package com.evolveum.midpoint.gui.impl.util;

import com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator;
import com.evolveum.midpoint.schema.util.ReportTypeUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/evolveum/midpoint/gui/impl/util/ReportPeerQueryInterceptor.class */
public class ReportPeerQueryInterceptor extends HttpServlet {
    private static final long serialVersionUID = 7612750211021974750L;
    private static final String OPERATION_GET_REPORT = "File retrieval";
    private static final String OPERATION_DELETE_REPORT = "File deletion";
    private NodeAuthenticationEvaluator nodeAuthenticator;
    private static String MIDPOINT_HOME = System.getProperty("midpoint.home");
    private static String EXPORT_DIR = MIDPOINT_HOME + "export/";
    private static String DEFAULTMIMETYPE = "application/octet-stream";
    private static final Trace LOGGER = TraceManager.getTrace(ReportPeerQueryInterceptor.class);

    public ReportPeerQueryInterceptor(NodeAuthenticationEvaluator nodeAuthenticationEvaluator) {
        this.nodeAuthenticator = nodeAuthenticationEvaluator;
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (!checkRequest(httpServletRequest, httpServletResponse, OPERATION_GET_REPORT)) {
            return;
        }
        String fileName = getFileName(httpServletRequest);
        if (containsProhibitedQueryString(fileName).booleanValue()) {
            LOGGER.debug("Query parameter contains a prohibited character sequence. The parameter: {} ", fileName);
            httpServletResponse.setStatus(403);
            return;
        }
        String str = EXPORT_DIR + fileName;
        File file = new File(str);
        if (!isFileAndExists(file, fileName, httpServletResponse, OPERATION_GET_REPORT)) {
            return;
        }
        FileInputStream fileInputStream = new FileInputStream(str);
        String mimeType = getServletContext().getMimeType(str);
        if (mimeType == null) {
            mimeType = DEFAULTMIMETYPE;
        }
        httpServletResponse.setContentType(mimeType);
        httpServletResponse.setContentLength((int) file.length());
        httpServletResponse.setHeader("Content-Disposition", "attachment; filename=\"%s\"" + fileName);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = fileInputStream.read(bArr);
            if (read <= -1) {
                IOUtils.closeQuietly(fileInputStream);
                IOUtils.closeQuietly(outputStream);
                LOGGER.trace("The file {} has been dispatched to the client.", fileName);
                return;
            }
            outputStream.write(bArr, 0, read);
        }
    }

    protected void doDelete(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        if (checkRequest(httpServletRequest, httpServletResponse, OPERATION_DELETE_REPORT)) {
            String fileName = getFileName(httpServletRequest);
            File file = new File(EXPORT_DIR + fileName);
            if (isFileAndExists(file, fileName, httpServletResponse, OPERATION_DELETE_REPORT)) {
                file.delete();
                httpServletResponse.setStatus(204);
                LOGGER.trace("Deletion of the file {} has finished.", fileName);
            }
        }
    }

    private boolean checkRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String header = httpServletRequest.getHeader("User-Agent");
        if (!"mp-cluster-peer-client".equals(header)) {
            LOGGER.debug("Invalid user-agent: {}", header);
            httpServletResponse.setStatus(403);
            return false;
        }
        if (this.nodeAuthenticator.authenticate(httpServletRequest.getRemoteHost(), httpServletRequest.getRemoteAddr(), str)) {
            return true;
        }
        LOGGER.debug("Unknown node, host: {} ", httpServletRequest.getRemoteHost());
        httpServletResponse.setStatus(403);
        return false;
    }

    private boolean isFileAndExists(File file, String str, HttpServletResponse httpServletResponse, String str2) throws IOException {
        if (!file.exists()) {
            LOGGER.warn(str2 + " not successful. The file: {} was not found on the filesystem.", str);
            httpServletResponse.sendError(404);
            return false;
        }
        if (!file.isDirectory()) {
            return true;
        }
        LOGGER.warn(str2 + " not successful. The file is actually a directory with the name: {}. This operation is prohibited.", str);
        httpServletResponse.setStatus(403);
        return false;
    }

    private String getFileName(HttpServletRequest httpServletRequest) throws UnsupportedEncodingException {
        return URLDecoder.decode(httpServletRequest.getParameter(ReportTypeUtil.FILENAMEPARAMETER), ReportTypeUtil.URLENCODING);
    }

    protected Boolean containsProhibitedQueryString(String str) {
        return str.contains("/../");
    }
}
