package com.appiancorp.tempo.api;

import com.appiancorp.ac.CollaborationConfiguration;
import com.appiancorp.common.I18nUtils;
import com.appiancorp.common.LocaleUtils;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.content.ExtendedContentService;
import com.appiancorp.content.util.ServerSizeConversionUtils;
import com.appiancorp.km.actions.CheckDownloadAction;
import com.appiancorp.process.xmlconversion.XMLStringBuilderUtils;
import com.appiancorp.record.ui.OpaqueUrlBuilder;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.appiancorp.security.cors.CorsUtil;
import com.appiancorp.security.file.validator.ValidatingServletFileUpload;
import com.appiancorp.security.file.validator.antivirus.exceptions.VirusFoundException;
import com.appiancorp.security.file.validator.extension.exceptions.BlockedExtensionException;
import com.appiancorp.security.file.validator.extension.exceptions.MimeTypeMismatchException;
import com.appiancorp.security.util.StringSecurityUtils;
import com.appiancorp.services.ServiceContextFactory;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.AppianException;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.LocaleFormatter;
import com.appiancorp.suiteapi.common.exceptions.PrivilegeException;
import com.appiancorp.tempo.api.FileServlet;
import com.appiancorp.tempo.api.ScanningUploadListener;
import com.appiancorp.tempo.common.TempoUris;
import com.appiancorp.util.BundleUtils;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableMap;
import gwtupload.server.AbstractUploadListener;
import gwtupload.server.UploadAction;
import gwtupload.server.exceptions.UploadCanceledException;
import gwtupload.server.exceptions.UploadSizeLimitException;
import gwtupload.server.exceptions.UploadTimeoutException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/appiancorp/tempo/api/UploadServlet.class */
public class UploadServlet extends UploadAction {
    private static final String SESSION_FILES = "FILES";
    private static final String SESSION_LAST_FILES = "LAST_FILES";
    public static final String SCANNING_MESSAGE_KEY = "ScanningMessage";
    private static String XML_TPL = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<response>%%MESSAGE%%</response>\n";
    private static String HTML_TPL = "<!doctype html><html><head></head><body><pre id='message'>%%MESSAGE%%</pre><pre id='domain'>%%DOMAIN%%</pre><script type='text/javascript'>var el=document.getElementById(\"message\");var d=document.getElementById(\"domain\");parent.postMessage(el.innerText||el.textContent, d.innerText||d.textContent);</script></body></html>";

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        LocaleFormatter localeFormatter = new LocaleFormatter(I18nUtils.getPrimaryIfInvalid(LocaleUtils.getCurrentLocale(httpServletRequest)));
        this.maxSize = 2147483647L;
        String str = null;
        String str2 = null;
        String str3 = null;
        perThreadRequest.set(httpServletRequest);
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        parsePost(httpServletRequest, httpServletResponse);
                                        str3 = FileServlet.upload((ExtendedContentService) ServiceLocator.getService(ServiceContextFactory.getServiceContext(SecurityContextHolder.getContext().getAuthentication().getName()), ExtendedContentService.SERVICE_NAME), (OpaqueUrlBuilder) ApplicationContextHolder.getBean(OpaqueUrlBuilder.class), getSessionFileItems(httpServletRequest)).toString();
                                        perThreadRequest.set(null);
                                        removeSessionFileItems(httpServletRequest);
                                    } catch (UploadTimeoutException e) {
                                        str = ErrorCode.INLINE_FILE_UPLOAD_TIMEOUT.getMessage(localeFormatter, new Object[]{getFileName(httpServletRequest)});
                                        str2 = ErrorCode.INLINE_FILE_UPLOAD_TIMEOUT.getTitle(localeFormatter, new Object[0]);
                                        perThreadRequest.set(null);
                                        removeSessionFileItems(httpServletRequest);
                                    }
                                } catch (FileServlet.NoKcIdException e2) {
                                    str = ErrorCode.INLINE_FILE_UPLOAD_NO_TEMP_DOCS_KC.getMessage(localeFormatter, new Object[]{"SYSTEM_KC_TEMPORARY_DOCS_KC"});
                                    str2 = ErrorCode.INLINE_FILE_UPLOAD_NO_TEMP_DOCS_KC.getTitle(localeFormatter, new Object[0]);
                                    perThreadRequest.set(null);
                                    removeSessionFileItems(httpServletRequest);
                                }
                            } catch (MimeTypeMismatchException e3) {
                                str = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_FILE_TYPE_MISMATCH.getMessage(localeFormatter, new Object[]{e3.getFilename(), e3.getExtension()});
                                str2 = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_FILE_TYPE_MISMATCH.getTitle(localeFormatter, new Object[0]);
                                perThreadRequest.set(null);
                                removeSessionFileItems(httpServletRequest);
                            }
                        } catch (PrivilegeException e4) {
                            str = ErrorCode.INLINE_FILE_UPLOAD_NO_TEMP_DOCS_KC_PRIVILEGES.getMessage(localeFormatter, new Object[0]);
                            str2 = ErrorCode.INLINE_FILE_UPLOAD_NO_TEMP_DOCS_KC_PRIVILEGES.getTitle(localeFormatter, new Object[0]);
                            perThreadRequest.set(null);
                            removeSessionFileItems(httpServletRequest);
                        }
                    } catch (FileServlet.MaxSizeExceededException | FileUploadBase.SizeLimitExceededException | UploadSizeLimitException e5) {
                        str = ErrorCode.INLINE_FILE_UPLOAD_MAX_SIZE_EXCEEDED.getMessage(localeFormatter, new Object[]{ServerSizeConversionUtils.formatSizeBytes(((CollaborationConfiguration) ConfigurationFactory.getConfiguration(CollaborationConfiguration.class)).getMaxUploadFileSize(), httpServletRequest.getLocale())});
                        str2 = ErrorCode.INLINE_FILE_UPLOAD_MAX_SIZE_EXCEEDED.getTitle(localeFormatter, new Object[0]);
                        perThreadRequest.set(null);
                        removeSessionFileItems(httpServletRequest);
                    }
                } catch (UploadCanceledException e6) {
                    renderXmlResponse(httpServletRequest, httpServletResponse, "<canceled>true</canceled>", true);
                    finish(httpServletRequest);
                    perThreadRequest.set(null);
                    removeSessionFileItems(httpServletRequest);
                    return;
                } catch (VirusFoundException e7) {
                    str = ErrorCode.INLINE_FILE_UPLOAD_VIRUS_FOUND.getMessage(localeFormatter, new Object[]{e7.getFilename()});
                    str2 = ErrorCode.INLINE_FILE_UPLOAD_VIRUS_FOUND.getTitle(localeFormatter, new Object[0]);
                    perThreadRequest.set(null);
                    removeSessionFileItems(httpServletRequest);
                }
            } catch (BlockedExtensionException e8) {
                if (Strings.isNullOrEmpty(e8.getExtension())) {
                    str = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_EMPTY_EXTENSION.getMessage(localeFormatter, new Object[]{e8.getFilename()});
                    str2 = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_EMPTY_EXTENSION.getTitle(localeFormatter, new Object[0]);
                } else {
                    str = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_EXTENSION.getMessage(localeFormatter, new Object[]{e8.getFilename(), e8.getExtension()});
                    str2 = ErrorCode.INLINE_FILE_UPLOAD_BLOCKED_EXTENSION.getTitle(localeFormatter, new Object[0]);
                }
                perThreadRequest.set(null);
                removeSessionFileItems(httpServletRequest);
            } catch (Exception e9) {
                str = ErrorCode.INLINE_FILE_UPLOAD_FAILED.getMessage(localeFormatter, new Object[]{getFileName(httpServletRequest)});
                str2 = ErrorCode.INLINE_FILE_UPLOAD_FAILED.getTitle(localeFormatter, new Object[0]);
                perThreadRequest.set(null);
                removeSessionFileItems(httpServletRequest);
            }
            if (str != null) {
                renderResponse(httpServletRequest, httpServletResponse, statusToString(ImmutableMap.of("error", str, "errorTitle", str2)));
            } else {
                HashMap hashMap = new HashMap();
                getFileItemsSummary(httpServletRequest, hashMap);
                if (str3 != null) {
                    hashMap.put("message", "\n<![CDATA[\n" + str3 + "\n]]>\n");
                }
                renderResponse(httpServletRequest, httpServletResponse, statusToString(hashMap));
            }
            finish(httpServletRequest);
        } catch (Throwable th) {
            perThreadRequest.set(null);
            removeSessionFileItems(httpServletRequest);
            throw th;
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        if (httpServletRequest.getParameter("new_session") != null) {
            renderXmlResponse(httpServletRequest, httpServletResponse, "<blobstore>" + (isAppEngine() && this.useBlobstore) + "</blobstore>");
        } else {
            super.doGet(httpServletRequest, httpServletResponse);
        }
    }

    private void renderResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException, ServletException {
        String str2 = "%%%INI%%%" + XML_TPL.replace("%%MESSAGE%%", str != null ? str : "").replaceAll("<", "@@^^^").replaceAll(">", "^^^@@") + "%%%END%%%";
        String header = httpServletRequest.getHeader(CorsUtil.HEADER_ORIGIN);
        if (header == null) {
            header = httpServletRequest.getParameter(TempoUris.Key.FILE_UPLOAD_ORIGIN.getKey());
            String header2 = httpServletRequest.getHeader(CorsUtil.HEADER_REFERER);
            if (!CorsUtil.isAllowedOriginOrReferrer(httpServletRequest) || !header2.startsWith(header)) {
                LocaleFormatter localeFormatter = new LocaleFormatter(I18nUtils.getPrimaryIfInvalid(LocaleUtils.getCurrentLocale(httpServletRequest)));
                renderMessage(httpServletResponse, statusToStringEscapedValues(ImmutableMap.of("error", ErrorCode.INLINE_FILE_UPLOAD_DOMAIN_NOT_SUPPORTED.getMessage(localeFormatter, new Object[]{StringSecurityUtils.encodeHtml(header)}), "errorTitle", ErrorCode.INLINE_FILE_UPLOAD_DOMAIN_NOT_SUPPORTED.getTitle(localeFormatter, new Object[0]))), "text/html");
                return;
            }
        }
        renderMessage(httpServletResponse, HTML_TPL.replace("%%MESSAGE%%", "||" + StringSecurityUtils.encodeHtml(httpServletRequest.getParameter(TempoUris.Key.FILE_UPLOAD_IDENTIFIER.getKey())) + "??\n" + str2).replace("%%DOMAIN%%", StringSecurityUtils.encodeHtml(header)), "text/html");
    }

    @VisibleForTesting
    protected String statusToStringEscapedValues(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (entry.getValue() != null) {
                XMLStringBuilderUtils.addSimpleElement(sb, entry.getKey(), entry.getValue(), false);
                sb.append('\n');
            }
        }
        return sb.toString();
    }

    private String getFileName(HttpServletRequest httpServletRequest) {
        List sessionFileItems = getSessionFileItems(httpServletRequest);
        return (sessionFileItems == null || sessionFileItems.size() == 0 || sessionFileItems.get(0) == null) ? "" : ((FileItem) sessionFileItems.get(0)).getName();
    }

    protected void parsePost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        this.uploadDelay = 0;
        HttpSession session = httpServletRequest.getSession();
        removeCurrentListener(httpServletRequest);
        AbstractUploadListener createNewListener = createNewListener(httpServletRequest);
        checkRequest(httpServletRequest);
        ValidatingServletFileUpload servletFileUpload = getServletFileUpload(httpServletRequest);
        servletFileUpload.setSizeMax(this.maxSize);
        servletFileUpload.setProgressListener(createNewListener);
        int maxUploadFileSize = ((CollaborationConfiguration) ConfigurationFactory.getConfiguration(CollaborationConfiguration.class)).getMaxUploadFileSize();
        if (httpServletRequest.getContentLength() > maxUploadFileSize || httpServletRequest.getContentLength() < 0) {
            String message = ErrorCode.INLINE_FILE_UPLOAD_MAX_SIZE_EXCEEDED.getMessage(new LocaleFormatter(I18nUtils.getPrimaryIfInvalid(LocaleUtils.getCurrentLocale(httpServletRequest))), new Object[]{ServerSizeConversionUtils.formatSizeBytes(maxUploadFileSize, httpServletRequest.getLocale())});
            AppianException maxSizeExceededException = new FileServlet.MaxSizeExceededException(maxUploadFileSize);
            createNewListener.setException(new RuntimeException(message, maxSizeExceededException));
            throw maxSizeExceededException;
        }
        List<FileItem> parseRequest = servletFileUpload.parseRequest(httpServletRequest, httpServletResponse);
        ArrayList arrayList = new ArrayList(parseRequest.size());
        Iterator<FileItem> it = parseRequest.iterator();
        while (it.hasNext()) {
            arrayList.add(new FileItemWrapper(it.next()));
        }
        Vector vector = (Vector) getSessionFileItems(httpServletRequest);
        if (vector == null) {
            vector = new Vector();
        }
        session.setAttribute(SESSION_LAST_FILES, arrayList);
        if (arrayList.size() <= 0) {
            throw new RuntimeException();
        }
        vector.addAll(arrayList);
        session.setAttribute(SESSION_FILES, vector);
    }

    @VisibleForTesting
    ValidatingServletFileUpload getServletFileUpload(HttpServletRequest httpServletRequest) {
        DiskFileItemFactory fileItemFactory = getFileItemFactory(httpServletRequest.getContentLength());
        fileItemFactory.setSizeThreshold(0);
        return new ValidatingServletFileUpload(fileItemFactory, getServletContext(), (SecurityContextProvider) ApplicationContextHolder.getBean(SecurityContextProvider.class));
    }

    protected Map<String, String> getUploadStatus(HttpServletRequest httpServletRequest, String str, Map<String, String> map) {
        perThreadRequest.set(httpServletRequest);
        HttpSession session = httpServletRequest.getSession();
        if (map == null) {
            map = new HashMap();
        }
        ScanningUploadListener currentListener = getCurrentListener(httpServletRequest);
        if (currentListener != null) {
            if (currentListener.getException() == null) {
                if (currentListener.getScanningState() == ScanningUploadListener.ScanningState.SCANNING) {
                    map.put(AppianUploadConstants.TAG_SCANNING, BundleUtils.getText(UploadServlet.class, LocaleUtils.getCurrentLocale(httpServletRequest), SCANNING_MESSAGE_KEY));
                }
                long bytesRead = currentListener.getBytesRead();
                long contentLength = currentListener.getContentLength();
                map.put("percent", Long.toString(contentLength != 0 ? (bytesRead * 100) / contentLength : 0L));
                map.put("currentBytes", Long.toString(bytesRead));
                map.put("totalBytes", Long.toString(contentLength));
                if (currentListener.isFinished()) {
                    map.put("finished", "ok");
                }
            } else if (currentListener.getException() instanceof UploadCanceledException) {
                map.put("canceled", "true");
                map.put("finished", "canceled");
                logger.error("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: " + str + " canceled by the user after " + currentListener.getBytesRead() + " Bytes");
            } else if (currentListener.getException().getCause() instanceof FileServlet.MaxSizeExceededException) {
                String message = currentListener.getException().getMessage();
                String title = ErrorCode.INLINE_FILE_UPLOAD_MAX_SIZE_EXCEEDED.getTitle(new LocaleFormatter(I18nUtils.getPrimaryIfInvalid(LocaleUtils.getCurrentLocale(httpServletRequest))), new Object[0]);
                map.put("error", message);
                map.put("errorTitle", title);
                map.put("finished", "error");
                logger.error("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: " + str + " finished with error: " + message);
            } else {
                LocaleFormatter localeFormatter = new LocaleFormatter(I18nUtils.getPrimaryIfInvalid(LocaleUtils.getCurrentLocale(httpServletRequest)));
                String message2 = ErrorCode.INLINE_FILE_UPLOAD_FAILED.getMessage(localeFormatter, new Object[]{getFileName(httpServletRequest)});
                String title2 = ErrorCode.INLINE_FILE_UPLOAD_FAILED.getTitle(localeFormatter, new Object[0]);
                map.put("error", message2);
                map.put("errorTitle", title2);
                map.put("finished", "error");
                logger.error("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: " + str + " finished with error: " + currentListener.getException().getMessage());
            }
        } else if (getSessionFileItems(httpServletRequest) == null) {
            logger.debug("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: no listener in session");
            map.put(CheckDownloadAction.WAIT, "listener is null");
        } else if (str == null) {
            map.put("finished", "ok");
            logger.debug("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: " + httpServletRequest.getQueryString() + " finished with files: " + session.getAttribute(SESSION_FILES));
        } else {
            Iterator it = ((Vector) getSessionFileItems(httpServletRequest)).iterator();
            while (it.hasNext()) {
                FileItem fileItem = (FileItem) it.next();
                if (!fileItem.isFormField() && fileItem.getFieldName().equals(str)) {
                    map.put("finished", "ok");
                    map.put("filename", str);
                    logger.debug("UPLOAD-SERVLET (" + session.getId() + ") getUploadStatus: " + str + " finished with files: " + session.getAttribute(SESSION_FILES));
                }
            }
        }
        if (map.containsKey("finished")) {
            removeCurrentListener(httpServletRequest);
        }
        perThreadRequest.set(null);
        return map;
    }

    protected AbstractUploadListener createNewListener(HttpServletRequest httpServletRequest) {
        if (isAppEngine()) {
            throw new IllegalStateException("Invalid servlet configuration: isAppEngine option no longer supported");
        }
        return new ScanningUploadListener(this.uploadDelay, httpServletRequest.getContentLength());
    }

    protected AbstractUploadListener getCurrentListener(HttpServletRequest httpServletRequest) {
        return ScanningUploadListener.current(httpServletRequest);
    }

    protected void finish(HttpServletRequest httpServletRequest) {
        AbstractUploadListener currentListener = getCurrentListener(httpServletRequest);
        if (currentListener != null) {
            currentListener.setFinished(true);
        }
    }

    @VisibleForTesting
    void setHttpServletRequest(HttpServletRequest httpServletRequest) {
        setThreadLocalRequest(httpServletRequest);
    }
}
