package com.appiancorp.security.file.validator;

import com.appiancorp.security.file.validator.antivirus.AntiVirusScanClient;
import com.appiancorp.security.file.validator.antivirus.exceptions.AntiVirusHostUnreachableException;
import com.appiancorp.security.file.validator.antivirus.exceptions.AntiVirusScanTimeoutException;
import com.appiancorp.security.file.validator.antivirus.exceptions.VirusFoundException;
import com.appiancorp.security.file.validator.exceptions.FileValidationException;
import com.appiancorp.security.file.validator.extension.FileExtensionService;
import com.appiancorp.security.file.validator.extension.exceptions.BlockedExtensionException;
import com.appiancorp.security.file.validator.extension.exceptions.MimeTypeMismatchException;
import com.appiancorp.security.file.validator.logging.FileValidatorBlockedFileAuditLogEvent;
import com.appiancorp.security.file.validator.logging.FileValidatorUnscannedFileAuditLogEvent;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.io.Files;
import io.prometheus.client.Counter;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/security/file/validator/FileValidationService.class */
public class FileValidationService implements FileValidator {
    public static final String URLENCODED_PERCENT_SIGN = "%25";
    private final AntiVirusScanClient antiVirusScanClient;
    private final FileValidationAuditService auditService;
    private final FileExtensionService fileExtensionService;
    private static final Logger LOGGER = LoggerFactory.getLogger(AntiVirusScanClient.class);
    static final Counter virusFound = Counter.build().name("appian_antivirus_virus_total").help("The number of viruses found").labelNames(new String[]{"extension", "signature"}).register();
    static final Counter blockedExtensions = Counter.build().name("appian_file_validation_blocked_extensions_total").help("The number of blocked extensions").labelNames(new String[]{"extension"}).register();
    static final Counter totalFiles = Counter.build().name("appian_file_validation_files_total").help("The total number of files").labelNames(new String[]{"extension"}).register();
    public static final Pattern ILLEGAL_CHARS_REGEX = Pattern.compile("[<>:\"/\\\\|?*]");
    public static final Pattern RTRIM_REGEX = Pattern.compile("[\\s\\x00-\\x20]+$");
    public static final Pattern TRAILING_PERCENT = Pattern.compile("%$");
    public static final Pattern NEXT_TO_LAST_PERCENT = Pattern.compile("%.$");
    public static final Pattern PERCENT_AND_TWO_NON_HEX_CHARS = Pattern.compile("%[^a-fA-F0-9]{2}");
    public static final Pattern PERCENT_FOLLOWED_BY_HEX_AND_NON_HEX = Pattern.compile("%[a-fA-F0-9][^a-fA-F0-9]");
    public static final Pattern PERCENT_FOLLOWED_BY_NON_HEX_AND_HEX = Pattern.compile("%[^a-fA-F0-9][a-fA-F0-9]");
    public static final List<Pattern> NON_ESCAPE_PATTERNS = ImmutableList.of(PERCENT_AND_TWO_NON_HEX_CHARS, PERCENT_FOLLOWED_BY_HEX_AND_NON_HEX, PERCENT_FOLLOWED_BY_NON_HEX_AND_HEX, NEXT_TO_LAST_PERCENT, TRAILING_PERCENT);

    public FileValidationService(AntiVirusScanClient antiVirusScanClient, FileValidationAuditService fileValidationAuditService, FileExtensionService fileExtensionService) {
        this.antiVirusScanClient = (AntiVirusScanClient) Preconditions.checkNotNull(antiVirusScanClient);
        this.auditService = (FileValidationAuditService) Preconditions.checkNotNull(fileValidationAuditService);
        this.fileExtensionService = (FileExtensionService) Preconditions.checkNotNull(fileExtensionService);
    }

    @Override // com.appiancorp.security.file.validator.FileValidator
    public void validate(String str, String str2, File file, boolean z, boolean z2) {
        String absolutePath = file == null ? str2 : file.getAbsolutePath();
        String trueExtension = getTrueExtension(str2);
        try {
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    try {
                                        validateExtension(str2, trueExtension, file, z);
                                        checkForVirus(str, str2, file, z2);
                                        ((Counter.Child) totalFiles.labels(new String[]{trueExtension})).inc();
                                    } catch (MimeTypeMismatchException e) {
                                        ((Counter.Child) blockedExtensions.labels(new String[]{trueExtension})).inc();
                                        this.auditService.auditBlockedFile(str, e.getFilename(), absolutePath, FileValidatorBlockedFileAuditLogEvent.Reason.FILE_TYPE, e.getFileTypeMismatchLogMessage());
                                        throw e;
                                    }
                                } catch (AntiVirusHostUnreachableException e2) {
                                    this.auditService.auditUnscannedFile(str, str2, absolutePath, FileValidatorUnscannedFileAuditLogEvent.ErrorType.UNREACHABLE);
                                    throw e2;
                                }
                            } catch (AntiVirusScanTimeoutException e3) {
                                this.auditService.auditUnscannedFile(str, str2, absolutePath, FileValidatorUnscannedFileAuditLogEvent.ErrorType.TIMEOUT);
                                throw e3;
                            }
                        } catch (BlockedExtensionException e4) {
                            ((Counter.Child) blockedExtensions.labels(new String[]{trueExtension})).inc();
                            this.auditService.auditBlockedFile(str, e4.getFilename(), absolutePath, FileValidatorBlockedFileAuditLogEvent.Reason.EXTENSION, Strings.isNullOrEmpty(e4.getExtension()) ? "no extension" : e4.getExtension());
                            throw e4;
                        }
                    } catch (VirusFoundException e5) {
                        ((Counter.Child) virusFound.labels(new String[]{trueExtension, e5.getSignature()})).inc();
                        this.auditService.auditBlockedFile(str, e5.getFilename(), absolutePath, FileValidatorBlockedFileAuditLogEvent.Reason.VIRUS, e5.getSignature());
                        throw e5;
                    }
                } catch (Exception e6) {
                    this.auditService.auditUnscannedFile(str, str2, absolutePath, FileValidatorUnscannedFileAuditLogEvent.ErrorType.OTHER);
                    throw new FileValidationException("Unexpected error", str2, e6);
                }
            } catch (FileValidationException e7) {
                this.auditService.auditUnscannedFile(str, str2, absolutePath, FileValidatorUnscannedFileAuditLogEvent.ErrorType.OTHER);
                throw e7;
            }
        } catch (Throwable th) {
            ((Counter.Child) totalFiles.labels(new String[]{trueExtension})).inc();
            throw th;
        }
    }

    private static final String getTrueExtension(String str) {
        String decodeFilename = decodeFilename(str);
        String str2 = "";
        while (decodeFilename.length() > 0 && str2.isEmpty()) {
            str2 = Files.getFileExtension(decodeFilename);
            if (str2.isEmpty()) {
                decodeFilename = decodeFilename.substring(0, decodeFilename.length() - 1);
            } else {
                str2 = RTRIM_REGEX.matcher(stripIllegalCharacters(str2)).replaceAll("");
                if (str2.isEmpty()) {
                    decodeFilename = decodeFilename.substring(0, decodeFilename.length() - str2.length());
                }
            }
        }
        return str2;
    }

    private void validateExtension(String str, String str2, File file, boolean z) {
        if (z) {
            this.fileExtensionService.validate(str, str2, file);
        }
    }

    private static final String stripIllegalCharacters(String str) {
        return ILLEGAL_CHARS_REGEX.matcher(str).replaceAll("");
    }

    private static final String decodeFilename(String str) {
        try {
            for (Pattern pattern : NON_ESCAPE_PATTERNS) {
                Matcher matcher = pattern.matcher(str);
                while (matcher.find()) {
                    int start = matcher.start();
                    str = str.substring(0, start) + URLENCODED_PERCENT_SIGN + (start < str.length() - 1 ? str.substring(start + 1) : "");
                    matcher = pattern.matcher(str);
                }
            }
            return URLDecoder.decode(str, StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            LOGGER.warn("Unable to find UTF-8 encoding for file extension validation; skipping urldecoding", e);
            return str;
        }
    }

    private void checkForVirus(String str, String str2, File file, boolean z) throws IOException {
        if (!z || file == null) {
            return;
        }
        if (file.length() <= AntiVirusScanClient.MAX_SCAN_FILE_SIZE) {
            this.antiVirusScanClient.scan(str, str2, file.getAbsolutePath());
        } else {
            LOGGER.debug("%s is requesting scan for file: %s but is being skipped because it is larger than %s bytes", new Object[]{str, str2, Long.valueOf(AntiVirusScanClient.MAX_SCAN_FILE_SIZE)});
            this.auditService.auditUnscannedFile(str, str2, file.getAbsolutePath(), FileValidatorUnscannedFileAuditLogEvent.ErrorType.SIZE);
        }
    }
}
