package blackboard.platform.servlet;

import blackboard.data.course.Course;
import blackboard.data.course.CourseMembership;
import blackboard.data.course.Group;
import blackboard.data.course.GroupMembership;
import blackboard.data.user.User;
import blackboard.persist.Id;
import blackboard.persist.KeyNotFoundException;
import blackboard.persist.PersistenceException;
import blackboard.persist.course.CourseDbLoader;
import blackboard.persist.course.CourseMembershipDbLoader;
import blackboard.persist.course.GroupMembershipDbLoader;
import blackboard.platform.BbServiceManager;
import blackboard.platform.context.ContextManager;
import blackboard.platform.filesystem.FileSystemException;
import blackboard.platform.filesystem.FileSystemService;
import blackboard.platform.intl.JsResource;
import blackboard.platform.security.Entitlement;
import blackboard.platform.security.SecurityUtil;
import blackboard.platform.security.authentication.BbSecurityException;
import blackboard.util.FileUtil;
import blackboard.util.LocaleUtil;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/servlet/HttpDownloadFileServlet.class */
public class HttpDownloadFileServlet extends HttpServlet {
    private static final String DEFAULT_COURSE_ENTITLEMENT_UID = "course.content.VIEW";
    private static final String DEFAULT_GRADEBOOK_ENTITLEMENT_UID = "course.gradebook-export.EXECUTE";
    private static final String DEFAULT_ADMIN_ENTITLEMENT_UID = "system.vi-data.VIEW";
    private static final String COURSE_CONTENT_URI = "/content/";
    private static final String ADMIN_VI_URI = "/systemdata/";
    private static final String STAFF_INFO_URI = "/staffinformation/";
    private static final String UPLOADS_URI = "/uploads/";
    private static final String GRADEBOOK_URI = "/gradebook/";
    private static final String GROUPS_URI = "/groups/";
    public static final int MIN_RESPONSE_BUFFER_SIZE = 64;
    private static Map _uriEntitlementMap = null;
    public static final byte[] NULL_BYTE_ARRAY = {0};
    public static final String GIF_MIME_TYPE = "image/gif";
    public static final String[] PASS_THROUGH_MIME_TYPES = {GIF_MIME_TYPE};

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        _uriEntitlementMap = new Hashtable();
        _uriEntitlementMap.put(COURSE_CONTENT_URI, DEFAULT_COURSE_ENTITLEMENT_UID);
        _uriEntitlementMap.put(STAFF_INFO_URI, DEFAULT_COURSE_ENTITLEMENT_UID);
        _uriEntitlementMap.put(UPLOADS_URI, DEFAULT_COURSE_ENTITLEMENT_UID);
        _uriEntitlementMap.put(GRADEBOOK_URI, DEFAULT_GRADEBOOK_ENTITLEMENT_UID);
        _uriEntitlementMap.put(ADMIN_VI_URI, DEFAULT_ADMIN_ENTITLEMENT_UID);
        _uriEntitlementMap.put(GROUPS_URI, DEFAULT_COURSE_ENTITLEMENT_UID);
    }

    public void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ContextManager contextManager = null;
        String alignAttrValue = LocaleUtil.getAlignAttrValue(LocaleUtil.RelativeAlignment.INVERSE);
        try {
            try {
                ContextManager contextManager2 = (ContextManager) BbServiceManager.safeLookupService(ContextManager.class);
                contextManager2.setContext(httpServletRequest);
                try {
                    doServeFile(httpServletRequest, httpServletResponse);
                } catch (BbSecurityException e) {
                    BbServiceManager.getLogService().logDebug("Access to this file is forbidden. ", e);
                    httpServletResponse.sendError(403);
                } catch (FileNotFoundException e2) {
                    BbServiceManager.getLogService().logDebug("File not found. ", e2);
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.println("<html dir='" + (LocaleUtil.isLeftToRight() ? "ltr" : "rtl") + "'>");
                    writer.println("<head>");
                    writer.println("<title>Error</title>");
                    writer.println("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">");
                    writer.println("<meta name=\"author\" content=\"Blackboard Webmaster\">");
                    writer.println("<meta name=\"copyright\" content=\"&copy; 1998-2003 Blackboard Inc.\">");
                    writer.println("<meta name=\"keywords\" content=\"Blackboard\">");
                    writer.println("<link type=\"text/css\" rel=\"stylesheet\" href=\"/ui/styles/blackboard.css\" />");
                    writer.println("<link type=\"text/css\" rel=\"stylesheet\" href=\"/ui/styles/palette.css\" />");
                    if (!BbServiceManager.getLocaleManager().getLocale().getIsLeftToRight()) {
                        writer.println("<link type=\"text/css\" rel=\"stylesheet\" href=\"/ui/styles/rtol.css\" />");
                    }
                    writer.println("<link type=\"image/x-icon\" rel=\"SHORTCUT ICON\" href=\"/ui/bb-icon2.ico\" />");
                    writer.println(JsResource.include("/javascript/validateForm.js"));
                    writer.println("</head>");
                    writer.println("<body class=\"bbDefault\">");
                    writer.println("<table cellspacing=\"0\" border=\"0\" cellpadding=\"0\" width=\"100%\">");
                    writer.println("<tr>");
                    writer.println("<td  width=\"40\" valign=\"middle\"><img border=\"0\" src=\"/images/ci/icons/receiptfail_u.gif\" width=\"32\" alt=\"\" height=\"32\"><img src=\"/images/spacer.gif\" height=\"1\" width=\"8\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("<td  width=\"100%\" valign=\"middle\"><span class=\"titlebar\"> Error </span></td>");
                    writer.println("</tr>");
                    writer.println("<tr>");
                    writer.println("<td width=\"100%\" colspan=\"2\"><img src=\"/images/spacer.gif\" height=\"5\" width=\"1\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("</tr>");
                    writer.println("<tr>");
                    writer.println("<td width=\"100%\" colspan=\"2\" class=\"bMedium\"><img src=\"/images/spacer.gif\" height=\"3\" width=\"1\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("</tr>");
                    writer.println("<tr>");
                    writer.println("<td width=\"100%\" colspan=\"2\"><img src=\"/images/spacer.gif\" height=\"10\" width=\"1\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("</tr>");
                    writer.println("</table>");
                    writer.println("<table cellspacing=\"0\" cellpadding=\"0\" width=\"100%\">");
                    writer.println("<tr> ");
                    writer.println("<td> ");
                    writer.println("<table cellspacing=\"0\" border=\"0\" cellpadding=\"5\" width=\"100%\">");
                    writer.println("<tr>  ");
                    writer.println("<td width=\"20\" valign=\"top\"><img src=\"/images/spacer.gif\" height=\"22\" width=\"22\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("<td width=\"100%\" valign=\"top\">Requested file could not be found.");
                    writer.println("<br>         ");
                    writer.println("<br>         ");
                    writer.println("</td>");
                    writer.println("</tr>");
                    writer.println("<tr>");
                    writer.println("<td align=\"" + alignAttrValue + "\" colspan=\"6\">");
                    writer.println("<a href=\"javascript:history.back();\"><img ALT=\"ok\" name=\"img_ok\" src=\"/images/ci/formbtns/ok_off.gif\" WIDTH=\"69\" HEIGHT=\"20\" BORDER=\"0\" HSPACE=\"5\"></a>");
                    writer.println("</td>");
                    writer.println("</tr>");
                    writer.println("<tr> ");
                    writer.println("<td align=\"" + alignAttrValue + "\" colspan=\"6\"><img src=\"/images/spacer.gif\" height=\"1\" width=\"10\" hspace=\"0\" vspace=\"0\" alt=\"\" border=\"0\" /></td>");
                    writer.println("</tr>");
                    writer.println("</table></td> ");
                    writer.println("</tr>");
                    writer.println("</table>");
                    writer.println("</body>");
                    writer.println("</html>");
                } catch (Exception e3) {
                    BbServiceManager.getLogService().logDebug("Unable to serve requested file.  Please contact your system administrator. ", e3);
                    throw new ServletException("Unable to serve requested file.  Please contact your system administrator.");
                }
                if (contextManager2 != null) {
                    contextManager2.releaseContext();
                }
            } catch (ServletException e4) {
                throw e4;
            }
        } catch (Throwable th) {
            if (0 != 0) {
                contextManager.releaseContext();
            }
            throw th;
        }
    }

    private File getFile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws FileSystemException, FileNotFoundException, IOException {
        String decode = URLDecoder.decode(httpServletRequest.getRequestURI());
        if (null == decode || decode.length() == 0) {
            throw new FileSystemException("No filename found in the request URI");
        }
        String formatPath = FileUtil.formatPath(decode);
        File vIDataDirectory = ((FileSystemService) BbServiceManager.safeLookupService(FileSystemService.class)).getVIDataDirectory();
        if (null == vIDataDirectory) {
            return null;
        }
        return new File(vIDataDirectory, formatPath);
    }

    protected void doServeFile(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, IOException, SecurityException, FileNotFoundException, FileSystemException {
        assertAuthenticated(httpServletRequest, httpServletResponse);
        assertAuthorized(httpServletRequest, httpServletResponse);
        File file = getFile(httpServletRequest, httpServletResponse);
        if (!file.exists()) {
            throw new FileNotFoundException("Couldn't find file " + file.getAbsolutePath());
        }
        String mimeType = getServletContext().getMimeType(file.toString().toLowerCase());
        validateMimeType(mimeType);
        serveFile(httpServletResponse, file, mimeType, true);
    }

    private void assertAuthenticated(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException {
        if (!BbServiceManager.getSessionManagerService().getSession(httpServletRequest).isAuthenticated()) {
            throw new BbSecurityException("Session is not authenticated.");
        }
    }

    private void assertAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, FileNotFoundException {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI == null || requestURI.length() <= 0) {
            return;
        }
        if (requestURI.indexOf("/courses/1/") > -1) {
            _assertAuthorizedByCourse(httpServletRequest, httpServletResponse);
        } else {
            _assertAuthorizedByVI(httpServletRequest, httpServletResponse);
        }
    }

    private void _assertAuthorizedByCourse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, FileNotFoundException {
        String entitlementName = getEntitlementName(httpServletRequest);
        Id id = null;
        User user = ((ContextManager) BbServiceManager.safeLookupService(ContextManager.class)).getContext().getUser();
        if (user != null) {
            id = user.getId();
        }
        Course course = null;
        Id id2 = null;
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI != null && requestURI.length() > 0) {
            int indexOf = requestURI.indexOf("/courses/1/");
            if (indexOf <= -1) {
                throw new BbSecurityException("Improperly constructed URL.");
            }
            int indexOf2 = requestURI.indexOf("/", requestURI.indexOf("/", indexOf + 1) + 1) + 1;
            String substring = requestURI.substring(indexOf2, requestURI.indexOf("/", indexOf2));
            try {
                course = ((CourseDbLoader) BbServiceManager.getPersistenceService().getDbPersistenceManager().getLoader(CourseDbLoader.TYPE)).loadByCourseId(substring);
                if (course != null) {
                    id2 = course.getId();
                }
            } catch (Exception e) {
                e.printStackTrace();
                throw new FileNotFoundException("Course " + substring + " does not exist for this institution.");
            }
        }
        boolean userHasEntitlement = SecurityUtil.userHasEntitlement(new Entitlement(entitlementName), course);
        boolean z = userHasEntitlement;
        boolean z2 = (userHasEntitlement || id == null || !id.isSet() || course == null) ? false : true;
        boolean z3 = requestURI.indexOf(UPLOADS_URI) != -1;
        boolean z4 = requestURI.indexOf(GROUPS_URI) != -1;
        CourseMembership courseMembership = null;
        GroupMembership groupMembership = null;
        if (z3) {
            try {
                courseMembership = CourseMembershipDbLoader.Default.getInstance().loadByCourseAndUserId(id2, id);
            } catch (KeyNotFoundException e2) {
                BbServiceManager.getLogService().logInfo("Failed to load course membership for dropbox file request.", e2);
            } catch (PersistenceException e3) {
                BbServiceManager.getLogService().logInfo("Failed to load course membership for dropbox file request.", e3);
            }
            z = z && courseMembership != null;
        } else if (z4) {
            String str = null;
            int indexOf3 = requestURI.indexOf(GROUPS_URI);
            if (indexOf3 > -1) {
                int indexOf4 = requestURI.indexOf("/", indexOf3 + 1) + 1;
                str = requestURI.substring(indexOf4, requestURI.indexOf("/", indexOf4));
            }
            try {
                groupMembership = GroupMembershipDbLoader.Default.getInstance().loadByGroupAndUserId(BbServiceManager.getPersistenceService().getDbPersistenceManager().generateId(Group.DATA_TYPE, str), id);
            } catch (KeyNotFoundException e4) {
                BbServiceManager.getLogService().logInfo("Failed to load group membership for group file exchange request.", e4);
            } catch (PersistenceException e5) {
                BbServiceManager.getLogService().logInfo("Failed to load group membership for group file exchange request.", e5);
            }
            z = z && groupMembership != null;
        } else if (z2) {
            z = course.getAllowGuests();
        }
        if (!z) {
            throw new BbSecurityException("User does not have the necessary authorization.");
        }
    }

    private void _assertAuthorizedByVI(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BbSecurityException, FileNotFoundException {
        String entitlementName = getEntitlementName(httpServletRequest);
        ((ContextManager) BbServiceManager.safeLookupService(ContextManager.class)).getContext();
        if (!SecurityUtil.userHasEntitlement(new Entitlement(entitlementName))) {
            throw new BbSecurityException("User does not have the necessary authorization.");
        }
    }

    private void validateMimeType(String str) throws BbSecurityException {
        if ((str != null && str.length() > 0) && 0 != 0) {
            System.err.println("Skipping security check for file (?)  with pass-through MIME type: " + str);
        }
    }

    protected void serveFile(HttpServletResponse httpServletResponse, File file, String str, boolean z) throws IOException, SecurityException, FileNotFoundException, FileSystemException {
        if (str == null || str.length() <= 0) {
            httpServletResponse.setContentType("application/octet");
        } else {
            httpServletResponse.setContentType(str);
        }
        httpServletResponse.setContentLength(new Long(file.length()).intValue());
        httpServletResponse.setBufferSize(FileUtil.BUFFER_SIZE);
        FileUtil.writeFileToStream(file, httpServletResponse.getOutputStream());
    }

    protected String getEntitlementName(HttpServletRequest httpServletRequest) throws BbSecurityException {
        String decode = URLDecoder.decode(httpServletRequest.getRequestURI());
        if (null == decode || decode.length() == 0) {
            return null;
        }
        if (null == _uriEntitlementMap) {
            throw new BbSecurityException("System is not configured correctly.  Please contact your system administrator.");
        }
        boolean z = false;
        String str = null;
        Iterator it = _uriEntitlementMap.keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String str2 = (String) it.next();
            z = decode.indexOf(str2) > -1;
            if (z) {
                str = str2;
                break;
            }
        }
        return z ? (String) _uriEntitlementMap.get(str) : DEFAULT_COURSE_ENTITLEMENT_UID;
    }
}
