package org.pentaho.platform.web.servlet;

import java.io.IOException;
import java.io.InputStream;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.pentaho.platform.api.engine.IPentahoSession;
import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission;
import org.pentaho.platform.engine.core.system.PentahoSystem;
import org.pentaho.platform.engine.security.SecurityHelper;
import org.pentaho.platform.engine.services.actionsequence.ActionSequenceResource;
import org.pentaho.platform.util.StringUtil;
import org.pentaho.platform.util.messages.LocaleHelper;
import org.pentaho.platform.web.servlet.messages.Messages;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/pentaho/platform/web/servlet/GetResource.class */
public class GetResource extends ServletBase {
    private static final long serialVersionUID = 1;
    private static final Log logger = LogFactory.getLog(GetResource.class);

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    @Override // org.pentaho.platform.web.servlet.ServletBase
    public Log getLogger() {
        return logger;
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        PentahoSystem.systemEntryPoint();
        try {
            IPentahoSession pentahoSession = getPentahoSession(httpServletRequest);
            String parameter = httpServletRequest.getParameter("resource");
            if (parameter == null || StringUtil.doesPathContainParentPathSegment(parameter)) {
                error(Messages.getInstance().getErrorString("GetResource.ERROR_0001_RESOURCE_PARAMETER_MISSING"));
                httpServletResponse.sendError(503);
                return;
            }
            String lowerCase = parameter.toLowerCase();
            if (lowerCase.endsWith(".xsl")) {
                str = "system/custom/xsl/" + parameter;
            } else if (lowerCase.endsWith(".mondrian.xml")) {
                String str2 = (String) PentahoSystem.get(String.class, "defaultRole", (IPentahoSession) null);
                if (str2 != null && !SecurityHelper.getInstance().isGranted(pentahoSession, new SimpleGrantedAuthority(str2))) {
                    httpServletResponse.sendError(403);
                    return;
                }
                str = parameter;
            } else {
                if (!lowerCase.endsWith(".jpg") && !lowerCase.endsWith(".jpeg") && !lowerCase.endsWith(".gif") && !lowerCase.endsWith(".png") && !lowerCase.endsWith(".bmp")) {
                    error(Messages.getInstance().getErrorString("GetResource.ERROR_0002_INVALID_FILE", new Object[]{parameter}));
                    httpServletResponse.sendError(503);
                    return;
                }
                str = parameter;
            }
            InputStream inputStream = new ActionSequenceResource("", 1, "", str).getInputStream(RepositoryFilePermission.READ, LocaleHelper.getLocale());
            if (inputStream == null) {
                error(Messages.getInstance().getErrorString("GetResource.ERROR_0003_RESOURCE_MISSING", new Object[]{str}));
                httpServletResponse.sendError(503);
                return;
            }
            String mimeType = getServletContext().getMimeType(str);
            String str3 = str;
            if (str.indexOf("/") != -1) {
                str3 = str.substring(str.lastIndexOf("/") + 1);
            }
            httpServletResponse.setHeader("content-disposition", "attachment;filename=" + str3);
            if (null == mimeType || mimeType.length() <= 0) {
                httpServletResponse.setContentType("image/png");
            } else {
                httpServletResponse.setContentType(mimeType);
            }
            httpServletResponse.setCharacterEncoding(LocaleHelper.getSystemEncoding());
            httpServletResponse.setHeader("expires", "0");
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                byte[] bArr = new byte[1024];
                int i = 0;
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read < 0) {
                        httpServletResponse.setContentLength(i);
                        inputStream.close();
                        outputStream.close();
                        return;
                    }
                    outputStream.write(bArr, 0, read);
                    i += read;
                }
            } catch (Throwable th) {
                inputStream.close();
                outputStream.close();
                throw th;
            }
        } finally {
            PentahoSystem.systemExitPoint();
        }
    }
}
