package com.tivoli.xtela.core.util;

import com.installshield.wizard.WizardException;
import com.tivoli.xtela.core.security.Authorization;
import com.tivoli.xtela.core.security.LocalDomain;
import com.tivoli.xtela.core.ui.web.console.CrossSite;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.util.Enumeration;
import java.util.MissingResourceException;
import java.util.PropertyResourceBundle;
import java.util.ResourceBundle;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:142513449e75f67c81acb6a2b8b6afc5/ijar/default:8fbe29be2bba3fa5b1f10bffa181f3ee:com/tivoli/xtela/core/util/FileTransfer.class */
public class FileTransfer extends HttpServlet {
    private static final String _id = "@(#)26 1.9 01/02/23 17:33:38";
    protected ServletConfig m_ServletConfig;
    protected static int m_FileXferBufferSize = 32767;
    protected static final String XSiteRealm = LocalDomain.instance().toString();
    protected static String m_msbase = LocalDomain.instance().getManagementServerFilePathString();
    private static final MIMETranslator mime = new MIMETranslator();

    public void init(ServletConfig servletConfig) throws ServletException {
        this.m_ServletConfig = servletConfig;
        System.out.println(new StringBuffer("[FileTransfer::init]: mspath: ").append(m_msbase).toString());
        System.out.println(new StringBuffer("[FileTransfer::init]: domain: ").append(XSiteRealm).toString());
        try {
            m_FileXferBufferSize = Integer.parseInt(((PropertyResourceBundle) ResourceBundle.getBundle("util")).getString("wsm.util.filetransferBufferSize"));
        } catch (MissingResourceException unused) {
            System.err.println(new StringBuffer("Couldn't find filetransferBufferSize using built-in value:").append(m_FileXferBufferSize).toString());
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Authorization authorization;
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        boolean z = false;
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            String str = (String) session.getValue(CrossSite.USER_KEY);
            if (str == null || str.length() == 0) {
                str = (String) session.getValue("username");
            }
            if (str != null && str.length() > 0) {
                z = true;
                System.out.println(new StringBuffer("[FileTransfer]: authorized ").append(str).append(" by console session").toString());
            }
        }
        if (!z && (authorization = new Authorization(httpServletRequest)) != null) {
            z = authorization.isAuth("EventHandler", "notify");
        }
        if (!z) {
            httpServletResponse.setHeader("WWW-Authenticate", new StringBuffer("Basic realm=\"").append(XSiteRealm).append("\"").toString());
            httpServletResponse.setContentType("text/html");
            httpServletResponse.setStatus(401);
            outputStream.println("<html><head><title>401 Authorization Required</title></head><body><h1>Authorization Required</h1>You must be an authorized Tivoli Web Services Manager user to access this resource.</body></html>");
            return;
        }
        String requestURI = httpServletRequest.getRequestURI();
        String str2 = "";
        String servletName = this.m_ServletConfig.getServletName();
        int indexOf = requestURI.indexOf(servletName);
        String property = System.getProperty("file.separator");
        if (indexOf > 0) {
            if (indexOf + servletName.length() == requestURI.length()) {
                httpServletResponse.setContentType("text/html");
                httpServletResponse.sendError(403, "uri must reference a file.");
                return;
            }
            String substring = requestURI.substring(indexOf + servletName.length() + 1);
            str2 = new StringBuffer(String.valueOf(property)).append(substring).toString();
            boolean z2 = true;
            String str3 = "Path is not allowed. Relative path must be ";
            String str4 = "";
            Enumeration appAcronyms = LocalDomain.instance().getAppAcronyms();
            while (appAcronyms.hasMoreElements()) {
                str3 = new StringBuffer(String.valueOf(str3)).append(str4).append((String) appAcronyms.nextElement()).toString();
                str4 = ", ";
            }
            String lowerCase = substring.toLowerCase();
            if (lowerCase.startsWith("qos") || lowerCase.startsWith("stm") || lowerCase.startsWith("si") || lowerCase.startsWith("cswa")) {
                z2 = false;
            }
            if (z2) {
                Enumeration appAcronyms2 = LocalDomain.instance().getAppAcronyms();
                while (true) {
                    if (!appAcronyms2.hasMoreElements()) {
                        break;
                    } else if (lowerCase.startsWith(((String) appAcronyms2.nextElement()).toLowerCase())) {
                        z2 = false;
                        break;
                    }
                }
            }
            if (str2.indexOf("/..") > 0) {
                z2 = true;
                str3 = ".. is not allowed in the path.";
            }
            if (str2.indexOf("\\..") > 0) {
                z2 = true;
                str3 = ".. is not allowed in the path.";
            }
            if (z2) {
                httpServletResponse.setContentType("text/html");
                httpServletResponse.sendError(403, str3);
                return;
            }
        }
        File file = new File(FileUtilities.updateFileSeparators(new StringBuffer(String.valueOf(m_msbase)).append(str2).toString()));
        if (!file.exists()) {
            httpServletResponse.sendError(WizardException.EXTERNAL_WIZARD_ERROR);
            return;
        }
        if (!file.isFile()) {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.sendError(403, "uri must be a file.");
            return;
        }
        if (!file.canRead()) {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.sendError(403, "File is not readable.");
            return;
        }
        try {
            new FileReader(file).close();
            System.out.println(new StringBuffer("[FileTransfer]: fullpath = ").append(file.getCanonicalPath()).toString());
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[m_FileXferBufferSize];
                httpServletResponse.setContentType(mime.getMIMETypeforFilename(requestURI));
                while (fileInputStream.available() > 0) {
                    int read = fileInputStream.read(bArr);
                    if (read != -1) {
                        outputStream.write(bArr, 0, read);
                    }
                }
                fileInputStream.close();
            } catch (Exception unused) {
                httpServletResponse.sendError(WizardException.EXTERNAL_WIZARD_ERROR);
            }
        } catch (FileNotFoundException unused2) {
            httpServletResponse.setContentType("text/html");
            httpServletResponse.sendError(403, "File is not readable.");
        }
    }
}
