package com.dotmarketing.servlets;

import com.dotcms.repackage.com.missiondata.fileupload.MonitoredDiskFileItemFactory;
import com.dotcms.repackage.org.apache.commons.fileupload.FileItem;
import com.dotcms.repackage.org.apache.commons.fileupload.servlet.ServletFileUpload;
import com.dotmarketing.business.APILocator;
import com.dotmarketing.portlets.contentlet.util.ContentletUtil;
import com.dotmarketing.portlets.fileassets.business.FileAssetAPI;
import com.dotmarketing.util.UtilMethods;
import com.liferay.portal.ejb.UserLocalManagerUtil;
import com.liferay.portal.model.User;
import com.liferay.portal.util.Constants;
import com.liferay.portal.util.WebKeys;
import com.liferay.util.StringPool;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:com/dotmarketing/servlets/AjaxFileUploadServlet.class */
public class AjaxFileUploadServlet extends HttpServlet {
    private static final long serialVersionUID = 1;
    boolean isEmptyFile;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        HttpSession session = httpServletRequest.getSession();
        if ("get".equals(httpServletRequest.getParameter(Constants.CMD))) {
            doFileRetrieve(session, httpServletRequest, httpServletResponse);
        } else {
            doFileUpload(session, httpServletRequest, httpServletResponse);
        }
    }

    private void doFileRetrieve(HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            if (!UtilMethods.isSet(httpSession.getAttribute(WebKeys.USER_ID))) {
                throw new Exception("Could not download File. Invalid User");
            }
            String str = (String) httpSession.getAttribute(WebKeys.USER_ID);
            User userById = UserLocalManagerUtil.getUserById(str);
            if (!UtilMethods.isSet(userById) || !UtilMethods.isSet(userById.getUserId())) {
                throw new Exception("Could not download File. Invalid User");
            }
            File file = new File(new File(APILocator.getFileAssetAPI().getRealAssetPathTmpBinary() + File.separator + str + File.separator + httpServletRequest.getParameter("fieldName")).getAbsolutePath() + File.separator + httpServletRequest.getParameter(FileAssetAPI.FILE_NAME_FIELD));
            if (!isValidPath(file.getCanonicalPath())) {
                throw new Exception("Invalid fileName or Path");
            }
            if (file.exists()) {
                FileInputStream fileInputStream = new FileInputStream(file);
                byte[] bArr = new byte[1000];
                httpServletResponse.setContentType(getServletContext().getMimeType(file.getName()));
                ServletOutputStream outputStream = httpServletResponse.getOutputStream();
                while (true) {
                    int read = fileInputStream.read(bArr);
                    if (read <= 0) {
                        break;
                    } else {
                        outputStream.write(bArr, 0, read);
                    }
                }
                outputStream.flush();
                outputStream.close();
            }
        } catch (Exception e) {
            sendCompleteResponse(httpServletResponse, e.getMessage());
            e.printStackTrace();
        }
    }

    private void doFileUpload(HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AjaxFileUploadListener ajaxFileUploadListener = null;
        try {
            AjaxFileUploadListener ajaxFileUploadListener2 = new AjaxFileUploadListener(httpServletRequest.getContentLength());
            MonitoredDiskFileItemFactory monitoredDiskFileItemFactory = new MonitoredDiskFileItemFactory(ajaxFileUploadListener2);
            String parameter = httpServletRequest.getParameter("fieldName");
            httpServletRequest.getParameterNames();
            httpSession.setAttribute("FILE_UPLOAD_STATS_" + parameter, ajaxFileUploadListener2.getFileUploadStats());
            List<FileItem> parseRequest = new ServletFileUpload(monitoredDiskFileItemFactory).parseRequest(httpServletRequest);
            this.isEmptyFile = false;
            if (!UtilMethods.isSet(httpSession.getAttribute(WebKeys.USER_ID))) {
                throw new Exception("Could not upload File. Invalid User");
            }
            String str = (String) httpSession.getAttribute(WebKeys.USER_ID);
            User userById = UserLocalManagerUtil.getUserById(str);
            if (!UtilMethods.isSet(userById) || !UtilMethods.isSet(userById.getUserId())) {
                throw new Exception("Could not upload File. Invalid User");
            }
            for (FileItem fileItem : parseRequest) {
                if (!fileItem.isFormField()) {
                    if (fileItem.getSize() == 0) {
                        this.isEmptyFile = true;
                    }
                    String sanitizeFileName = ContentletUtil.sanitizeFileName(fileItem.getName().contains(File.separator) ? fileItem.getName().substring(fileItem.getName().lastIndexOf(File.separator) + 1) : fileItem.getName());
                    File file = new File(APILocator.getFileAssetAPI().getRealAssetPathTmpBinary() + File.separator + str + File.separator + parameter);
                    if (!isValidPath(file.getCanonicalPath())) {
                        throw new IOException("Invalid fileName or Path");
                    }
                    if (!file.exists()) {
                        file.mkdirs();
                    }
                    File file2 = new File(file.getAbsolutePath() + File.separator + sanitizeFileName);
                    if (file2.exists()) {
                        file2.delete();
                    }
                    fileItem.write(file2);
                    fileItem.delete();
                }
            }
            if (this.isEmptyFile) {
            }
            if (0 == 0) {
                sendCompleteResponse(httpServletResponse, null);
            } else {
                sendCompleteResponse(httpServletResponse, "Could not process uploaded file. Please see log for details.");
            }
        } catch (Exception e) {
            ajaxFileUploadListener.error("error");
            httpSession.setAttribute("FILE_UPLOAD_STATS_" + ((String) null), ajaxFileUploadListener.getFileUploadStats());
            sendCompleteResponse(httpServletResponse, e.getMessage());
            e.printStackTrace();
        }
    }

    private void sendCompleteResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        if (str == null) {
            httpServletResponse.getOutputStream().print(StringPool.BLANK);
        } else {
            httpServletResponse.getOutputStream().print(str);
        }
    }

    private static boolean isValidPath(String str) throws IOException {
        return Paths.get(str, new String[0]).toAbsolutePath().startsWith(Paths.get(new File(APILocator.getFileAssetAPI().getRealAssetPathTmpBinary()).getCanonicalPath(), new String[0]).toAbsolutePath());
    }
}
