package org.gridlab.gridsphere.servlets;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.text.DateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.TimeZone;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oro.text.perl.Perl5Util;

/* loaded from: input_file:org/gridlab/gridsphere/servlets/SecureDirectory.class */
public class SecureDirectory extends HttpServlet {
    public static final String SECURE_CONTEXT = "secure";
    public static final String SECURE_CONTEXT_PATH = "/WEB-INF/secure";
    public static final String GUEST_SECUREDIR = "GUEST";
    private static final int BUFFER_SIZE = 8192;
    private static final boolean DEBUG = true;
    private static final int EXPIRES = 15;
    private static String secureDirPath;
    private static boolean strongProtection = true;
    private static boolean inited = false;
    private Perl5Util util = new Perl5Util();
    private DateFormat dateFormat = null;

    public void init() throws ServletException {
        if (!inited) {
            secureDirPath = getServletContext().getRealPath(SECURE_CONTEXT_PATH);
            strongProtection = Boolean.valueOf(getInitParameter("strongProtection")).booleanValue();
            File file = new File(secureDirPath);
            if (secureDirPath == null || !file.isDirectory()) {
                log(new StringBuffer().append("Initialization problem, please check if ").append(getServletContext().getRealPath(SECURE_CONTEXT_PATH)).append(" exists and if it is directory !!!").toString());
            } else {
                inited = true;
                log(new StringBuffer().append("Initialization OK (Strong protection ").append(strongProtection ? "enabled" : "DISABLED (better enable it check web.xml) !!!").append("). Setting secureDirPath to ").append(secureDirPath).toString());
            }
        }
        this.dateFormat = DateFormat.getDateInstance();
        this.dateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str = (String) httpServletRequest.getSession().getAttribute("org.gridlab.gridsphere.portlet.User");
        if (!inited) {
            httpServletResponse.setStatus(503);
            return;
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str2 = null;
        String str3 = null;
        boolean z = false;
        while (parameterNames.hasMoreElements()) {
            String str4 = (String) parameterNames.nextElement();
            if (!this.util.match("/(.+_)?saveAs/", str4)) {
                if (!this.util.match("/(.+_)?contentType/", str4)) {
                    if (this.util.match("/(.+_)?shared/", str4)) {
                        if (httpServletRequest.getParameter(str4).equals("true")) {
                            z = DEBUG;
                        }
                        if (str2 != null && str3 != null) {
                            break;
                        }
                    } else {
                        continue;
                    }
                } else {
                    str3 = httpServletRequest.getParameter(str4);
                    if (str2 != null && z) {
                        break;
                    }
                }
            } else {
                str2 = httpServletRequest.getParameter(str4);
                if (str3 != null && z) {
                    break;
                }
            }
        }
        if (str == null || str.equals("") || z) {
            log(new StringBuffer().append("No userID - request redirected to GUEST. Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
            str = GUEST_SECUREDIR;
        }
        String stringBuffer = new StringBuffer().append(secureDirPath).append("/").append(str).toString();
        if (!new File(stringBuffer).isDirectory()) {
            log(new StringBuffer().append("Request blocked (userDirPath=").append(stringBuffer).append(" is not directory) !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
            httpServletResponse.setStatus(403);
            return;
        }
        String substitute = this.util.substitute(new StringBuffer().append("s!").append(httpServletRequest.getContextPath()).append(httpServletRequest.getServletPath()).append("!!").toString(), httpServletRequest.getRequestURI());
        File file = new File(new StringBuffer().append(stringBuffer).append(substitute).toString());
        if (!file.canRead() || file.isDirectory()) {
            log(new StringBuffer().append("Request blocked (Not found, resource=").append(stringBuffer).append(substitute).append(") !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
            httpServletResponse.setStatus(404);
            return;
        }
        if (str3 == null) {
            str3 = getServletContext().getMimeType(substitute);
        }
        setHeaders(httpServletRequest, httpServletResponse, str2, str3, file.length());
        OutputStream outputStream = httpServletResponse.getOutputStream();
        FileInputStream fileInputStream = new FileInputStream(file);
        rewrite(fileInputStream, outputStream);
        fileInputStream.close();
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        log(new StringBuffer().append("Request blocked (POST request) !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
        httpServletResponse.setStatus(403);
    }

    private void setHeaders(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, long j) {
        if (str != null) {
            httpServletResponse.setContentType("application/octet-stream");
            httpServletResponse.setHeader("Content-Disposition", new StringBuffer().append("attachment; filename=").append(str).toString());
        } else {
            if (str2 == null) {
                str2 = "application/octet-stream";
            }
            httpServletResponse.setContentType(str2);
        }
        httpServletResponse.setHeader("Content-Length", new Long(j).toString());
        if (strongProtection) {
            httpServletResponse.setHeader("Cache-Control", "no-store");
        } else {
            httpServletResponse.setHeader("Cache-Control", "private, must-revalidate");
            httpServletResponse.setHeader("Expires", this.dateFormat.format(new Date(new Date().getTime() + 15000)));
        }
        httpServletResponse.setHeader("Pragma", "no-cache");
    }

    public long getLastModified(HttpServletRequest httpServletRequest) {
        if (Calendar.getInstance().getTimeInMillis() > 0) {
            return Calendar.getInstance().getTimeInMillis();
        }
        String str = (String) httpServletRequest.getSession().getAttribute("org.gridlab.gridsphere.portlet.User");
        if (str == null || str.equals("")) {
            log(new StringBuffer().append("LastModifiedRequest blocked (userID=").append(str).append(") !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
            return Calendar.getInstance().getTimeInMillis();
        }
        if (!inited) {
            return Calendar.getInstance().getTimeInMillis();
        }
        String stringBuffer = new StringBuffer().append(secureDirPath).append("/").append(str).toString();
        if (!new File(stringBuffer).isDirectory()) {
            log(new StringBuffer().append("LastModifiedRequest blocked (userDirPath=").append(stringBuffer).append(" is not directory) !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
            return Calendar.getInstance().getTimeInMillis();
        }
        String substitute = this.util.substitute(new StringBuffer().append("s!").append(httpServletRequest.getContextPath()).append(httpServletRequest.getServletPath()).append("!!").toString(), httpServletRequest.getRequestURI());
        File file = new File(new StringBuffer().append(stringBuffer).append(substitute).toString());
        if (file.exists()) {
            return file.lastModified();
        }
        log(new StringBuffer().append("LastModifiedRequest blocked (Not found, resource=").append(stringBuffer).append(substitute).append(") !!! Request: ").append(httpServletRequest.getRequestURI()).append("\nIP: ").append(httpServletRequest.getRemoteAddr()).append("\n").toString());
        return new Date().getTime();
    }

    private void rewrite(InputStream inputStream, OutputStream outputStream) throws IOException {
        byte[] bArr = new byte[BUFFER_SIZE];
        while (true) {
            int read = inputStream.read(bArr);
            if (read < 0) {
                return;
            } else {
                outputStream.write(bArr, 0, read);
            }
        }
    }
}
