package com.cksource.ckfinder.command;

import com.cksource.ckfinder.acl.Permission;
import com.cksource.ckfinder.annotation.RequiredMethod;
import com.cksource.ckfinder.annotation.RequiredPermissions;
import com.cksource.ckfinder.exception.FileNotFoundException;
import com.cksource.ckfinder.exception.InvalidFilenameExtensionException;
import com.cksource.ckfinder.exception.InvalidNameException;
import com.cksource.ckfinder.filesystem.WorkingFolder;
import com.cksource.ckfinder.resourcetype.ResourceType;
import com.cksource.ckfinder.utils.StringUtils;
import java.io.InputStream;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;

@RequiredMethod("GET")
@RequiredPermissions({Permission.FILE_VIEW})
/* loaded from: input_file:com/cksource/ckfinder/command/DownloadFile.class */
public class DownloadFile implements Command {

    @Autowired
    WorkingFolder workingFolder;

    @Autowired
    HttpServletRequest request;

    @Override // com.cksource.ckfinder.command.Command
    public ResponseEntity handle() {
        String parameter = this.request.getParameter("fileName");
        ResourceType resourceType = this.workingFolder.getResourceType();
        if (!resourceType.getBackend().isValidFileName(parameter)) {
            throw new InvalidNameException("Invalid file name: " + parameter);
        }
        if (!resourceType.isAllowedExtension(StringUtils.getFilenameExtension(parameter))) {
            throw new InvalidFilenameExtensionException();
        }
        if (!this.workingFolder.hasFile(parameter)) {
            throw new FileNotFoundException("File not found: " + parameter);
        }
        InputStream readFile = this.workingFolder.readFile(parameter);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Content-Type", String.format("application/octet-stream; name=\"%s\"", parameter));
        httpHeaders.add("X-Content-Type-Options", "nosniff");
        httpHeaders.add("Content-Disposition", String.format("attachment; filename=\"%s\"", parameter));
        httpHeaders.add("Content-Length", String.valueOf(this.workingFolder.getFileSize(parameter)));
        return new ResponseEntity(readFile, httpHeaders, HttpStatus.OK);
    }
}
