package com.appiancorp.security.file.validator;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.authz.SystemRoleAeImpl;
import com.appiancorp.security.csrf.CsrfConstants;
import com.appiancorp.security.csrf.CsrfTokenManager;
import com.appiancorp.security.file.validator.antivirus.exceptions.AntiVirusHostUnreachableException;
import com.appiancorp.security.file.validator.antivirus.exceptions.AntiVirusScanTimeoutException;
import com.appiancorp.security.file.validator.antivirus.exceptions.VirusFoundException;
import com.appiancorp.security.file.validator.exceptions.FileValidationException;
import com.appiancorp.security.file.validator.extension.ExtensionBlockingMode;
import com.appiancorp.security.file.validator.extension.exceptions.BlockedExtensionException;
import com.appiancorp.security.file.validator.extension.exceptions.MimeTypeMismatchException;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suite.cfg.FileUploadConfiguration;
import com.appiancorp.tempo.api.ScanningUploadListener;
import com.appiancorp.tracing.CloseableSpan;
import com.appiancorp.tracing.TracingContext;
import com.appiancorp.tracing.TracingHelper;
import com.google.common.base.Preconditions;
import com.google.common.base.Stopwatch;
import com.google.common.base.Strings;
import java.io.File;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItem;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.fileupload.servlet.ServletRequestContext;
import org.apache.log4j.Logger;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/appiancorp/security/file/validator/ValidatingServletFileUpload.class */
public class ValidatingServletFileUpload extends ServletFileUpload {
    static final Logger LOGGER = Logger.getLogger(ValidatingServletFileUpload.class);
    static final String VALIDATE_EXTENSION_KEY = "validateExtension";
    static final String UNEXPECTED_ERROR_MESSAGE = "Unexpected Error";
    static final String SCAN_TIME_OUT_EXCEPTION_MESSAGE = "A file uploaded by %s was not scanned for viruses because the scan timed out.";
    static final String VIRUS_SCANNING_TIMEOUT_KEY = "virusScanning.timeout";
    static final String VIRUS_SCANNING_VIRUS_FOUND_KEY = "virusScanning.virusFound";
    static final String VIRUS_SCANNING_FILE_SIZE_KEY = "virusScanning.scannedFileSize";
    static final String VIRUS_SCANNING_FILE_SCAN_TIME_KEY = "virusScanning.fileScanTime";
    static final String VIRUS_SCANNING_SKIP_SCAN_KEY = "virusScanning.skipScanCount";
    static final String FILE_BLOCKED_BY_BLACKLIST_KEY = "fileBlocking.filesBlockedByBlacklist";
    static final String FILE_BLOCKED_BY_WHITELIST_KEY = "fileBlocking.filesBlockedByWhitelist";
    static final String FILE_BLOCKED_BY_TYPE_MISMATCH_KEY = "fileBlocking.filesBlockedByTypeMismatch";
    private final FileValidator fileValidator;
    private final SecurityContextProvider securityContextProvider;
    private final boolean isVirusScanningFeatureEnabled;
    private final boolean isExtensionValidationEnabled;

    public ValidatingServletFileUpload(DiskFileItemFactory diskFileItemFactory, ServletContext servletContext, SecurityContextProvider securityContextProvider) {
        this(diskFileItemFactory, servletContext, securityContextProvider, true);
    }

    public ValidatingServletFileUpload(DiskFileItemFactory diskFileItemFactory, ServletContext servletContext, SecurityContextProvider securityContextProvider, boolean z) {
        super(diskFileItemFactory);
        Preconditions.checkNotNull(diskFileItemFactory);
        Preconditions.checkArgument(diskFileItemFactory.getSizeThreshold() == 0, "Requires DiskFileItemFactory to have a size threshold of 0");
        Preconditions.checkNotNull(servletContext);
        Preconditions.checkNotNull(securityContextProvider);
        this.isExtensionValidationEnabled = z;
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(servletContext);
        this.isVirusScanningFeatureEnabled = ((FeatureToggleConfiguration) requiredWebApplicationContext.getBean(FeatureToggleConfiguration.class)).isVirusScanningEnabled() && ((FileUploadConfiguration) requiredWebApplicationContext.getBean(FileUploadConfiguration.class)).isVirusScanningEnabled();
        diskFileItemFactory.setSizeThreshold(0);
        this.fileValidator = (FileValidator) requiredWebApplicationContext.getBean(FileValidator.class);
        this.securityContextProvider = securityContextProvider;
    }

    public List<FileItem> parseRequest(HttpServletRequest httpServletRequest) throws FileUploadException {
        return parseRequest(httpServletRequest, null);
    }

    public List<FileItem> parseRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FileUploadException {
        CloseableSpan createCloseableSpan = TracingHelper.createCloseableSpan("ServeletFileUpload parseRequest");
        Throwable th = null;
        try {
            try {
                List<FileItem> parseRequest = super.parseRequest(new ServletRequestContext(httpServletRequest));
                if (createCloseableSpan != null) {
                    if (0 != 0) {
                        try {
                            createCloseableSpan.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        createCloseableSpan.close();
                    }
                }
                Optional<FileItem> findFirst = parseRequest.stream().filter(fileItem -> {
                    return fileItem.isFormField() && CsrfConstants.CSRF_TOKEN_MULTIPART_REQUEST_KEY.equals(fileItem.getFieldName());
                }).findFirst();
                if (findFirst.isPresent()) {
                    if (!CsrfTokenManager.get(httpServletRequest.getSession(false)).isValidMultipartFromFileItem(findFirst.get().getString(), httpServletRequest)) {
                        if (httpServletResponse != null) {
                            httpServletResponse.setStatus(401);
                        }
                        throw new RuntimeException();
                    }
                }
                Optional ofNullable = Optional.ofNullable(getProgressListener());
                ofNullable.ifPresent(scanningUploadListener -> {
                    scanningUploadListener.setScanningState(ScanningUploadListener.ScanningState.SCANNING);
                });
                CloseableSpan createDebugCloseableSpan = TracingHelper.createDebugCloseableSpan("Validating Files", TracingContext.FILE_UPLOAD.getConfigName());
                Throwable th3 = null;
                try {
                    parseRequest.stream().filter(fileItem2 -> {
                        return !fileItem2.isFormField();
                    }).forEach(fileItem3 -> {
                        if (!(fileItem3 instanceof DiskFileItem)) {
                            LOGGER.warn("Unsupported FileItem type: " + fileItem3.getClass().getName());
                            return;
                        }
                        File storeLocation = ((DiskFileItem) fileItem3).getStoreLocation();
                        String name = fileItem3.getName();
                        String name2 = this.securityContextProvider.get().getName();
                        if (storeLocation != null) {
                            String absolutePath = storeLocation.getAbsolutePath();
                            if (this.isVirusScanningFeatureEnabled && storeLocation.length() > 26214400) {
                                ProductMetricsAggregatedDataCollector.recordData(VIRUS_SCANNING_SKIP_SCAN_KEY, 1L);
                            }
                            LOGGER.debug(String.format("%s is requesting validation for %s: %s", name2, name, absolutePath));
                        }
                        validateFile(name2, name, storeLocation, shouldExtensionBeValidated(httpServletRequest));
                    });
                    ofNullable.ifPresent(scanningUploadListener2 -> {
                        scanningUploadListener2.setScanningState(ScanningUploadListener.ScanningState.DONE_SCANNING);
                    });
                    if (createDebugCloseableSpan != null) {
                        if (0 != 0) {
                            try {
                                createDebugCloseableSpan.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            createDebugCloseableSpan.close();
                        }
                    }
                    return parseRequest;
                } catch (Throwable th5) {
                    if (createDebugCloseableSpan != null) {
                        if (0 != 0) {
                            try {
                                createDebugCloseableSpan.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            createDebugCloseableSpan.close();
                        }
                    }
                    throw th5;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (createCloseableSpan != null) {
                if (th != null) {
                    try {
                        createCloseableSpan.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    createCloseableSpan.close();
                }
            }
            throw th7;
        }
    }

    private boolean shouldExtensionBeValidated(HttpServletRequest httpServletRequest) {
        if (this.isExtensionValidationEnabled) {
            return isValidationRequested(httpServletRequest) || !isPrivilegedUser();
        }
        return false;
    }

    private boolean isValidationRequested(HttpServletRequest httpServletRequest) {
        return !Strings.nullToEmpty(httpServletRequest.getParameter(VALIDATE_EXTENSION_KEY)).equalsIgnoreCase(Boolean.FALSE.toString());
    }

    private boolean isPrivilegedUser() {
        return this.securityContextProvider.get().getRoles().contains(SystemRoleAeImpl.DESIGNER.getName()) || this.securityContextProvider.get().isSysAdmin();
    }

    private void validateFile(String str, String str2, File file, boolean z) {
        Stopwatch createStarted = Stopwatch.createStarted();
        try {
            this.fileValidator.validate(str, str2, file, z, this.isVirusScanningFeatureEnabled);
            logScanTimeMetrics(createStarted, file == null ? 0L : file.length());
        } catch (FileValidationException e) {
            LOGGER.error(UNEXPECTED_ERROR_MESSAGE, e);
        } catch (VirusFoundException e2) {
            ProductMetricsAggregatedDataCollector.recordData(VIRUS_SCANNING_VIRUS_FOUND_KEY, 1L);
            logScanTimeMetrics(createStarted, file.length());
            throw e2;
        } catch (AntiVirusHostUnreachableException e3) {
            LOGGER.error(e3.getMessage(), e3);
        } catch (AntiVirusScanTimeoutException e4) {
            ProductMetricsAggregatedDataCollector.recordData(VIRUS_SCANNING_TIMEOUT_KEY, 1L);
            LOGGER.error(String.format(SCAN_TIME_OUT_EXCEPTION_MESSAGE, str), e4);
        } catch (BlockedExtensionException e5) {
            if (ExtensionBlockingMode.BLACKLIST.equals(e5.getBlockingMode())) {
                ProductMetricsAggregatedDataCollector.recordData(FILE_BLOCKED_BY_BLACKLIST_KEY, 1L);
            } else if (ExtensionBlockingMode.WHITELIST.equals(e5.getBlockingMode())) {
                ProductMetricsAggregatedDataCollector.recordData(FILE_BLOCKED_BY_WHITELIST_KEY, 1L);
            }
            throw e5;
        } catch (MimeTypeMismatchException e6) {
            ProductMetricsAggregatedDataCollector.recordData(FILE_BLOCKED_BY_TYPE_MISMATCH_KEY, 1L);
            throw e6;
        }
    }

    private void logScanTimeMetrics(Stopwatch stopwatch, long j) {
        stopwatch.stop();
        if (!this.isVirusScanningFeatureEnabled || j <= 0 || j > 26214400) {
            return;
        }
        ProductMetricsAggregatedDataCollector.recordData(VIRUS_SCANNING_FILE_SIZE_KEY, j);
        ProductMetricsAggregatedDataCollector.recordData(VIRUS_SCANNING_FILE_SCAN_TIME_KEY, stopwatch.elapsed(TimeUnit.MILLISECONDS));
    }
}
