package com.sankuai.security.sdk.core.file;

import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/sankuai/security/sdk/core/file/FileChecker.class */
public class FileChecker {
    private static final Log logger = LogFactory.getLog(FileChecker.class);
    private static final String FILE_SEPARATOR = File.separator;
    private static final List<String> DEFAULT_REJECTED_FILE_NAME_LIST = Arrays.asList("%00", XMLConstants.XML_CHAR_REF_SUFFIX, ".asp", ".jsp", ".jspx", ".aspx", ".php", ".asa", ".cer");
    private static final List<String> DEFAULT_ACCEPTED_FILE_EXT_LIST = Arrays.asList("txt", "doc", "docx", "pdf", "csv", "xls", "xlsx", "bmp", "jpg", "png", "jpeg", "gif", "ppt", "pptx");

    public static boolean isValidFileName(String str) {
        return isValidFileName(str, DEFAULT_ACCEPTED_FILE_EXT_LIST);
    }

    public static boolean isValidFileName(String str, String str2) {
        if (str2 == null || str2.trim().length() == 0) {
            return false;
        }
        return isValidFileName(str, (List<String>) Arrays.asList(str2.toLowerCase().split("\\|")));
    }

    public static boolean isSecurityFilePath(String str) {
        if (null == str || 0 == str.length()) {
            return true;
        }
        while (str.endsWith(FILE_SEPARATOR)) {
            try {
                str = str.substring(0, str.length() - 1);
            } catch (IOException e) {
                logger.warn("Error occurs while getting canonical path of " + str + ", root cause " + e.getMessage());
                return true;
            }
        }
        return new File(str).getCanonicalPath().endsWith(str);
    }

    public static List<File> securityFileUpload(HttpServletRequest httpServletRequest, int i, File file, File file2, String str, boolean z) throws Exception {
        if (!file.exists()) {
            file.mkdirs();
        }
        ArrayList arrayList = new ArrayList();
        try {
            final HttpSession session = httpServletRequest.getSession(false);
            if (!ServletFileUpload.isMultipartContent(httpServletRequest)) {
                throw new Exception("Upload failed Not a multipart request");
            }
            ServletFileUpload servletFileUpload = new ServletFileUpload(new DiskFileItemFactory(0, file));
            servletFileUpload.setSizeMax(i);
            servletFileUpload.setProgressListener(new ProgressListener() { // from class: com.sankuai.security.sdk.core.file.FileChecker.1
                private long megaBytes = -1;
                private long progress = 0;

                @Override // org.apache.commons.fileupload.ProgressListener
                public void update(long j, long j2, int i2) {
                    if (i2 == 0) {
                        return;
                    }
                    long j3 = j / 1000000;
                    if (this.megaBytes == j3) {
                        return;
                    }
                    this.megaBytes = j3;
                    this.progress = (long) ((j / j2) * 100.0d);
                    if (session != null) {
                        session.setAttribute("progress", Long.toString(this.progress));
                    }
                }
            });
            for (FileItem fileItem : servletFileUpload.parseRequest(httpServletRequest)) {
                if (!fileItem.isFormField() && fileItem.getName() != null && !fileItem.getName().equals("")) {
                    String[] split = fileItem.getName().split("[\\/\\\\]");
                    String str2 = split[split.length - 1];
                    if (!isValidFileName(str2) && !isValidFileName(str2, str)) {
                        fileItem.delete();
                        throw new Exception("Upload only simple filenames with the following extensions Upload failed isValidFileName check");
                    }
                    if (z) {
                        str2 = new SimpleDateFormat("yyyyMMddHHmmss").format(new Date(Long.valueOf(System.currentTimeMillis()).longValue())) + "." + str2.substring(str2.lastIndexOf(".") + 1, str2.length());
                    }
                    File file3 = new File(file2, str2);
                    if (file3.exists()) {
                        String[] split2 = str2.split("\\.");
                        String str3 = split2.length > 1 ? split2[split2.length - 1] : "";
                        file3 = File.createTempFile(str2.substring(0, str2.length() - str3.length()), "." + str3, file2);
                    }
                    fileItem.write(file3);
                    arrayList.add(file3);
                    fileItem.delete();
                    if (session != null) {
                        session.setAttribute("progress", Long.toString(0L));
                    }
                }
            }
            return Collections.synchronizedList(arrayList);
        } catch (Exception e) {
            throw new Exception("Upload failure Problem during upload:" + e.getMessage());
        }
    }

    public static boolean checkLFI(Path path, Path path2) throws IOException {
        return Files.exists(path2.toAbsolutePath().normalize(), new LinkOption[0]) && !Files.isHidden(path2) && path2.toAbsolutePath().normalize().startsWith(path.toAbsolutePath());
    }

    private static boolean isValidFileName(String str, List<String> list) {
        int lastIndexOf;
        if (str == null || str.trim().length() == 0 || list == null || list.size() == 0 || (lastIndexOf = str.lastIndexOf(".")) < 0 || lastIndexOf >= str.length() - 1) {
            return false;
        }
        return !DEFAULT_REJECTED_FILE_NAME_LIST.contains(str.substring(0, lastIndexOf).toLowerCase()) && list.contains(str.substring(lastIndexOf + 1, str.length()).toLowerCase());
    }
}
