package com.adobe.cq.dam.webdav.impl.io;

import com.day.cq.commons.jcr.JcrUtil;
import com.day.cq.dam.api.Asset;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.util.Text;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.ResourceUtil;
import org.apache.sling.api.resource.ValueMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Service({Filter.class})
@Component(metatype = false, label = "DAM Webdav Request Filter", description = "DAM Webdav Request Filter", immediate = true)
@Properties({@Property(name = "service.description", value = {"DAM Webdav Request Filter"}), @Property(name = "service.ranking", intValue = {Integer.MIN_VALUE}, propertyPrivate = true), @Property(name = "sling.filter.pattern", value = {"/content/dam.*"}, propertyPrivate = true), @Property(name = "sling.filter.scope", value = {"REQUEST"}, propertyPrivate = true)})
/* loaded from: input_file:com/adobe/cq/dam/webdav/impl/io/DamWebdavRequestFilter.class */
public class DamWebdavRequestFilter implements Filter {
    static Logger log;
    private static final String MOVE = "MOVE";
    private static final String DELETE = "DELETE";
    private static final String LOCK = "LOCK";
    private static final String COPY = "COPY";
    private static final String PUT = "PUT";
    private static final Set<String> METHODS;
    public static final String LOCK_PROPERTY = "cq:drivelock";
    private static final Map<String, Object> AUTH_INFO;

    @Reference
    private ResourceResolverFactory resolverFactory;

    @Reference
    private DamWebdavVersionLinkingJob webdavVersionLinking;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof SlingHttpServletRequest) && (servletResponse instanceof SlingHttpServletResponse)) {
            SlingHttpServletRequest slingHttpServletRequest = (SlingHttpServletRequest) servletRequest;
            SlingHttpServletResponse slingHttpServletResponse = (SlingHttpServletResponse) servletResponse;
            String method = slingHttpServletRequest.getMethod();
            if (METHODS.contains(method) && isLocked(slingHttpServletRequest, slingHttpServletResponse, method)) {
                slingHttpServletResponse.sendError(403);
                return;
            } else if (LOCK.equals(method)) {
                if (handleLock(slingHttpServletRequest, slingHttpServletResponse, method)) {
                    return;
                }
            } else if (this.webdavVersionLinking.isVersionLinkingEnabled() && handleVersionLinking(slingHttpServletRequest, slingHttpServletResponse, method)) {
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected boolean isLocked(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, String str) throws IOException {
        String header;
        String remoteUser = slingHttpServletRequest.getRemoteUser();
        Resource resource = slingHttpServletRequest.getResource();
        if (resource != null && !ResourceUtil.isNonExistingResource(resource) && isLocked(resource, remoteUser)) {
            return true;
        }
        if ((!MOVE.equals(str) && !COPY.equals(str)) || (header = slingHttpServletRequest.getHeader("Destination")) == null || header.length() <= 0) {
            return false;
        }
        try {
            Resource resource2 = slingHttpServletRequest.getResourceResolver().getResource(new URI(header).getPath());
            if (resource2 != null) {
                return isLocked(resource2, remoteUser);
            }
            return false;
        } catch (URISyntaxException e) {
            log.warn("Unepxected URI format received in destination header of {} request", str, e);
            return false;
        }
    }

    private boolean isLocked(Resource resource, String str) {
        String str2 = (String) ((ValueMap) resource.adaptTo(ValueMap.class)).get("jcr:content/cq:drivelock", "");
        if (str2.length() <= 0) {
            return false;
        }
        if (str2.equals(str)) {
            log.debug("asset is drive locked by remote user {}", str2);
            return false;
        }
        log.info("Asset is drive locked by {} (remote user = {})", str2, str);
        return true;
    }

    private boolean handleLock(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, String str) throws IOException {
        if (!$assertionsDisabled && !LOCK.equals(str)) {
            throw new AssertionError();
        }
        Resource resource = slingHttpServletRequest.getResource();
        Asset asset = resource == null ? null : (Asset) resource.adaptTo(Asset.class);
        if (asset == null) {
            return false;
        }
        try {
            Node node = (Node) resource.adaptTo(Node.class);
            if ((node != null && node.isNodeType("{http://www.jcp.org/jcr/mix/1.0}lockable")) || ((Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class)).hasPermission(asset.getPath(), "add_node,set_property,remove")) {
                return false;
            }
            log.info("session does not have write permission on {} for LOCK", asset.getPath());
            slingHttpServletResponse.sendError(403);
            return true;
        } catch (RepositoryException e) {
            log.warn("Error while checking lock capabilities of {}. delegating to next filter.", asset.getPath());
            return false;
        }
    }

    private boolean handleVersionLinking(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse, String str) {
        String header = slingHttpServletRequest.getHeader(DamWebdavConstants.USER_AGENT_HEADER);
        if (header == null || !header.toLowerCase().contains(DamWebdavConstants.WEBDAV_USER_AGENT)) {
            return false;
        }
        if (!str.equals(DELETE) && !str.equals(MOVE)) {
            return false;
        }
        Session session = null;
        try {
            try {
                Session session2 = (Session) this.resolverFactory.getServiceResourceResolver(AUTH_INFO).adaptTo(Session.class);
                if (str.equals(DELETE)) {
                    if (handleDelete(slingHttpServletRequest, session2)) {
                        slingHttpServletResponse.setStatus(200);
                        if (session2 != null && session2.isLive()) {
                            session2.logout();
                        }
                        return true;
                    }
                } else if (str.equals(MOVE)) {
                    handleMove(slingHttpServletRequest);
                }
                if (session2 == null || !session2.isLive()) {
                    return false;
                }
                session2.logout();
                return false;
            } catch (Exception e) {
                log.error(e.getMessage(), e);
                slingHttpServletResponse.setStatus(500);
                if (0 != 0 && session.isLive()) {
                    session.logout();
                }
                return true;
            }
        } catch (Throwable th) {
            if (0 != 0 && session.isLive()) {
                session.logout();
            }
            throw th;
        }
    }

    private void handleMove(SlingHttpServletRequest slingHttpServletRequest) {
        String path = slingHttpServletRequest.getResource().getPath();
        ResourceResolver resourceResolver = slingHttpServletRequest.getResourceResolver();
        Session session = (Session) resourceResolver.adaptTo(Session.class);
        if (resourceResolver.getResource(path) != null) {
            try {
                if (session.getNode(path).isNodeType("dam:Asset") && session.hasPermission(path, "set_property")) {
                    session.getNode(path + "/jcr:content").setProperty(DamWebdavConstants.WEBDAV_ASSET_ORIG_PATH, path);
                    session.save();
                }
            } catch (RepositoryException e) {
                log.error("Exception occurred while setting webdavAssetOriginalpath property on [" + path + "]");
                log.debug("Exception trace: ", e);
            }
        }
    }

    private boolean handleDelete(SlingHttpServletRequest slingHttpServletRequest, Session session) throws Exception {
        Resource resource = slingHttpServletRequest.getResource();
        if (resource == null) {
            return false;
        }
        String path = resource.getPath();
        Session session2 = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
        if (!session2.getNode(path).isNodeType("dam:Asset") || !session2.hasPermission(path, "remove")) {
            return false;
        }
        String name = Text.getName(path);
        Node createPath = JcrUtil.createPath(DamWebdavConstants.TMP + Text.getRelativeParent(path, 1), "sling:OrderedFolder", "sling:OrderedFolder", session, false);
        if (createPath.hasNode(name)) {
            createPath.getNode(name).remove();
        }
        session.save();
        session.getWorkspace().move(path, DamWebdavConstants.TMP + path);
        Node node = session.getNode(DamWebdavConstants.TMP + path);
        node.getNode("jcr:content").setProperty(DamWebdavConstants.WEBDAV_ASSET_BACKED_UP_BY, session2.getUserID());
        node.getNode("jcr:content").setProperty(DamWebdavConstants.WEBDAV_ASSET_BACKUP_TIMESTAMP, System.currentTimeMillis());
        session.save();
        return true;
    }

    public void destroy() {
    }

    static {
        $assertionsDisabled = !DamWebdavRequestFilter.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(DamWebdavRequestFilter.class);
        METHODS = new HashSet(Arrays.asList(MOVE, DELETE, LOCK, PUT));
        AUTH_INFO = Collections.singletonMap("sling.service.subservice", "webdavbkpservice");
    }

    protected void bindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resolverFactory = resourceResolverFactory;
    }

    protected void unbindResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resolverFactory == resourceResolverFactory) {
            this.resolverFactory = null;
        }
    }

    protected void bindWebdavVersionLinking(DamWebdavVersionLinkingJob damWebdavVersionLinkingJob) {
        this.webdavVersionLinking = damWebdavVersionLinkingJob;
    }

    protected void unbindWebdavVersionLinking(DamWebdavVersionLinkingJob damWebdavVersionLinkingJob) {
        if (this.webdavVersionLinking == damWebdavVersionLinkingJob) {
            this.webdavVersionLinking = null;
        }
    }
}
