package de.superx.servlet;

import de.memtext.db.NichtAngemeldetException;
import de.memtext.tree.KeyParentEqualException;
import de.memtext.tree.NoMainEntryException;
import de.memtext.util.ServletHelper;
import de.memtext.util.StringUtils;
import de.superx.common.DBServletException;
import de.superx.common.InvalidDataTypeException;
import de.superx.common.InvalidKeyException;
import de.superx.common.SichtException;
import de.superx.common.SxUser;
import de.superx.common.UngueltigeEingabeException;
import de.superx.util.RightsParser;
import de.superx.util.SqlStringUtils;
import de.superx.util.multipart.support.DefaultMultipartHttpServletRequest;
import freemarker.template.TemplateException;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.InvocationTargetException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.text.ParseException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.fileupload.DiskFileUpload;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUpload;
import org.dom4j.DocumentException;
import org.springframework.security.web.csrf.CsrfToken;
import org.xml.sax.SAXException;

/* loaded from: input_file:de/superx/servlet/SuperXUpload.class */
public class SuperXUpload extends AbstractSuperXServlet {
    private static final long serialVersionUID = 2;
    private static final String ADMIN_ONLY = SuperXManager.htmlPageHead("Upload") + "<center><h3>Hier ist ein Login nur für Administratoren m&ouml;glich.</h3>(Cookies m&uuml;ssen aktiviert sein)<FORM ACTION=\"SuperXUpload\" METHOD=\"post\"><p><p>Kennung: <br /><INPUT TYPE=\"Text\" NAME=\"kennung\" VALUE=\"superx\"></p><p><p>Passwort: <br /><INPUT TYPE=\"Password\" NAME=\"passwort\" value=\"\"></p><p>MandantenID<br><input type=\"text\" name=\"MandantenID\" value=\"default\"></p><br><INPUT TYPE=\"Submit\" NAME=\"Abschicken\" VALUE=\"Anmelden\"></FORM></center></body></html>";
    private static String pageBeginning = SuperXManager.htmlPageHead("Upload") + "<center><h1>SuperX Upload</h1>";
    private static String pageEnd = "</body></html>";
    private static String pathstart = "";
    private Map mandantenFilter = new HashMap();
    private static String tempdir;

    /* loaded from: input_file:de/superx/servlet/SuperXUpload$Uploader.class */
    private class Uploader extends SuperXServletHelper {
        private String subpath;
        private StringBuffer result;
        private Connection conn;
        private PreparedStatement pst;
        private List filterList;
        private List<FileItem> multipartdata;

        Uploader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<FileItem> list) throws IOException {
            super(httpServletRequest, httpServletResponse);
            this.subpath = "";
            this.result = new StringBuffer();
            this.filterList = new LinkedList();
            this.multipartdata = list;
            String str = (String) SuperXUpload.this.mandantenFilter.get(getMandantenID());
            if (str != null) {
                StringTokenizer stringTokenizer = new StringTokenizer(str, RightsParser.RIGHTS_SEPARATOR);
                while (stringTokenizer.hasMoreTokens()) {
                    this.filterList.add(stringTokenizer.nextToken());
                }
            }
            this.result.append(SuperXUpload.pageBeginning);
            try {
                this.conn = SxPools.getConnection(getMandantenID());
                this.pst = this.conn.prepareStatement("insert into protokoll (proto_fkt_id, userinfo_id, ip_adresse, client_name, zeitpunkt,kommentar) values (?, ?," + ("'" + httpServletRequest.getRemoteAddr() + "'") + "," + ("'" + httpServletRequest.getRemoteHost() + "'") + (SxPools.get(getMandantenID()).getSqlDialect().equals("Postgres") ? ", now()" : ", current") + ",?)");
            } catch (Exception e) {
                throw new IOException(e.getMessage());
            }
        }

        @Override // de.superx.servlet.SuperXServletHelper, de.memtext.util.ServletHelper
        protected void perform() throws SQLException, DBServletException, TransformerException, KeyParentEqualException, NichtAngemeldetException, IOException, ParseException, ParserConfigurationException, FactoryConfigurationError, SAXException, DocumentException, IllegalArgumentException, SecurityException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, CloneNotSupportedException, TemplateException, InvalidKeyException, SichtException, IOException, ServletException, UngueltigeEingabeException, NoMainEntryException, InvalidDataTypeException {
            new DiskFileUpload();
            try {
                this.subpath = File.separator + getMandantenID() + File.separator + "custom";
                for (FileItem fileItem : this.multipartdata) {
                    if (!fileItem.isFormField()) {
                        if (fileItem.getSize() != 0) {
                            if (isFileAllowed(fileItem.getName())) {
                                uploadFile(fileItem);
                            } else {
                                log(fileItem, new UngueltigeEingabeException("Hochladen von " + fileItem.getName() + " nicht erlaubt!"));
                            }
                        }
                    }
                }
            } catch (Exception e) {
                this.result.append("<p><font color=\"red\"> Hochladen nicht erfolgreich: " + e + "</font></p>");
            }
            this.result.append("<p align=\"center\"><a  href=\"/superx/servlet/SuperXUpload\">zur Upload-Seite</a></p></body> \n</html>");
            this.pst.close();
            this.conn.close();
            sendBackHtml(this.result.toString());
        }

        private void uploadFile(FileItem fileItem) throws SQLException {
            File file = new File(SuperXUpload.pathstart + this.subpath);
            try {
                if (!file.exists()) {
                    throw new IOException("Zielverzeichnis " + file + " existiert nicht");
                }
                File file2 = new File(SuperXUpload.pathstart + this.subpath + File.separator + fileItem.getName());
                if (file2.exists()) {
                    file2.delete();
                }
                fileItem.write(file2);
                log(fileItem, null);
            } catch (Exception e) {
                log(fileItem, e);
            }
        }

        private void log(FileItem fileItem, Exception exc) throws SQLException {
            String str;
            this.pst.setInt(2, ((Integer) ((SxUser) this.request.getSession().getAttribute("user")).getId()).intValue());
            this.result.append("<p>");
            String str2 = fileItem.getName() + " nach superx" + this.subpath;
            if (exc == null) {
                str = "Hochladen von " + str2 + " erfolgreich";
                this.result.append("<font color=\"darkgreen\">" + str + "</font>");
                this.pst.setInt(1, 11);
            } else if (exc instanceof UngueltigeEingabeException) {
                str = "Hochladen von " + str2 + " nicht erlaubt!";
                this.result.append("<font color=\"red\">" + str + "</font>");
                this.pst.setInt(1, 12);
            } else {
                str = "Hochladen von " + str2 + " nicht erfolgreich:" + exc;
                this.pst.setInt(1, 13);
                this.result.append("<font color=\"red\">" + str + "</font>");
            }
            this.pst.setString(3, str);
            this.pst.execute();
            this.result.append("</p>");
        }

        private boolean isFileAllowed(String str) {
            boolean z = false;
            for (String str2 : this.filterList) {
                if (str2.indexOf("*") == -1) {
                    if (str.equals(str2)) {
                        z = true;
                    }
                } else if (Pattern.compile(StringUtils.replace(StringUtils.replace(str2, ".", "\\.").toLowerCase(), "*", ".*")).matcher(str.toLowerCase()).matches()) {
                    z = true;
                }
            }
            return z;
        }
    }

    @Override // de.superx.servlet.AbstractSuperXServlet
    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        pathstart = getServletConfig().getServletContext().getRealPath("/");
        Enumeration initParameterNames = servletConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            this.mandantenFilter.put(str, servletConfig.getInitParameter(str));
            new File(pathstart + File.separator + str + "custom").mkdirs();
        }
        tempdir = System.getProperty("java.io.tmpdir");
        if (tempdir.endsWith("/") || tempdir.endsWith("\\")) {
            return;
        }
        tempdir += System.getProperty("file.separator");
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        checkAnmeldungImRequest(httpServletRequest);
        List<FileItem> list = null;
        if (!isAllowed(httpServletRequest, httpServletResponse)) {
            return;
        }
        if (!FileUpload.isMultipartContent(httpServletRequest)) {
            CsrfToken csRfToken = SuperXServletHelper.getCsRfToken(httpServletRequest);
            sendFormPage(httpServletRequest, httpServletResponse, csRfToken.getParameterName(), csRfToken.getToken());
            return;
        }
        HttpServletRequest httpServletRequest2 = httpServletRequest;
        while (true) {
            HttpServletRequest httpServletRequest3 = httpServletRequest2;
            if (!(httpServletRequest3 instanceof ServletRequestWrapper)) {
                new Uploader(httpServletRequest, httpServletResponse, list).run(true);
                return;
            } else {
                if (httpServletRequest3 instanceof DefaultMultipartHttpServletRequest) {
                    list = ((DefaultMultipartHttpServletRequest) httpServletRequest3).getFileItems();
                }
                httpServletRequest2 = ((ServletRequestWrapper) httpServletRequest3).getRequest();
            }
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        AbstractSuperXServlet.setEncoding(httpServletRequest);
        httpServletResponse.setContentType("text/html; charset=" + SqlStringUtils.getEncoding());
        if (isAllowed(httpServletRequest, httpServletResponse)) {
            CsrfToken csRfToken = SuperXServletHelper.getCsRfToken(httpServletRequest);
            sendFormPage(httpServletRequest, httpServletResponse, csRfToken.getParameterName(), csRfToken.getToken());
        }
    }

    private boolean isAllowed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean z = true;
        SxUser sxUser = (SxUser) httpServletRequest.getSession().getAttribute("user");
        if (sxUser == null || !sxUser.isAdmin()) {
            z = false;
            ServletUtils.sendBackHtml(httpServletResponse, ADMIN_ONLY);
        } else {
            String mandantenID = ServletUtils.getMandantenID(httpServletRequest);
            if (mandantenID == null || this.mandantenFilter.get(mandantenID) == null) {
                ServletUtils.sendBackHtml(httpServletResponse, pageBeginning + "<h2><font color=\"red\"> Die Funktion ist f&uuml;r Ihre MandantenID: " + mandantenID + " nicht aktiviert.</font></h2></body></html>");
                z = false;
            }
        }
        return z;
    }

    private void sendFormPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        String parameter = ServletHelper.getParameter(httpServletRequest, "pfad");
        String mandantenID = ServletUtils.getMandantenID(httpServletRequest);
        if (parameter == null) {
        }
        ServletUtils.sendBackHtml(httpServletResponse, insertCsrfToken(httpServletRequest, pageBeginning + "<p align=\"center\"> <b>Ihre MandantenID:</b><font color=\"darkgreen\">" + mandantenID + "</font></p><p align=\"center\">Dateien werden auf dem Webserver gespielt ins Verzeichnis <b>superx/" + mandantenID + "/custom/</b><br>Zur Verlinkung von Grafiken kann z.B. ../" + mandantenID + "/custom/" + mandantenID + "/logo.gif genutzt werden</p><p align=\"center\"><b>Erlaubte Dateien:</b><font color=\"darkgreen\"> " + this.mandantenFilter.get(mandantenID) + "</font><br><br> <b>Jeder Upload wird einschließlich Dateiname,Username,Zeitpunkt und IP-Nummer protokolliert!</b><br><br>Sie k&ouml;nnen ein bis vier Dateien gleichzeitig hochladen.<br>Ggfs. bereits vorhandene Dateien werden &uuml;berschrieben.</p><form action=\"/superx/servlet/SuperXUpload\" enctype=\"multipart/form-data\" method=\"POST\"> \n<p align=\"center\"><br><input type=\"file\" size=\"60\" name=\"datei1\" ><br>\n<input type=\"file\" size=\"60\"  name=\"datei2\" ><br>\n<input type=\"file\" size=\"60\"  name=\"datei3\" ><br>\n<input type=\"file\" size=\"60\" name=\"datei4\" ><br><br>\n<input type=\"hidden\" name=\"" + str + "\" value=\"" + str2 + "\"><input type=\"submit\" value=\"Upload\"> \n</p></form> \n</body> \n</html>"));
    }

    public String getServletInfo() {
        return "SuperXUpload";
    }
}
