package org.apache.maven.continuum.web.servlet;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.maven.continuum.configuration.ConfigurationService;
import org.apache.maven.continuum.utils.PlexusContainerManager;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
import org.codehaus.plexus.util.IOUtil;
import org.codehaus.plexus.util.StringUtils;

/* loaded from: input_file:org/apache/maven/continuum/web/servlet/RepositoryBrowseServlet.class */
public class RepositoryBrowseServlet extends HttpServlet {
    private ConfigurationService configuration;

    public void init(ServletConfig servletConfig) throws ServletException {
        super/*javax.servlet.GenericServlet*/.init(servletConfig);
        try {
            this.configuration = (ConfigurationService) PlexusContainerManager.getInstance().getContainer().lookup(ConfigurationService.ROLE);
        } catch (ComponentLookupException e) {
            throw new ServletException("Unable to get configuration service", e);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        File file = getFile(httpServletRequest);
        if (file.exists()) {
            doDownload(httpServletResponse, file);
        } else {
            httpServletResponse.sendError(404);
        }
    }

    private File getFile(HttpServletRequest httpServletRequest) {
        String cleanUrl = cleanUrl(StringUtils.isNotEmpty(httpServletRequest.getPathInfo()) ? httpServletRequest.getPathInfo().substring(1) : "");
        if (cleanUrl.indexOf("..") >= 0 || cleanUrl.startsWith("/")) {
            throw new IllegalArgumentException(new StringBuffer().append("file ").append(cleanUrl).append(" isn't allowed.").toString());
        }
        return new File(this.configuration.getDeploymentRepositoryDirectory(), cleanUrl);
    }

    protected long getLastModified(HttpServletRequest httpServletRequest) {
        File file = getFile(httpServletRequest);
        return file.exists() ? file.lastModified() : super.getLastModified(httpServletRequest);
    }

    public String getServletInfo() {
        return new StringBuffer().append(getClass().getName()).append(" by Continuum Team").toString();
    }

    private void doDownload(HttpServletResponse httpServletResponse, File file) throws IOException {
        if (!file.isFile()) {
            httpServletResponse.sendError(403);
            return;
        }
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        String mimeType = getServletConfig().getServletContext().getMimeType(file.getName());
        if (mimeType == null) {
            mimeType = "application/octet-stream";
        }
        httpServletResponse.setContentType(mimeType);
        if (!mimeType.startsWith("text/")) {
            httpServletResponse.setHeader("Content-Disposition", new StringBuffer().append("attachement; filename=\"").append(file.getName()).append("\"").toString());
        }
        IOUtil.copy(new FileInputStream(file), outputStream);
    }

    private String cleanUrl(String str) {
        if (str == null) {
            throw new NullPointerException("The url cannot be null.");
        }
        String str2 = "";
        int i = -1;
        if (str.indexOf("../") > 1) {
            str2 = "/";
            i = str.indexOf("../");
        }
        if (str.indexOf("..\\") > 1) {
            str2 = "\\";
            i = str.indexOf("..\\");
        }
        String str3 = str;
        if (i > 1) {
            int lastIndexOf = str.substring(0, i - 1).lastIndexOf(str2);
            str3 = new StringBuffer().append(lastIndexOf >= 0 ? str.substring(0, lastIndexOf) : "").append(str2).append(str.substring(i + 3)).toString();
            if (str3.indexOf("../") > 1 || str3.indexOf("..\\") > 1) {
                str3 = cleanUrl(str3);
            }
        }
        return str3;
    }
}
