package org.kuali.rice.kew.notes.web;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.log4j.Logger;
import org.eclipse.persistence.internal.helper.Helper;
import org.kuali.rice.coreservice.framework.CoreFrameworkServiceLocator;
import org.kuali.rice.kew.api.KewApiConstants;
import org.kuali.rice.kew.api.WorkflowRuntimeException;
import org.kuali.rice.kew.doctype.SecuritySession;
import org.kuali.rice.kew.notes.Attachment;
import org.kuali.rice.kew.notes.service.NoteService;
import org.kuali.rice.kew.routeheader.DocumentRouteHeaderValue;
import org.kuali.rice.kew.service.KEWServiceLocator;
import org.kuali.rice.krad.UserSession;
import org.kuali.rice.krad.util.KRADConstants;

/* loaded from: input_file:WEB-INF/lib/rice-impl-2.4.0.jar:org/kuali/rice/kew/notes/web/AttachmentServlet.class */
public class AttachmentServlet extends HttpServlet {
    private static final long serialVersionUID = -1918858512573502697L;
    public static final String ATTACHMENT_ID_KEY = "attachmentId";
    private static final Logger LOG = Logger.getLogger(AttachmentServlet.class);

    /* JADX WARN: Finally extract failed */
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter(ATTACHMENT_ID_KEY);
        if (parameter == null) {
            throw new ServletException("No 'attachmentId' was specified.");
        }
        boolean z = false;
        String str = null;
        try {
            str = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsString("KR-WKFLW", "All", KewApiConstants.SECURE_ATTACHMENTS_PARAM);
        } catch (Exception e) {
            LOG.info("Attempted to retrieve parameter value, but could not. Defaulting to unsecured attachment retrieval. " + e.getMessage());
        }
        if (str != null && str.equals("Y")) {
            z = true;
        }
        try {
            UserSession userSession = (UserSession) httpServletRequest.getSession().getAttribute(KRADConstants.USER_SESSION_KEY);
            if (userSession == null) {
                LOG.error("Attempt to access attachmentId:" + parameter + " with invalid UserSession");
                httpServletResponse.sendError(400);
                return;
            }
            NoteService noteService = KEWServiceLocator.getNoteService();
            Attachment findAttachment = noteService.findAttachment(parameter);
            File findAttachmentFile = noteService.findAttachmentFile(findAttachment);
            DocumentRouteHeaderValue routeHeader = KEWServiceLocator.getRouteHeaderService().getRouteHeader(noteService.getNoteByNoteId(findAttachment.getNoteId()).getDocumentId());
            if (z && routeHeader == null) {
                LOG.error("Caught Null Pointer trying to determine routeHeader for requested attachmentId:" + parameter);
                httpServletResponse.sendError(404);
                return;
            }
            boolean routeLogAuthorized = KEWServiceLocator.getDocumentSecurityService().routeLogAuthorized(userSession.getPrincipalId(), routeHeader, new SecuritySession(userSession.getPrincipalId()));
            boolean z2 = false;
            if (routeHeader.getCustomNoteAttribute() != null) {
                routeHeader.getCustomNoteAttribute().setUserSession(userSession);
                z2 = routeHeader.getCustomNoteAttribute().isAuthorizedToRetrieveAttachments();
            }
            if (z && (!routeLogAuthorized || !z2)) {
                LOG.error("Attempt to access attachmentId:" + parameter + " from documentId:" + routeHeader.getDocumentId() + " from unauthorized user: " + userSession.getPrincipalId());
                httpServletResponse.sendError(403);
                return;
            }
            httpServletResponse.setContentLength((int) findAttachmentFile.length());
            httpServletResponse.setContentType(findAttachment.getMimeType());
            httpServletResponse.setHeader(FileUploadBase.CONTENT_DISPOSITION, "attachment; filename=\"" + findAttachment.getFileName() + Helper.DEFAULT_DATABASE_DELIMITER);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(findAttachmentFile));
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(httpServletResponse.getOutputStream());
            while (true) {
                try {
                    int read = bufferedInputStream.read();
                    if (read == -1) {
                        bufferedInputStream.close();
                        bufferedOutputStream.close();
                        return;
                    }
                    bufferedOutputStream.write(read);
                } catch (Throwable th) {
                    bufferedInputStream.close();
                    throw th;
                }
            }
        } catch (Exception e2) {
            LOG.error("Problem retrieving requested attachmentId:" + parameter, e2);
            throw new WorkflowRuntimeException(e2);
        }
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }
}
