package com.atlassian.jira.web.servlet;

import com.atlassian.http.mime.HostileExtensionDetector;
import com.atlassian.jira.config.properties.ApplicationProperties;
import com.atlassian.jira.issue.attachment.Attachment;
import com.atlassian.jira.util.IOUtil;
import com.atlassian.jira.util.JiraUrlCodec;
import com.atlassian.jira.util.dbc.Assertions;
import java.io.IOException;
import java.io.InputStream;
import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit.class */
public class MimeSniffingKit {
    public static final String CONTENT_DISPOSITION_ATTACHMENT = "attachment";
    public static final String CONTENT_DISPOSITION_INLINE = "inline";
    private static final Logger log = LoggerFactory.getLogger(MimeSniffingKit.class);
    private final ApplicationProperties applicationProperties;
    private HostileExtensionDetector hostileExtensionDetector;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$ForceDownload.class */
    public class ForceDownload extends OpenAttachmentStrategy {
        private ForceDownload(String str) {
            super(str);
        }

        @Override // com.atlassian.jira.web.servlet.MimeSniffingKit.OpenAttachmentStrategy
        public void setResponseHeaders(HttpServletResponse httpServletResponse) {
            MimeSniffingKit.this.setContentDispositionOnResponse(httpServletResponse, this.filename, "attachment");
            httpServletResponse.setHeader("X-Download-Options", "noopen");
        }
    }

    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$OpenAttachmentStrategy.class */
    private abstract class OpenAttachmentStrategy {
        final String filename;

        public OpenAttachmentStrategy(String str) {
            this.filename = (String) Assertions.notNull(str);
        }

        abstract void setResponseHeaders(HttpServletResponse httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/jira/web/servlet/MimeSniffingKit$ShowInline.class */
    public class ShowInline extends OpenAttachmentStrategy {
        public ShowInline(String str) {
            super(str);
        }

        @Override // com.atlassian.jira.web.servlet.MimeSniffingKit.OpenAttachmentStrategy
        public void setResponseHeaders(HttpServletResponse httpServletResponse) {
            MimeSniffingKit.this.setContentDispositionOnResponse(httpServletResponse, this.filename, MimeSniffingKit.CONTENT_DISPOSITION_INLINE);
        }
    }

    public MimeSniffingKit(ApplicationProperties applicationProperties, HostileExtensionDetector hostileExtensionDetector) {
        this.applicationProperties = applicationProperties;
        this.hostileExtensionDetector = hostileExtensionDetector;
    }

    public void setAttachmentResponseHeaders(Attachment attachment, String str, HttpServletResponse httpServletResponse) throws IOException {
        try {
            getOpenAttachmentStrategy(attachment.getFilename(), attachment.getMimetype()).setResponseHeaders(httpServletResponse);
            if (0 != 0) {
                IOUtil.shutdownStream((InputStream) null);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                IOUtil.shutdownStream((InputStream) null);
            }
            throw th;
        }
    }

    public void setAttachmentResponseHeaders(String str, String str2, HttpServletResponse httpServletResponse) throws IOException {
        getOpenAttachmentStrategy(str, str2).setResponseHeaders(httpServletResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setContentDispositionOnResponse(HttpServletResponse httpServletResponse, String str, String str2) {
        httpServletResponse.setHeader("Content-Disposition", String.format("%s; filename*=%s''%s;", str2, this.applicationProperties.getEncoding(), JiraUrlCodec.encode(str, true)));
    }

    @Nonnull
    private OpenAttachmentStrategy getOpenAttachmentStrategy(String str, String str2) throws IOException {
        String mimeSniffingPolicy = getMimeSniffingPolicy();
        boolean z = false;
        if (log.isDebugEnabled() && mimeSniffingPolicy.equalsIgnoreCase("insecure")) {
            log.debug("Mime sniffing policy is insecure, attachment will always be displayed inline");
        }
        if (!mimeSniffingPolicy.equalsIgnoreCase("insecure") && isExecutableContent(str, str2)) {
            z = true;
            if (log.isDebugEnabled()) {
                log.debug("Attachment \"" + str + "\" (" + str2 + ") presents as executable content, forcing download.");
            }
        } else if (mimeSniffingPolicy.equalsIgnoreCase("secure")) {
            z = true;
        }
        return z ? new ForceDownload(str) : new ShowInline(str);
    }

    boolean isExecutableContent(String str, String str2) {
        return this.hostileExtensionDetector.isExecutableFileExtension(str) || this.hostileExtensionDetector.isExecutableContentType(str2);
    }

    private String getMimeSniffingPolicy() {
        String defaultBackedString = this.applicationProperties.getDefaultBackedString("jira.attachment.download.mime.sniffing.workaround");
        if (defaultBackedString == null) {
            defaultBackedString = "workaround";
            log.warn("Missing MIME sniffing policy application property jira.attachment.download.mime.sniffing.workaround ! Defaulting to workaround");
        }
        if (!"insecure".equalsIgnoreCase(defaultBackedString) && !"secure".equalsIgnoreCase(defaultBackedString) && !"workaround".equalsIgnoreCase(defaultBackedString)) {
            log.warn("MIME sniffing policy application property is invalid: " + defaultBackedString + " ! Defaulting to workaround");
            defaultBackedString = "workaround";
        }
        return defaultBackedString;
    }
}
