package org.alfresco.web.scripts;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.util.Iterator;
import java.util.Vector;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.htmlparser.Attribute;
import org.htmlparser.Parser;
import org.htmlparser.PrototypicalNodeFactory;
import org.htmlparser.tags.DoctypeTag;
import org.htmlparser.util.NodeIterator;
import org.htmlparser.util.ParserException;
import org.springframework.extensions.surf.util.I18NUtil;
import org.springframework.extensions.webscripts.connector.RemoteClient;
import org.springframework.extensions.webscripts.ui.common.StringUtils;

/* loaded from: input_file:org/alfresco/web/scripts/SlingshotRemoteClient.class */
public class SlingshotRemoteClient extends RemoteClient {
    private static final Pattern CONTENT_PATTERN = Pattern.compile(".*/api/(node|path)/content/workspace/SpacesStore/.*");

    protected void copyResponseStreamOutput(URL url, HttpServletResponse httpServletResponse, OutputStream outputStream, HttpMethod httpMethod, String str, int i) throws IOException {
        Header responseHeader;
        boolean z = false;
        if (httpServletResponse != null && getRequestMethod() == org.springframework.extensions.webscripts.connector.HttpMethod.GET && (((responseHeader = httpMethod.getResponseHeader("Content-Disposition")) == null || !responseHeader.getValue().startsWith("attachment")) && str != null && CONTENT_PATTERN.matcher(url.getPath()).matches())) {
            String str2 = str;
            String str3 = null;
            int indexOf = str.indexOf("charset=");
            if (indexOf != -1) {
                str2 = str.substring(0, indexOf - 1).toLowerCase();
                str3 = str.substring(indexOf + "charset=".length());
            }
            if (str2.equals("text/html") || str2.equals("application/xhtml+xml") || str2.equals("text/xml")) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(i);
                InputStream responseBodyAsStream = httpMethod.getResponseBodyAsStream();
                if (responseBodyAsStream != null) {
                    try {
                        byte[] bArr = new byte[i];
                        for (int read = responseBodyAsStream.read(bArr); read != -1; read = responseBodyAsStream.read(bArr)) {
                            byteArrayOutputStream.write(bArr, 0, read);
                        }
                        String str4 = str3 != null ? new String(byteArrayOutputStream.toByteArray(), str3) : new String(byteArrayOutputStream.toByteArray());
                        if (str2.equals("text/html") || str2.equals("application/xhtml+xml")) {
                            str4 = StringUtils.stripUnsafeHTMLTags(str4, false);
                        } else if (str2.equals("text/xml") && hasDocType(str4, "svg", false)) {
                            httpServletResponse.setContentType("text/plain");
                        }
                        try {
                            byte[] bytes = str3 != null ? str4.getBytes(str3) : str4.getBytes();
                            httpServletResponse.setContentLength(bytes.length);
                            outputStream.write(bytes);
                            outputStream.close();
                        } finally {
                        }
                    } finally {
                        responseBodyAsStream.close();
                    }
                }
                z = true;
            } else if (str2.equals("application/x-shockwave-flash") || str2.equals("image/svg+xml")) {
                String message = I18NUtil.getMessage("security.insecuremimetype");
                try {
                    byte[] bytes2 = str3 != null ? message.getBytes(str3) : message.getBytes();
                    httpServletResponse.setContentType("text/plain");
                    httpServletResponse.setContentLength(bytes2.length);
                    outputStream.write(bytes2);
                    outputStream.close();
                    z = true;
                } finally {
                }
            }
        }
        if (z) {
            return;
        }
        super.copyResponseStreamOutput(url, httpServletResponse, outputStream, httpMethod, str, i);
    }

    protected boolean hasDocType(String str, String str2, boolean z) {
        Vector attributesEx;
        try {
            Parser createParser = Parser.createParser(str, "UTF-8");
            createParser.setNodeFactory(new PrototypicalNodeFactory());
            NodeIterator elements = createParser.elements();
            while (elements.hasMoreNodes()) {
                DoctypeTag nextNode = elements.nextNode();
                if ((nextNode instanceof DoctypeTag) && (attributesEx = nextNode.getAttributesEx()) != null && attributesEx.size() > 1) {
                    Iterator it = attributesEx.iterator();
                    while (it.hasNext()) {
                        String name = ((Attribute) it.next()).getName();
                        if (name != null && name.equalsIgnoreCase(str2)) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (ParserException e) {
            return false;
        }
    }
}
