package org.apache.wiki.attachment;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.SocketException;
import java.security.Principal;
import java.util.Properties;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.log4j.Logger;
import org.apache.wiki.api.core.Context;
import org.apache.wiki.api.core.ContextEnum;
import org.apache.wiki.api.core.Engine;
import org.apache.wiki.api.core.Page;
import org.apache.wiki.api.exceptions.ProviderException;
import org.apache.wiki.api.exceptions.RedirectException;
import org.apache.wiki.api.exceptions.WikiException;
import org.apache.wiki.api.spi.Wiki;
import org.apache.wiki.auth.AuthorizationManager;
import org.apache.wiki.auth.permissions.PagePermission;
import org.apache.wiki.auth.permissions.PermissionFactory;
import org.apache.wiki.i18n.InternationalizationManager;
import org.apache.wiki.preferences.Preferences;
import org.apache.wiki.ui.progress.ProgressItem;
import org.apache.wiki.util.HttpUtil;
import org.apache.wiki.util.TextUtil;
import org.apache.wiki.variables.VariableManager;

/* loaded from: input_file:WEB-INF/lib/jspwiki-main-2.11.0.M7.jar:org/apache/wiki/attachment/AttachmentServlet.class */
public class AttachmentServlet extends HttpServlet {
    private static final int BUFFER_SIZE = 8192;
    private static final long serialVersionUID = 3257282552187531320L;
    private Engine m_engine;
    private static final Logger log = Logger.getLogger(AttachmentServlet.class);
    private static final String HDR_VERSION = "version";
    protected static final long DEFAULT_EXPIRY = 86400000;
    private int m_maxSize = Integer.MAX_VALUE;
    private String[] m_allowedPatterns;
    private String[] m_forbiddenPatterns;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/jspwiki-main-2.11.0.M7.jar:org/apache/wiki/attachment/AttachmentServlet$UploadListener.class */
    public static class UploadListener extends ProgressItem implements ProgressListener {
        public long m_currentBytes;
        public long m_totalBytes;

        private UploadListener() {
        }

        @Override // org.apache.commons.fileupload.ProgressListener
        public void update(long j, long j2, int i) {
            this.m_currentBytes = j;
            this.m_totalBytes = j2;
        }

        @Override // org.apache.wiki.ui.progress.ProgressItem
        public int getProgress() {
            return (int) (((((float) this.m_currentBytes) / ((float) this.m_totalBytes)) * 100.0f) + 0.5d);
        }
    }

    @Override // javax.servlet.GenericServlet, javax.servlet.Servlet
    public void init(ServletConfig servletConfig) throws ServletException {
        this.m_engine = Wiki.engine().find(servletConfig);
        Properties wikiProperties = this.m_engine.getWikiProperties();
        String str = this.m_engine.getWorkDir() + File.separator + "attach-tmp";
        String stringProperty = TextUtil.getStringProperty(wikiProperties, AttachmentManager.PROP_ALLOWEDEXTENSIONS, null);
        this.m_maxSize = TextUtil.getIntegerProperty(wikiProperties, AttachmentManager.PROP_MAXSIZE, Integer.MAX_VALUE);
        if (stringProperty == null || stringProperty.length() <= 0) {
            this.m_allowedPatterns = new String[0];
        } else {
            this.m_allowedPatterns = stringProperty.toLowerCase().split("\\s");
        }
        String stringProperty2 = TextUtil.getStringProperty(wikiProperties, AttachmentManager.PROP_FORBIDDENEXTENSIONS, null);
        if (stringProperty2 == null || stringProperty2.length() <= 0) {
            this.m_forbiddenPatterns = new String[0];
        } else {
            this.m_forbiddenPatterns = stringProperty2.toLowerCase().split("\\s");
        }
        File file = new File(str);
        if (!file.exists()) {
            file.mkdirs();
        } else if (!file.isDirectory()) {
            log.fatal("A file already exists where the temporary dir is supposed to be: " + str + ".  Please remove it.");
        }
        log.debug("UploadServlet initialized. Using " + str + " for temporary storage.");
    }

    private boolean isTypeAllowed(String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < this.m_forbiddenPatterns.length; i++) {
            if (lowerCase.endsWith(this.m_forbiddenPatterns[i]) && this.m_forbiddenPatterns[i].length() > 0) {
                return false;
            }
        }
        for (int i2 = 0; i2 < this.m_allowedPatterns.length; i2++) {
            if (lowerCase.endsWith(this.m_allowedPatterns[i2]) && this.m_allowedPatterns[i2].length() > 0) {
                return true;
            }
        }
        return this.m_allowedPatterns.length == 0;
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doOptions(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader(HttpHeaders.ALLOW, "GET, PUT, POST, OPTIONS, PROPFIND, PROPPATCH, MOVE, COPY, DELETE");
        httpServletResponse.setStatus(200);
    }

    /* JADX WARN: Failed to calculate best type for var: r18v4 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r19v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 18, insn: 0x0335: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r18 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:111:0x0335 */
    /* JADX WARN: Not initialized variable reg: 19, insn: 0x033a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r19 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:113:0x033a */
    /* JADX WARN: Type inference failed for: r18v4, types: [java.io.OutputStream] */
    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable] */
    @Override // javax.servlet.http.HttpServlet
    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        ?? r18;
        ?? r19;
        Context create = Wiki.context().create(this.m_engine, httpServletRequest, ContextEnum.PAGE_ATTACH.getRequestContext());
        AttachmentManager attachmentManager = (AttachmentManager) this.m_engine.getManager(AttachmentManager.class);
        AuthorizationManager authorizationManager = (AuthorizationManager) this.m_engine.getManager(AuthorizationManager.class);
        String parameter = httpServletRequest.getParameter("version");
        String parameter2 = httpServletRequest.getParameter("nextpage");
        String name = create.getPage().getName();
        int i = -1;
        if (name == null) {
            log.info("Invalid attachment name.");
            httpServletResponse.sendError(400);
            return;
        }
        try {
            try {
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                Throwable th = null;
                log.debug("Attempting to download att " + name + ", version " + parameter);
                if (parameter != null) {
                    i = Integer.parseInt(parameter);
                }
                org.apache.wiki.api.core.Attachment attachmentInfo = attachmentManager.getAttachmentInfo(name, i);
                if (attachmentInfo != null) {
                    if (!authorizationManager.checkPermission(create.getWikiSession(), PermissionFactory.getPagePermission(attachmentInfo, "view"))) {
                        log.debug("User does not have permission for this");
                        httpServletResponse.sendError(403);
                        if (outputStream != null) {
                            if (0 == 0) {
                                outputStream.close();
                                return;
                            }
                            try {
                                outputStream.close();
                                return;
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                                return;
                            }
                        }
                        return;
                    }
                    if (HttpUtil.checkFor304(httpServletRequest, attachmentInfo.getName(), attachmentInfo.getLastModified())) {
                        log.debug("Client has latest version already, sending 304...");
                        httpServletResponse.sendError(304);
                        if (outputStream != null) {
                            if (0 == 0) {
                                outputStream.close();
                                return;
                            }
                            try {
                                outputStream.close();
                                return;
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                                return;
                            }
                        }
                        return;
                    }
                    httpServletResponse.setContentType(getMimeType(create, attachmentInfo.getFileName()));
                    httpServletResponse.addHeader(HttpHeaders.CONTENT_DISPOSITION, "inline; filename=\"" + attachmentInfo.getFileName() + "\";");
                    httpServletResponse.addDateHeader(HttpHeaders.LAST_MODIFIED, attachmentInfo.getLastModified().getTime());
                    if (!attachmentInfo.isCacheable()) {
                        httpServletResponse.addHeader("Pragma", "no-cache");
                        httpServletResponse.addHeader("Cache-control", "no-cache");
                    }
                    if (attachmentInfo.getSize() >= 0) {
                        httpServletResponse.setContentLength((int) attachmentInfo.getSize());
                    }
                    InputStream attachmentStream = attachmentManager.getAttachmentStream(create, attachmentInfo);
                    Throwable th4 = null;
                    try {
                        try {
                            byte[] bArr = new byte[8192];
                            while (true) {
                                int read = attachmentStream.read(bArr);
                                if (read <= -1) {
                                    break;
                                } else {
                                    outputStream.write(bArr, 0, read);
                                }
                            }
                            if (attachmentStream != null) {
                                if (0 != 0) {
                                    try {
                                        attachmentStream.close();
                                    } catch (Throwable th5) {
                                        th4.addSuppressed(th5);
                                    }
                                } else {
                                    attachmentStream.close();
                                }
                            }
                            if (log.isDebugEnabled()) {
                                log.debug("Attachment " + attachmentInfo.getFileName() + " sent to " + httpServletRequest.getRemoteUser() + " on " + HttpUtil.getRemoteAddress(httpServletRequest));
                            }
                            if (parameter2 != null) {
                                httpServletResponse.sendRedirect(validateNextPage(TextUtil.urlEncodeUTF8(parameter2), this.m_engine.getURL(ContextEnum.WIKI_ERROR.getRequestContext(), "", null)));
                            }
                        } catch (Throwable th6) {
                            th4 = th6;
                            throw th6;
                        }
                    } catch (Throwable th7) {
                        if (attachmentStream != null) {
                            if (th4 != null) {
                                try {
                                    attachmentStream.close();
                                } catch (Throwable th8) {
                                    th4.addSuppressed(th8);
                                }
                            } else {
                                attachmentStream.close();
                            }
                        }
                        throw th7;
                    }
                } else {
                    String str = "Attachment '" + name + "', version " + i + " does not exist.";
                    log.info(str);
                    httpServletResponse.sendError(404, str);
                }
                if (outputStream != null) {
                    if (0 != 0) {
                        try {
                            outputStream.close();
                        } catch (Throwable th9) {
                            th.addSuppressed(th9);
                        }
                    } else {
                        outputStream.close();
                    }
                }
            } catch (Throwable th10) {
                if (r18 != 0) {
                    if (r19 != 0) {
                        try {
                            r18.close();
                        } catch (Throwable th11) {
                            r19.addSuppressed(th11);
                        }
                    } else {
                        r18.close();
                    }
                }
                throw th10;
            }
        } catch (IOException e) {
            log.debug("I/O exception during download", e);
            sendError(httpServletResponse, "Error: " + e.getMessage());
        } catch (NumberFormatException e2) {
            log.warn("Invalid version number: " + parameter);
            httpServletResponse.sendError(400, "Invalid version number");
        } catch (SocketException e3) {
            log.debug("I/O exception during download", e3);
        } catch (ProviderException e4) {
            log.debug("Provider failed while reading", e4);
            sendError(httpServletResponse, "Provider error: " + e4.getMessage());
        }
    }

    void sendError(HttpServletResponse httpServletResponse, String str) throws IOException {
        try {
            httpServletResponse.sendError(500, str);
        } catch (IllegalStateException e) {
        }
    }

    private static String getMimeType(Context context, String str) {
        ServletContext servletContext;
        String str2 = null;
        HttpServletRequest httpRequest = context.getHttpRequest();
        if (httpRequest != null && (servletContext = httpRequest.getSession().getServletContext()) != null) {
            str2 = servletContext.getMimeType(str.toLowerCase());
        }
        if (str2 == null) {
            str2 = "application/binary";
        }
        return str2;
    }

    @Override // javax.servlet.http.HttpServlet
    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            String upload = upload(httpServletRequest);
            httpServletRequest.getSession().removeAttribute(VariableManager.VAR_MSG);
            httpServletResponse.sendRedirect(upload);
        } catch (RedirectException e) {
            Wiki.session().find(this.m_engine, httpServletRequest).addMessage(e.getMessage());
            httpServletRequest.getSession().setAttribute(VariableManager.VAR_MSG, e.getMessage());
            httpServletResponse.sendRedirect(e.getRedirect());
        }
    }

    private String validateNextPage(String str, String str2) {
        if (str.contains("://") && !str.startsWith(this.m_engine.getBaseURL())) {
            log.warn("Detected phishing attempt by redirecting to an unsecure location: " + str);
            str = str2;
        }
        return str;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0143, code lost:
    
        switch(r28) {
            case 0: goto L27;
            case 1: goto L30;
            case 2: goto L33;
            default: goto L34;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x015c, code lost:
    
        r22 = r0.getString("UTF-8");
        r0 = r22.indexOf("/");
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x0173, code lost:
    
        if (r0 == (-1)) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0176, code lost:
    
        r22 = r22.substring(0, r0);
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0183, code lost:
    
        r23 = r0.getString("UTF-8");
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x0190, code lost:
    
        if (r23 == null) goto L34;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x0193, code lost:
    
        r23 = org.apache.wiki.util.TextUtil.replaceEntities(r23);
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x019d, code lost:
    
        r15 = validateNextPage(r0.getString("UTF-8"), r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected java.lang.String upload(javax.servlet.http.HttpServletRequest r11) throws org.apache.wiki.api.exceptions.RedirectException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 903
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wiki.attachment.AttachmentServlet.upload(javax.servlet.http.HttpServletRequest):java.lang.String");
    }

    protected boolean executeUpload(Context context, InputStream inputStream, String str, String str2, String str3, String str4, long j) throws RedirectException, IOException, ProviderException {
        boolean z = false;
        try {
            String validateFileName = AttachmentManager.validateFileName(str);
            if (!context.hasAdminPermissions()) {
                if (j > this.m_maxSize) {
                    throw new RedirectException("File exceeds maximum size (" + this.m_maxSize + " bytes)", str2);
                }
                if (!isTypeAllowed(validateFileName)) {
                    throw new RedirectException("Files of this type may not be uploaded to this wiki", str2);
                }
            }
            Principal currentUser = context.getCurrentUser();
            AttachmentManager attachmentManager = (AttachmentManager) this.m_engine.getManager(AttachmentManager.class);
            log.debug("file=" + validateFileName);
            if (inputStream == null) {
                log.error("File could not be opened.");
                throw new RedirectException("File could not be opened.", str2);
            }
            org.apache.wiki.api.core.Attachment attachmentInfo = attachmentManager.getAttachmentInfo(context.getPage().getName());
            if (attachmentInfo == null) {
                attachmentInfo = new Attachment(this.m_engine, str3, validateFileName);
                z = true;
            }
            attachmentInfo.setSize(j);
            if (!((AuthorizationManager) this.m_engine.getManager(AuthorizationManager.class)).checkPermission(context.getWikiSession(), PermissionFactory.getPagePermission(attachmentInfo, PagePermission.UPLOAD_ACTION))) {
                throw new RedirectException("No permission to upload a file", str2);
            }
            if (currentUser != null) {
                attachmentInfo.setAuthor(currentUser.getName());
            }
            if (str4 != null && str4.length() > 0) {
                attachmentInfo.setAttribute(Page.CHANGENOTE, str4);
            }
            try {
                ((AttachmentManager) this.m_engine.getManager(AttachmentManager.class)).storeAttachment(attachmentInfo, inputStream);
                log.info("User " + currentUser + " uploaded attachment to " + str3 + " called " + validateFileName + ", size " + attachmentInfo.getSize());
                return z;
            } catch (ProviderException e) {
                throw new ProviderException(Preferences.getBundle(context, InternationalizationManager.CORE_BUNDLE).getString(e.getMessage()));
            }
        } catch (WikiException e2) {
            throw new RedirectException(Preferences.getBundle(context, InternationalizationManager.CORE_BUNDLE).getString(e2.getMessage()), str2);
        }
    }
}
