package org.apache.sling.security.impl;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ValueMap;
import org.apache.sling.api.wrappers.SlingHttpServletResponseWrapper;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Filter.class})
@Component(metatype = true, description = "Request filter adding Content Disposition attachment for certain paths/content types", label = " Apache Sling Content Disposition Filter")
@Properties({@Property(name = "sling.filter.scope", value = {"request"}, propertyPrivate = true), @Property(name = "service.ranking", intValue = {-25000}, propertyPrivate = true)})
/* loaded from: input_file:org/apache/sling/security/impl/ContentDispositionFilter.class */
public class ContentDispositionFilter implements Filter {
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Property(label = "Content Disposition Paths", description = "These paths are checked by the filter. Each entry is of the form 'path [ \":\" CSV of excluded content types ]'. Invalid entries are logged and ignored.", unbounded = PropertyUnbounded.ARRAY, value = {""})
    private static final String PROP_CONTENT_DISPOSTION_PATHS = "sling.content.disposition.paths";

    @Property(label = "Content Disposition Excluded Paths", description = "These paths are excluded by the filter. Each entry is of the form 'path'. ", unbounded = PropertyUnbounded.ARRAY, value = {""})
    private static final String PROP_CONTENT_DISPOSTION_EXCLUDED_PATHS = "sling.content.disposition.excluded.paths";
    private static final boolean DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS = false;

    @Property(boolValue = {false}, label = "Enable Content Disposition for all paths", description = "This flag controls whether to enable Content Disposition for all paths, except for the excluded paths defined by sling.content.disposition.excluded.paths")
    private static final String PROP_ENABLE_CONTENT_DISPOSTION_ALL_PATHS = "sling.content.disposition.all.paths";
    Set<String> contentDispositionPaths;
    private String[] contentDispositionPathsPfx;
    Set contentDispositionExcludedPaths;
    private Map<String, Set<String>> contentTypesMapping;
    private boolean enableContentDispositionAllPaths;

    /* loaded from: input_file:org/apache/sling/security/impl/ContentDispositionFilter$RewriterResponse.class */
    protected class RewriterResponse extends SlingHttpServletResponseWrapper {
        private static final String CONTENT_DISPOSTION = "Content-Disposition";
        private static final String CONTENT_DISPOSTION_ATTACHMENT = "attachment";
        private static final String PROP_JCR_DATA = "jcr:data";
        private static final String JCR_CONTENT_LEAF = "jcr:content";
        static final String ATTRIBUTE_NAME = "org.apache.sling.security.impl.ContentDispositionFilter.RewriterResponse.contentType";
        private final SlingHttpServletRequest request;
        private final Resource resource;

        public RewriterResponse(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) {
            super(slingHttpServletResponse);
            this.request = slingHttpServletRequest;
            this.resource = slingHttpServletRequest.getResource();
        }

        public void setContentType(String str) {
            if ("GET".equals(this.request.getMethod())) {
                String str2 = (String) this.request.getAttribute(ATTRIBUTE_NAME);
                if (str2 != null && str2.equals(str)) {
                    return;
                }
                this.request.setAttribute(ATTRIBUTE_NAME, str);
                String path = this.resource.getPath();
                if (!ContentDispositionFilter.this.contentDispositionExcludedPaths.contains(path)) {
                    if (ContentDispositionFilter.this.enableContentDispositionAllPaths) {
                        setContentDisposition(this.resource);
                    } else {
                        boolean z = ContentDispositionFilter.DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS;
                        if (ContentDispositionFilter.this.contentDispositionPaths.contains(path)) {
                            if (!ContentDispositionFilter.this.contentTypesMapping.containsKey(path)) {
                                z = setContentDisposition(this.resource);
                            } else if (!((Set) ContentDispositionFilter.this.contentTypesMapping.get(path)).contains(str)) {
                                z = setContentDisposition(this.resource);
                            }
                        }
                        if (!z) {
                            String[] strArr = ContentDispositionFilter.this.contentDispositionPathsPfx;
                            int length = strArr.length;
                            int i = ContentDispositionFilter.DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS;
                            while (true) {
                                if (i >= length) {
                                    break;
                                }
                                String str3 = strArr[i];
                                if (path.startsWith(str3)) {
                                    if (!ContentDispositionFilter.this.contentTypesMapping.containsKey(str3)) {
                                        setContentDisposition(this.resource);
                                        break;
                                    } else if (!((Set) ContentDispositionFilter.this.contentTypesMapping.get(str3)).contains(str)) {
                                        setContentDisposition(this.resource);
                                        break;
                                    }
                                }
                                i++;
                            }
                        }
                    }
                }
            }
            super.setContentType(str);
        }

        private boolean setContentDisposition(Resource resource) {
            boolean z = ContentDispositionFilter.DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS;
            if (!containsHeader(CONTENT_DISPOSTION) && isJcrData(resource)) {
                addHeader(CONTENT_DISPOSTION, CONTENT_DISPOSTION_ATTACHMENT);
                z = true;
            }
            return z;
        }

        private boolean isJcrData(Resource resource) {
            ValueMap valueMap;
            boolean z = ContentDispositionFilter.DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS;
            if (resource != null) {
                ValueMap valueMap2 = (ValueMap) resource.adaptTo(ValueMap.class);
                if (valueMap2 == null || !valueMap2.containsKey(PROP_JCR_DATA)) {
                    Resource child = resource.getChild(JCR_CONTENT_LEAF);
                    if (child != null && (valueMap = (ValueMap) child.adaptTo(ValueMap.class)) != null && valueMap.containsKey(PROP_JCR_DATA)) {
                        z = true;
                    }
                } else {
                    z = true;
                }
            }
            return z;
        }
    }

    @Activate
    private void activate(ComponentContext componentContext) {
        Dictionary properties = componentContext.getProperties();
        String[] stringArray = PropertiesUtil.toStringArray(properties.get(PROP_CONTENT_DISPOSTION_PATHS));
        HashSet hashSet = new HashSet();
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        int length = stringArray.length;
        for (int i = DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS; i < length; i++) {
            String trim = stringArray[i].trim();
            if (trim.length() > 0) {
                int indexOf = trim.indexOf(42);
                int indexOf2 = trim.indexOf(":");
                if (indexOf2 <= -1 || indexOf2 >= indexOf) {
                    String str = DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS;
                    if (indexOf < 0) {
                        str = indexOf2 > -1 ? trim.substring(DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS, indexOf2) : trim;
                        hashSet.add(str);
                    } else if (indexOf > 0) {
                        str = trim.substring(DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS, indexOf);
                        arrayList.add(str);
                    } else {
                        this.logger.info("catch-all wildcard for paths not allowed.");
                    }
                    if (indexOf2 != -1 && str != null) {
                        hashMap.put(str, getContentTypes(trim.substring(indexOf2 + 1)));
                    }
                } else {
                    this.logger.info("':' in paths is not allowed.");
                }
            }
        }
        this.contentDispositionPaths = hashSet.isEmpty() ? Collections.emptySet() : hashSet;
        this.contentDispositionPathsPfx = (String[]) arrayList.toArray(new String[arrayList.size()]);
        this.contentTypesMapping = hashMap.isEmpty() ? Collections.emptyMap() : hashMap;
        this.enableContentDispositionAllPaths = PropertiesUtil.toBoolean(properties.get(PROP_ENABLE_CONTENT_DISPOSTION_ALL_PATHS), false);
        this.contentDispositionExcludedPaths = new HashSet(Arrays.asList(PropertiesUtil.toStringArray(properties.get(PROP_CONTENT_DISPOSTION_EXCLUDED_PATHS))));
        this.logger.info("Initialized. content disposition paths: {}, content disposition paths-pfx {}, content disposition excluded paths: {}. Enable Content Disposition for all paths is set to {}", new Object[]{this.contentDispositionPaths, this.contentDispositionPathsPfx, this.contentDispositionExcludedPaths, Boolean.valueOf(this.enableContentDispositionAllPaths)});
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, new RewriterResponse((SlingHttpServletRequest) servletRequest, (SlingHttpServletResponse) servletResponse));
    }

    private static Set<String> getContentTypes(String str) {
        HashSet hashSet = new HashSet();
        if (str != null && str.length() > 0) {
            String[] split = str.split(",");
            int length = split.length;
            for (int i = DEFAULT_ENABLE_CONTENT_DISPOSTION_ALL_PATHS; i < length; i++) {
                hashSet.add(split[i]);
            }
        }
        return hashSet;
    }
}
