package org.intermine.web.struts;

import java.io.InputStream;
import java.util.Properties;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis.Constants;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.intermine.web.context.InterMineContext;

/* loaded from: input_file:WEB-INF/classes/org/intermine/web/struts/FileDownloadAction.class */
public class FileDownloadAction extends InterMineAction {
    private static final Logger LOG = Logger.getLogger(FileDownloadAction.class);

    @Override // org.apache.struts.action.Action
    public ActionForward execute(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        try {
            String parameter = httpServletRequest.getParameter(Constants.MC_RELATIVE_PATH);
            String parameter2 = httpServletRequest.getParameter("fileName");
            String parameter3 = httpServletRequest.getParameter("mimeType");
            String parameter4 = httpServletRequest.getParameter("mimeExtension");
            if (!fileIsPermitted(parameter2)) {
                httpServletResponse.sendError(401);
                return null;
            }
            InputStream resourceAsStream = getServlet().getServletContext().getResourceAsStream(parameter + parameter2);
            if (resourceAsStream == null) {
                httpServletResponse.sendError(404);
                return null;
            }
            if (parameter2.endsWith(parameter4)) {
                httpServletResponse.setContentType(parameter3);
                httpServletResponse.setHeader(FileUploadBase.CONTENT_DISPOSITION, "attachment; filename=" + parameter2);
            }
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            byte[] bArr = new byte[2048];
            while (true) {
                int read = resourceAsStream.read(bArr, 0, bArr.length);
                if (-1 == read) {
                    resourceAsStream.close();
                    outputStream.close();
                    return null;
                }
                outputStream.write(bArr, 0, read);
            }
        } catch (Exception e) {
            e.printStackTrace();
            recordError(new ActionMessage("api.fileDownloadFailed"), httpServletRequest);
            return actionMapping.findForward("api");
        }
    }

    private boolean fileIsPermitted(String str) {
        if (str == null) {
            return false;
        }
        Properties webProperties = InterMineContext.getWebProperties();
        for (String str2 : webProperties.getProperty("web.download.blacklist").split(",")) {
            if (str.contains(str2)) {
                LOG.info("Request denied due to black-list entry: " + str + " contains " + str2);
                return false;
            }
        }
        CharSequence[] split = webProperties.getProperty("web.download.whitelist").split(",");
        if (split.length <= 0) {
            return true;
        }
        for (CharSequence charSequence : split) {
            if (str.contains(charSequence)) {
                return true;
            }
        }
        LOG.info("Request denied due to white-list: " + str + " does not contain any of " + StringUtils.join(split));
        return false;
    }
}
