package org.primefaces.util;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PushbackInputStream;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.faces.FacesException;
import javax.faces.application.FacesMessage;
import javax.faces.context.FacesContext;
import javax.faces.validator.ValidatorException;
import javax.servlet.http.HttpServletRequest;
import net.postgis.jdbc.geometry.util.VersionUtil;
import org.primefaces.component.fileupload.FileUpload;
import org.primefaces.component.fileupload.FileUploadChunkDecoder;
import org.primefaces.component.fileupload.FileUploadDecoder;
import org.primefaces.context.PrimeApplicationContext;
import org.primefaces.model.file.UploadedFile;
import org.primefaces.shaded.commons.io.FilenameUtils;
import org.primefaces.shaded.owasp.SafeFile;
import org.primefaces.shaded.owasp.ValidationException;
import org.primefaces.virusscan.VirusException;

/* loaded from: input_file:WEB-INF/lib/primefaces-13.0.10.jar:org/primefaces/util/FileUploadUtils.class */
public class FileUploadUtils {
    private static final Logger LOGGER = Logger.getLogger(FileUploadUtils.class.getName());
    private static final Pattern INVALID_FILENAME_PATTERN = Pattern.compile("([\\/:*?\"<>|])");

    private FileUploadUtils() {
    }

    public static String getValidFilename(String str) {
        if (LangUtils.isBlank(str)) {
            return null;
        }
        if (isSystemWindows()) {
            if (str.contains("\\\\")) {
                throw new FacesException("Invalid filename: " + str);
            }
            for (String str2 : LangUtils.substring(str, 0, FilenameUtils.getPrefixLength(str)).split(Pattern.quote(File.separator))) {
                if (INVALID_FILENAME_PATTERN.matcher(str2).find()) {
                    throw new FacesException("Invalid filename: " + str);
                }
            }
        }
        String name = FilenameUtils.getName(str);
        String extension = FilenameUtils.getExtension(str);
        if (name.isEmpty() && extension.isEmpty()) {
            throw new FacesException("Filename can not be the empty string");
        }
        return name;
    }

    public static String getValidFilePath(String str) throws ValidationException {
        if (LangUtils.isBlank(str)) {
            throw new FacesException("Path can not be the empty string or null");
        }
        try {
            SafeFile safeFile = new SafeFile(str);
            File parentFile = safeFile.getParentFile();
            if (!safeFile.exists()) {
                throw new ValidationException("Invalid directory", "Invalid directory, \"" + safeFile + "\" does not exist.");
            }
            if (!parentFile.exists()) {
                throw new ValidationException("Invalid directory", "Invalid directory, specified parent does not exist.");
            }
            if (!parentFile.isDirectory()) {
                throw new ValidationException("Invalid directory", "Invalid directory, specified parent is not a directory.");
            }
            if (!safeFile.getCanonicalFile().toPath().startsWith(parentFile.getCanonicalFile().toPath())) {
                throw new ValidationException("Invalid directory", "Invalid directory, \"" + safeFile + "\" does not reside inside specified parent.");
            }
            if (safeFile.getCanonicalPath().equals(str)) {
                return str;
            }
            throw new ValidationException("Invalid directory", "Invalid directory name does not match the canonical path");
        } catch (IOException e) {
            throw new ValidationException("Invalid directory", "Failure to validate directory path");
        }
    }

    public static boolean isSystemWindows() {
        return File.separatorChar == '\\';
    }

    public static boolean isValidType(PrimeApplicationContext primeApplicationContext, FileUpload fileUpload, UploadedFile uploadedFile) {
        String fileName = uploadedFile.getFileName();
        try {
            InputStream inputStream = uploadedFile.getInputStream();
            try {
                boolean z = isValidFileName(fileUpload, uploadedFile) && isValidFileContent(primeApplicationContext, fileUpload, fileName, inputStream);
                if (z && LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.fine(String.format("The uploaded file %s meets the filename and content type specifications", fileName));
                }
                if (inputStream != null) {
                    inputStream.close();
                }
                return z;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            if (!LOGGER.isLoggable(Level.WARNING)) {
                return false;
            }
            LOGGER.log(Level.WARNING, String.format("The type of the uploaded file %s could not be validated", fileName), (Throwable) e);
            return false;
        }
    }

    private static boolean isValidFileName(FileUpload fileUpload, UploadedFile uploadedFile) {
        String allowTypes = fileUpload.getAllowTypes();
        if (LangUtils.isBlank(allowTypes)) {
            return true;
        }
        String convertJavaScriptRegex = convertJavaScriptRegex(allowTypes);
        if (LangUtils.isBlank(convertJavaScriptRegex)) {
            return true;
        }
        String forJavaScriptAttribute = EscapeUtils.forJavaScriptAttribute(uploadedFile.getFileName());
        String forJavaScriptAttribute2 = EscapeUtils.forJavaScriptAttribute(uploadedFile.getContentType());
        Pattern compile = Pattern.compile(convertJavaScriptRegex, 66);
        if (compile.matcher(forJavaScriptAttribute).find() || compile.matcher(forJavaScriptAttribute2).find()) {
            return true;
        }
        if (!LOGGER.isLoggable(Level.WARNING)) {
            return false;
        }
        LOGGER.warning(String.format("The uploaded filename %s does not match the specified regex %s", forJavaScriptAttribute, convertJavaScriptRegex));
        return false;
    }

    protected static String convertJavaScriptRegex(String str) {
        int i = 0;
        int length = str.length() - 1;
        if (str.charAt(0) == '/') {
            i = 1;
        }
        char charAt = str.charAt(length);
        if ((charAt != '/' && charAt == 'i') || charAt == 'g') {
            length--;
        }
        return LangUtils.substring(str, i, length);
    }

    private static boolean isValidFileContent(PrimeApplicationContext primeApplicationContext, FileUpload fileUpload, String str, InputStream inputStream) throws IOException {
        if (!fileUpload.isValidateContentType()) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return true;
            }
            LOGGER.fine("Content type checking is disabled");
            return true;
        }
        if (LangUtils.isBlank(fileUpload.getAccept())) {
            return true;
        }
        Path createTempFile = Files.createTempFile(UUID.randomUUID().toString(), null, new FileAttribute[0]);
        try {
            PushbackInputStream pushbackInputStream = new PushbackInputStream(new BufferedInputStream(inputStream));
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(createTempFile.toFile());
                try {
                    IOUtils.copyLarge(pushbackInputStream, fileOutputStream);
                    fileOutputStream.close();
                    pushbackInputStream.close();
                    String probeContentType = primeApplicationContext.getFileTypeDetector().probeContentType(createTempFile);
                    if (probeContentType == null) {
                        if (LOGGER.isLoggable(Level.WARNING)) {
                            LOGGER.warning(String.format("Could not determine content type of uploaded file %s, consider plugging in an adequate FileTypeDetector implementation", str));
                        }
                        try {
                            Files.delete(createTempFile);
                        } catch (Exception e) {
                            if (LOGGER.isLoggable(Level.WARNING)) {
                                LOGGER.log(Level.WARNING, String.format("Could not delete temporary file %s, will try to delete on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e);
                                try {
                                    createTempFile.toFile().deleteOnExit();
                                } catch (Exception e2) {
                                    if (LOGGER.isLoggable(Level.WARNING)) {
                                        LOGGER.log(Level.WARNING, String.format("Could not register temporary file %s for deletion on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e2);
                                    }
                                }
                            }
                        }
                        return false;
                    }
                    String[] split = fileUpload.getAccept().split(",");
                    boolean z = false;
                    int length = split.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String lowerCase = split[i].trim().toLowerCase();
                        if (lowerCase.startsWith(VersionUtil.POSTGIS_SERVER_VERSION_SEPERATOR) && str.toLowerCase().endsWith(lowerCase)) {
                            z = true;
                            if (LOGGER.isLoggable(Level.FINE)) {
                                LOGGER.fine(String.format("The file extension %s of the uploaded file %s is accepted", lowerCase, str));
                            }
                        } else if (FilenameUtils.wildcardMatch(probeContentType.toLowerCase(), lowerCase)) {
                            z = true;
                            if (LOGGER.isLoggable(Level.FINE)) {
                                LOGGER.fine(String.format("The content type %s of the uploaded file %s is accepted by %s", probeContentType, str, lowerCase));
                            }
                        } else {
                            i++;
                        }
                    }
                    if (!z) {
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.fine(String.format("The uploaded file %s with content type %s does not match the accept specification %s", str, probeContentType, fileUpload.getAccept()));
                        }
                        try {
                            Files.delete(createTempFile);
                        } catch (Exception e3) {
                            if (LOGGER.isLoggable(Level.WARNING)) {
                                LOGGER.log(Level.WARNING, String.format("Could not delete temporary file %s, will try to delete on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e3);
                                try {
                                    createTempFile.toFile().deleteOnExit();
                                } catch (Exception e4) {
                                    if (LOGGER.isLoggable(Level.WARNING)) {
                                        LOGGER.log(Level.WARNING, String.format("Could not register temporary file %s for deletion on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e4);
                                    }
                                }
                            }
                        }
                        return false;
                    }
                    try {
                        Files.delete(createTempFile);
                        return true;
                    } catch (Exception e5) {
                        if (!LOGGER.isLoggable(Level.WARNING)) {
                            return true;
                        }
                        LOGGER.log(Level.WARNING, String.format("Could not delete temporary file %s, will try to delete on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e5);
                        try {
                            createTempFile.toFile().deleteOnExit();
                            return true;
                        } catch (Exception e6) {
                            if (!LOGGER.isLoggable(Level.WARNING)) {
                                return true;
                            }
                            LOGGER.log(Level.WARNING, String.format("Could not register temporary file %s for deletion on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e6);
                            return true;
                        }
                    }
                } catch (Throwable th) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                Files.delete(createTempFile);
            } catch (Exception e7) {
                if (LOGGER.isLoggable(Level.WARNING)) {
                    LOGGER.log(Level.WARNING, String.format("Could not delete temporary file %s, will try to delete on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e7);
                    try {
                        createTempFile.toFile().deleteOnExit();
                    } catch (Exception e8) {
                        if (LOGGER.isLoggable(Level.WARNING)) {
                            LOGGER.log(Level.WARNING, String.format("Could not register temporary file %s for deletion on JVM exit", createTempFile.toAbsolutePath()), (Throwable) e8);
                        }
                    }
                }
            }
            throw th3;
        }
    }

    public static void performVirusScan(FacesContext facesContext, UploadedFile uploadedFile) throws VirusException {
        PrimeApplicationContext.getCurrentInstance(facesContext).getVirusScannerService().performVirusScan(uploadedFile);
    }

    public static void tryValidateFile(FacesContext facesContext, FileUpload fileUpload, UploadedFile uploadedFile) throws ValidatorException {
        Long sizeLimit = fileUpload.getSizeLimit();
        PrimeApplicationContext currentInstance = PrimeApplicationContext.getCurrentInstance(facesContext);
        if (sizeLimit != null && uploadedFile.getSize() > sizeLimit.longValue()) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, fileUpload.getInvalidSizeMessage(), null));
        }
        if (!isValidType(currentInstance, fileUpload, uploadedFile)) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, fileUpload.getInvalidFileMessage(), null));
        }
        if (fileUpload.isVirusScan()) {
            performVirusScan(facesContext, uploadedFile);
        }
    }

    public static void tryValidateFiles(FacesContext facesContext, FileUpload fileUpload, List<UploadedFile> list) {
        long j = 0;
        Long sizeLimit = fileUpload.getSizeLimit();
        for (UploadedFile uploadedFile : list) {
            j += uploadedFile.getSize();
            tryValidateFile(facesContext, fileUpload, uploadedFile);
        }
        if (sizeLimit != null && j > sizeLimit.longValue()) {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, fileUpload.getInvalidFileMessage(), null));
        }
    }

    public static String checkPathTraversal(String str) {
        if (!System.getProperty("os.name").toLowerCase().contains("win")) {
            str = str.startsWith("/") ? str.substring(1) : str;
        }
        File file = new File(str);
        if (file.isAbsolute()) {
            throw new FacesException("Path traversal attempt - absolute path not allowed.");
        }
        try {
            if (file.getCanonicalPath().equals(file.getAbsolutePath())) {
                return str;
            }
            throw new FacesException("Path traversal attempt for path " + str);
        } catch (IOException e) {
            throw new FacesException("Path traversal - unexpected exception.", e);
        }
    }

    public static List<Path> listChunks(Path path) {
        try {
            Stream<Path> walk = Files.walk(path, new FileVisitOption[0]);
            try {
                List<Path> list = (List) walk.filter(path2 -> {
                    return path2.toFile().isFile() && path2.getFileName().toString().matches("\\d+");
                }).sorted(Comparator.comparing(path3 -> {
                    return Long.valueOf(Long.parseLong(path3.getFileName().toString()));
                })).collect(Collectors.toList());
                if (walk != null) {
                    walk.close();
                }
                return list;
            } catch (Throwable th) {
                if (walk != null) {
                    try {
                        walk.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | SecurityException e) {
            throw new FacesException(e);
        }
    }

    public static <T extends HttpServletRequest> List<Path> listChunks(T t) {
        Path chunkDir = getChunkDir(t);
        return !chunkDir.toFile().exists() ? Collections.emptyList() : listChunks(chunkDir);
    }

    public static <T extends HttpServletRequest> FileUploadChunkDecoder<T> getFileUploadChunkDecoder(T t) {
        FileUploadDecoder fileUploadDecoder = PrimeApplicationContext.getCurrentInstance(t.getServletContext()).getFileUploadDecoder();
        if (fileUploadDecoder instanceof FileUploadChunkDecoder) {
            return (FileUploadChunkDecoder) fileUploadDecoder;
        }
        throw new FacesException("Chunk decoder not supported");
    }

    public static <T extends HttpServletRequest> Path getChunkDir(T t) {
        FileUploadChunkDecoder fileUploadChunkDecoder = getFileUploadChunkDecoder(t);
        return Paths.get(fileUploadChunkDecoder.getUploadDirectory(t), fileUploadChunkDecoder.generateFileInfoKey(t));
    }
}
