package org.opencastproject.fsresources;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import java.util.zip.CRC32;
import javax.servlet.Servlet;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.opencastproject.security.api.SecurityService;
import org.opencastproject.security.api.StaticFileAuthorization;
import org.opencastproject.util.ConfigurationException;
import org.opencastproject.util.MimeTypes;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(property = {"service.description=Opencast Download Resources", "alias=/static", "httpContext.id=opencast.httpcontext", "httpContext.shared=true"}, immediate = true, service = {Servlet.class})
/* loaded from: input_file:org/opencastproject/fsresources/StaticResourceServlet.class */
public class StaticResourceServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    private static final String PROP_AUTH_REQUIRED = "authentication.required";
    private static final String PROP_X_ACCEL_REDIRECT = "x.accel.redirect";
    private String distributionDirectory;
    private boolean authRequired = true;
    private String xAccelRedirect = null;
    private SecurityService securityService = null;
    private List<StaticFileAuthorization> authorizations = new ArrayList();
    private static final String mimeSeparation = "MATTERHORN_MIME_BOUNDARY";
    private static final Logger logger = LoggerFactory.getLogger(StaticResourceServlet.class);
    private static final ArrayList<Range> FULL_RANGE = new ArrayList<>();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/opencastproject/fsresources/StaticResourceServlet$Range.class */
    public class Range {
        protected long start;
        protected long end;
        protected long length;

        protected Range() {
        }

        public boolean validate() {
            if (this.end >= this.length) {
                this.end = this.length - StaticResourceServlet.serialVersionUID;
            }
            return this.start >= 0 && this.end >= 0 && this.start <= this.end && this.length > 0;
        }

        public void recycle() {
            this.start = 0L;
            this.end = 0L;
            this.length = 0L;
        }
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    public void addStaticFileAuthorization(StaticFileAuthorization staticFileAuthorization) {
        this.authorizations.add(staticFileAuthorization);
        logger.info("Added static file authorization for {}", staticFileAuthorization.getProtectedUrlPattern());
    }

    public void removeStaticFileAuthorization(StaticFileAuthorization staticFileAuthorization) {
        this.authorizations.remove(staticFileAuthorization);
        logger.info("Removed static file authorization for {}", staticFileAuthorization.getProtectedUrlPattern());
    }

    private boolean isAuthorized(String str) {
        for (StaticFileAuthorization staticFileAuthorization : this.authorizations) {
            for (Pattern pattern : staticFileAuthorization.getProtectedUrlPattern()) {
                logger.debug("Testing pattern `{}`", pattern);
                if (pattern.matcher(str).matches()) {
                    logger.debug("Using regexp `{}` for authorization check", pattern);
                    return staticFileAuthorization.verifyUrlAccess(str);
                }
            }
        }
        logger.debug("No authorization plug-in matches");
        return false;
    }

    @Activate
    public void activate(ComponentContext componentContext) {
        if (componentContext == null) {
            this.authRequired = true;
            this.xAccelRedirect = null;
        } else {
            this.authRequired = BooleanUtils.toBoolean(Objects.toString(componentContext.getProperties().get(PROP_AUTH_REQUIRED), "true"));
            this.xAccelRedirect = Objects.toString(componentContext.getProperties().get(PROP_X_ACCEL_REDIRECT), null);
            this.distributionDirectory = componentContext.getBundleContext().getProperty("org.opencastproject.download.directory");
            if (StringUtils.isEmpty(this.distributionDirectory)) {
                String property = componentContext.getBundleContext().getProperty("org.opencastproject.storage.dir");
                if (StringUtils.isNotEmpty(property)) {
                    this.distributionDirectory = new File(property, "downloads").getPath();
                }
            }
        }
        logger.debug("Authentication check enabled: {}", Boolean.valueOf(this.authRequired));
        if (StringUtils.isEmpty(this.distributionDirectory)) {
            throw new ConfigurationException("Distribution directory not set");
        }
        logger.info("Serving static files from '{}'", this.distributionDirectory);
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        logger.debug("Looking for static resource '{}'", httpServletRequest.getRequestURI());
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null || pathInfo.contains("..")) {
            httpServletResponse.sendError(403);
            return;
        }
        if (this.authRequired && !isAuthorized(pathInfo)) {
            httpServletResponse.sendError(403);
            logger.debug("Not authorized");
            return;
        }
        File file = new File(this.distributionDirectory, pathInfo);
        if (!file.isFile() || !file.canRead()) {
            logger.debug("Unable to find file '{}', returning HTTP 404", file);
            httpServletResponse.sendError(404);
            return;
        }
        logger.debug("Serving static resource '{}'", file.getAbsolutePath());
        String computeEtag = computeEtag(file);
        if (computeEtag.equals(httpServletRequest.getHeader("If-None-Match"))) {
            httpServletResponse.setStatus(304);
            return;
        }
        httpServletResponse.setHeader("ETag", computeEtag);
        if (this.xAccelRedirect != null) {
            httpServletResponse.setHeader("X-Accel-Redirect", Paths.get(this.xAccelRedirect, pathInfo).toString());
            return;
        }
        String mimeType = MimeTypes.getMimeType(pathInfo);
        if (!"application/octet-stream".equals(mimeType)) {
            httpServletResponse.setContentType(mimeType);
        }
        httpServletResponse.setHeader("Content-Length", Long.toString(file.length()));
        httpServletResponse.setDateHeader("Last-Modified", file.lastModified());
        httpServletResponse.setHeader("Accept-Ranges", "bytes");
        ArrayList<Range> parseRange = parseRange(httpServletRequest, httpServletResponse, computeEtag, file.lastModified(), file.length());
        if (((parseRange == null || parseRange.isEmpty()) && httpServletRequest.getHeader("Range") == null) || parseRange == FULL_RANGE) {
            if (copyRange(new FileInputStream(file), httpServletResponse.getOutputStream(), 0L, file.length()) != null) {
                try {
                    httpServletResponse.sendError(500);
                    return;
                } catch (IOException e) {
                    logger.warn("unable to send http 500 error", e);
                    return;
                } catch (IllegalStateException e2) {
                    logger.trace("unable to send http 500 error. Client side was probably closed during file copy.", e2);
                    return;
                }
            }
            return;
        }
        if (parseRange == null || parseRange.isEmpty()) {
            return;
        }
        if (parseRange.size() != 1) {
            httpServletResponse.setStatus(206);
            httpServletResponse.setContentType("multipart/byteranges; boundary=MATTERHORN_MIME_BOUNDARY");
            try {
                httpServletResponse.setBufferSize(2048);
            } catch (IllegalStateException e3) {
                logger.debug(e3.getMessage(), e3);
            }
            copy(file, httpServletResponse.getOutputStream(), parseRange.iterator(), mimeType);
            return;
        }
        Range range = parseRange.get(0);
        long j = range.start;
        long j2 = range.end;
        long j3 = range.length;
        httpServletResponse.addHeader("Content-Range", "bytes " + j + "-" + httpServletResponse + "/" + j2);
        long j4 = (range.end - range.start) + serialVersionUID;
        if (j4 < 2147483647L) {
            httpServletResponse.setContentLength((int) j4);
        } else {
            httpServletResponse.setHeader("content-length", j4);
        }
        try {
            httpServletResponse.setBufferSize(2048);
        } catch (IllegalStateException e4) {
            logger.debug(e4.getMessage(), e4);
        }
        httpServletResponse.setStatus(206);
        if (copyRange(new FileInputStream(file), httpServletResponse.getOutputStream(), range.start, range.end) != null) {
            try {
                httpServletResponse.sendError(500);
            } catch (IOException e5) {
                logger.warn("unable to send http 500 error", e5);
            } catch (IllegalStateException e6) {
                logger.trace("unable to send http 500 error. Client side was probably closed during file copy.", e6);
            }
        }
    }

    private String computeEtag(File file) {
        CRC32 crc32 = new CRC32();
        crc32.update(file.getName().getBytes());
        checksum(file.lastModified(), crc32);
        checksum(file.length(), crc32);
        return Long.toString(crc32.getValue());
    }

    private static void checksum(long j, CRC32 crc32) {
        for (int i = 0; i < 8; i++) {
            crc32.update((int) (j & 255));
            j >>= 8;
        }
    }

    protected void copy(File file, ServletOutputStream servletOutputStream, Iterator<Range> it, String str) throws IOException {
        IOException iOException = null;
        while (iOException == null && it.hasNext()) {
            Range next = it.next();
            servletOutputStream.println();
            servletOutputStream.println("--MATTERHORN_MIME_BOUNDARY");
            if (str != null) {
                servletOutputStream.println("Content-Type: " + str);
            }
            long j = next.start;
            long j2 = next.end;
            long j3 = next.length;
            servletOutputStream.println("Content-Range: bytes " + j + "-" + servletOutputStream + "/" + j2);
            servletOutputStream.println();
            FileInputStream fileInputStream = new FileInputStream(file);
            iOException = copyRange(fileInputStream, servletOutputStream, next.start, next.end);
            fileInputStream.close();
        }
        servletOutputStream.println();
        servletOutputStream.print("--MATTERHORN_MIME_BOUNDARY--");
        if (iOException != null) {
            throw iOException;
        }
    }

    protected ArrayList<Range> parseRange(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, long j, long j2) throws IOException {
        String header;
        String header2 = httpServletRequest.getHeader("If-Range");
        if (header2 != null) {
            long j3 = -1;
            try {
                j3 = httpServletRequest.getDateHeader("If-Range");
            } catch (IllegalArgumentException e) {
                logger.debug(e.getMessage(), e);
            }
            if (j3 == -1) {
                if (!str.equals(header2.trim())) {
                    return FULL_RANGE;
                }
            } else if (j > j3 + 1000) {
                return FULL_RANGE;
            }
        }
        if (j2 == 0 || (header = httpServletRequest.getHeader("Range")) == null) {
            return null;
        }
        if (!header.startsWith("bytes")) {
            httpServletResponse.addHeader("Content-Range", "bytes */" + j2);
            httpServletResponse.sendError(416);
            return null;
        }
        String substring = header.substring(6);
        ArrayList<Range> arrayList = new ArrayList<>();
        StringTokenizer stringTokenizer = new StringTokenizer(substring, ",");
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            Range range = new Range();
            range.length = j2;
            int indexOf = trim.indexOf(45);
            if (indexOf == -1) {
                httpServletResponse.addHeader("Content-Range", "bytes */" + j2);
                httpServletResponse.sendError(416);
                return null;
            }
            if (indexOf == 0) {
                try {
                    range.start = j2 + Long.parseLong(trim);
                    range.end = j2 - serialVersionUID;
                } catch (NumberFormatException e2) {
                    httpServletResponse.addHeader("Content-Range", "bytes */" + j2);
                    httpServletResponse.sendError(416);
                    return null;
                }
            } else {
                try {
                    range.start = Long.parseLong(trim.substring(0, indexOf));
                    if (indexOf < trim.length() - 1) {
                        range.end = Long.parseLong(trim.substring(indexOf + 1, trim.length()));
                    } else {
                        range.end = j2 - serialVersionUID;
                    }
                } catch (NumberFormatException e3) {
                    httpServletResponse.addHeader("Content-Range", "bytes */" + j2);
                    httpServletResponse.sendError(416);
                    return null;
                }
            }
            if (!range.validate()) {
                httpServletResponse.addHeader("Content-Range", "bytes */" + j2);
                httpServletResponse.sendError(416);
                return null;
            }
            arrayList.add(range);
        }
        return arrayList;
    }

    protected IOException copyRange(InputStream inputStream, ServletOutputStream servletOutputStream, long j, long j2) {
        logger.debug("Serving bytes:{}-{}", Long.valueOf(j), Long.valueOf(j2));
        try {
            inputStream.skip(j);
            long j3 = (j2 - j) + serialVersionUID;
            byte[] bArr = new byte[2048];
            int length = bArr.length;
            try {
                int length2 = ((int) j3) % bArr.length;
                if (length2 > 0) {
                    int read = inputStream.read(bArr, 0, length2);
                    if (read <= 0) {
                        return null;
                    }
                    servletOutputStream.write(bArr, 0, read);
                    j3 -= read;
                    if (j3 == 0) {
                        return null;
                    }
                }
                length = inputStream.read(bArr);
                while (length > 0) {
                    servletOutputStream.write(bArr, 0, length);
                    j3 -= length;
                    if (j3 < serialVersionUID) {
                        break;
                    }
                    length = inputStream.read(bArr);
                }
                return null;
            } catch (IOException e) {
                logger.trace("IOException after starting the byte copy, current length {}, buffer {}. The user probably closed the client side after the file started copying.", new Object[]{Integer.valueOf(length), bArr, e});
                return e;
            }
        } catch (IOException e2) {
            logger.trace("Cannot skip to input stream position {}. The user probably closed the client side.", Long.valueOf(j), e2);
            return e2;
        }
    }
}
