package com.nazdaq.noms.app.system;

import com.nazdaq.core.exceptions.FileSecurityPathException;
import com.nazdaq.core.helpers.FileHelper;
import com.nazdaq.core.helpers.OSValidator;
import com.nazdaq.noms.app.auth.AutoLoginLink;
import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import models.system.SettingProperty;
import org.jetbrains.annotations.NotNull;
import play.Logger;

/* loaded from: input_file:com/nazdaq/noms/app/system/FileSystemSecurity.class */
public class FileSystemSecurity {
    private static final Logger.ALogger logger = Logger.of(FileSystemSecurity.class);

    public static void initPaths() {
        if (getPaths().length == 0) {
            addPath(FileHelper.combine(FileHelper.getNOMSHomeDir(), "archive"));
        } else {
            addPath(AutoLoginLink.MODE_HOME);
        }
    }

    @NotNull
    public static String[] getPaths() {
        String[] split = SettingProperty.getSettingsString("whitepaths").split("\n");
        return (split.length == 1 && split[0].isEmpty()) ? new String[0] : split;
    }

    public static void addPath(String str) {
        boolean z = false;
        String trim = str.trim();
        logger.info("Adding Path: " + trim + " to whitelist.");
        ArrayList<String> arrayList = new ArrayList(Arrays.asList(getPaths()));
        if (!arrayList.isEmpty()) {
            ArrayList arrayList2 = new ArrayList();
            for (String str2 : arrayList) {
                if (str2 == null || str2.trim().isEmpty()) {
                    arrayList2.add(str2);
                } else if (!trim.isEmpty() && str2.trim().equals(trim)) {
                    z = true;
                }
            }
            if (!arrayList2.isEmpty()) {
                arrayList.removeAll(arrayList2);
            }
        }
        if (!z) {
            arrayList.add(trim);
        }
        SettingProperty.setProperty("whitepaths", String.join("\n", arrayList), false, false);
    }

    public static boolean isPathSafe(String str, boolean z) throws FileSecurityPathException {
        String fixPathSlashes = FileHelper.fixPathSlashes(str);
        if (fixPathSlashes.contains("..")) {
            throw new FileSecurityPathException("Path can't contain '..' in it!");
        }
        if (!z) {
            fixPathSlashes = FileHelper.removeTrailingSlash(fixPathSlashes);
        }
        if (fixPathSlashes.startsWith(FileHelper.getConfDir())) {
            if (z && fixPathSlashes.contains("printtestfile.pdf")) {
                return true;
            }
            throw new FileSecurityPathException("The file path can't be for a file inside /conf dir!");
        }
        if (z && fixPathSlashes.startsWith(FileHelper.getApplicDir())) {
            return true;
        }
        if (z && fixPathSlashes.contains(".mv.db")) {
            throw new FileSecurityPathException("You can't access system files!");
        }
        if (z && fixPathSlashes.startsWith(FileHelper.getDataDir())) {
            return true;
        }
        if (!z && fixPathSlashes.startsWith(SettingProperty.getSettingsString("ArchivePath"))) {
            return true;
        }
        for (String str2 : getPaths()) {
            if (!str2.isEmpty()) {
                String removeTrailingSlash = FileHelper.removeTrailingSlash(FileHelper.fixPathSlashes(str2));
                if (removeTrailingSlash.equals("*")) {
                    return true;
                }
                if (OSValidator.isWindows()) {
                    if (fixPathSlashes.toLowerCase().startsWith(removeTrailingSlash.toLowerCase())) {
                        return true;
                    }
                } else if (fixPathSlashes.startsWith(removeTrailingSlash)) {
                    return true;
                }
            }
        }
        if (z) {
            throw new FileSecurityPathException("You can't read/write to the file: " + fixPathSlashes + " (path is not in white-list)");
        }
        throw new FileSecurityPathException("You can't read/write to the path: " + fixPathSlashes + " (path is not in white-list)");
    }

    public static boolean isPathSafe4Browse(String[] strArr, String str, boolean z) throws FileSecurityPathException {
        if (!z) {
            str = FileHelper.removeTrailingSlash(str);
        }
        if (str.startsWith(FileHelper.getConfDir())) {
            return false;
        }
        if (z && str.contains(".mv.db")) {
            return false;
        }
        if (z && str.startsWith(FileHelper.getDataDir())) {
            return true;
        }
        for (String str2 : strArr) {
            String removeTrailingSlash = FileHelper.removeTrailingSlash(FileHelper.fixPathSlashes(str2));
            if (removeTrailingSlash.equals("*")) {
                return true;
            }
            if (OSValidator.isWindows()) {
                removeTrailingSlash = removeTrailingSlash.toLowerCase();
                str = str.toLowerCase();
            }
            if (removeTrailingSlash.startsWith(str) || str.startsWith(removeTrailingSlash)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isSafeFile(@NotNull String str) {
        return !"EXE,COM,VB,VBS,VBE,CMD,BAT,WS,WSF,SCR,SHS,PIF,HTA,JS,JSE,LNK,SH,LNK,WSH".contains(str.toUpperCase());
    }

    public static boolean isInsideNOMSDir(String str) {
        File file = new File(str);
        if (!FileHelper.extension(str).equals(AutoLoginLink.MODE_HOME)) {
            str = file.getParentFile().getAbsolutePath();
        }
        String removeTrailingSlash = FileHelper.removeTrailingSlash(str);
        if (removeTrailingSlash.startsWith("\\")) {
            return true;
        }
        String removeTrailingSlash2 = FileHelper.removeTrailingSlash(FileHelper.getNOMSHomeDir());
        if (OSValidator.isWindows()) {
            removeTrailingSlash2 = removeTrailingSlash2.toLowerCase();
            removeTrailingSlash = removeTrailingSlash.toLowerCase();
        }
        return removeTrailingSlash.startsWith(removeTrailingSlash2);
    }
}
