package com.cksource.ckfinder.command;

import com.cksource.ckfinder.acl.Acl;
import com.cksource.ckfinder.acl.AclResult;
import com.cksource.ckfinder.acl.Permission;
import com.cksource.ckfinder.exception.InvalidFilenameExtensionException;
import com.cksource.ckfinder.exception.InvalidRequestException;
import com.cksource.ckfinder.exception.UnauthorizedException;
import com.cksource.ckfinder.filesystem.Backend;
import com.cksource.ckfinder.filesystem.WorkingFolder;
import com.cksource.ckfinder.image.ResizedImageManager;
import com.cksource.ckfinder.resourcetype.ResourceType;
import com.cksource.ckfinder.resourcetype.ResourceTypeFactory;
import com.cksource.ckfinder.utils.PathUtils;
import com.cksource.ckfinder.utils.StringUtils;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/cksource/ckfinder/command/MultiFileCommand.class */
public abstract class MultiFileCommand implements Command {

    @Autowired
    protected HttpServletRequest request;

    @Autowired
    protected Acl acl;

    @Autowired
    protected ResourceTypeFactory resourceTypeFactory;

    @Autowired
    protected WorkingFolder workingFolder;

    @Autowired
    protected ResizedImageManager resizedImageManager;
    protected List<Map<String, Object>> errors = new ArrayList();

    public abstract Permission[] getRequiredFilePermissions();

    /* JADX INFO: Access modifiers changed from: protected */
    public List<Map<String, String>> getFiles() {
        List<Map<String, String>> list = (List) this.request.getAttribute("ckfinder.files");
        validateInput(list);
        return list;
    }

    private void validateInput(List<Map<String, String>> list) {
        if (list == null || list.isEmpty()) {
            throw new InvalidRequestException("No files to process");
        }
        String[] strArr = {"type", "folder", "name"};
        for (Map<String, String> map : list) {
            for (String str : strArr) {
                if (!map.containsKey(str)) {
                    throw new InvalidRequestException("Invalid input format. No required key found: " + str);
                }
            }
            String str2 = map.get("type");
            String str3 = map.get("folder");
            String str4 = map.get("name");
            ResourceType resourceType = this.resourceTypeFactory.getResourceType(str2);
            Backend backend = resourceType.getBackend();
            if (!PathUtils.isValidPath(str3)) {
                throw new InvalidRequestException("Invalid folder path: " + str3);
            }
            if (!backend.isValidFileName(str4)) {
                throw new InvalidRequestException("Invalid file name: " + str4);
            }
            String filenameExtension = StringUtils.getFilenameExtension(str4);
            if (!resourceType.isAllowedExtension(filenameExtension)) {
                throw new InvalidFilenameExtensionException(String.format("%s file name extension is not allowed for resource type %s", filenameExtension, resourceType.getName()));
            }
            if (backend.isHiddenPath(str3) || backend.isHiddenFile(str4)) {
                throw new InvalidRequestException("Source file is hidden");
            }
            AclResult check = this.acl.check(str2, str3);
            for (Permission permission : getRequiredFilePermissions()) {
                if (!check.allowsFor(permission)) {
                    throw new UnauthorizedException(String.format("Operation blocked by CKFinder ACL rules. %s for folder %s in resource type %s is not allowed", permission, str3, str2));
                }
            }
        }
    }
}
