package org.webdroid.catnip.filter;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:org/webdroid/catnip/filter/BadInputFilter.class */
public class BadInputFilter implements Filter {
    protected static String info = "com.oreilly.tomcat.filter.BadInputFilter/2.0";
    private static final String[] STRING_ARRAY = new String[0];
    protected boolean escapeQuotes = false;
    protected boolean escapeAngleBrackets = false;
    protected boolean escapeJavaScript = false;
    protected HashMap<Pattern, String> quotesHashMap = new HashMap<>();
    protected HashMap<Pattern, String> angleBracketsHashMap = new HashMap<>();
    protected HashMap<Pattern, String> javaScriptHashMap = new HashMap<>();
    protected String allow = null;
    protected Pattern[] allows = new Pattern[0];
    protected Pattern[] denies = new Pattern[0];
    protected String deny = null;
    protected HashMap<Pattern, String> parameterEscapes = new HashMap<>();
    protected ServletContext servletContext;
    protected Method setLockedMethod;

    public BadInputFilter() {
        this.quotesHashMap.put(Pattern.compile("\""), "&quot;");
        this.quotesHashMap.put(Pattern.compile("'"), "&#39;");
        this.quotesHashMap.put(Pattern.compile("`"), "&#96;");
        this.angleBracketsHashMap.put(Pattern.compile("<"), "&lt;");
        this.angleBracketsHashMap.put(Pattern.compile(">"), "&gt;");
        this.javaScriptHashMap.put(Pattern.compile("<(\\s*)(/\\s*)?script(\\s*)>"), "<$2script-disabled>");
        this.javaScriptHashMap.put(Pattern.compile("%3Cscript%3E"), "%3Cscript-disabled%3E");
        this.javaScriptHashMap.put(Pattern.compile("alert(\\s*)\\("), "alert[");
        this.javaScriptHashMap.put(Pattern.compile("alert%28"), "alert%5B");
        this.javaScriptHashMap.put(Pattern.compile("document(.*)\\.(.*)cookie"), "document cookie");
        this.javaScriptHashMap.put(Pattern.compile("eval(\\s*)\\("), "eval[");
        this.javaScriptHashMap.put(Pattern.compile("setTimeout(\\s*)\\("), "setTimeout$1[");
        this.javaScriptHashMap.put(Pattern.compile("setInterval(\\s*)\\("), "setInterval$1[");
        this.javaScriptHashMap.put(Pattern.compile("execScript(\\s*)\\("), "execScript$1[");
        this.javaScriptHashMap.put(Pattern.compile("(?i)javascript(?-i):"), "javascript ");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onclick(?-i)"), "oncl1ck");
        this.javaScriptHashMap.put(Pattern.compile("(?i)ondblclick(?-i)"), "ondblcl1ck");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onmouseover(?-i)"), "onm0useover");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onmousedown(?-i)"), "onm0usedown");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onmouseup(?-i)"), "onm0useup");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onmousemove(?-i)"), "onm0usemove");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onmouseout(?-i)"), "onm0useout");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onchange(?-i)"), "onchahge");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onfocus(?-i)"), "onf0cus");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onblur(?-i)"), "onb1ur");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onkeypress(?-i)"), "onkeyqress");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onkeyup(?-i)"), "onkeyuq");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onkeydown(?-i)"), "onkeyd0wn");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onload(?-i)"), "onl0ad");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onreset(?-i)"), "onrezet");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onselect(?-i)"), "onzelect");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onsubmit(?-i)"), "onsubm1t");
        this.javaScriptHashMap.put(Pattern.compile("(?i)onunload(?-i)"), "onunl0ad");
        this.javaScriptHashMap.put(Pattern.compile("&#x61;&#x6C;&#x65;&#x72;&#x74;"), "a1ert");
    }

    public boolean getEscapeQuotes() {
        return this.escapeQuotes;
    }

    public void setEscapeQuotes(boolean z) {
        this.escapeQuotes = z;
        if (z) {
            this.parameterEscapes.putAll(this.quotesHashMap);
        }
    }

    public boolean getEscapeAngleBrackets() {
        return this.escapeAngleBrackets;
    }

    public void setEscapeAngleBrackets(boolean z) {
        this.escapeAngleBrackets = z;
        if (z) {
            this.parameterEscapes.putAll(this.angleBracketsHashMap);
        }
    }

    public boolean getEscapeJavaScript() {
        return this.escapeJavaScript;
    }

    public void setEscapeJavaScript(boolean z) {
        this.escapeJavaScript = z;
        if (z) {
            this.parameterEscapes.putAll(this.javaScriptHashMap);
        }
    }

    public String getAllow() {
        return this.allow;
    }

    public void setAllow(String str) {
        this.allow = str;
        this.allows = precalculate(str);
        this.servletContext.log("BadInputFilter: allow = " + this.deny);
    }

    public String getDeny() {
        return this.deny;
    }

    public void setDeny(String str) {
        this.deny = str;
        this.denies = precalculate(str);
        this.servletContext.log("BadInputFilter: deny = " + str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.servletContext = filterConfig.getServletContext();
        setAllow(filterConfig.getInitParameter("allow"));
        setDeny(filterConfig.getInitParameter("deny"));
        String initParameter = filterConfig.getInitParameter("escapeQuotes");
        if (initParameter != null) {
            setEscapeQuotes(Boolean.parseBoolean(initParameter));
        }
        String initParameter2 = filterConfig.getInitParameter("escapeAngleBrackets");
        if (initParameter2 != null) {
            setEscapeAngleBrackets(Boolean.parseBoolean(initParameter2));
        }
        String initParameter3 = filterConfig.getInitParameter("escapeJavaScript");
        if (initParameter3 != null) {
            setEscapeJavaScript(Boolean.parseBoolean(initParameter3));
        }
        this.servletContext.log(String.valueOf(toString()) + " initialized.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (processAllowsAndDenies(servletRequest, servletResponse)) {
            filterParameters(servletRequest);
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public boolean processAllowsAndDenies(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        for (String str : servletRequest.getParameterMap().keySet()) {
            String[] parameterValues = servletRequest.getParameterValues(str);
            if (!checkAllowsAndDenies(str, servletResponse)) {
                return false;
            }
            if (parameterValues != null) {
                for (String str2 : parameterValues) {
                    if (!checkAllowsAndDenies(str2, servletResponse)) {
                        return false;
                    }
                }
            }
        }
        return true;
    }

    public boolean checkAllowsAndDenies(String str, ServletResponse servletResponse) throws IOException, ServletException {
        if (this.denies.length == 0 && this.allows.length == 0) {
            return true;
        }
        for (int i = 0; i < this.denies.length; i++) {
            if (this.denies[i].matcher(str).find() && (servletResponse instanceof HttpServletResponse)) {
                ((HttpServletResponse) servletResponse).sendError(403);
                return false;
            }
        }
        for (int i2 = 0; i2 < this.allows.length; i2++) {
            if (this.allows[i2].matcher(str).find()) {
                return true;
            }
        }
        if (this.denies.length > 0 && this.allows.length == 0) {
            return true;
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            return false;
        }
        ((HttpServletResponse) servletResponse).sendError(403);
        return false;
    }

    public void filterParameters(ServletRequest servletRequest) {
        Map parameterMap = ((HttpServletRequest) servletRequest).getParameterMap();
        try {
            if (this.setLockedMethod == null) {
                this.setLockedMethod = parameterMap.getClass().getMethod("setLocked", Boolean.TYPE);
            }
            this.setLockedMethod.invoke(parameterMap, Boolean.FALSE);
        } catch (Exception e) {
            this.servletContext.log("BadInputFilter: Cannot filter parameters!");
        }
        for (Pattern pattern : this.parameterEscapes.keySet()) {
            for (String str : (String[]) parameterMap.keySet().toArray(STRING_ARRAY)) {
                String[] parameterValues = ((HttpServletRequest) servletRequest).getParameterValues(str);
                Matcher matcher = pattern.matcher(str);
                if (matcher.find()) {
                    String replaceAll = matcher.replaceAll(this.parameterEscapes.get(pattern));
                    parameterMap.remove(str);
                    parameterMap.put(replaceAll, parameterValues);
                }
                if (parameterValues != null) {
                    for (int i = 0; i < parameterValues.length; i++) {
                        Matcher matcher2 = pattern.matcher(parameterValues[i]);
                        if (matcher2.find()) {
                            parameterValues[i] = matcher2.replaceAll(this.parameterEscapes.get(pattern));
                        }
                    }
                }
            }
        }
        try {
            if (this.setLockedMethod == null) {
                this.setLockedMethod = parameterMap.getClass().getMethod("setLocked", Boolean.TYPE);
            }
            this.setLockedMethod.invoke(parameterMap, Boolean.TRUE);
        } catch (Exception e2) {
        }
    }

    public String toString() {
        return "BadInputFilter";
    }

    public void destroy() {
    }

    protected Pattern[] precalculate(String str) {
        int indexOf;
        if (str == null) {
            return new Pattern[0];
        }
        String trim = str.trim();
        if (trim.length() < 1) {
            return new Pattern[0];
        }
        String str2 = String.valueOf(trim) + ",";
        ArrayList arrayList = new ArrayList();
        while (str2.length() > 0 && (indexOf = str2.indexOf(44)) >= 0) {
            String trim2 = str2.substring(0, indexOf).trim();
            try {
                arrayList.add(Pattern.compile(trim2));
                str2 = str2.substring(indexOf + 1);
            } catch (PatternSyntaxException e) {
                IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Syntax error in request filter pattern" + trim2);
                illegalArgumentException.initCause(e);
                throw illegalArgumentException;
            }
        }
        return (Pattern[]) arrayList.toArray(new Pattern[arrayList.size()]);
    }
}
