package org.fcrepo.integration.http.api;

import java.io.BufferedWriter;
import java.io.File;
import java.net.ConnectException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.FileAttribute;
import java.util.Arrays;
import java.util.Iterator;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.NoHttpResponseException;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.entity.StringEntity;
import org.fcrepo.kernel.api.RdfLexicon;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.context.TestExecutionListeners;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.support.DependencyInjectionTestExecutionListener;

@RunWith(SpringJUnit4ClassRunner.class)
@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
@TestExecutionListeners(listeners = {DependencyInjectionTestExecutionListener.class, TestIsolationExecutionListener.class, DirtyContextBeforeAndAfterClassTestExecutionListener.class}, mergeMode = TestExecutionListeners.MergeMode.MERGE_WITH_DEFAULTS)
/* loaded from: input_file:org/fcrepo/integration/http/api/ExternalContentPathValidatorIT.class */
public class ExternalContentPathValidatorIT extends AbstractResourceIT {
    private static final Logger LOGGER = LoggerFactory.getLogger(ExternalContentPathValidatorIT.class);
    private static final String NON_RDF_SOURCE_LINK_HEADER = "<" + RdfLexicon.NON_RDF_SOURCE.getURI() + ">;rel=\"type\"";
    private static File disallowedDir;
    private static File allowedDir;

    private static void addAllowedPath(File file, String str) throws Exception {
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(file.toPath(), StandardOpenOption.APPEND);
        try {
            newBufferedWriter.write(str + System.lineSeparator());
            if (newBufferedWriter != null) {
                newBufferedWriter.close();
            }
        } catch (Throwable th) {
            if (newBufferedWriter != null) {
                try {
                    newBufferedWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Before
    public void init() throws Exception {
        int i = 50;
        while (true) {
            try {
                CloseableHttpResponse execute = execute(new HttpGet(serverAddress));
                try {
                    Assert.assertEquals(200L, getStatus((HttpResponse) execute));
                    if (execute != null) {
                        execute.close();
                    }
                    System.clearProperty("fcrepo.external.content.allowed");
                    return;
                } finally {
                    if (execute == null) {
                        break;
                    } else {
                        try {
                            break;
                        } catch (Throwable th) {
                        }
                    }
                }
            } catch (ConnectException | NoHttpResponseException e) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    throw new Exception("Fedora instance did not become available in allowed time");
                }
                LOGGER.debug("Waiting for fedora to become available");
                Thread.sleep(50L);
            }
        }
    }

    @Test
    public void testAllowedPath() throws Exception {
        HttpPost postObjMethod = postObjMethod();
        postObjMethod.addHeader("Content-Type", "text/plain");
        postObjMethod.addHeader("Link", NON_RDF_SOURCE_LINK_HEADER);
        postObjMethod.setEntity(new StringEntity("xyz"));
        CloseableHttpResponse execute = execute(postObjMethod);
        try {
            Assert.assertEquals(201L, getStatus((HttpResponse) execute));
            String location = getLocation((HttpResponse) execute);
            if (execute != null) {
                execute.close();
            }
            String randomUniqueId = getRandomUniqueId();
            HttpPut putObjMethod = putObjMethod(randomUniqueId);
            putObjMethod.addHeader("Link", getExternalContentLinkHeader(location, "proxy", null));
            CloseableHttpResponse execute2 = execute(putObjMethod);
            try {
                Assert.assertEquals(201L, getStatus((HttpResponse) execute2));
                if (execute2 != null) {
                    execute2.close();
                }
                execute = execute(getObjMethod(randomUniqueId));
                try {
                    Assert.assertEquals(200L, getStatus((HttpResponse) execute));
                    Assert.assertEquals("text/plain", execute.getFirstHeader("Content-Type").getValue());
                    Assert.assertEquals(location, execute.getFirstHeader("Content-Location").getValue());
                    if (execute != null) {
                        execute.close();
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th) {
                    th.addSuppressed(th);
                }
            }
        }
    }

    @Test
    public void testDisallowedPath() throws Exception {
        HttpPut putObjMethod = putObjMethod(getRandomUniqueId());
        putObjMethod.addHeader("Link", getExternalContentLinkHeader("http://example.com/", "proxy", null));
        CloseableHttpResponse execute = execute(putObjMethod);
        try {
            Assert.assertEquals(400L, getStatus((HttpResponse) execute));
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAllowedFilePath() throws Exception {
        File file = new File(allowedDir, "test.txt");
        FileUtils.writeStringToFile(file, "content", "UTF-8");
        String uri = file.toURI().toString();
        String randomUniqueId = getRandomUniqueId();
        HttpPut putObjMethod = putObjMethod(randomUniqueId);
        putObjMethod.addHeader("Link", getExternalContentLinkHeader(uri, "proxy", "text/plain"));
        CloseableHttpResponse execute = execute(putObjMethod);
        try {
            Assert.assertEquals(201L, getStatus((HttpResponse) execute));
            if (execute != null) {
                execute.close();
            }
            execute = execute(getObjMethod(randomUniqueId));
            try {
                Assert.assertEquals(200L, getStatus((HttpResponse) execute));
                Assert.assertEquals("text/plain", execute.getFirstHeader("Content-Type").getValue());
                Assert.assertEquals(uri, execute.getFirstHeader("Content-Location").getValue());
                Assert.assertEquals("content", IOUtils.toString(execute.getEntity().getContent(), "UTF-8"));
                if (execute != null) {
                    execute.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testAllowedCaseSensitiveFilePath() throws Exception {
        File file = new File(allowedDir, "TEST.txt");
        FileUtils.writeStringToFile(file, "content", "UTF-8");
        String uri = file.toURI().toString();
        String randomUniqueId = getRandomUniqueId();
        HttpPut putObjMethod = putObjMethod(randomUniqueId);
        putObjMethod.addHeader("Link", getExternalContentLinkHeader(uri, "proxy", "text/plain"));
        CloseableHttpResponse execute = execute(putObjMethod);
        try {
            Assert.assertEquals(201L, getStatus((HttpResponse) execute));
            if (execute != null) {
                execute.close();
            }
            execute = execute(getObjMethod(randomUniqueId));
            try {
                Assert.assertEquals(200L, getStatus((HttpResponse) execute));
                Assert.assertEquals("text/plain", execute.getFirstHeader("Content-Type").getValue());
                Assert.assertEquals(uri, execute.getFirstHeader("Content-Location").getValue());
                Assert.assertEquals("content", IOUtils.toString(execute.getEntity().getContent(), "UTF-8"));
                if (execute != null) {
                    execute.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testDisallowedFilePath() throws Exception {
        File file = new File(disallowedDir, "test.txt");
        FileUtils.writeStringToFile(file, "content", "UTF-8");
        String uri = file.toURI().toString();
        HttpPut putObjMethod = putObjMethod(getRandomUniqueId());
        putObjMethod.addHeader("Link", getExternalContentLinkHeader(uri, "proxy", "text/plain"));
        CloseableHttpResponse execute = execute(putObjMethod);
        try {
            Assert.assertEquals(400L, getStatus((HttpResponse) execute));
            if (execute != null) {
                execute.close();
            }
        } catch (Throwable th) {
            if (execute != null) {
                try {
                    execute.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPathModifiers() throws Exception {
        FileUtils.writeStringToFile(new File(disallowedDir, "test.txt"), "content", "UTF-8");
        Iterator it = Arrays.asList("../", "%2e%2e%2f", "%2e%2e/", "..%2f", "%252e%252e%255c", "%2e%2e%5c", "%2e%2e%5c%2f", "..%c0%af").iterator();
        while (it.hasNext()) {
            String str = allowedDir.toURI().toString() + ((String) it.next()) + "test.txt";
            HttpPut putObjMethod = putObjMethod(getRandomUniqueId());
            putObjMethod.addHeader("Link", getExternalContentLinkHeader(str, "proxy", "text/plain"));
            CloseableHttpResponse execute = execute(putObjMethod);
            try {
                Assert.assertEquals("Path " + str + " must be rejected", 400L, getStatus((HttpResponse) execute));
                if (execute != null) {
                    execute.close();
                }
            } catch (Throwable th) {
                if (execute != null) {
                    try {
                        execute.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    static {
        try {
            File createTempFile = File.createTempFile("allowed", ".txt");
            createTempFile.deleteOnExit();
            addAllowedPath(createTempFile, serverAddress);
            Path createTempDirectory = Files.createTempDirectory("disallowed", new FileAttribute[0]);
            createTempDirectory.toFile().deleteOnExit();
            disallowedDir = createTempDirectory.toFile();
            allowedDir = Files.createTempDirectory(createTempDirectory, "data", new FileAttribute[0]).toFile();
            addAllowedPath(createTempFile, allowedDir.toURI().toString());
            System.setProperty("fcrepo.external.content.allowed", createTempFile.getAbsolutePath());
            LOGGER.warn("fcrepo.external.content.allowed = {}", createTempFile.getAbsolutePath());
        } catch (Exception e) {
            LOGGER.error("Failed to setup allowed configuration file", e);
        }
    }
}
