package org.springframework.extensions.webscripts.servlet;

import java.io.IOException;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpHost;
import org.joda.time.DateTimeConstants;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
import org.springframework.context.ApplicationContext;
import org.springframework.extensions.config.Config;
import org.springframework.extensions.config.ConfigElement;
import org.springframework.extensions.config.ConfigService;
import org.springframework.extensions.config.WebFrameworkConfigElement;
import org.springframework.extensions.directives.DirectiveConstants;
import org.springframework.extensions.surf.types.AdvancedComponent;
import org.springframework.extensions.surf.util.Base64;
import org.springframework.extensions.surf.util.URLEncoder;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter.class */
public class CSRFFilter implements Filter {
    private static Log logger = LogFactory.getLog(CSRFFilter.class);
    private ServletContext servletContext = null;
    private boolean enabled = true;
    private boolean createSession = false;
    private List<Rule> rules = null;
    private Map<String, String> properties = new HashMap();
    private String PROPERTY_PREFIX = "csrf.filter.";
    private String PARAM_ENABLED = WebFrameworkConfigElement.DOJO_ENABLED;
    private Properties globalProperties = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$Action.class */
    public abstract class Action {
        protected String name;
        protected Map<String, String> params;

        private Action() {
            this.params = new HashMap();
        }

        public void setName(String str) {
            this.name = str;
        }

        public void init(Map<String, String> map) throws ServletException {
            this.params = map;
        }

        public abstract void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ServletException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$AssertOriginAction.class */
    public class AssertOriginAction extends Action {
        public static final String PARAM_ALWAYS = "always";
        public static final String PARAM_ORIGIN = "origin";
        public static final String HEADER_ORIGIN = "Origin";
        private boolean always;
        private String origin;

        private AssertOriginAction() {
            super();
            this.always = false;
            this.origin = null;
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map != null) {
                if (map.containsKey("always")) {
                    String str = map.get("always");
                    if (!str.equals("true") && !str.equals("false")) {
                        if (CSRFFilter.logger.isErrorEnabled()) {
                            CSRFFilter.logger.error("Parameter 'always' must be a boolean and be set to true or false.");
                        }
                        throw new ServletException("Parameter 'always' must be a boolean and be set to true or false.");
                    }
                    this.always = str.equals("true");
                }
                if (map.containsKey(PARAM_ORIGIN)) {
                    this.origin = map.get(PARAM_ORIGIN);
                }
            }
            if (CSRFFilter.this.globalProperties != null) {
                for (Map.Entry entry : CSRFFilter.this.globalProperties.entrySet()) {
                    String str2 = (String) entry.getKey();
                    if (str2.startsWith(CSRFFilter.this.PROPERTY_PREFIX)) {
                        if (str2.replaceFirst(CSRFFilter.this.PROPERTY_PREFIX, "").equals(PARAM_ORIGIN)) {
                            this.origin = (String) entry.getValue();
                        } else if (str2.replaceFirst(CSRFFilter.this.PROPERTY_PREFIX, "").equals("origin.always")) {
                            this.always = Boolean.valueOf((String) entry.getValue()).booleanValue();
                        }
                    }
                }
            }
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ServletException {
            String header = httpServletRequest.getHeader("Origin");
            if (header == null) {
                header = "";
            }
            String serverString = CSRFFilter.this.getServerString(httpServletRequest);
            if (CSRFFilter.logger.isDebugEnabled()) {
                CSRFFilter.logger.debug("Assert origin " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: origin: '" + httpServletRequest.getHeader("Origin") + "' vs server: " + serverString + " (string)" + (this.origin != null ? " or " + this.origin + " (regexp)" : ""));
            }
            if (!header.isEmpty() || this.always) {
                boolean z = false;
                if (header.startsWith(serverString)) {
                    z = true;
                }
                if (this.origin != null && !this.origin.isEmpty() && header.matches(this.origin)) {
                    z = true;
                }
                if (z) {
                    return;
                }
                String str = "Possible CSRF attack noted when asserting origin header '" + httpServletRequest.getHeader("Origin") + "'. Request: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI();
                if (CSRFFilter.logger.isInfoEnabled()) {
                    CSRFFilter.logger.info(str);
                }
                throw new ServletException(str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$AssertRefererAction.class */
    public class AssertRefererAction extends Action {
        public static final String PARAM_ALWAYS = "always";
        public static final String PARAM_REFERER = "referer";
        public static final String HEADER_REFERER = "Referer";
        private boolean always;
        private String referer;

        private AssertRefererAction() {
            super();
            this.always = false;
            this.referer = null;
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map != null) {
                if (map.containsKey("always")) {
                    String str = map.get("always");
                    if (!str.equals("true") && !str.equals("false")) {
                        if (CSRFFilter.logger.isErrorEnabled()) {
                            CSRFFilter.logger.error("Parameter 'always' must be a boolean and be set to true or false.");
                        }
                        throw new ServletException("Parameter 'always' must be a boolean and be set to true or false.");
                    }
                    this.always = str.equals("true");
                }
                if (map.containsKey(PARAM_REFERER)) {
                    this.referer = map.get(PARAM_REFERER);
                }
            }
            if (CSRFFilter.this.globalProperties != null) {
                for (Map.Entry entry : CSRFFilter.this.globalProperties.entrySet()) {
                    String str2 = (String) entry.getKey();
                    if (str2.startsWith(CSRFFilter.this.PROPERTY_PREFIX)) {
                        if (str2.replaceFirst(CSRFFilter.this.PROPERTY_PREFIX, "").equals(PARAM_REFERER)) {
                            this.referer = (String) entry.getValue();
                        } else if (str2.replaceFirst(CSRFFilter.this.PROPERTY_PREFIX, "").equals("referer.always")) {
                            this.always = Boolean.valueOf((String) entry.getValue()).booleanValue();
                        }
                    }
                }
            }
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ServletException {
            String header = httpServletRequest.getHeader("Referer");
            if (header == null) {
                header = "";
            }
            String serverString = CSRFFilter.this.getServerString(httpServletRequest);
            String str = this.params.containsKey(PARAM_REFERER) ? this.params.get(PARAM_REFERER) : null;
            if (CSRFFilter.logger.isDebugEnabled()) {
                CSRFFilter.logger.debug("Assert referer " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: referer: '" + httpServletRequest.getHeader("Referer") + "' vs server & context: " + serverString + " (string)" + (this.referer != null ? " or " + this.referer + " (regexp)" : ""));
            }
            if (!serverString.endsWith("/")) {
                serverString = serverString + "/";
            }
            if (!header.isEmpty() || this.always) {
                boolean z = false;
                if (header.startsWith(serverString)) {
                    z = true;
                }
                if (this.referer != null && !this.referer.isEmpty() && header.matches(this.referer)) {
                    z = true;
                }
                if (z) {
                    return;
                }
                String str2 = "Possible CSRF attack noted when asserting referer header '" + httpServletRequest.getHeader("Referer") + "'. Request: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI();
                if (CSRFFilter.logger.isInfoEnabled()) {
                    CSRFFilter.logger.info(str2);
                }
                throw new ServletException(str2 + ", FAILED TEST: Assert referer " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: referer: '" + httpServletRequest.getHeader("Referer") + "' vs server & context: " + serverString + " (string)" + (str != null ? " or " + str + " (regexp)" : ""));
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$AssertTokenAction.class */
    public class AssertTokenAction extends Action {
        public static final String PARAM_SESSION = "session";
        public static final String PARAM_HEADER = "header";
        public static final String PARAM_PARAMETER = "parameter";
        private String session;
        private String header;
        private String parameter;

        private AssertTokenAction() {
            super();
            this.session = null;
            this.header = null;
            this.parameter = null;
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map != null) {
                if (map.containsKey("session")) {
                    this.session = map.get("session");
                }
                if (map.containsKey(PARAM_HEADER)) {
                    this.header = map.get(PARAM_HEADER);
                }
                if (map.containsKey("parameter")) {
                    this.parameter = map.get("parameter");
                }
            }
            if (this.session == null) {
                if (CSRFFilter.logger.isErrorEnabled()) {
                    CSRFFilter.logger.error("Parameter 'session' must be defined.");
                }
                throw new ServletException("Parameter 'session' must be defined.");
            }
            if (this.header == null && this.parameter == null) {
                if (CSRFFilter.logger.isErrorEnabled()) {
                    CSRFFilter.logger.error("Parameter 'header' or 'parameter' must be defined.");
                }
                throw new ServletException("Parameter 'header' or 'parameter' must be defined.");
            }
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ServletException {
            List list = null;
            if (httpSession != null) {
                list = (List) httpSession.getAttribute(this.session);
            }
            if (this.header != null) {
                String header = httpServletRequest.getHeader(this.header);
                if (CSRFFilter.logger.isDebugEnabled()) {
                    CSRFFilter.logger.debug("Assert token " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: session: '" + CSRFFilter.this.listToString(list) + "' vs header: '" + header + "'");
                }
                if (header == null || list == null || !list.contains(header)) {
                    String str = "Possible CSRF attack noted when comparing token in session and request header. Request: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI();
                    if (CSRFFilter.logger.isInfoEnabled()) {
                        CSRFFilter.logger.info(str);
                    }
                    throw new ServletException(str);
                }
                return;
            }
            if (this.parameter != null) {
                String parameter = httpServletRequest.getParameter(this.parameter);
                if (CSRFFilter.logger.isDebugEnabled()) {
                    CSRFFilter.logger.debug("Assert token " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: session: '" + CSRFFilter.this.listToString(list) + "' vs parameter: '" + parameter + "'");
                }
                if (parameter == null || list == null || !list.contains(parameter)) {
                    String str2 = "Possible CSRF attack noted when comparing token in session and request parameter. Request: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI();
                    if (CSRFFilter.logger.isInfoEnabled()) {
                        CSRFFilter.logger.info(str2);
                    }
                    throw new ServletException(str2);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$ClearTokenAction.class */
    public class ClearTokenAction extends Action {
        public static final String PARAM_SESSION = "session";
        public static final String PARAM_COOKIE = "cookie";
        private String cookie;
        private String session;

        private ClearTokenAction() {
            super();
            this.cookie = null;
            this.session = null;
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map != null) {
                if (map.containsKey("session")) {
                    this.session = map.get("session");
                }
                if (map.containsKey("cookie")) {
                    this.cookie = map.get("cookie");
                }
            }
            if (this.session == null || this.cookie == null) {
                if (CSRFFilter.logger.isErrorEnabled()) {
                    CSRFFilter.logger.error("Parameter 'session' and 'cookie' must be defined.");
                }
                throw new ServletException("Parameter 'session' and 'cookie' must be defined.");
            }
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
            if (CSRFFilter.logger.isDebugEnabled()) {
                CSRFFilter.logger.debug("Clear token " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI());
            }
            if (httpSession != null) {
                httpSession.setAttribute(this.session, (Object) null);
            }
            Cookie cookie = new Cookie(this.cookie, "");
            cookie.setPath(httpServletRequest.getContextPath());
            cookie.setMaxAge(0);
            httpServletResponse.addCookie(cookie);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$GenerateTokenAction.class */
    public class GenerateTokenAction extends Action {
        public static final String PARAM_SESSION = "session";
        public static final String PARAM_COOKIE = "cookie";
        public static final String PARAM_SIZE = "size";
        public static final String PARAM_DELAY = "delay";
        private final String SESSION_ATTRIBUTE_TOKEN_REFRESHED;
        private final SecureRandom random;
        private String session;
        private String cookie;
        private int size;
        private long delay;

        private GenerateTokenAction() {
            super();
            this.SESSION_ATTRIBUTE_TOKEN_REFRESHED = getClass().getName() + ".SESSION_ATTRIBUTE_TOKEN_REFRESHED";
            this.random = new SecureRandom();
            this.session = null;
            this.cookie = null;
            this.size = 5;
            this.delay = 3000L;
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map != null) {
                if (map.containsKey("session")) {
                    this.session = map.get("session");
                }
                if (map.containsKey("cookie")) {
                    this.cookie = map.get("cookie");
                }
                if (map.containsKey("size")) {
                    try {
                        this.size = Integer.parseInt(map.get("size"));
                        if (this.size < 1) {
                            if (CSRFFilter.logger.isErrorEnabled()) {
                                CSRFFilter.logger.error("Parameter 'size' must be an integer with a value greater than or equal to 1.");
                            }
                            throw new ServletException("Parameter 'size' must be an integer with a value greater than or equal to 1.");
                        }
                    } catch (NumberFormatException e) {
                        if (CSRFFilter.logger.isErrorEnabled()) {
                            CSRFFilter.logger.error("Parameter 'size' must be an integer with a value greater or equals to 1.");
                        }
                        throw new ServletException("Parameter 'size' must be an integer with a value greater or equals to 1.");
                    }
                }
                if (map.containsKey(PARAM_DELAY)) {
                    try {
                        this.delay = Integer.parseInt(map.get(PARAM_DELAY));
                    } catch (NumberFormatException e2) {
                        if (CSRFFilter.logger.isErrorEnabled()) {
                            CSRFFilter.logger.error("Parameter 'delay' must be an integer or long.");
                        }
                        throw new ServletException("Parameter 'delay' must be an integer or long.");
                    }
                }
            }
            if (this.session == null || this.cookie == null) {
                if (CSRFFilter.logger.isErrorEnabled()) {
                    CSRFFilter.logger.error("Parameter 'session' and 'cookie' must be defined.");
                }
                throw new ServletException("Parameter 'session' and 'cookie' must be defined.");
            }
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) {
            byte[] bArr = new byte[32];
            this.random.nextBytes(bArr);
            String encodeBytes = Base64.encodeBytes(bArr);
            if (httpSession != null) {
                List list = (List) httpSession.getAttribute(this.session);
                if (list == null) {
                    List synchronizedList = Collections.synchronizedList(new LinkedList());
                    synchronizedList.add(encodeBytes);
                    httpSession.setAttribute(this.session, synchronizedList);
                    httpSession.setAttribute(this.SESSION_ATTRIBUTE_TOKEN_REFRESHED, Long.valueOf(new Date().getTime()));
                } else {
                    if (Long.valueOf(new Date().getTime()).longValue() <= ((Long) httpSession.getAttribute(this.SESSION_ATTRIBUTE_TOKEN_REFRESHED)).longValue() + this.delay) {
                        return;
                    }
                    list.add(encodeBytes);
                    httpSession.setAttribute(this.SESSION_ATTRIBUTE_TOKEN_REFRESHED, Long.valueOf(new Date().getTime()));
                    if (CSRFFilter.logger.isDebugEnabled()) {
                        CSRFFilter.logger.debug("Generate token " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI() + " :: '" + encodeBytes + "'");
                    }
                    if (list.size() > this.size) {
                        list.subList(0, list.size() - this.size).clear();
                    }
                }
            }
            Cookie cookie = new Cookie(this.cookie, URLEncoder.encode(encodeBytes));
            if (httpServletRequest.getContextPath().isEmpty()) {
                cookie.setPath("/");
            } else {
                cookie.setPath(httpServletRequest.getContextPath());
            }
            cookie.setMaxAge(DateTimeConstants.SECONDS_PER_WEEK);
            httpServletResponse.addCookie(cookie);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$Rule.class */
    public class Rule {
        protected String method;
        protected String path;
        protected Map<String, String> headers;
        protected Map<String, String> sessionAttributes;
        protected List<Action> actions;

        private Rule() {
        }

        public String getMethod() {
            return this.method;
        }

        public void setMethod(String str) {
            this.method = str;
        }

        public String getPath() {
            return this.path;
        }

        public void setPath(String str) {
            this.path = str;
        }

        public Map<String, String> getHeaders() {
            return this.headers;
        }

        public void setHeaders(Map<String, String> map) {
            this.headers = map;
        }

        public Map<String, String> getSessionAttributes() {
            return this.sessionAttributes;
        }

        public void setSessionAttributes(Map<String, String> map) {
            this.sessionAttributes = map;
        }

        public List<Action> getActions() {
            return this.actions;
        }

        public void setActions(List<Action> list) {
            this.actions = list;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/spring-webscripts-6.20.jar:org/springframework/extensions/webscripts/servlet/CSRFFilter$ThrowErrorAction.class */
    public class ThrowErrorAction extends Action {
        public static final String PARAM_MESSAGE = "message";
        private String message;

        private ThrowErrorAction() {
            super();
            this.message = "Request is not allowed to be executed.";
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void init(Map<String, String> map) throws ServletException {
            super.init(map);
            if (map == null || !map.containsKey("message")) {
                return;
            }
            this.message = map.get("message");
        }

        @Override // org.springframework.extensions.webscripts.servlet.CSRFFilter.Action
        public void run(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSession httpSession) throws ServletException {
            String str = this.message + " Request: " + httpServletRequest.getMethod() + " " + httpServletRequest.getRequestURI();
            if (CSRFFilter.logger.isInfoEnabled()) {
                CSRFFilter.logger.info(str);
            }
            throw new ServletException(str);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        List<ConfigElement> children;
        this.servletContext = filterConfig.getServletContext();
        ApplicationContext applicationContext = getApplicationContext();
        try {
            this.globalProperties = (Properties) getApplicationContext().getBean("global-properties");
        } catch (NoSuchBeanDefinitionException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("global-properties bean is missing" + e);
            }
        }
        if (this.globalProperties != null) {
            for (Map.Entry entry : this.globalProperties.entrySet()) {
                String str = (String) entry.getKey();
                if (str.startsWith(this.PROPERTY_PREFIX) && str.replaceFirst(this.PROPERTY_PREFIX, "").equals(this.PARAM_ENABLED)) {
                    this.enabled = Boolean.parseBoolean((String) entry.getValue());
                }
            }
        }
        Config config = ((ConfigService) applicationContext.getBean("web.config")).getConfig("CSRFPolicy");
        if (config == null || !this.enabled) {
            this.enabled = false;
            if (logger.isDebugEnabled()) {
                logger.debug("There is no 'CSRFPolicy' config, filter will allow all requests.");
                return;
            }
            return;
        }
        ConfigElement configElement = config.getConfigElement("session");
        this.createSession = configElement != null && "true".equals(configElement.getValue());
        if (this.createSession && logger.isDebugEnabled()) {
            logger.debug("The CSRFFilter will automatically create a user Session on a path match.");
        }
        ConfigElement configElement2 = config.getConfigElement("properties");
        if (configElement2 != null && (children = configElement2.getChildren()) != null && children.size() > 0) {
            for (ConfigElement configElement3 : children) {
                String value = configElement3.getValue();
                this.properties.put(configElement3.getName(), value != null ? value : "");
            }
        }
        ConfigElement configElement4 = config.getConfigElement("filter");
        if (configElement4 == null) {
            this.enabled = false;
            if (logger.isDebugEnabled()) {
                logger.debug("The 'CSRFPolicy' config had no filter, filter will allow all requests.");
                return;
            }
            return;
        }
        List<ConfigElement> children2 = configElement4.getChildren("rule");
        if (children2 == null || children2.size() == 0) {
            this.enabled = false;
            if (logger.isDebugEnabled()) {
                logger.debug("The 'CSRFPolicy' filter config was empty, filter will allow all requests.");
                return;
            }
            return;
        }
        this.rules = new LinkedList();
        Iterator<ConfigElement> it = children2.iterator();
        while (it.hasNext()) {
            this.rules.add(createRule(it.next()));
        }
    }

    protected Rule createRule(ConfigElement configElement) throws ServletException {
        List<ConfigElement> children;
        Rule rule = new Rule();
        ConfigElement child = configElement.getChild("request");
        if (child != null) {
            rule.setMethod(resolve(child.getChildValue("method")));
            rule.setPath(resolve(child.getChildValue("path")));
            List<ConfigElement> children2 = child.getChildren(AssertTokenAction.PARAM_HEADER);
            if (children2 != null && children2.size() > 0) {
                HashMap hashMap = new HashMap();
                for (ConfigElement configElement2 : children2) {
                    hashMap.put(resolve(configElement2.getAttribute("name")), resolve(configElement2.getValue()));
                }
                rule.setHeaders(hashMap);
            }
            ConfigElement child2 = child.getChild("session");
            if (child2 != null && (children = child2.getChildren(BeanDefinitionParserDelegate.QUALIFIER_ATTRIBUTE_ELEMENT)) != null && children.size() > 0) {
                HashMap hashMap2 = new HashMap();
                for (ConfigElement configElement3 : children) {
                    hashMap2.put(resolve(configElement3.getAttribute("name")), resolve(configElement3.getValue()));
                }
                rule.setSessionAttributes(hashMap2);
            }
        }
        List<ConfigElement> children3 = configElement.getChildren("action");
        if (children3 != null && children3.size() > 0) {
            LinkedList linkedList = new LinkedList();
            for (ConfigElement configElement4 : children3) {
                String resolve = resolve(configElement4.getAttribute("name"));
                Action createAction = createAction(resolve);
                if (createAction == null) {
                    String str = "There is no action named '" + resolve + "'";
                    if (logger.isErrorEnabled()) {
                        logger.error(str);
                    }
                    throw new ServletException(str);
                }
                createAction.setName(resolve);
                HashMap hashMap3 = new HashMap();
                List<ConfigElement> children4 = configElement4.getChildren(AdvancedComponent.PARAM);
                if (children4 != null) {
                    for (ConfigElement configElement5 : children4) {
                        hashMap3.put(resolve(configElement5.getAttribute("name")), resolve(configElement5.getValue()));
                    }
                }
                createAction.init(hashMap3);
                linkedList.add(createAction);
            }
            rule.setActions(linkedList);
        }
        return rule;
    }

    protected Action createAction(String str) throws ServletException {
        boolean z = -1;
        switch (str.hashCode()) {
            case -790035956:
                if (str.equals("assertOrigin")) {
                    z = 4;
                    break;
                }
                break;
            case -743113812:
                if (str.equals("clearToken")) {
                    z = 2;
                    break;
                }
                break;
            case -728767737:
                if (str.equals("assertReferer")) {
                    z = 3;
                    break;
                }
                break;
            case -297755966:
                if (str.equals("throwError")) {
                    z = 5;
                    break;
                }
                break;
            case 394687059:
                if (str.equals("assertToken")) {
                    z = true;
                    break;
                }
                break;
            case 1733809540:
                if (str.equals("generateToken")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return new GenerateTokenAction();
            case true:
                return new AssertTokenAction();
            case true:
                return new ClearTokenAction();
            case true:
                return new AssertRefererAction();
            case true:
                return new AssertOriginAction();
            case true:
                return new ThrowErrorAction();
            default:
                return null;
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.enabled && (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            HttpSession session = httpServletRequest.getSession(this.createSession);
            for (Rule rule : this.rules) {
                if (matchRequest(rule, httpServletRequest, session)) {
                    List<Action> actions = rule.getActions();
                    if (actions != null) {
                        Iterator<Action> it = actions.iterator();
                        while (it.hasNext()) {
                            it.next().run(httpServletRequest, httpServletResponse, session);
                        }
                    }
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    protected String getPath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v27 */
    /* JADX WARN: Type inference failed for: r0v37, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r14v0 */
    protected boolean matchRequest(Rule rule, HttpServletRequest httpServletRequest, HttpSession httpSession) throws ServletException {
        if (rule.getMethod() != null && !matchString(httpServletRequest.getMethod(), rule.getMethod())) {
            return false;
        }
        if (rule.getPath() != null && !matchString(getPath(httpServletRequest), rule.getPath())) {
            return false;
        }
        Map<String, String> headers = rule.getHeaders();
        if (headers != null) {
            for (String str : headers.keySet()) {
                if (!matchString(httpServletRequest.getHeader(str), headers.get(str))) {
                    return false;
                }
            }
        }
        boolean z = true;
        Map<String, String> sessionAttributes = rule.getSessionAttributes();
        if (sessionAttributes != null && sessionAttributes.size() != 0) {
            if (httpSession != null) {
                Iterator<String> it = sessionAttributes.keySet().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    ?? attribute = httpSession.getAttribute(next);
                    boolean z2 = attribute instanceof List;
                    String str2 = attribute;
                    if (z2) {
                        List list = (List) attribute;
                        str2 = list.get(list.size() - 1);
                    }
                    if (str2 == true && !(str2 instanceof String)) {
                        z = false;
                        break;
                    }
                    if (!matchString(str2, sessionAttributes.get(next))) {
                        z = false;
                        break;
                    }
                }
            } else {
                z = false;
            }
        }
        return z;
    }

    protected boolean matchString(String str, String str2) {
        if (str2 == null && str == null) {
            return true;
        }
        if (str2 != null && str == null) {
            return false;
        }
        if (str2 != null || str == null) {
            return str.matches(str2);
        }
        return false;
    }

    private ApplicationContext getApplicationContext() {
        return WebApplicationContextUtils.getRequiredWebApplicationContext(this.servletContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String listToString(List<String> list) {
        String str = "";
        int size = list.size();
        for (int i = 0; i < size; i++) {
            if (i != 0) {
                str = str + DirectiveConstants.COMMA;
            }
            str = str + list.get(i);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getServerString(HttpServletRequest httpServletRequest) {
        String scheme = httpServletRequest.getScheme();
        int serverPort = httpServletRequest.getServerPort();
        return ((HttpHost.DEFAULT_SCHEME_NAME.equals(scheme) && serverPort == 80) || ("https".equals(scheme) && serverPort == 443)) ? scheme + "://" + httpServletRequest.getServerName() : scheme + "://" + httpServletRequest.getServerName() + ':' + serverPort;
    }

    private String resolve(String str) {
        return resolve(str, this.properties);
    }

    private String resolve(String str, Map<String, String> map) {
        if (str == null) {
            return null;
        }
        Matcher matcher = Pattern.compile("\\{(.+?)\\}").matcher(str);
        StringBuffer stringBuffer = new StringBuffer();
        while (matcher.find()) {
            if (map.containsKey(matcher.group(1))) {
                String resolve = resolve(map.get(matcher.group(1)), map);
                matcher.appendReplacement(stringBuffer, resolve != null ? Matcher.quoteReplacement(resolve) : "null");
            }
        }
        matcher.appendTail(stringBuffer);
        return stringBuffer.toString();
    }
}
