package com.helger.photon.core.servlet;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.collection.ext.CommonsLinkedHashSet;
import com.helger.commons.collection.ext.ICommonsOrderedSet;
import com.helger.commons.io.file.FilenameHelper;
import com.helger.commons.random.RandomHelper;
import com.helger.commons.regex.RegExHelper;
import com.helger.commons.state.EContinue;
import com.helger.commons.string.StringHelper;
import com.helger.commons.url.URLHelper;
import com.helger.web.scope.IRequestWebScopeWithoutResponse;
import com.helger.web.servlet.response.UnifiedResponse;
import java.io.IOException;
import java.util.Iterator;
import java.util.Locale;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.OverridingMethodsMustInvokeSuper;
import javax.servlet.ServletException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/helger/photon/core/servlet/AbstractObjectDeliveryServlet.class */
public abstract class AbstractObjectDeliveryServlet extends AbstractUnifiedResponseServlet {
    public static final String INITPARAM_DENIED_FILENAMES = "deniedFilenames";
    public static final String INITPARAM_DENIED_EXTENSIONS = "deniedExtensions";
    public static final String INITPARAM_DENIED_REG_EXS = "deniedRegExs";
    public static final String INITPARAM_ALLOWED_FILENAMES = "allowedFilenames";
    public static final String INITPARAM_ALLOWED_EXTENSIONS = "allowedExtensions";
    public static final String INITPARAM_ALLOWED_REG_EXS = "allowedRegExs";
    public static final String INITPARAM_VALUE_WILDCARD = "*";
    public static final String EXTENSION_MACRO_WEB_DEFAULT = "$web-default$";
    protected static final String REQUEST_ATTR_OBJECT_DELIVERY_FILENAME = "$ph.object-delivery.filename";
    private static final Logger s_aLogger = LoggerFactory.getLogger(AbstractObjectDeliveryServlet.class);
    protected static final String ETAG_VALUE_OBJECT_DELIVERY_SERVLET = '\"' + Long.toString(RandomHelper.getRandom().nextLong()) + '\"';
    private final ICommonsOrderedSet<String> m_aDeniedFilenames = new CommonsLinkedHashSet();
    private final ICommonsOrderedSet<String> m_aDeniedExtensions = new CommonsLinkedHashSet();
    private final ICommonsOrderedSet<String> m_aDeniedRegExs = new CommonsLinkedHashSet();
    private final ICommonsOrderedSet<String> m_aAllowedFilenames = new CommonsLinkedHashSet();
    private final ICommonsOrderedSet<String> m_aAllowedExtensions = new CommonsLinkedHashSet();
    private final ICommonsOrderedSet<String> m_aAllowedRegExs = new CommonsLinkedHashSet();
    private boolean m_bDeniedAllExtensions = false;
    private boolean m_bAllowedAllExtensions = false;

    @Nonnull
    protected static final String getUnifiedItem(@Nonnull String str) {
        return str.toLowerCase(Locale.US);
    }

    private static void _initialFillSet(@Nonnull ICommonsOrderedSet<String> iCommonsOrderedSet, @Nullable String str, boolean z) {
        ValueEnforcer.notNull(iCommonsOrderedSet, "Set");
        if (!iCommonsOrderedSet.isEmpty()) {
            throw new IllegalArgumentException("The provided set must be empty, but it is not: " + iCommonsOrderedSet);
        }
        if (StringHelper.hasText(str)) {
            Iterator it = StringHelper.getExploded(',', StringHelper.replaceAll(str, EXTENSION_MACRO_WEB_DEFAULT, "js,css,png,jpg,jpeg,gif,eot,svg,ttf,woff,woff2,map")).iterator();
            while (it.hasNext()) {
                String trim = ((String) it.next()).trim();
                if (z) {
                    trim = getUnifiedItem(trim);
                }
                if (StringHelper.hasText(trim)) {
                    iCommonsOrderedSet.add(trim);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.helger.photon.core.servlet.AbstractUnifiedResponseServlet
    @OverridingMethodsMustInvokeSuper
    public final void onInit() throws ServletException {
        super.onInit();
        _initialFillSet(this.m_aDeniedFilenames, getInitParameter(INITPARAM_DENIED_FILENAMES), false);
        _initialFillSet(this.m_aDeniedExtensions, getInitParameter(INITPARAM_DENIED_EXTENSIONS), true);
        _initialFillSet(this.m_aDeniedRegExs, getInitParameter(INITPARAM_DENIED_REG_EXS), false);
        this.m_bDeniedAllExtensions = this.m_aDeniedExtensions.contains(INITPARAM_VALUE_WILDCARD);
        _initialFillSet(this.m_aAllowedFilenames, getInitParameter(INITPARAM_ALLOWED_FILENAMES), false);
        _initialFillSet(this.m_aAllowedExtensions, getInitParameter(INITPARAM_ALLOWED_EXTENSIONS), true);
        _initialFillSet(this.m_aAllowedRegExs, getInitParameter(INITPARAM_ALLOWED_REG_EXS), false);
        this.m_bAllowedAllExtensions = this.m_aAllowedExtensions.contains(INITPARAM_VALUE_WILDCARD);
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("Settings for " + getClass().getName() + ": " + INITPARAM_DENIED_FILENAMES + "=" + this.m_aDeniedFilenames + "; " + INITPARAM_DENIED_EXTENSIONS + "=" + this.m_aDeniedExtensions + "; " + INITPARAM_DENIED_REG_EXS + "=" + this.m_aDeniedRegExs + "; " + INITPARAM_ALLOWED_FILENAMES + "=" + this.m_aAllowedFilenames + "; " + INITPARAM_ALLOWED_EXTENSIONS + "=" + this.m_aAllowedExtensions + "; " + INITPARAM_ALLOWED_REG_EXS + "=" + this.m_aAllowedRegExs);
        }
        if (this.m_bDeniedAllExtensions) {
            s_aLogger.warn("All extensions are denied in " + getClass().getName() + ". This means that this servlet will not deliver any resource!");
        } else if (this.m_aAllowedFilenames.isEmpty() && this.m_aAllowedExtensions.isEmpty() && this.m_aAllowedRegExs.isEmpty()) {
            s_aLogger.warn("No allowance rules are defined in " + getClass().getName() + ". This means that this servlet will not deliver any resource!");
        }
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllDeniedFilenames() {
        return this.m_aDeniedFilenames.getClone();
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllDeniedExtensions() {
        return this.m_aDeniedExtensions.getClone();
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllDeniedRegExs() {
        return this.m_aDeniedRegExs.getClone();
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllAllowedFilenames() {
        return this.m_aAllowedFilenames.getClone();
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllAllowedExtensions() {
        return this.m_aAllowedExtensions.getClone();
    }

    @Nonnull
    @ReturnsMutableCopy
    protected final ICommonsOrderedSet<String> getAllAllowedRegExs() {
        return this.m_aAllowedRegExs.getClone();
    }

    protected final boolean isDenyAllExtensions() {
        return this.m_bDeniedAllExtensions;
    }

    protected final boolean isAllowAllExtensions() {
        return this.m_bAllowedAllExtensions;
    }

    protected final boolean isValidFilenameAccordingToTheRules(@Nullable String str) {
        String withoutPath = FilenameHelper.getWithoutPath(str);
        String unifiedItem = getUnifiedItem(FilenameHelper.getExtension(withoutPath));
        if (StringHelper.endsWith(str, "/") || StringHelper.hasNoText(withoutPath)) {
            if (!s_aLogger.isDebugEnabled()) {
                return false;
            }
            s_aLogger.debug("Denied object with name '" + str + "' because it is empty");
            return false;
        }
        if (this.m_aDeniedFilenames.contains(withoutPath)) {
            if (!s_aLogger.isDebugEnabled()) {
                return false;
            }
            s_aLogger.debug("Denied object with name '" + str + "' because it is in the denied filenames list");
            return false;
        }
        if (this.m_bDeniedAllExtensions || this.m_aDeniedExtensions.contains(unifiedItem)) {
            if (!s_aLogger.isDebugEnabled()) {
                return false;
            }
            s_aLogger.debug("Denied object with name '" + str + "' because it is in the denied extension list");
            return false;
        }
        if (!this.m_aDeniedRegExs.isEmpty()) {
            Iterator it = this.m_aDeniedRegExs.iterator();
            while (it.hasNext()) {
                if (RegExHelper.stringMatchesPattern((String) it.next(), withoutPath)) {
                    if (!s_aLogger.isDebugEnabled()) {
                        return false;
                    }
                    s_aLogger.debug("Denied object with name '" + str + "' because it is in the denied regex list");
                    return false;
                }
            }
        }
        if (this.m_aAllowedFilenames.contains(withoutPath)) {
            if (!s_aLogger.isDebugEnabled()) {
                return true;
            }
            s_aLogger.debug("Allowed object with name '" + str + "' because it is in the allowed filenames list");
            return true;
        }
        if (this.m_bAllowedAllExtensions || this.m_aAllowedExtensions.contains(unifiedItem)) {
            if (!s_aLogger.isDebugEnabled()) {
                return true;
            }
            s_aLogger.debug("Allowed object with name '" + str + "' because it is in the allowed extension list");
            return true;
        }
        if (!this.m_aAllowedRegExs.isEmpty()) {
            Iterator it2 = this.m_aAllowedRegExs.iterator();
            while (it2.hasNext()) {
                if (RegExHelper.stringMatchesPattern((String) it2.next(), withoutPath)) {
                    if (!s_aLogger.isDebugEnabled()) {
                        return true;
                    }
                    s_aLogger.debug("Allowed object with name '" + str + "' because it is in the allowed regex list");
                    return true;
                }
            }
        }
        if (!s_aLogger.isDebugEnabled()) {
            return false;
        }
        s_aLogger.debug("Denied object with name '" + str + "' because it is neither denied nor allowed");
        return false;
    }

    protected static final boolean isPossibleDirectoryTraversalRequest(@Nonnull String str) {
        return str.indexOf("/..") >= 0 || str.indexOf("../") >= 0 || str.indexOf("\\..") >= 0 || str.indexOf("..\\") >= 0;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.helger.photon.core.servlet.AbstractUnifiedResponseServlet
    @OverridingMethodsMustInvokeSuper
    public EContinue initRequestState(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse) {
        String urlDecode = URLHelper.urlDecode(iRequestWebScopeWithoutResponse.getPathWithinServlet());
        if (!StringHelper.hasNoText(urlDecode) && isValidFilenameAccordingToTheRules(urlDecode) && !isPossibleDirectoryTraversalRequest(urlDecode)) {
            iRequestWebScopeWithoutResponse.setAttribute(REQUEST_ATTR_OBJECT_DELIVERY_FILENAME, urlDecode);
            return EContinue.CONTINUE;
        }
        s_aLogger.warn("Illegal delivery request '" + urlDecode + "'");
        unifiedResponse.setStatus(404);
        return EContinue.BREAK;
    }

    @Override // com.helger.photon.core.servlet.AbstractUnifiedResponseServlet
    @Nullable
    protected final String getSupportedETag(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse) {
        return ETAG_VALUE_OBJECT_DELIVERY_SERVLET;
    }

    protected abstract void onDeliverResource(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse, @Nonnull String str) throws IOException;

    @Override // com.helger.photon.core.servlet.AbstractUnifiedResponseServlet
    protected void handleRequest(@Nonnull IRequestWebScopeWithoutResponse iRequestWebScopeWithoutResponse, @Nonnull UnifiedResponse unifiedResponse) throws ServletException, IOException {
        String attributeAsString = iRequestWebScopeWithoutResponse.getAttributeAsString(REQUEST_ATTR_OBJECT_DELIVERY_FILENAME);
        onDeliverResource(iRequestWebScopeWithoutResponse, unifiedResponse, attributeAsString);
        if (s_aLogger.isDebugEnabled()) {
            s_aLogger.debug("Delivered object with name '" + attributeAsString + "'");
        }
    }
}
