]);
        Files.copy(path3, resolve.resolve(path3.getFileName()), StandardCopyOption.REPLACE_EXISTING);
        Path resolve2 = path.resolve("jcr");
        if (Files.exists(resolve2, new LinkOption[0])) {
            FileUtils.deleteDirectory(resolve2.toAbsolutePath().toFile());
        }
        SLF4JBridgeHandler.removeHandlersForRootLogger();
        SLF4JBridgeHandler.install();
        this.tomcat = new Tomcat();
        this.tomcat.setBaseDir(System.getProperty("java.io.tmpdir"));
        this.tomcat.setPort(0);
        this.tomcat.setSilent(false);
        Context addContext = this.tomcat.addContext("", System.getProperty("java.io.tmpdir"));
        ApplicationParameter applicationParameter = new ApplicationParameter();
        applicationParameter.setName("contextConfigLocation");
        applicationParameter.setValue(getSpringConfigLocation());
        addContext.addApplicationParameter(applicationParameter);
        addContext.addApplicationListener(ContextLoaderListener.class.getName());
        Tomcat.addServlet(addContext, "cxf", new CXFServlet());
        addContext.addServletMapping("/" + getRestServicesPath() + "/*", "cxf");
        this.tomcat.start();
        this.port = this.tomcat.getConnector().getLocalPort();
        this.log.info("start server on port {}", Integer.valueOf(this.port));
        UserService userService = getUserService();
        User user = new User();
        user.setUsername("admin");
        user.setPassword("rose210208");
        user.setFullName("the admin user");
        user.setEmail("toto@toto.fr");
        userService.createAdminUser(user);
        getFakeCreateAdminService();
    }

    @After
    public void stop() {
        if (this.tomcat != null) {
            try {
                this.tomcat.stop();
            } catch (LifecycleException e) {
            }
        }
        System.clearProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH");
    }

    protected String getSpringConfigLocation() {
        return "classpath*:META-INF/spring-context.xml,classpath:/spring-context-test-upload.xml";
    }

    protected String getRestServicesPath() {
        return "restServices";
    }

    protected String getBaseUrl() {
        String property = System.getProperty("archiva.baseRestUrl");
        return StringUtils.isBlank(property) ? "http://localhost:" + this.port : property;
    }

    private FileUploadService getUploadService() {
        FileUploadService fileUploadService = (FileUploadService) JAXRSClientFactory.create(getBaseUrl() + "/" + getRestServicesPath() + "/archivaUiServices/", FileUploadService.class, Collections.singletonList(new JacksonJaxbJsonProvider()));
        this.log.debug("Service class {}", fileUploadService.getClass().getName());
        WebClient.client(fileUploadService).header("Authorization", new Object[]{this.authorizationHeader});
        WebClient.client(fileUploadService).header("Referer", new Object[]{"http://localhost:" + this.port});
        WebClient.client(fileUploadService).header("Referer", new Object[]{"http://localhost"});
        WebClient.getConfig(fileUploadService).getRequestContext().put(Message.MAINTAIN_SESSION, true);
        WebClient.getConfig(fileUploadService).getRequestContext().put("exceptionMessageCauseEnabled", true);
        WebClient.getConfig(fileUploadService).getRequestContext().put("faultStackTraceEnabled", true);
        WebClient.getConfig(fileUploadService).getRequestContext().put(Message.PROPOGATE_EXCEPTION, true);
        WebClient.getConfig(fileUploadService).getRequestContext().put("org.apache.cxf.transport.no_io_exceptions", true);
        return fileUploadService;
    }

    @Test
    public void clearUploadedFiles() throws Exception {
        getUploadService().clearUploadedFiles();
    }

    @Test
    public void uploadFile() throws IOException, ArchivaRestServiceException {
        FileUploadService uploadService = getUploadService();
        try {
            Path path = Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]);
            uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"" + path.getFileName().toString() + "\"; name=\"files[]\"")).build()));
            uploadService.clearUploadedFiles();
        } catch (Throwable th) {
            uploadService.clearUploadedFiles();
            throw th;
        }
    }

    @Test
    public void failUploadFileWithBadFileName() throws IOException, ArchivaRestServiceException {
        FileUploadService uploadService = getUploadService();
        try {
            try {
                uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]), new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"/../TestFile.testext\"; name=\"files[]\"")).build()));
                fail("FileNames with path contents should not be allowed.");
            } catch (ClientErrorException e) {
                assertEquals(422, e.getResponse().getStatus());
            }
        } finally {
            uploadService.clearUploadedFiles();
        }
    }

    @Test
    public void uploadAndDeleteFile() throws IOException, ArchivaRestServiceException {
        FileUploadService uploadService = getUploadService();
        try {
            Path path = Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]);
            uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"" + path.getFileName().toString() + "\"; name=\"files[]\"")).build()));
            uploadService.deleteFile(path.getFileName().toString());
            uploadService.clearUploadedFiles();
        } catch (Throwable th) {
            uploadService.clearUploadedFiles();
            throw th;
        }
    }

    @Test
    public void failUploadAndDeleteWrongFile() throws IOException, ArchivaRestServiceException {
        FileUploadService uploadService = getUploadService();
        try {
            Path path = Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]);
            uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"" + path.getFileName().toString() + "\"; name=\"files[]\"")).build()));
            assertFalse(uploadService.deleteFile("file123" + path.getFileName().toString()).booleanValue());
            uploadService.clearUploadedFiles();
        } catch (Throwable th) {
            uploadService.clearUploadedFiles();
            throw th;
        }
    }

    @Test
    public void failUploadAndDeleteFileInOtherDir() throws IOException, ArchivaRestServiceException {
        Path path = null;
        try {
            FileUploadService uploadService = getUploadService();
            Path path2 = Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]);
            Path absolutePath = Paths.get("target/testDelete", new String[0]).toAbsolutePath();
            if (!Files.exists(absolutePath, new LinkOption[0])) {
                Files.createDirectories(absolutePath, new FileAttribute[0]);
            }
            Path path3 = SystemUtils.getJavaIoTmpDir().toPath();
            path = Files.createTempFile(absolutePath, "TestFile", ".txt", new FileAttribute[0]);
            this.log.debug("Test file {}", path.toAbsolutePath());
            this.log.debug("Tmp dir {}", path3.toAbsolutePath());
            assertTrue(Files.exists(path, new LinkOption[0]));
            Path relativize = path3.relativize(path.toAbsolutePath());
            uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path2, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"" + path2.getFileName().toString() + "\"; name=\"files[]\"")).build()));
            String encode = URLEncoder.encode("../target/" + relativize.toString(), "UTF-8");
            this.log.debug("Trying to delete with path traversal: {}, {}", relativize, encode);
            try {
                uploadService.deleteFile(encode);
            } catch (ArchivaRestServiceException e) {
            }
            assertTrue("File in another directory may not be deleted", Files.exists(path, new LinkOption[0]));
            if (path != null) {
                Files.deleteIfExists(path);
            }
        } catch (Throwable th) {
            if (path != null) {
                Files.deleteIfExists(path);
            }
            throw th;
        }
    }

    @Test
    public void failSaveFileWithBadParams() throws IOException, ArchivaRestServiceException {
        FileUploadService uploadService = getUploadService();
        Path path = Paths.get("target/test/test-testSave.4", new String[0]);
        Path path2 = Paths.get("target/test/test-testSave.pom", new String[0]);
        try {
            Path path3 = Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]);
            Path absolutePath = Paths.get("target/appserver-base/test/testSave", new String[0]).toAbsolutePath();
            Path path4 = Paths.get("target/appserver-base/repositories/internal/org", new String[0]);
            this.log.info("Repo dir {}", path4.toAbsolutePath());
            if (!Files.exists(path4, new LinkOption[0])) {
                Files.createDirectories(path4, new FileAttribute[0]);
            }
            assertTrue(Files.exists(path4, new LinkOption[0]));
            if (!Files.exists(absolutePath, new LinkOption[0])) {
                Files.createDirectories(absolutePath, new FileAttribute[0]);
            }
            Files.deleteIfExists(path);
            Files.deleteIfExists(path2);
            this.log.debug("Metadata {}", uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path3, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"archiva-model-1.2.jar\"; name=\"files[]\"")).build())).toString());
            assertTrue(uploadService.save("internal", "org.archiva", "archiva-model", "1.2", "jar", true).booleanValue());
            this.log.debug("Metadata {}", uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(path3, new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"TestFile.FileExt\"; name=\"files[]\"")).build())).toString());
            try {
                uploadService.save("internal", "org", URLEncoder.encode("../../../test", "UTF-8"), URLEncoder.encode("testSave", "UTF-8"), "4", true);
                fail("Error expected, if the content contains bad characters.");
            } catch (ClientErrorException e) {
                assertEquals(422, e.getResponse().getStatus());
            }
            assertFalse(Files.exists(Paths.get("target/test-testSave.4", new String[0]), new LinkOption[0]));
            Files.deleteIfExists(path);
            Files.deleteIfExists(path2);
        } catch (Throwable th) {
            Files.deleteIfExists(path);
            Files.deleteIfExists(path2);
            throw th;
        }
    }

    @Test
    public void saveFile() throws IOException, ArchivaRestServiceException {
        Files.deleteIfExists(Paths.get("target/appserver-base/repositories/internal/data/repositories/internal/org/apache/archiva/archiva-model/1.2/archiva-model-1.2.jar", new String[0]));
        FileUploadService uploadService = getUploadService();
        uploadService.post(new MultipartBody(new AttachmentBuilder().object(Files.newInputStream(Paths.get("src/test/repositories/snapshot-repo/org/apache/archiva/archiva-model/1.4-M4-SNAPSHOT/archiva-model-1.4-M4-20130425.081822-1.jar", new String[0]), new OpenOption[0])).contentDisposition(new ContentDisposition("form-data; filename=\"archiva-model.jar\"; name=\"files[]\"")).build()));
        uploadService.save("internal", "org.apache.archiva", "archiva-model", "1.2", "jar", true);
    }
}
