package com.atlassian.jira.charts.jfreechart;

import com.atlassian.annotations.security.AnonymousSiteAccess;
import com.atlassian.jira.charts.util.ChartUtils;
import com.atlassian.jira.component.ComponentAccessor;
import com.atlassian.jira.index.ha.ReplicatedIndexOperation;
import com.atlassian.jira.io.SessionTempFile;
import com.atlassian.jira.io.TempFileFactory;
import com.atlassian.jira.util.PathTraversalException;
import com.atlassian.jira.util.PathUtils;
import java.io.File;
import java.io.IOException;
import javax.servlet.Servlet;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang3.StringUtils;
import org.jfree.chart.servlet.DisplayChart;
import org.jfree.chart.servlet.ServletUtilities;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@AnonymousSiteAccess
/* loaded from: input_file:com/atlassian/jira/charts/jfreechart/DisplayChartServlet.class */
public class DisplayChartServlet implements Servlet {
    public static final Logger log = LoggerFactory.getLogger(DisplayChartServlet.class);
    private final Servlet displayChart = new DisplayChart();

    public void init(ServletConfig servletConfig) throws ServletException {
        this.displayChart.init(servletConfig);
    }

    public void destroy() {
        this.displayChart.destroy();
    }

    public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        File file;
        String parameter = servletRequest.getParameter(ReplicatedIndexOperation.BACKUP_FILENAME);
        File chartDirectory = ((ChartUtils) ComponentAccessor.getComponent(ChartUtils.class)).getChartDirectory();
        try {
            validateFileName(parameter);
            file = new File(chartDirectory, parameter);
            PathUtils.ensurePathInSecureDir(chartDirectory.getAbsolutePath(), file.getAbsolutePath());
        } catch (PathTraversalException e) {
            log.warn("Possible path traversal attempt, returning 404 (filename='{}').", parameter);
        } catch (IOException e2) {
            log.error("Error checking path, returning 404 (filename='{}').", parameter);
        } catch (IllegalArgumentException e3) {
            log.warn(e3.getMessage() + ", returning 404 (filename='{}').", parameter);
        }
        if (!file.exists()) {
            log.warn("File not found, returning 404 (filename='{}').", parameter);
            ((HttpServletResponse) servletResponse).sendError(404);
            return;
        }
        try {
            ServletUtilities.sendTempFile(file, (HttpServletResponse) servletResponse);
            FileUtils.deleteQuietly(file);
            if (((HttpServletRequest) servletRequest).getSession(false) != null) {
                unmarkAsTemporaryFile(parameter);
            }
        } catch (Throwable th) {
            FileUtils.deleteQuietly(file);
            if (((HttpServletRequest) servletRequest).getSession(false) != null) {
                unmarkAsTemporaryFile(parameter);
            }
            throw th;
        }
    }

    private void validateFileName(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("The file name is of the wrong format");
        }
        if (!str.startsWith(ServletUtilities.getTempOneTimeFilePrefix())) {
            throw new IllegalArgumentException("The file name does not start with '" + ServletUtilities.getTempOneTimeFilePrefix() + "'");
        }
    }

    public ServletConfig getServletConfig() {
        return this.displayChart.getServletConfig();
    }

    public String getServletInfo() {
        return this.displayChart.getServletInfo();
    }

    private void unmarkAsTemporaryFile(String str) {
        SessionTempFile sessionTempFile;
        TempFileFactory tempFileFactory = (TempFileFactory) ComponentAccessor.getComponent(TempFileFactory.class);
        if (tempFileFactory == null || (sessionTempFile = tempFileFactory.getSessionTempFile(str)) == null || sessionTempFile.getFile().exists()) {
            return;
        }
        sessionTempFile.unbind();
    }
}
