package kd.bos.file.security;

import java.awt.Color;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Pattern;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.exception.ErrorCode;
import kd.bos.exception.KDException;
import kd.bos.fileservice.enums.PreviewParams;
import kd.bos.fileservice.impl.WatermarkService;
import kd.bos.fileservice.watermark.WatermarkParameter;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.param.service.IParameterReaderService;
import kd.bos.service.ServiceSvcFactory;
import kd.bos.session.SystemPropertyUtils;
import kd.bos.web.DispatchServiceHelper;
import kd.bos.web.actions.utils.FileTypeUtil;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.io.FileUtils;
import org.apache.pdfbox.cos.COSObject;
import org.apache.pdfbox.pdmodel.PDDocument;
import org.apache.poi.openxml4j.util.ZipSecureFile;
import org.apache.tools.zip.ZipFile;

/* loaded from: input_file:kd/bos/file/security/FileChecker.class */
public class FileChecker {
    private static Log log = LogFactory.getLog(FileChecker.class);
    private static List<String> excelFileTypeList = new ArrayList(5);
    private static List<String> zipFileTypeList = new ArrayList(2);
    private static List<String> pdfFileTypeList = new ArrayList(1);
    private static List<String> csvFormulaList = new ArrayList();
    private static Pattern NotPrintCharPattern = Pattern.compile("[\\p{C}&&[^\\s]&&[^\n]&&[^\r][^\t]]");
    private static final List<String> supportPicTypeList = Arrays.asList("bmp", "jpg", "png", "jpeg");

    public static InputStream fileSecurityVerification(InputStream inputStream, String str) {
        if (str == null) {
            return inputStream;
        }
        String lowerCase = str.substring(str.lastIndexOf(".") + 1).toLowerCase(Locale.ENGLISH);
        if (!excelFileTypeList.contains(lowerCase) && !zipFileTypeList.contains(lowerCase) && !pdfFileTypeList.contains(lowerCase)) {
            return inputStream;
        }
        FileCheckResult pass = FileCheckResult.pass();
        BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
        if (excelFileTypeList.contains(lowerCase)) {
            pass = checkExcelFile(bufferedInputStream, lowerCase);
        } else if (zipFileTypeList.contains(lowerCase)) {
            BufferedInputStream[] bufferedInputStreamArr = {bufferedInputStream};
            pass = checkZipFile(bufferedInputStreamArr, str);
            bufferedInputStream = bufferedInputStreamArr[0];
        } else if (pdfFileTypeList.contains(lowerCase)) {
            pass = checkPdfFile(bufferedInputStream);
        }
        if (pass.isCheckReuslt()) {
            return bufferedInputStream;
        }
        throw new KDException(new ErrorCode("CHECK_FILE_ERROR", pass.getErrorMsg()), new Object[0]);
    }

    private static FileCheckResult checkPdfFile(BufferedInputStream bufferedInputStream) {
        Map loadPublicParameterFromCache = ((IParameterReaderService) ServiceSvcFactory.getService(IParameterReaderService.class)).loadPublicParameterFromCache("bos_filesecurityparam");
        if (!Boolean.valueOf(loadPublicParameterFromCache.size() == 0 ? SystemPropertyUtils.getBoolean(RequestContext.get().getTenantId(), "check.file.pdf", Boolean.FALSE).booleanValue() : Boolean.parseBoolean(String.valueOf(loadPublicParameterFromCache.get("pdfsecurity")))).booleanValue()) {
            return FileCheckResult.pass();
        }
        bufferedInputStream.mark(Integer.MAX_VALUE);
        try {
            try {
                for (COSObject cOSObject : PDDocument.load(bufferedInputStream).getDocumentCatalog().getCOSObject().getValues()) {
                    String obj = cOSObject.toString();
                    if (cOSObject instanceof COSObject) {
                        obj = cOSObject.getObject().toString();
                    }
                    if (obj.contains("COSName{JS}") || obj.contains("COSName{JavaScript}")) {
                        FileCheckResult refuse = FileCheckResult.refuse(ResManager.loadKDString("上传失败，文件中存在恶意信息，安全校验不通过。", "FileChecker_0", "bos-attachment", new Object[0]));
                        try {
                            bufferedInputStream.reset();
                        } catch (IOException e) {
                            log.error("checkPdfFile bufferedInputStream reset error is ", e);
                        }
                        return refuse;
                    }
                }
                try {
                    bufferedInputStream.reset();
                } catch (IOException e2) {
                    log.error("checkPdfFile bufferedInputStream reset error is ", e2);
                }
                return FileCheckResult.pass();
            } catch (Exception e3) {
                log.error("checkPdfFile bufferedInputStream error is ", e3);
                FileCheckResult pass = FileCheckResult.pass();
                try {
                    bufferedInputStream.reset();
                } catch (IOException e4) {
                    log.error("checkPdfFile bufferedInputStream reset error is ", e4);
                }
                return pass;
            }
        } catch (Throwable th) {
            try {
                bufferedInputStream.reset();
            } catch (IOException e5) {
                log.error("checkPdfFile bufferedInputStream reset error is ", e5);
            }
            throw th;
        }
    }

    private static File writeToTempFile(InputStream inputStream, String str) {
        File file = null;
        try {
            file = File.createTempFile(UUID.randomUUID().toString(), ".zip");
            ZipSecureFile.setMinInflateRatio(-1.0d);
            FileUtils.copyInputStreamToFile(inputStream, file);
        } catch (IOException e) {
            log.error("excelSecurityVerification writeToTempFile error is " + e);
        }
        return file;
    }

    private static FileCheckResult checkExcelFile(BufferedInputStream bufferedInputStream, String str) {
        String readLine;
        String readLine2;
        String readLine3;
        Map loadPublicParameterFromCache = ((IParameterReaderService) ServiceSvcFactory.getService(IParameterReaderService.class)).loadPublicParameterFromCache("bos_filesecurityparam");
        Boolean valueOf = Boolean.valueOf(loadPublicParameterFromCache.size() == 0 ? SystemPropertyUtils.getBoolean(RequestContext.get().getTenantId(), "check.file.security", Boolean.FALSE).booleanValue() : Boolean.parseBoolean(String.valueOf(loadPublicParameterFromCache.get("excelsecurity"))));
        log.info("check.file.security is " + valueOf);
        if (!valueOf.booleanValue()) {
            return FileCheckResult.pass();
        }
        FileCheckResult pass = FileCheckResult.pass();
        bufferedInputStream.mark(Integer.MAX_VALUE);
        log.info("zipEntry checkExcelFile ---- isCsvOrXls begin ");
        if (isCsvOrXls(bufferedInputStream)) {
            return checkCsvAndXlsFile(bufferedInputStream, str);
        }
        log.info("zipEntry checkExcelFile ---- isCsvOrXls end ");
        try {
            try {
                ZipInputStream zipInputStream = new ZipInputStream(bufferedInputStream);
                ZipEntry nextEntry = zipInputStream.getNextEntry();
                loop0: while (null != nextEntry) {
                    long size = nextEntry.getSize();
                    if (size >= 104857600) {
                        nextEntry = zipInputStream.getNextEntry();
                    } else {
                        String name = nextEntry.getName();
                        log.info("zipEntry begin ---- fileName is " + name + " , zipEntry size is " + size);
                        if (!nextEntry.isDirectory() && name.contains("xl/externalLinks/externalLink") && name.endsWith(".xml")) {
                            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(zipInputStream, "UTF-8"));
                            do {
                                readLine3 = bufferedReader.readLine();
                                if (readLine3 == null) {
                                    zipInputStream.closeEntry();
                                } else if (readLine3.contains("ddeService=\"cmd\"")) {
                                    break loop0;
                                }
                            } while (!readLine3.contains("ddeService=\"calc\""));
                            FileCheckResult commonRefuse = FileCheckResult.commonRefuse();
                            try {
                                bufferedInputStream.reset();
                            } catch (IOException e) {
                                log.error("checkExcelFile bufferedInputStream reset error is ", e);
                            }
                            return commonRefuse;
                        }
                        if (!nextEntry.isDirectory() && name.contains("xl/worksheets/sheet") && name.endsWith(".xml")) {
                            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(zipInputStream, "UTF-8"));
                            do {
                                readLine2 = bufferedReader2.readLine();
                                if (readLine2 == null) {
                                    zipInputStream.closeEntry();
                                } else if (readLine2.contains("<f>HYPERLINK")) {
                                    break loop0;
                                }
                            } while (!readLine2.contains("<f ca=\"1\">IMPORTXML"));
                            FileCheckResult commonRefuse2 = FileCheckResult.commonRefuse();
                            try {
                                bufferedInputStream.reset();
                            } catch (IOException e2) {
                                log.error("checkExcelFile bufferedInputStream reset error is ", e2);
                            }
                            return commonRefuse2;
                        }
                        if (!nextEntry.isDirectory() && name.equals("xl/workbook.xml")) {
                            BufferedReader bufferedReader3 = new BufferedReader(new InputStreamReader(zipInputStream, "UTF-8"));
                            do {
                                readLine = bufferedReader3.readLine();
                                if (readLine == null) {
                                    zipInputStream.closeEntry();
                                }
                            } while (!readLine.contains("onerror=alert("));
                            FileCheckResult commonRefuse3 = FileCheckResult.commonRefuse();
                            try {
                                bufferedInputStream.reset();
                            } catch (IOException e3) {
                                log.error("checkExcelFile bufferedInputStream reset error is ", e3);
                            }
                            return commonRefuse3;
                        }
                        log.info("zipEntry end ----  ,next Entry");
                        nextEntry = zipInputStream.getNextEntry();
                    }
                }
                try {
                    bufferedInputStream.reset();
                } catch (IOException e4) {
                    log.error("checkExcelFile bufferedInputStream reset error is ", e4);
                }
                return pass;
            } catch (Exception e5) {
                log.error("checkExcelFile bufferedInputStream read excel error is ", e5);
                try {
                    bufferedInputStream.reset();
                } catch (IOException e6) {
                    log.error("checkExcelFile bufferedInputStream reset error is ", e6);
                }
                return pass;
            }
        } catch (Throwable th) {
            try {
                bufferedInputStream.reset();
            } catch (IOException e7) {
                log.error("checkExcelFile bufferedInputStream reset error is ", e7);
            }
            throw th;
        }
    }

    public static boolean isCsvOrXls(BufferedInputStream bufferedInputStream) {
        try {
            try {
                boolean z = new ZipInputStream(bufferedInputStream).getNextEntry() == null;
                try {
                    bufferedInputStream.reset();
                } catch (IOException e) {
                    log.error("checkExcelFile bufferedInputStream reset error is ", e);
                }
                return z;
            } catch (Throwable th) {
                try {
                    bufferedInputStream.reset();
                } catch (IOException e2) {
                    log.error("checkExcelFile bufferedInputStream reset error is ", e2);
                }
                throw th;
            }
        } catch (IOException e3) {
            log.warn("checkExcelFile bufferedInputStream isCsvOrXls error is ", e3);
            try {
                bufferedInputStream.reset();
            } catch (IOException e4) {
                log.error("checkExcelFile bufferedInputStream reset error is ", e4);
            }
            return false;
        }
    }

    private static FileCheckResult checkCsvAndXlsFile(BufferedInputStream bufferedInputStream, String str) {
        try {
            try {
                int i = 0;
                byte[] bArr = new byte[5242880];
                while (true) {
                    int read = bufferedInputStream.read();
                    if (read == -1) {
                        if (!checkCsvAndXlsFormula(str, new String(bArr, 0, i, StandardCharsets.UTF_8))) {
                            try {
                                bufferedInputStream.reset();
                            } catch (IOException e) {
                                log.error("checkExcelFile bufferedInputStream reset error is ", e);
                            }
                            return FileCheckResult.pass();
                        }
                        FileCheckResult commonRefuse = FileCheckResult.commonRefuse();
                        try {
                            bufferedInputStream.reset();
                        } catch (IOException e2) {
                            log.error("checkExcelFile bufferedInputStream reset error is ", e2);
                        }
                        return commonRefuse;
                    }
                    bArr[i] = (byte) read;
                    i++;
                    if (i == 5242880) {
                        if (checkCsvAndXlsFormula(str, new String(bArr, 0, i, StandardCharsets.UTF_8))) {
                            FileCheckResult commonRefuse2 = FileCheckResult.commonRefuse();
                            try {
                                bufferedInputStream.reset();
                            } catch (IOException e3) {
                                log.error("checkExcelFile bufferedInputStream reset error is ", e3);
                            }
                            return commonRefuse2;
                        }
                        bArr = new byte[5242880];
                        i = 0;
                    }
                }
            } catch (Throwable th) {
                try {
                    bufferedInputStream.reset();
                } catch (IOException e4) {
                    log.error("checkExcelFile bufferedInputStream reset error is ", e4);
                }
                throw th;
            }
        } catch (Exception e5) {
            log.warn("checkExcelFile checkCsvFile error is ", e5);
            FileCheckResult pass = FileCheckResult.pass();
            try {
                bufferedInputStream.reset();
            } catch (IOException e6) {
                log.error("checkExcelFile bufferedInputStream reset error is ", e6);
            }
            return pass;
        }
    }

    private static boolean checkCsvAndXlsFormula(String str, String str2) {
        for (String str3 : getCsvFormulaList()) {
            if ("xls".equals(str) && contentContainFormulaKeyForXls(str2)) {
                log.info("checkExcelFile .xls file contains csvFormula : " + str3);
                return true;
            }
            if ("csv".equals(str)) {
                if (!contentContainFormulaKeyForCsv(str2)) {
                    return false;
                }
                for (String str4 : str2.contains(",") ? str2.split(",") : new String[]{str2}) {
                    String trim = NotPrintCharPattern.matcher(str4).replaceAll("").trim();
                    if ((trim.startsWith("+") || trim.startsWith("-") || trim.startsWith("=") || trim.startsWith("@") || trim.startsWith("<")) && contentContainFormulaKeyForCsv(trim)) {
                        log.info("checkExcelFile .csv file contains csvFormula : " + trim);
                        return true;
                    }
                }
            }
        }
        return false;
    }

    private static boolean contentContainFormulaKeyForXls(String str) {
        return str.contains("cmd") || str.contains("_PID_HLINKS") || str.contains("IMPORTXML") || str.contains("onerror=alert(");
    }

    private static boolean contentContainFormulaKeyForCsv(String str) {
        String upperCase = str.toUpperCase();
        return upperCase.contains("CMD") || upperCase.contains("HYPERLINK") || upperCase.contains("IMPORTXML") || str.contains("onerror=alert(");
    }

    private static List<String> getCsvFormulaList() {
        String proptyByTenant = SystemPropertyUtils.getProptyByTenant("csv.formula.list", RequestContext.get().getTenantId());
        if (proptyByTenant != null && proptyByTenant.contains(",")) {
            csvFormulaList.addAll(Arrays.asList(proptyByTenant.split(",")));
        }
        return csvFormulaList;
    }

    private static FileCheckResult checkZipFile(BufferedInputStream[] bufferedInputStreamArr, String str) {
        Map loadPublicParameterFromCache = ((IParameterReaderService) ServiceSvcFactory.getService(IParameterReaderService.class)).loadPublicParameterFromCache("bos_filesecurityparam");
        if (!Boolean.valueOf(loadPublicParameterFromCache.size() == 0 ? SystemPropertyUtils.getBoolean(RequestContext.get().getTenantId(), "check.file.zip", Boolean.TRUE).booleanValue() : Boolean.parseBoolean(String.valueOf(loadPublicParameterFromCache.get("compresssecurity")))).booleanValue()) {
            return FileCheckResult.pass();
        }
        File file = null;
        try {
            try {
                file = File.createTempFile(UUID.randomUUID().toString(), "zip");
                FileUtils.copyInputStreamToFile(bufferedInputStreamArr[0], file);
                bufferedInputStreamArr[0] = new BufferedInputStream(new FileInputStream(file));
                FileCheckResult checkZipSubFiles = checkZipSubFiles(new ZipFile(file), str);
                if (checkZipSubFiles.isCheckReuslt()) {
                    if (file != null && !file.delete()) {
                        log.error("delete error");
                    }
                    return FileCheckResult.pass();
                }
                if (file != null && !file.delete()) {
                    log.error("delete error");
                }
                return checkZipSubFiles;
            } catch (IOException e) {
                log.error("checkZipFile bufferedInputStream error is ", e);
                FileCheckResult pass = FileCheckResult.pass();
                if (file != null && !file.delete()) {
                    log.error("delete error");
                }
                return pass;
            }
        } catch (Throwable th) {
            if (file != null && !file.delete()) {
                log.error("delete error");
            }
            throw th;
        }
    }

    private static FileCheckResult checkZipSubFiles(ZipFile zipFile, String str) throws IOException {
        long j = 0;
        long j2 = 0;
        Enumeration entries = zipFile.getEntries();
        while (entries.hasMoreElements()) {
            org.apache.tools.zip.ZipEntry zipEntry = (org.apache.tools.zip.ZipEntry) entries.nextElement();
            String name = zipEntry.getName();
            if (!zipEntry.isDirectory()) {
                long size = zipEntry.getSize();
                if (size == 0) {
                    return FileCheckResult.zipEmptyFileRefuse(name);
                }
                j += size;
                j2 += zipEntry.getCompressedSize();
                if (j / j2 > 100) {
                    log.info("checkZipFile find zipboom : file originalSize is " + j + " , compressedSize is " + j2);
                    return FileCheckResult.commonRefuse();
                }
                InputStream inputStream = zipFile.getInputStream(zipEntry);
                if (size >= 2147483647L) {
                    return FileCheckResult.pass();
                }
                BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream, Integer.parseInt(String.valueOf(size)) + 1);
                FileCheckResult isForbidUpload = isForbidUpload(bufferedInputStream, null, name, true);
                if (!isForbidUpload.isCheckReuslt()) {
                    return FileCheckResult.zipSubFileRefuse(str, isForbidUpload.getRealFileName());
                }
                if (zipFileTypeList.contains(name.substring(name.lastIndexOf(".") + 1))) {
                    FileCheckResult checkZipFile = checkZipFile(new BufferedInputStream[]{bufferedInputStream}, str);
                    if (!checkZipFile.isCheckReuslt()) {
                        return checkZipFile;
                    }
                }
                inputStream.close();
                bufferedInputStream.close();
            }
        }
        return FileCheckResult.pass();
    }

    public static FileCheckResult isForbidUpload(BufferedInputStream bufferedInputStream, List<String> list, String str, boolean z) {
        FileCheckResult isForbidUpload = isForbidUpload(list, str, z);
        if (!isForbidUpload.isCheckReuslt()) {
            return isForbidUpload;
        }
        if (str.trim().split("\\.").length < 2) {
            return FileCheckResult.pass();
        }
        try {
            String fileRealName = FileTypeUtil.getFileRealName(str, bufferedInputStream);
            return "errorfile.errorfile".equals(fileRealName) ? FileCheckResult.refuse(ResManager.loadKDString("禁止上传非法文件。", "AttachmentAction_18", "bos-webactions", new Object[0])) : isForbidUpload(list, fileRealName, z);
        } catch (IOException e) {
            log.error("FileTypeUtil.getFileRealName error : " + e);
            return FileCheckResult.pass();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v48, types: [java.util.List] */
    private static FileCheckResult isForbidUpload(List<String> list, String str, boolean z) {
        ArrayList arrayList = new ArrayList();
        List<String> arrayList2 = new ArrayList();
        Object invokeBOSService = DispatchServiceHelper.invokeBOSService("IAttachmentService", "getAttSetting", new Object[0]);
        if (invokeBOSService instanceof Map) {
            arrayList = (List) ((Map) invokeBOSService).get("forbidfiletype");
            arrayList2 = ((Map) invokeBOSService).get("whitelist") != null ? (List) ((Map) invokeBOSService).get("whitelist") : new ArrayList<>();
        }
        if (CollectionUtils.isNotEmpty(list)) {
            arrayList2.retainAll(list);
            if (arrayList2.isEmpty()) {
                arrayList2 = list;
            }
        }
        if (z) {
            arrayList2 = new ArrayList();
        }
        String[] split = str.trim().split("\\.");
        if (split.length < 2) {
            return FileCheckResult.pass();
        }
        String str2 = split[split.length - 1];
        boolean z2 = false;
        if (arrayList.stream().filter(str3 -> {
            return str3.equalsIgnoreCase(str2);
        }).count() == 0) {
            if (arrayList2.isEmpty()) {
                z2 = true;
            } else {
                z2 = arrayList2.stream().filter(str4 -> {
                    return str4.equalsIgnoreCase(str2);
                }).count() > 0;
            }
        }
        return !z2 ? FileCheckResult.forbidTypeRefuse(str) : FileCheckResult.pass();
    }

    public static InputStream addSecurityWaterMark(String str, InputStream inputStream) throws IOException {
        log.info("before cache.saveAsUrl InputStream.available() " + inputStream.available());
        if (SystemPropertyUtils.getBoolean(RequestContext.get().getTenantId(), "check.file.picture", Boolean.FALSE).booleanValue() && str.contains(".")) {
            if (!supportPicTypeList.contains(str.substring(str.lastIndexOf(".") + 1).toLowerCase(Locale.ENGLISH))) {
                return inputStream;
            }
            WatermarkService watermarkService = new WatermarkService();
            WatermarkParameter build = new WatermarkParameter.Builder(1, "安全水印").setColor(Color.BLACK).setAlpha(Float.valueOf(0.0f)).setSize(12).setRotation(0).setPosition("").build();
            HashMap hashMap = new HashMap(16);
            hashMap.put(PreviewParams.STATUS.getEnumName(), PreviewParams.SUCCESS.getEnumName());
            hashMap.put(PreviewParams.RESULT.getEnumName(), inputStream);
            try {
                watermarkService.addWatermark(hashMap, str, build);
            } catch (Exception e) {
                log.error(e);
            }
            return (InputStream) hashMap.get(PreviewParams.RESULT.getEnumName());
        }
        return inputStream;
    }

    static {
        excelFileTypeList.add("xls");
        excelFileTypeList.add("xlsx");
        excelFileTypeList.add("xlsm");
        excelFileTypeList.add("xlsb");
        excelFileTypeList.add("csv");
        zipFileTypeList.add("zip");
        zipFileTypeList.add("rar");
        pdfFileTypeList.add("pdf");
        csvFormulaList.add("=1+cmd|' /C calc'!A0");
    }
}
