package org.akaza.openclinica.control.submit;

import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.util.ArrayList;
import java.util.Iterator;
import javax.servlet.ServletOutputStream;
import javax.ws.rs.core.HttpHeaders;
import org.akaza.openclinica.bean.core.Utils;
import org.akaza.openclinica.bean.managestudy.StudyBean;
import org.akaza.openclinica.control.core.SecureController;
import org.akaza.openclinica.control.form.FormProcessor;
import org.akaza.openclinica.dao.managestudy.StudyDAO;
import org.akaza.openclinica.i18n.core.LocaleResolver;
import org.akaza.openclinica.view.Page;
import org.akaza.openclinica.web.InsufficientPermissionException;
import org.apache.commons.fileupload.FileUploadBase;

/* loaded from: input_file:WEB-INF/classes/org/akaza/openclinica/control/submit/DownloadAttachedFileServlet.class */
public class DownloadAttachedFileServlet extends SecureController {
    @Override // org.akaza.openclinica.control.core.SecureController
    public void mayProceed() throws InsufficientPermissionException {
        LocaleResolver.getLocale(this.request);
        new FormProcessor(this.request);
        if (this.ub.isSysAdmin() || SubmitDataServlet.mayViewData(this.ub, this.currentRole)) {
            return;
        }
        this.request.setAttribute("downloadStatus", "false");
        addPageMessage(respage.getString("you_not_have_permission_download_attached_file"));
        throw new InsufficientPermissionException(Page.DOWNLOAD_ATTACHED_FILE, resexception.getString("no_permission"), "1");
    }

    @Override // org.akaza.openclinica.control.core.SecureController
    public void processRequest() throws Exception {
        int read;
        String str = "";
        String string = new FormProcessor(this.request).getString("fileName");
        File file = new File(string);
        if (string != null && string.length() > 0) {
            int parentStudyId = this.currentStudy.getParentStudyId();
            String attachedFileRootPath = Utils.getAttachedFileRootPath();
            String str2 = File.separator + file.getName();
            String str3 = attachedFileRootPath + this.currentStudy.getOid() + str2;
            String str4 = attachedFileRootPath + this.currentStudy.getOid() + File.separator;
            File file2 = new File(str4, file.getName());
            if (!file2.getCanonicalPath().startsWith(str4)) {
                throw new RuntimeException("Traversal attempt - file path not allowed " + string);
            }
            if (!file2.exists()) {
                if (!this.currentStudy.isSite(parentStudyId)) {
                    Iterator it = ((ArrayList) new StudyDAO(this.sm.getDataSource()).findAllByParent(this.currentStudy.getId())).iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String str5 = Utils.getAttachedFilePath((StudyBean) it.next()) + str2;
                        if (new File(str5).exists()) {
                            str = str5;
                            this.logger.info("site of currentStudy existing filePathName=" + str);
                            break;
                        }
                    }
                } else {
                    String str6 = attachedFileRootPath + ((StudyBean) new StudyDAO(this.sm.getDataSource()).findByPK(parentStudyId)).getOid() + str2;
                    if (new File(str6).exists()) {
                        str = str6;
                        this.logger.info("parent existing filePathName=" + str);
                    }
                }
            } else {
                str = str3;
                this.logger.info(this.currentStudy.getName() + " existing filePathName=" + str);
            }
        }
        this.logger.info("filePathName=" + str + " fileName=" + string);
        File file3 = (str == null || str.trim().length() <= 0) ? new File(string) : new File(str);
        if (file3 != null && file3.exists() && !file3.getCanonicalPath().startsWith(Utils.getAttachedFileRootPath())) {
            throw new RuntimeException("Traversal attempt - file path not allowed " + string);
        }
        if (!file3.exists() || file3.length() <= 0) {
            addPageMessage("File " + str + " " + respage.getString("not_exist"));
            return;
        }
        this.response.setHeader(FileUploadBase.CONTENT_DISPOSITION, "attachment; filename=\"" + string + "\";");
        this.response.setHeader("Pragma", "public");
        ServletOutputStream outputStream = this.response.getOutputStream();
        DataInputStream dataInputStream = null;
        try {
            try {
                this.response.setContentType("application/download");
                this.response.setHeader(HttpHeaders.CACHE_CONTROL, "max-age=0");
                this.response.setContentLength((int) file3.length());
                byte[] bArr = new byte[(int) file3.length()];
                dataInputStream = new DataInputStream(new FileInputStream(file3));
                while (dataInputStream != null && (read = dataInputStream.read(bArr)) != -1) {
                    outputStream.write(bArr, 0, read);
                }
                dataInputStream.close();
                outputStream.flush();
                outputStream.close();
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
                if (outputStream != null) {
                    outputStream.close();
                }
            } catch (Exception e) {
                e.printStackTrace();
                if (dataInputStream != null) {
                    dataInputStream.close();
                }
                if (outputStream != null) {
                    outputStream.close();
                }
            }
        } catch (Throwable th) {
            if (dataInputStream != null) {
                dataInputStream.close();
            }
            if (outputStream != null) {
                outputStream.close();
            }
            throw th;
        }
    }
}
