package com.ibm.ws.management.system.agent;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.management.authorizer.AdminAuthorizerFactory;
import com.ibm.websphere.management.exception.AdminException;
import com.ibm.websphere.management.exception.ConnectorException;
import com.ibm.websphere.management.filetransfer.FileTransferConfig;
import com.ibm.websphere.management.filetransfer.client.FileTransferClient;
import com.ibm.websphere.management.filetransfer.client.FileTransferOptions;
import com.ibm.websphere.security.WSSecurityHelper;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.management.system.JobDispatchUtil;
import com.ibm.ws.management.system.smgr.util.InternalJobConstants;
import com.ibm.ws.security.core.SecurityContext;
import com.ibm.ws.security.util.RestrictedAccess;
import com.ibm.ws.util.ImplFactory;
import com.ibm.wsspi.management.system.ContentDistributionProviderExtensionHandler;
import com.ibm.wsspi.management.system.JobContext;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.Arrays;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.Locale;
import java.util.Properties;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;

/* loaded from: input_file:com/ibm/ws/management/system/agent/DefaultContentDistributionHandler.class */
public class DefaultContentDistributionHandler extends ContentDistributionProviderExtensionHandler {
    private static final String CLASSNAME = "com.ibm.ws.management.system.agent.DefaultContentDistributionHandler";
    private static TraceComponent tc = Tr.register(DefaultContentDistributionHandler.class, "Agent", "com.ibm.ws.management.system.agent");
    private static boolean initialized = false;
    private static FileTransferOptions ftOptions = null;

    @Override // com.ibm.wsspi.management.system.ContentDistributionProviderExtensionHandler
    public void transfer(JobContext jobContext, Hashtable hashtable, Properties properties, String str) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "transfer", properties);
        }
        if (!initialized) {
            init();
        }
        try {
            final FileTransferClient fTClient = getFTClient(jobContext);
            final String transferSource = getTransferSource(properties);
            final File transferDestination = getTransferDestination(str);
            final FileTransferOptions fileTransferOptions = ftOptions;
            try {
                SecurityContext.runAsSystem(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.management.system.agent.DefaultContentDistributionHandler.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        fTClient.downloadFile(transferSource, transferDestination, fileTransferOptions);
                        return null;
                    }
                });
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "transfer", properties);
                }
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.management.system.agent.DefaultContentDistributionHandler.transfer", "112", this);
            AdminException adminException = AgentJobUtil.getAdminException(th);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "transfer", adminException);
            }
            throw adminException;
        }
    }

    @Override // com.ibm.wsspi.management.system.ContentDistributionProviderExtensionHandler
    public void remove(JobContext jobContext, Hashtable hashtable, String str) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "remove", str);
        }
        validatePath(str);
        if (!initialized) {
            init();
        }
        AgentJobUtil.getDownloadLocation();
        String str2 = AgentJobUtil.getDownloadLocation() + InternalJobConstants.MANAGED_RESOURCE_AND_UUID_SEP + str.replace('\\', '/');
        File file = new File(str2);
        if (tc.isDebugEnabled() && !file.exists()) {
            Tr.debug(tc, str2 + " does not exist");
        }
        if (!file.exists() || file.delete()) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "remove", str2);
            }
        } else {
            AdminException adminException = new AdminException("Deletion failed: " + str2);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "remove", adminException);
            }
            throw adminException;
        }
    }

    @Override // com.ibm.wsspi.management.system.ContentDistributionProviderExtensionHandler
    public void collect(JobContext jobContext, Hashtable hashtable) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "collect");
        }
        Locale locale = JobDispatchUtil.getLocale(jobContext, hashtable);
        try {
            File collectSource = getCollectSource(jobContext, hashtable);
            if (!collectSource.exists()) {
                throw new FileNotFoundException(collectSource.getCanonicalPath());
            }
            File configRoot = getConfigRoot(jobContext);
            if (!configRoot.exists()) {
                configRoot = null;
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "file to be collected is {0}", collectSource.getCanonicalPath());
            }
            boolean isDirectory = collectSource.isDirectory();
            if (isDirectory) {
                File file = new File(new File(new File(System.getProperty("user.install.root")), "temp"), collectSource.getName() + ".zip");
                zipSourceDirectory(configRoot, collectSource, file);
                collectSource = file;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "collection source is a directory; zipping to {0}", collectSource.getCanonicalPath());
                }
            } else if (!hasPermission(configRoot, collectSource)) {
                throw new AdminException(JobDispatchUtil.getFormattedMessage(locale, "CWWSY0701E: Permission denied accessing file {0}. The following administrative role is required: {1}.", "CWWSY0701E", new Object[]{collectSource.getCanonicalPath(), "administrator"}));
            }
            final FileTransferOptions fileTransferOptions = (FileTransferOptions) ImplFactory.loadImplFromKey(FileTransferOptions.class);
            if (isDirectory) {
                fileTransferOptions.setDeleteSourceOnCompletion(true);
                fileTransferOptions.setCompress(false);
                fileTransferOptions.setOverwrite(true);
            } else {
                fileTransferOptions.setDeleteSourceOnCompletion(false);
                fileTransferOptions.setCompress(true);
                fileTransferOptions.setOverwrite(true);
            }
            final FileTransferClient fTClient = getFTClient(jobContext);
            final String collectDestination = getCollectDestination(jobContext, hashtable, collectSource);
            final File file2 = collectSource;
            try {
                SecurityContext.runAsSystem(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.management.system.agent.DefaultContentDistributionHandler.2
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws Exception {
                        fTClient.uploadFile(file2, collectDestination, fileTransferOptions);
                        return null;
                    }
                });
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "collect");
                }
            } catch (PrivilegedActionException e) {
                throw e.getException();
            }
        } catch (Throwable th) {
            FFDCFilter.processException(th, "com.ibm.ws.management.system.agent.DefaultContentDistributionHandler.collect", "259", this);
            AdminException adminException = AgentJobUtil.getAdminException(th);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "collect", adminException);
            }
            throw adminException;
        }
    }

    private synchronized void init() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init");
        }
        ftOptions = (FileTransferOptions) ImplFactory.loadImplFromKey(FileTransferOptions.class);
        ftOptions.setCompress(true);
        ftOptions.setOverwrite(true);
        initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "init");
        }
    }

    private synchronized FileTransferClient getFTClient(JobContext jobContext) throws AdminException, ConnectorException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getFTClient");
        }
        FileTransferClient fileTransferClient = (FileTransferClient) ImplFactory.loadImplFromKey(FileTransferClient.class);
        FileTransferConfig jobManagerFileTransferConfig = jobContext.getJobManagerFileTransferConfig();
        jobManagerFileTransferConfig.getProperties().setProperty("clientIsDeviceManagerAgent", "true");
        if (jobManagerFileTransferConfig != null) {
            fileTransferClient.setFileTransferConfig(jobManagerFileTransferConfig);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getFTClient");
            }
            return fileTransferClient;
        }
        AdminException adminException = new AdminException("No file transfer configuration was provided.");
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getFTClient", adminException);
        }
        throw adminException;
    }

    private String getTransferSource(Properties properties) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTransferSource", properties);
        }
        String property = properties.getProperty("RegistryContentURI");
        if (property == null || property.equals("")) {
            AdminException adminException = new AdminException("No source URL was provided in the content element.");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTransferSource", adminException);
            }
            throw adminException;
        }
        validatePath(property);
        try {
            String str = "JobManager/" + new URL(property).getPath();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTransferSource", str);
            }
            return str;
        } catch (MalformedURLException e) {
            AdminException adminException2 = new AdminException(e, "An invalid URL was provided in the content element");
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getTransferSource", adminException2);
            }
            throw adminException2;
        }
    }

    private File getTransferDestination(String str) throws IOException, AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getTransferDestination", str);
        }
        validatePath(str);
        String str2 = AgentJobUtil.getDownloadLocation() + InternalJobConstants.MANAGED_RESOURCE_AND_UUID_SEP + str.replace('\\', '/');
        File file = new File(str2);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getTransferDestination", str2);
        }
        return file;
    }

    private File getProfileRoot(JobContext jobContext) {
        return new File(jobContext.getTargetProperties().getProperty("profile.registry.profile.root"));
    }

    private File getConfigRoot(JobContext jobContext) {
        return new File(getProfileRoot(jobContext), "config");
    }

    private File getCollectSource(JobContext jobContext, Hashtable hashtable) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCollectSource", hashtable);
        }
        File profileRoot = getProfileRoot(jobContext);
        String obj = hashtable.get("source").toString();
        validatePath(obj);
        return new File(profileRoot, obj);
    }

    private void zipSourceDirectory(File file, File file2, File file3) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "zipSourceDirectory");
        }
        int length = file2.getParentFile().getCanonicalPath().length() + 1;
        byte[] bArr = new byte[1024];
        ZipOutputStream zipOutputStream = new ZipOutputStream(new FileOutputStream(file3));
        zipOutputStream.setLevel(9);
        try {
            LinkedList linkedList = new LinkedList();
            linkedList.add(file2);
            while (!linkedList.isEmpty()) {
                File file4 = (File) linkedList.removeFirst();
                if (file4.isDirectory()) {
                    linkedList.addAll(Arrays.asList(file4.listFiles()));
                } else if (hasPermission(file, file4)) {
                    ZipEntry zipEntry = new ZipEntry(file4.getCanonicalPath().substring(length));
                    zipEntry.setMethod(8);
                    zipOutputStream.putNextEntry(zipEntry);
                    FileInputStream fileInputStream = new FileInputStream(file4);
                    try {
                        for (int read = fileInputStream.read(bArr); read > 0; read = fileInputStream.read(bArr)) {
                            zipOutputStream.write(bArr, 0, read);
                        }
                        zipOutputStream.closeEntry();
                        fileInputStream.close();
                    } catch (Throwable th) {
                        fileInputStream.close();
                        throw th;
                    }
                }
            }
        } finally {
            zipOutputStream.close();
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "zipSourceDirectory");
            }
        }
    }

    private String getCollectDestination(JobContext jobContext, Hashtable hashtable, File file) throws AdminException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCollectDestination");
        }
        StringBuffer stringBuffer = new StringBuffer("JobManager");
        stringBuffer.append('/').append(jobContext.getTaskID());
        stringBuffer.append('/').append(jobContext.getTargetName());
        if (hashtable.containsKey("destination")) {
            validatePath(hashtable.get("destination").toString());
            stringBuffer.append('/').append(hashtable.get("destination"));
        } else {
            stringBuffer.append('/').append(file.getName());
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "collection destination on job manager is {0}", stringBuffer.toString());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getCollectDestination");
        }
        return stringBuffer.toString();
    }

    private static boolean hasPermission(File file, File file2) throws IOException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "hasPermission: " + file + "," + file2);
        }
        boolean z = true;
        if (file != null && WSSecurityHelper.isGlobalSecurityEnabled()) {
            String canonicalPath = file.getCanonicalPath();
            String canonicalPath2 = file2.getCanonicalPath();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "hasPermission", new Object[]{"configRootCanonical=" + canonicalPath, "fileCanonical=" + canonicalPath2});
            }
            if (canonicalPath2.startsWith(canonicalPath)) {
                String replace = canonicalPath2.substring(canonicalPath.length()).replace('\\', '/');
                boolean isRestricted = RestrictedAccess.isRestricted(replace);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "configURI is: " + replace + ", restricted: " + isRestricted);
                }
                if (isRestricted) {
                    z = AdminAuthorizerFactory.getAdminAuthorizer().isCallerInRole("administrator");
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "hasPermission: " + z);
        }
        return z;
    }

    private void validatePath(String str) throws AdminException {
        String replace = str.replace('\\', '/');
        if (replace.startsWith("../") || replace.contains("/../") || replace.endsWith("/..") || replace.equals("..")) {
            AdminException adminException = new AdminException("Paths that use (..) are not supported: " + replace);
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "validatePath", new Object[]{adminException, "The url contains .."});
            }
            throw adminException;
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "validatePath", "Path is valid: " + replace);
        }
    }
}
