package org.apache.archiva.web.api;

import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.TimeZone;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.apache.archiva.admin.model.RepositoryAdminException;
import org.apache.archiva.admin.model.admin.ArchivaAdministration;
import org.apache.archiva.admin.model.beans.ManagedRepository;
import org.apache.archiva.admin.model.managed.ManagedRepositoryAdmin;
import org.apache.archiva.checksum.ChecksumAlgorithm;
import org.apache.archiva.checksum.ChecksummedFile;
import org.apache.archiva.common.utils.VersionComparator;
import org.apache.archiva.common.utils.VersionUtil;
import org.apache.archiva.maven2.metadata.MavenMetadataReader;
import org.apache.archiva.metadata.model.facets.AuditEvent;
import org.apache.archiva.model.ArchivaRepositoryMetadata;
import org.apache.archiva.model.ArtifactReference;
import org.apache.archiva.model.SnapshotVersion;
import org.apache.archiva.redback.components.taskqueue.TaskQueueException;
import org.apache.archiva.repository.ManagedRepositoryContent;
import org.apache.archiva.repository.RepositoryContentFactory;
import org.apache.archiva.repository.RepositoryException;
import org.apache.archiva.repository.RepositoryNotFoundException;
import org.apache.archiva.repository.metadata.RepositoryMetadataException;
import org.apache.archiva.repository.metadata.RepositoryMetadataWriter;
import org.apache.archiva.rest.api.services.ArchivaRestServiceException;
import org.apache.archiva.rest.services.AbstractRestService;
import org.apache.archiva.rss.processor.RssFeedProcessor;
import org.apache.archiva.scheduler.ArchivaTaskScheduler;
import org.apache.archiva.scheduler.repository.model.RepositoryTask;
import org.apache.archiva.web.model.FileMetadata;
import org.apache.archiva.xml.XMLException;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.SystemUtils;
import org.apache.cxf.jaxrs.ext.multipart.Attachment;
import org.apache.cxf.jaxrs.ext.multipart.MultipartBody;
import org.apache.maven.model.Model;
import org.apache.maven.model.io.xpp3.MavenXpp3Writer;
import org.jboss.netty.handler.codec.http.multipart.DiskFileUpload;
import org.jboss.netty.handler.codec.http.multipart.HttpPostBodyUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("fileUploadService#rest")
/* loaded from: input_file:WEB-INF/lib/archiva-web-common-2.2.5.jar:org/apache/archiva/web/api/DefaultFileUploadService.class */
public class DefaultFileUploadService extends AbstractRestService implements FileUploadService {

    @Context
    private HttpServletRequest httpServletRequest;

    @Inject
    private ManagedRepositoryAdmin managedRepositoryAdmin;

    @Inject
    private RepositoryContentFactory repositoryFactory;

    @Inject
    private ArchivaAdministration archivaAdministration;

    @Inject
    @Named("archivaTaskScheduler#repository")
    private ArchivaTaskScheduler scheduler;
    private Logger log = LoggerFactory.getLogger(getClass());
    private ChecksumAlgorithm[] algorithms = {ChecksumAlgorithm.SHA1, ChecksumAlgorithm.MD5};
    private final String FS = FileSystems.getDefault().getSeparator();

    private String getStringValue(MultipartBody multipartBody, String str) throws IOException {
        Attachment attachment = multipartBody.getAttachment(str);
        return attachment == null ? "" : StringUtils.trim(URLDecoder.decode(IOUtils.toString(attachment.getDataHandler().getInputStream()), "UTF-8"));
    }

    @Override // org.apache.archiva.web.api.FileUploadService
    public FileMetadata post(MultipartBody multipartBody) throws ArchivaRestServiceException {
        try {
            String stringValue = getStringValue(multipartBody, "classifier");
            String stringValue2 = getStringValue(multipartBody, "packaging");
            checkParamChars("classifier", stringValue);
            checkParamChars("packaging", stringValue2);
            try {
                boolean z = BooleanUtils.toBoolean(getStringValue(multipartBody, "pomFile"));
                Attachment attachment = multipartBody.getAttachment("files[]");
                String parameter = attachment.getContentDisposition().getParameter(HttpPostBodyUtil.FILENAME);
                if (!parameter.equals(Paths.get(parameter, new String[0]).getFileName().toString())) {
                    ArchivaRestServiceException archivaRestServiceException = new ArchivaRestServiceException("Bad filename in upload content: " + parameter + " - File traversal chars (..|/) are not allowed", null);
                    archivaRestServiceException.setHttpErrorCode(422);
                    archivaRestServiceException.setErrorKey("fileupload.malformed.filename");
                    throw archivaRestServiceException;
                }
                File createTempFile = File.createTempFile("upload-artifact", DiskFileUpload.postfix);
                createTempFile.deleteOnExit();
                IOUtils.copy(attachment.getDataHandler().getInputStream(), new FileOutputStream(createTempFile));
                FileMetadata fileMetadata = new FileMetadata(parameter, createTempFile.length(), "theurl");
                fileMetadata.setServerFileName(createTempFile.getPath());
                fileMetadata.setClassifier(stringValue);
                fileMetadata.setDeleteUrl(createTempFile.getName());
                fileMetadata.setPomFile(z);
                fileMetadata.setPackaging(stringValue2);
                this.log.info("uploading file: {}", fileMetadata);
                getSessionFilesList().add(fileMetadata);
                return fileMetadata;
            } catch (IllegalArgumentException e) {
                ArchivaRestServiceException archivaRestServiceException2 = new ArchivaRestServiceException("Bad value for boolean pomFile field.", null);
                archivaRestServiceException2.setHttpErrorCode(422);
                archivaRestServiceException2.setFieldName("pomFile");
                archivaRestServiceException2.setErrorKey("fileupload.malformed.pomFile");
                throw archivaRestServiceException2;
            }
        } catch (IOException e2) {
            throw new ArchivaRestServiceException(e2.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e2);
        }
    }

    protected synchronized List<FileMetadata> getSessionFilesList() {
        List<FileMetadata> list = (List) this.httpServletRequest.getSession().getAttribute(FILES_SESSION_KEY);
        if (list == null) {
            list = new CopyOnWriteArrayList();
            this.httpServletRequest.getSession().setAttribute(FILES_SESSION_KEY, list);
        }
        return list;
    }

    @Override // org.apache.archiva.web.api.FileUploadService
    public Boolean deleteFile(String str) throws ArchivaRestServiceException {
        File file = new File(SystemUtils.getJavaIoTmpDir(), Paths.get(str, new String[0]).getFileName().toString());
        this.log.debug("delete file:{},exists:{}", file.getPath(), Boolean.valueOf(file.exists()));
        boolean remove = getSessionFileMetadatas().remove(new FileMetadata(str));
        if (!remove) {
            remove = getSessionFileMetadatas().remove(new FileMetadata(file.getPath()));
        }
        return (remove && file.exists()) ? Boolean.valueOf(file.delete()) : Boolean.FALSE;
    }

    @Override // org.apache.archiva.web.api.FileUploadService
    public Boolean clearUploadedFiles() throws ArchivaRestServiceException {
        Iterator it = new ArrayList(getSessionFileMetadatas()).iterator();
        while (it.hasNext()) {
            deleteFile(new File(((FileMetadata) it.next()).getServerFileName()).getPath());
        }
        getSessionFileMetadatas().clear();
        return Boolean.TRUE;
    }

    @Override // org.apache.archiva.web.api.FileUploadService
    public List<FileMetadata> getSessionFileMetadatas() throws ArchivaRestServiceException {
        List<FileMetadata> list = (List) this.httpServletRequest.getSession().getAttribute(FILES_SESSION_KEY);
        return list == null ? Collections.emptyList() : list;
    }

    private boolean hasValidChars(String str) {
        return (str.contains(this.FS) || str.contains("../") || str.contains("/..")) ? false : true;
    }

    private void checkParamChars(String str, String str2) throws ArchivaRestServiceException {
        if (hasValidChars(str2)) {
            return;
        }
        ArchivaRestServiceException archivaRestServiceException = new ArchivaRestServiceException("Bad characters in " + str, null);
        archivaRestServiceException.setHttpErrorCode(422);
        archivaRestServiceException.setErrorKey("fileupload.malformed.param");
        archivaRestServiceException.setFieldName(str);
        throw archivaRestServiceException;
    }

    @Override // org.apache.archiva.web.api.FileUploadService
    public Boolean save(String str, String str2, String str3, String str4, String str5, boolean z) throws ArchivaRestServiceException {
        String trim = StringUtils.trim(str);
        String trim2 = StringUtils.trim(str2);
        String trim3 = StringUtils.trim(str3);
        String trim4 = StringUtils.trim(str4);
        String trim5 = StringUtils.trim(str5);
        checkParamChars("repositoryId", trim);
        checkParamChars(RssFeedProcessor.KEY_GROUP_ID, trim2);
        checkParamChars(RssFeedProcessor.KEY_ARTIFACT_ID, trim3);
        checkParamChars("version", trim4);
        checkParamChars("packaging", trim5);
        List<FileMetadata> sessionFilesList = getSessionFilesList();
        if (sessionFilesList == null || sessionFilesList.isEmpty()) {
            return Boolean.FALSE;
        }
        try {
            ManagedRepository managedRepository = this.managedRepositoryAdmin.getManagedRepository(trim);
            if (managedRepository == null) {
                throw new ArchivaRestServiceException("Cannot find managed repository with id " + trim, Response.Status.BAD_REQUEST.getStatusCode(), (Throwable) null);
            }
            if (VersionUtil.isSnapshot(trim4) && !managedRepository.isSnapshots()) {
                throw new ArchivaRestServiceException("Managed repository with id " + trim + " do not accept snapshots", Response.Status.BAD_REQUEST.getStatusCode(), (Throwable) null);
            }
            boolean z2 = false;
            for (FileMetadata fileMetadata : Iterables.filter(sessionFilesList, new Predicate<FileMetadata>() { // from class: org.apache.archiva.web.api.DefaultFileUploadService.1
                @Override // com.google.common.base.Predicate
                public boolean apply(FileMetadata fileMetadata2) {
                    return (fileMetadata2 == null || fileMetadata2.isPomFile()) ? false : true;
                }
            })) {
                this.log.debug("fileToAdd: {}", fileMetadata);
                saveFile(trim, fileMetadata, z && !z2, trim2, trim3, trim4, trim5);
                z2 = true;
                deleteFile(fileMetadata.getServerFileName());
            }
            for (FileMetadata fileMetadata2 : Iterables.filter(sessionFilesList, new Predicate<FileMetadata>() { // from class: org.apache.archiva.web.api.DefaultFileUploadService.2
                @Override // com.google.common.base.Predicate
                public boolean apply(FileMetadata fileMetadata3) {
                    return fileMetadata3 != null && fileMetadata3.isPomFile();
                }
            })) {
                this.log.debug("fileToAdd: {}", fileMetadata2);
                savePomFile(trim, fileMetadata2, trim2, trim3, trim4, trim5);
                deleteFile(fileMetadata2.getServerFileName());
            }
            return Boolean.TRUE;
        } catch (RepositoryAdminException e) {
            throw new ArchivaRestServiceException(e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e);
        }
    }

    protected void savePomFile(String str, FileMetadata fileMetadata, String str2, String str3, String str4, String str5) throws ArchivaRestServiceException {
        try {
            boolean z = !this.archivaAdministration.getKnownContentConsumers().contains("create-missing-checksums");
            ManagedRepository managedRepository = this.managedRepositoryAdmin.getManagedRepository(str);
            ArtifactReference artifactReference = new ArtifactReference();
            artifactReference.setArtifactId(str3);
            artifactReference.setGroupId(str2);
            artifactReference.setVersion(str4);
            artifactReference.setClassifier(fileMetadata.getClassifier());
            artifactReference.setType(str5);
            String path = this.repositoryFactory.getManagedRepositoryContent(str).toPath(artifactReference);
            int lastIndexOf = path.lastIndexOf(47);
            String substring = path.substring(0, lastIndexOf);
            File file = new File(managedRepository.getLocation(), substring);
            String substring2 = path.substring(lastIndexOf + 1);
            if (StringUtils.isNotEmpty(fileMetadata.getClassifier())) {
                substring2 = StringUtils.remove(substring2, "-" + fileMetadata.getClassifier());
            }
            String str6 = FilenameUtils.removeExtension(substring2) + ".pom";
            copyFile(new File(fileMetadata.getServerFileName()), file, str6, z);
            triggerAuditEvent(managedRepository.getId(), substring + "/" + str6, AuditEvent.UPLOAD_FILE);
            queueRepositoryTask(managedRepository.getId(), new File(file, str6));
        } catch (IOException e) {
            throw new ArchivaRestServiceException("Error encountered while uploading pom file: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e);
        } catch (RepositoryAdminException e2) {
            throw new ArchivaRestServiceException("RepositoryAdmin exception: " + e2.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e2);
        } catch (RepositoryException e3) {
            throw new ArchivaRestServiceException("Repository exception: " + e3.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e3);
        }
    }

    protected void saveFile(String str, FileMetadata fileMetadata, boolean z, String str2, String str3, String str4, String str5) throws ArchivaRestServiceException {
        try {
            ManagedRepository managedRepository = this.managedRepositoryAdmin.getManagedRepository(str);
            ArtifactReference artifactReference = new ArtifactReference();
            artifactReference.setArtifactId(str3);
            artifactReference.setGroupId(str2);
            artifactReference.setVersion(str4);
            artifactReference.setClassifier(fileMetadata.getClassifier());
            artifactReference.setType(StringUtils.isEmpty(fileMetadata.getPackaging()) ? str5 : fileMetadata.getPackaging());
            ManagedRepositoryContent managedRepositoryContent = this.repositoryFactory.getManagedRepositoryContent(str);
            String path = managedRepositoryContent.toPath(artifactReference);
            int lastIndexOf = path.lastIndexOf(47);
            String substring = path.substring(0, lastIndexOf);
            File file = new File(managedRepository.getLocation(), substring);
            this.log.debug("artifactPath: {} found targetPath: {}", path, file);
            Date time = Calendar.getInstance().getTime();
            int i = -1;
            String str6 = null;
            File file2 = new File(file, "maven-metadata.xml");
            ArchivaRepositoryMetadata metadata = getMetadata(file2);
            if (VersionUtil.isSnapshot(str4)) {
                TimeZone timeZone = TimeZone.getTimeZone("UTC");
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd.HHmmss");
                simpleDateFormat.setTimeZone(timeZone);
                str6 = simpleDateFormat.format(time);
                i = metadata.getSnapshotVersion() != null ? metadata.getSnapshotVersion().getBuildNumber() + 1 : 1;
            }
            if (!file.exists()) {
                file.mkdirs();
            }
            String substring2 = path.substring(lastIndexOf + 1);
            if (VersionUtil.isSnapshot(str4)) {
                substring2 = substring2.replaceAll("SNAPSHOT", str6 + "-" + i);
            }
            boolean z2 = !this.archivaAdministration.getKnownContentConsumers().contains("create-missing-checksums");
            try {
                File file3 = new File(file, substring2);
                if (file3.exists() && !VersionUtil.isSnapshot(str4) && managedRepository.isBlockRedeployments()) {
                    throw new ArchivaRestServiceException("Overwriting released artifacts in repository '" + managedRepository.getId() + "' is not allowed.", Response.Status.BAD_REQUEST.getStatusCode(), (Throwable) null);
                }
                copyFile(new File(fileMetadata.getServerFileName()), file, substring2, z2);
                triggerAuditEvent(managedRepositoryContent.getId(), substring + "/" + substring2, AuditEvent.UPLOAD_FILE);
                queueRepositoryTask(managedRepositoryContent.getId(), file3);
                if (z) {
                    String str7 = substring2;
                    if (StringUtils.isNotEmpty(fileMetadata.getClassifier())) {
                        str7 = StringUtils.remove(str7, "-" + fileMetadata.getClassifier());
                    }
                    String str8 = FilenameUtils.removeExtension(str7) + ".pom";
                    try {
                        File createPom = createPom(file, str8, fileMetadata, str2, str3, str4, str5);
                        triggerAuditEvent(managedRepository.getId(), substring + "/" + str8, AuditEvent.UPLOAD_FILE);
                        if (z2) {
                            fixChecksums(createPom);
                        }
                        queueRepositoryTask(managedRepository.getId(), createPom);
                    } catch (IOException e) {
                        throw new ArchivaRestServiceException("Error encountered while writing pom file: " + e.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e);
                    }
                }
                if (!this.archivaAdministration.getKnownContentConsumers().contains("metadata-updater")) {
                    updateProjectMetadata(file.getAbsolutePath(), time, str6, i, z2, fileMetadata, str2, str3, str4, str5);
                    if (VersionUtil.isSnapshot(str4)) {
                        updateVersionMetadata(metadata, file2, time, str6, i, z2, fileMetadata, str2, str3, str4, str5);
                    }
                }
            } catch (IOException e2) {
                this.log.error("IOException copying file: {}", e2.getMessage(), e2);
                throw new ArchivaRestServiceException("Overwriting released artifacts in repository '" + managedRepository.getId() + "' is not allowed.", Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e2);
            }
        } catch (RepositoryAdminException e3) {
            throw new ArchivaRestServiceException("RepositoryAdmin exception: " + e3.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e3);
        } catch (RepositoryNotFoundException e4) {
            throw new ArchivaRestServiceException("Target repository cannot be found: " + e4.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e4);
        } catch (RepositoryException e5) {
            throw new ArchivaRestServiceException("Repository exception: " + e5.getMessage(), Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), e5);
        }
    }

    private ArchivaRepositoryMetadata getMetadata(File file) throws RepositoryMetadataException {
        ArchivaRepositoryMetadata archivaRepositoryMetadata = new ArchivaRepositoryMetadata();
        if (file.exists()) {
            try {
                archivaRepositoryMetadata = MavenMetadataReader.read(file);
            } catch (XMLException e) {
                throw new RepositoryMetadataException(e.getMessage(), e);
            }
        }
        return archivaRepositoryMetadata;
    }

    private File createPom(File file, String str, FileMetadata fileMetadata, String str2, String str3, String str4, String str5) throws IOException {
        Model model = new Model();
        model.setModelVersion("4.0.0");
        model.setGroupId(str2);
        model.setArtifactId(str3);
        model.setVersion(str4);
        model.setPackaging(str5);
        File file2 = new File(file, str);
        MavenXpp3Writer mavenXpp3Writer = new MavenXpp3Writer();
        FileWriter fileWriter = new FileWriter(file2);
        Throwable th = null;
        try {
            try {
                mavenXpp3Writer.write(fileWriter, model);
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                return file2;
            } finally {
            }
        } catch (Throwable th3) {
            if (fileWriter != null) {
                if (th != null) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th3;
        }
    }

    private void fixChecksums(File file) {
        new ChecksummedFile(file).fixChecksums(this.algorithms);
    }

    private void queueRepositoryTask(String str, File file) {
        RepositoryTask repositoryTask = new RepositoryTask();
        repositoryTask.setRepositoryId(str);
        repositoryTask.setResourceFile(file);
        repositoryTask.setUpdateRelatedArtifacts(true);
        repositoryTask.setScanAll(false);
        try {
            this.scheduler.queueTask(repositoryTask);
        } catch (TaskQueueException e) {
            this.log.error("Unable to queue repository task to execute consumers on resource file ['" + file.getName() + "'].");
        }
    }

    private void copyFile(File file, File file2, String str, boolean z) throws IOException {
        Files.copy(file.toPath(), new File(file2, str).toPath(), StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.COPY_ATTRIBUTES);
        if (z) {
            fixChecksums(new File(file2, str));
        }
    }

    private void updateProjectMetadata(String str, Date date, String str2, int i, boolean z, FileMetadata fileMetadata, String str3, String str4, String str5, String str6) throws RepositoryMetadataException {
        List<String> arrayList = new ArrayList();
        String str7 = str5;
        File file = new File(new File(str).getParentFile(), "maven-metadata.xml");
        ArchivaRepositoryMetadata metadata = getMetadata(file);
        if (file.exists()) {
            arrayList = metadata.getAvailableVersions();
            Collections.sort(arrayList, VersionComparator.getInstance());
            if (!arrayList.contains(str5)) {
                arrayList.add(str5);
            }
            str7 = arrayList.get(arrayList.size() - 1);
        } else {
            arrayList.add(str5);
            metadata.setGroupId(str3);
            metadata.setArtifactId(str4);
        }
        if (metadata.getGroupId() == null) {
            metadata.setGroupId(str3);
        }
        if (metadata.getArtifactId() == null) {
            metadata.setArtifactId(str4);
        }
        metadata.setLatestVersion(str7);
        metadata.setLastUpdatedTimestamp(date);
        metadata.setAvailableVersions(arrayList);
        if (!VersionUtil.isSnapshot(str5)) {
            metadata.setReleasedVersion(str7);
        }
        RepositoryMetadataWriter.write(metadata, file);
        if (z) {
            fixChecksums(file);
        }
    }

    private void updateVersionMetadata(ArchivaRepositoryMetadata archivaRepositoryMetadata, File file, Date date, String str, int i, boolean z, FileMetadata fileMetadata, String str2, String str3, String str4, String str5) throws RepositoryMetadataException {
        if (!file.exists()) {
            archivaRepositoryMetadata.setGroupId(str2);
            archivaRepositoryMetadata.setArtifactId(str3);
            archivaRepositoryMetadata.setVersion(str4);
        }
        if (archivaRepositoryMetadata.getSnapshotVersion() == null) {
            archivaRepositoryMetadata.setSnapshotVersion(new SnapshotVersion());
        }
        archivaRepositoryMetadata.getSnapshotVersion().setBuildNumber(i);
        archivaRepositoryMetadata.getSnapshotVersion().setTimestamp(str);
        archivaRepositoryMetadata.setLastUpdatedTimestamp(date);
        RepositoryMetadataWriter.write(archivaRepositoryMetadata, file);
        if (z) {
            fixChecksums(file);
        }
    }
}
