package org.jivesoftware.admin.servlet;

import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.annotation.MultipartConfig;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.Part;
import org.jivesoftware.openfire.XMPPServer;
import org.jivesoftware.openfire.container.PluginManager;
import org.jivesoftware.openfire.update.UpdateManager;
import org.jivesoftware.util.CookieUtils;
import org.jivesoftware.util.ParamUtils;
import org.jivesoftware.util.StringUtils;
import org.jivesoftware.util.SystemProperty;
import org.jivesoftware.util.WebManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@WebServlet({"/plugin-admin.jsp"})
@MultipartConfig
/* loaded from: input_file:org/jivesoftware/admin/servlet/PluginServlet.class */
public class PluginServlet extends HttpServlet {
    private static final Logger Log = LoggerFactory.getLogger(PluginServlet.class);
    public static final SystemProperty<Boolean> PLUGINS_UPLOAD_ENABLED = SystemProperty.Builder.ofType(Boolean.class).setKey("plugins.upload.enabled").setDefaultValue(true).setDynamic(true).build();
    public static final SystemProperty<Boolean> CONTENTTYPE_CHECK_ENABLED = SystemProperty.Builder.ofType(Boolean.class).setKey("plugins.upload.content-type-check.enabled").setDefaultValue(false).setDynamic(true).build();
    public static final SystemProperty<List<String>> EXPECTED_CONTENTTYPE = SystemProperty.Builder.ofType(List.class).setKey("plugins.upload.content-type-check.expected-value").setDefaultValue(List.of("application/x-java-archive", "application/java-archive")).setDynamic(true).buildList(String.class);

    protected void doCommon(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        WebManager webManager = new WebManager();
        webManager.init(httpServletRequest, httpServletResponse, session, session.getServletContext());
        PluginManager pluginManager = webManager.getXMPPServer().getPluginManager();
        UpdateManager updateManager = XMPPServer.getInstance().getUpdateManager();
        httpServletRequest.setAttribute("webManager", webManager);
        httpServletRequest.setAttribute("pluginManager", pluginManager);
        httpServletRequest.setAttribute("updateManager", updateManager);
        httpServletRequest.setAttribute("plugins", pluginManager.getMetadataExtractedPlugins());
        httpServletRequest.setAttribute("uploadEnabled", PLUGINS_UPLOAD_ENABLED.getValue());
        httpServletRequest.setAttribute("serverVersion", XMPPServer.getInstance().getServerInfo().getVersion());
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doCommon(httpServletRequest, httpServletResponse);
        String randomString = StringUtils.randomString(15);
        CookieUtils.setCookie(httpServletRequest, httpServletResponse, "csrf", randomString, -1);
        httpServletRequest.setAttribute("csrf", randomString);
        httpServletRequest.getRequestDispatcher("plugin-admin-jsp.jsp").forward(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        Part part;
        String submittedFileName;
        String contentType;
        doCommon(httpServletRequest, httpServletResponse);
        WebManager webManager = (WebManager) httpServletRequest.getAttribute("webManager");
        PluginManager pluginManager = (PluginManager) httpServletRequest.getAttribute("pluginManager");
        boolean booleanValue = ((Boolean) httpServletRequest.getAttribute("uploadEnabled")).booleanValue();
        String parameter = ParamUtils.getParameter(httpServletRequest, "deleteplugin");
        String parameter2 = ParamUtils.getParameter(httpServletRequest, "reloadplugin");
        boolean z = httpServletRequest.getParameter("uploadplugin") != null;
        Cookie cookie = CookieUtils.getCookie(httpServletRequest, "csrf");
        String parameter3 = ParamUtils.getParameter(httpServletRequest, "csrf");
        boolean z2 = cookie == null || parameter3 == null || !cookie.getValue().equals(parameter3);
        String randomString = StringUtils.randomString(15);
        CookieUtils.setCookie(httpServletRequest, httpServletResponse, "csrf", randomString, -1);
        httpServletRequest.setAttribute("csrf", randomString);
        if (z2) {
            httpServletResponse.sendRedirect("plugin-admin.jsp?csrfError=true");
            return;
        }
        if (parameter != null) {
            pluginManager.deletePlugin(parameter);
            webManager.logEvent("deleted plugin " + parameter, null);
            httpServletResponse.sendRedirect("plugin-admin.jsp?deletesuccess=true");
            return;
        }
        if (parameter2 != null) {
            if (!pluginManager.reloadPlugin(parameter2)) {
                httpServletResponse.sendRedirect("plugin-admin.jsp?reloadsuccess=false");
                return;
            } else {
                webManager.logEvent("reloaded plugin " + parameter2, null);
                httpServletResponse.sendRedirect("plugin-admin.jsp?reloadsuccess=true");
                return;
            }
        }
        if (booleanValue && z) {
            boolean z3 = false;
            try {
                part = httpServletRequest.getPart("uploadfile");
                submittedFileName = part.getSubmittedFileName();
                contentType = part.getContentType();
                Log.debug("Uploaded plugin '{}' content type: '{}'.", submittedFileName, contentType);
            } catch (Exception e) {
                Log.error("Unable to upload plugin file.", e);
            }
            if (submittedFileName == null) {
                Log.error("Ignoring uploaded file: No filename specified for file upload.");
                httpServletResponse.sendRedirect("plugin-admin.jsp?uploadsuccess=false");
                return;
            }
            if (CONTENTTYPE_CHECK_ENABLED.getValue().booleanValue() && EXPECTED_CONTENTTYPE.getValue().stream().noneMatch(str -> {
                return str.equalsIgnoreCase(contentType);
            })) {
                Log.error("Ignoring uploaded file: Content type '{}' of uploaded file '{}' does not match any of the expected content types: {}", new Object[]{contentType, submittedFileName, String.join(", ", EXPECTED_CONTENTTYPE.getValue())});
                httpServletResponse.sendRedirect("plugin-admin.jsp?uploadsuccess=false");
                return;
            }
            try {
                InputStream inputStream = part.getInputStream();
                try {
                    z3 = XMPPServer.getInstance().getPluginManager().installPlugin(inputStream, submittedFileName);
                    if (z3) {
                        webManager.logEvent("uploaded plugin " + submittedFileName, null);
                    } else {
                        Log.error("Plugin manager failed to install plugin: " + submittedFileName);
                    }
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    httpServletResponse.sendRedirect("plugin-admin.jsp?uploadsuccess=" + z3);
                } catch (Throwable th) {
                    if (inputStream != null) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException e2) {
                Log.error("Unable to open file stream for uploaded file: " + submittedFileName, e2);
                httpServletResponse.sendRedirect("plugin-admin.jsp?uploadsuccess=false");
            }
        }
    }
}
