package com.evolveum.midpoint.gui.impl.util;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.security.MidPointApplication;
import com.evolveum.midpoint.web.security.WebApplicationConfiguration;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NodeType;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URLDecoder;
import java.util.Iterator;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/gui/impl/util/ReportPeerQueryInterceptor.class */
public class ReportPeerQueryInterceptor extends HttpServlet {
    private static final long serialVersionUID = 7612750211021974750L;
    private static String MIDPOINT_HOME = System.getProperty(WebApplicationConfiguration.MIDPOINT_HOME);
    private static String EXPORT_DIR = MIDPOINT_HOME + "export/";
    private static String HEADER_USERAGENT = "mp-cluster-peer-client";
    private static String DEFAULTMIMETYPE = "application/octet-stream";
    private static String FILENAMEPARAMETER = "fname";
    private static String URLENCODING = "UTF-8";
    private static final String INTERCEPTOR_CLASS = ReportPeerQueryInterceptor.class.getName() + ".";
    private static final String OPERATION_LIST_NODES = INTERCEPTOR_CLASS + "listNodes";
    private static final Trace LOGGER = TraceManager.getTrace(ReportPeerQueryInterceptor.class);

    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("User-Agent");
        String remoteHost = httpServletRequest.getRemoteHost();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String decode = URLDecoder.decode(httpServletRequest.getParameter(FILENAMEPARAMETER), URLENCODING);
        if (!HEADER_USERAGENT.equals(header)) {
            LOGGER.debug("Invalid user-agent: {}", header);
            httpServletResponse.setStatus(403);
            return;
        }
        if (!isKnownNode(remoteHost, remoteAddr, "File retrieval").booleanValue()) {
            LOGGER.debug("Unknown node, host: {} ", remoteHost);
            httpServletResponse.setStatus(403);
            return;
        }
        if (containsProhibitedQueryString(decode).booleanValue()) {
            LOGGER.debug("Query parameter contains a prohibited character sequence. The parameter: {} ", decode);
            httpServletResponse.setStatus(403);
            return;
        }
        String str = EXPORT_DIR + decode;
        File file = new File(str);
        if (!file.exists()) {
            LOGGER.warn("Download operation not successful. The file: {} was not found on the filesystem", decode);
            httpServletResponse.setStatus(404);
            return;
        }
        if (file.isDirectory()) {
            LOGGER.warn("Download operation not successful. Attempt to download a directory with the name: {} this operation is prohibited", decode);
            httpServletResponse.setStatus(403);
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        String mimeType = getServletContext().getMimeType(str);
        if (mimeType == null) {
            mimeType = DEFAULTMIMETYPE;
        }
        httpServletResponse.setContentType(mimeType);
        httpServletResponse.setContentLength((int) file.length());
        httpServletResponse.setHeader("Content-Disposition", "attachment; filename=\"%s\"" + decode);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read <= -1) {
                IOUtils.closeQuietly((InputStream) fileInputStream);
                IOUtils.closeQuietly((OutputStream) outputStream);
                LOGGER.trace("The file {} has been dispatched to the client.", decode);
                return;
            }
            outputStream.write(bArr, 0, read);
        }
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("User-Agent");
        String remoteHost = httpServletRequest.getRemoteHost();
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (!HEADER_USERAGENT.equals(header)) {
            LOGGER.debug("Invalid user-agent: {}", header);
            httpServletResponse.setStatus(403);
            return;
        }
        if (!isKnownNode(remoteHost, remoteAddr, "File deletion").booleanValue()) {
            LOGGER.debug("Unknown node, host: {} ", remoteHost);
            httpServletResponse.setStatus(403);
            return;
        }
        String decode = URLDecoder.decode(httpServletRequest.getParameter(FILENAMEPARAMETER), URLENCODING);
        File file = new File(EXPORT_DIR + decode);
        if (!file.exists()) {
            LOGGER.warn("Delete operation not successful. The file: {} was not found on the filesystem.", decode);
            httpServletResponse.sendError(404);
        } else if (file.isDirectory()) {
            LOGGER.warn("Delete operation not successful. Attempt to Delete a directory with the name: {}. This operation is prohibited.", decode);
            httpServletResponse.setStatus(403);
        } else {
            file.delete();
            httpServletResponse.setStatus(204);
        }
        LOGGER.trace("Deletion of the file {} has finished.", decode);
    }

    private RepositoryService getRepositoryService() {
        return MidPointApplication.get().getRepositoryService();
    }

    protected TaskManager getTaskManager() {
        return MidPointApplication.get().getTaskManager();
    }

    private Boolean isKnownNode(String str, String str2, String str3) {
        LOGGER.debug("Checking if {} is a known node", str);
        try {
            Iterator<T> it = getRepositoryService().searchObjects(NodeType.class, null, null, new OperationResult(OPERATION_LIST_NODES)).iterator();
            while (it.hasNext()) {
                NodeType nodeType = (NodeType) ((PrismObject) it.next()).asObjectable();
                if (str != null && str.equalsIgnoreCase(nodeType.getHostname())) {
                    LOGGER.trace("The node {} was recognized as a known node (remote host name {} matched). Attempting to execute the requested operation: {} ", nodeType.getName(), nodeType.getHostname(), str3);
                    return true;
                }
                if (nodeType.getIpAddress().contains(str2)) {
                    LOGGER.trace("The node {} was recognized as a known node (remote host address {} matched). Attempting to execute the requested operation: {} ", nodeType.getName(), str2, str3);
                    return true;
                }
            }
        } catch (SchemaException | RuntimeException e) {
            LOGGER.error("Unhandled exception when listing nodes");
            LoggingUtils.logUnexpectedException(LOGGER, "Unhandled exception when listing nodes", e, new Object[0]);
        }
        return false;
    }

    protected Boolean containsProhibitedQueryString(String str) {
        return str.contains("/../");
    }
}
