package org.codehaus.plexus.redback.struts2.filter;

import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/codehaus/plexus/redback/struts2/filter/RedbackCSRFResponseWrapper.class */
public class RedbackCSRFResponseWrapper extends HttpServletResponseWrapper {
    protected String nonce;
    private Logger log;

    public RedbackCSRFResponseWrapper(HttpServletResponse httpServletResponse) {
        super(httpServletResponse);
        this.log = LoggerFactory.getLogger(RedbackCSRFResponseWrapper.class);
    }

    public RedbackCSRFResponseWrapper(HttpServletResponse httpServletResponse, String str) {
        super(httpServletResponse);
        this.log = LoggerFactory.getLogger(RedbackCSRFResponseWrapper.class);
        this.nonce = str;
    }

    @Deprecated
    public String encodeRedirectUrl(String str) {
        return encodeRedirectURL(str);
    }

    public String encodeRedirectURL(String str) {
        return addNonce(super.encodeRedirectURL(str));
    }

    @Deprecated
    public String encodeUrl(String str) {
        return encodeURL(str);
    }

    public String encodeURL(String str) {
        return addNonce(super.encodeURL(str));
    }

    protected String addNonce(String str) {
        String substring;
        while (StringUtils.contains(str, "csrf_nonce")) {
            int indexOf = StringUtils.indexOf(str, "csrf_nonce");
            int indexOf2 = StringUtils.indexOf(str, '&', indexOf);
            if (indexOf2 == -1) {
                substring = StringUtils.substring(str, indexOf);
                if (str.charAt(indexOf - 1) == '?') {
                    substring = "?" + substring;
                } else if (str.charAt(indexOf - 1) == '&') {
                    substring = "&" + substring;
                }
            } else {
                substring = StringUtils.substring(str, indexOf, indexOf2 + 1);
            }
            str = StringUtils.replace(str, substring, "");
        }
        this.log.debug("'csrf_nonce' stripped URL :: " + str);
        if (str == null || this.nonce == null) {
            return str;
        }
        String str2 = str;
        String str3 = "";
        String str4 = "";
        int indexOf3 = str2.indexOf(35);
        if (indexOf3 >= 0) {
            str4 = str2.substring(indexOf3);
            str2 = str2.substring(0, indexOf3);
        }
        int indexOf4 = str2.indexOf(63);
        if (indexOf4 >= 0) {
            str3 = str2.substring(indexOf4);
            str2 = str2.substring(0, indexOf4);
        }
        StringBuilder sb = new StringBuilder(str2);
        if (str3.length() > 0) {
            sb.append(str3);
            sb.append('&');
        } else {
            sb.append('?');
        }
        sb.append("csrf_nonce");
        sb.append('=');
        sb.append(escapeNonce(this.nonce));
        sb.append(str4);
        this.log.debug("URL with nonce : " + sb.toString());
        return sb.toString();
    }

    private String escapeNonce(String str) {
        return StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(StringUtils.replace(str, "+", "%2B"), "?", "%3F"), "&", "%26"), "=", "%3D"), ",", "%2C");
    }
}
