package com.phloc.webscopes.servlets;

import com.phloc.commons.io.file.FilenameHelper;
import com.phloc.commons.random.VerySecureRandom;
import com.phloc.commons.regex.RegExHelper;
import com.phloc.commons.state.EContinue;
import com.phloc.commons.string.StringHelper;
import com.phloc.commons.url.URLUtils;
import com.phloc.web.servlet.request.RequestHelper;
import com.phloc.web.servlet.response.UnifiedResponse;
import com.phloc.webscopes.domain.IRequestWebScopeWithoutResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Locale;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.OverridingMethodsMustInvokeSuper;
import javax.servlet.ServletException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/phloc/webscopes/servlets/AbstractObjectDeliveryServlet.class */
public abstract class AbstractObjectDeliveryServlet extends AbstractUnifiedResponseServlet {
    protected static final String REQUEST_ATTR_OBJECT_DELIVERY_FILENAME = "$object-delivery.filename";
    private static final Logger s_aLogger = LoggerFactory.getLogger(AbstractObjectDeliveryServlet.class);
    protected static final String ETAG_VALUE_OBJECT_DELIVERY_SERVLET = '\"' + Long.toString(VerySecureRandom.getInstance().nextLong()) + '\"';
    private static final Set<String> s_aDeniedFilenames = new LinkedHashSet();
    private static final Set<String> s_aDeniedExtensions = new LinkedHashSet();
    private static final Set<String> s_aDeniedRegExs = new LinkedHashSet();
    private static final Set<String> s_aAllowedFilenames = new LinkedHashSet();
    private static final Set<String> s_aAllowedExtensions = new LinkedHashSet();
    private static final Set<String> s_aAllowedRegExs = new LinkedHashSet();
    private static boolean s_bDeniedAllExtensions = false;
    private static boolean s_bAllowedAllExtensions = false;

    @Nonnull
    private static String _unifyItem(@Nonnull String str) {
        return str.toLowerCase(Locale.US);
    }

    private static void _asSet(@Nonnull Set<String> set, @Nullable String str, boolean z) {
        if (StringHelper.hasText(str)) {
            Iterator it = StringHelper.getExploded(',', str).iterator();
            while (it.hasNext()) {
                String trim = ((String) it.next()).trim();
                if (z) {
                    trim = _unifyItem(trim);
                }
                if (StringHelper.hasText(trim)) {
                    set.add(trim);
                }
            }
        }
    }

    @Override // com.phloc.webscopes.servlet.AbstractScopeAwareHttpServlet
    @OverridingMethodsMustInvokeSuper
    protected final void onInit() {
        _asSet(s_aDeniedFilenames, getInitParameter("deniedFilenames"), false);
        _asSet(s_aDeniedExtensions, getInitParameter("deniedExtensions"), true);
        _asSet(s_aDeniedRegExs, getInitParameter("deniedRegExs"), false);
        s_bDeniedAllExtensions = s_aDeniedExtensions.contains("*");
        _asSet(s_aAllowedFilenames, getInitParameter("allowedFilenames"), false);
        _asSet(s_aAllowedExtensions, getInitParameter("allowedExtensions"), true);
        _asSet(s_aAllowedRegExs, getInitParameter("allowedRegExs"), false);
        s_bAllowedAllExtensions = s_aAllowedExtensions.contains("*");
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("Settings: deniedFilenames=" + s_aDeniedFilenames + "; deniedExtensions=" + s_aDeniedExtensions + "; deniedRegExs=" + s_aDeniedRegExs + "; allowedFilenames=" + s_aAllowedFilenames + "; allowedExtension=" + s_aAllowedExtensions + "; allowedRegExs=" + s_aAllowedRegExs);
        }
        if (s_bDeniedAllExtensions) {
            s_aLogger.warn("All extensions are denied. This means that this servlet will not deliver any resource!");
        } else if (s_aAllowedFilenames.isEmpty() && s_aAllowedExtensions.isEmpty() && s_aAllowedRegExs.isEmpty()) {
            s_aLogger.warn("No allowance rules are defined. This means that this servlet will not deliver any resource!");
        }
    }

    private static boolean _isValidFilename(@Nullable String str) {
        String withoutPath = FilenameHelper.getWithoutPath(str);
        String _unifyItem = _unifyItem(FilenameHelper.getExtension(withoutPath));
        if (s_aDeniedFilenames.contains(withoutPath)) {
            if (!s_aLogger.isDebugEnabled()) {
                return false;
            }
            s_aLogger.debug("Denied object with name '" + withoutPath + "' because it is in the denied filenames list");
            return false;
        }
        if (s_bDeniedAllExtensions || s_aDeniedExtensions.contains(_unifyItem)) {
            if (!s_aLogger.isDebugEnabled()) {
                return false;
            }
            s_aLogger.debug("Denied object with name '" + withoutPath + "' because it is in the denied extension list");
            return false;
        }
        if (!s_aDeniedRegExs.isEmpty()) {
            Iterator<String> it = s_aDeniedRegExs.iterator();
            while (it.hasNext()) {
                if (RegExHelper.stringMatchesPattern(it.next(), withoutPath)) {
                    if (!s_aLogger.isDebugEnabled()) {
                        return false;
                    }
                    s_aLogger.debug("Denied object with name '" + withoutPath + "' because it is in the denied regex list");
                    return false;
                }
            }
        }
        if (s_aAllowedFilenames.contains(withoutPath)) {
            if (!s_aLogger.isDebugEnabled()) {
                return true;
            }
            s_aLogger.debug("Allowed object with name '" + withoutPath + "' because it is in the allowed filenames list");
            return true;
        }
        if (s_bAllowedAllExtensions || s_aAllowedExtensions.contains(_unifyItem)) {
            if (!s_aLogger.isDebugEnabled()) {
                return true;
            }
            s_aLogger.debug("Allowed object with name '" + withoutPath + "' because it is in the allowed extension list");
            return true;
        }
        if (!s_aAllowedRegExs.isEmpty()) {
            Iterator<String> it2 = s_aAllowedRegExs.iterator();
            while (it2.hasNext()) {
                if (RegExHelper.stringMatchesPattern(it2.next(), withoutPath)) {
                    if (!s_aLogger.isDebugEnabled()) {
                        return true;
                    }
                    s_aLogger.debug("Allowed object with name '" + withoutPath + "' because it is in the allowed regex list");
                    return true;
                }
            }
        }
        if (!s_aLogger.isDebugEnabled()) {
            return false;
        }
        s_aLogger.debug("Denied object with name '" + withoutPath + "' because it is neither denied nor allowed");
        return false;
    }

    private static boolean _isPossibleDirectoryTraversalRequest(@Nonnull String str) {
        return str.indexOf("/..") >= 0 || str.indexOf("../") >= 0 || str.indexOf("\\..") >= 0 || str.indexOf("..\\") >= 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.phloc.webscopes.servlets.AbstractUnifiedResponseServlet
    @OverridingMethodsMustInvokeSuper
    public EContinue initRequestState(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse) {
        String urlDecode = URLUtils.urlDecode(RequestHelper.getPathWithinServlet(iRequestWebScopeWithoutResponse.getRequest()));
        if (!StringHelper.hasNoText(urlDecode) && _isValidFilename(urlDecode) && !_isPossibleDirectoryTraversalRequest(urlDecode)) {
            iRequestWebScopeWithoutResponse.setAttribute(REQUEST_ATTR_OBJECT_DELIVERY_FILENAME, StringHelper.trimStart(urlDecode, "/"));
            return EContinue.CONTINUE;
        }
        s_aLogger.warn("Illegal delivery request '" + urlDecode + "'");
        unifiedResponse.setStatus(404);
        return EContinue.BREAK;
    }

    @Override // com.phloc.webscopes.servlets.AbstractUnifiedResponseServlet
    @Nullable
    protected final String getSupportedETag(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse) {
        return ETAG_VALUE_OBJECT_DELIVERY_SERVLET;
    }

    protected abstract void onDeliverResource(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse, @Nonnull String str) throws IOException;

    @Override // com.phloc.webscopes.servlets.AbstractUnifiedResponseServlet
    protected void handleRequest(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse) throws ServletException, IOException {
        String attributeAsString = iRequestWebScopeWithoutResponse.getAttributeAsString(REQUEST_ATTR_OBJECT_DELIVERY_FILENAME);
        onDeliverResource(iRequestWebScopeWithoutResponse, unifiedResponse, attributeAsString);
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("Delivered object with name '" + attributeAsString + "'");
        }
    }
}
