package com.atlassian.jira.web.servlet;

import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.issue.attachment.Attachment;
import com.atlassian.jira.util.AttachmentUtils;
import com.atlassian.jira.util.BrowserUtils;
import com.atlassian.jira.util.IOUtil;
import com.atlassian.jira.util.JiraUrlCodec;
import com.atlassian.jira.util.dbc.Assertions;
import com.atlassian.jira.web.util.HostileAttachmentsHelper;
import com.atlassian.jira.web.util.Ie6MimeSniffer;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.io.ByteStreams;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit.class */
public class MimeSniffingKit {
    public static final String CONTENT_DISPOSITION_ATTACHMENT = "attachment";
    public static final String CONTENT_DISPOSITION_INLINE = "inline";
    private static final Logger log = Logger.getLogger(MimeSniffingKit.class);
    private final ApplicationProperties applicationProperties;
    private HostileAttachmentsHelper attachmentHelper = new HostileAttachmentsHelper();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$ForceDownload.class */
    public class ForceDownload extends OpenAttachmentStrategy {
        private ForceDownload(String str) {
            super(str);
        }

        @Override // com.atlassian.jira.web.servlet.MimeSniffingKit.OpenAttachmentStrategy
        public void setResponseHeaders(HttpServletResponse httpServletResponse) {
            MimeSniffingKit.this.setContentDispositionOnResponse(httpServletResponse, this.filename, "attachment");
            httpServletResponse.setHeader("X-Download-Options", "noopen");
        }
    }

    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$OpenAttachmentStrategy.class */
    private abstract class OpenAttachmentStrategy {
        final String filename;

        public OpenAttachmentStrategy(String str) {
            this.filename = (String) Assertions.notNull(str);
        }

        abstract void setResponseHeaders(HttpServletResponse httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$ShowInline.class */
    public class ShowInline extends OpenAttachmentStrategy {
        public ShowInline(String str) {
            super(str);
        }

        @Override // com.atlassian.jira.web.servlet.MimeSniffingKit.OpenAttachmentStrategy
        public void setResponseHeaders(HttpServletResponse httpServletResponse) {
            MimeSniffingKit.this.setContentDispositionOnResponse(httpServletResponse, this.filename, MimeSniffingKit.CONTENT_DISPOSITION_INLINE);
        }
    }

    public MimeSniffingKit(ApplicationProperties applicationProperties) {
        this.applicationProperties = applicationProperties;
    }

    public void setAttachmentResponseHeaders(Attachment attachment, String str, HttpServletResponse httpServletResponse) throws IOException {
        String filename = attachment.getFilename();
        BufferedInputStream bufferedInputStream = null;
        try {
            bufferedInputStream = getInputStream(attachment);
            getOpenAttachmentStrategy(filename, attachment.getMimetype(), str, bufferedInputStream).setResponseHeaders(httpServletResponse);
            if (bufferedInputStream != null) {
                IOUtil.shutdownStream(bufferedInputStream);
            }
        } catch (Throwable th) {
            if (bufferedInputStream != null) {
                IOUtil.shutdownStream(bufferedInputStream);
            }
            throw th;
        }
    }

    public void setAttachmentResponseHeaders(String str, String str2, String str3, BufferedInputStream bufferedInputStream, HttpServletResponse httpServletResponse) throws IOException {
        getOpenAttachmentStrategy(str, str2, str3, bufferedInputStream).setResponseHeaders(httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setContentDispositionOnResponse(HttpServletResponse httpServletResponse, String str, String str2) {
        httpServletResponse.setHeader("Content-Disposition", String.format("%s; filename*=%s''%s;", str2, this.applicationProperties.getEncoding(), JiraUrlCodec.encode(str, true)));
    }

    @Nonnull
    private OpenAttachmentStrategy getOpenAttachmentStrategy(String str, String str2, String str3, BufferedInputStream bufferedInputStream) throws IOException {
        String mimeSniffingPolicy = getMimeSniffingPolicy();
        boolean z = false;
        if (log.isDebugEnabled() && mimeSniffingPolicy.equalsIgnoreCase("insecure")) {
            log.debug("Mime sniffing policy is insecure, attachment will always be displayed inline");
        }
        if (!mimeSniffingPolicy.equalsIgnoreCase("insecure") && isExecutableContent(str, str2)) {
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Attachment \"" + str + "\" (" + str2 + ") presents as executable content, forcing download.");
            }
        } else if (mimeSniffingPolicy.equalsIgnoreCase("workaround") && BrowserUtils.isIe456Or7(str3)) {
            z = new Ie6MimeSniffer().smellsLikeHtml(getLeadingInputStreamBytes(bufferedInputStream, Ie6MimeSniffer.MAX_BYTES_TO_SNIFF));
            if (z) {
                log.debug("Detected Internet Explorer and file contents would be sniffed as HTML, forcing download");
            }
        } else if (mimeSniffingPolicy.equalsIgnoreCase("secure")) {
            z = true;
        }
        return z ? new ForceDownload(str) : new ShowInline(str);
    }

    @VisibleForTesting
    File getFileForAttachment(Attachment attachment) {
        return AttachmentUtils.getAttachmentFile(attachment);
    }

    @VisibleForTesting
    BufferedInputStream getInputStream(Attachment attachment) throws FileNotFoundException {
        return new BufferedInputStream(new FileInputStream(getFileForAttachment(attachment)));
    }

    @VisibleForTesting
    byte[] getLeadingInputStreamBytes(BufferedInputStream bufferedInputStream, int i) throws IOException {
        byte[] bArr = new byte[i];
        bufferedInputStream.mark(i);
        ByteStreams.read(bufferedInputStream, bArr, 0, i);
        bufferedInputStream.reset();
        return bArr;
    }

    boolean isExecutableContent(String str, String str2) {
        return this.attachmentHelper.isExecutableFileExtension(str) || this.attachmentHelper.isExecutableContentType(str2);
    }

    private String getMimeSniffingPolicy() {
        String defaultBackedString = this.applicationProperties.getDefaultBackedString("jira.attachment.download.mime.sniffing.workaround");
        if (defaultBackedString == null) {
            defaultBackedString = "workaround";
            log.warn("Missing MIME sniffing policy application property jira.attachment.download.mime.sniffing.workaround ! Defaulting to workaround");
        }
        if (!"insecure".equalsIgnoreCase(defaultBackedString) && !"secure".equalsIgnoreCase(defaultBackedString) && !"workaround".equalsIgnoreCase(defaultBackedString)) {
            log.warn("MIME sniffing policy application property is invalid: " + defaultBackedString + " ! Defaulting to workaround");
            defaultBackedString = "workaround";
        }
        return defaultBackedString;
    }
}
