package nl.nn.adapterframework.webcontrol;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import nl.nn.adapterframework.util.LogUtil;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/webcontrol/ParamWrapperFilter.class */
public class ParamWrapperFilter implements Filter {
    private static final Log LOG = LogFactory.getLog(ParamWrapperFilter.class);
    protected Logger iaflog = LogUtil.getLogger(this);
    private static final String DEFAULT_BLACKLIST_PATTERN = "(.*\\.|^|.*|\\[('|\"))(c|C)lass(\\.|('|\")]|\\[).*";
    private static final String INIT_PARAM_NAME = "excludeParams";
    private Pattern pattern;

    /* loaded from: input_file:WEB-INF/lib/ibis-adapterframework-core-7.1-B1.jar:nl/nn/adapterframework/webcontrol/ParamWrapperFilter$ParamFilteredRequest.class */
    static class ParamFilteredRequest extends HttpServletRequestWrapper {
        private static final int BUFFER_SIZE = 128;
        private static final String CONTENT_LENGTH_PATTERN = "(?i)content-length";
        private final String body;
        private final Pattern pattern;
        private final Pattern content_length_pattern;
        private boolean read_stream;

        public ParamFilteredRequest(ServletRequest servletRequest, Pattern pattern) {
            super((HttpServletRequest) servletRequest);
            this.read_stream = false;
            this.pattern = pattern;
            this.content_length_pattern = Pattern.compile(CONTENT_LENGTH_PATTERN, 32);
            StringBuilder sb = new StringBuilder();
            BufferedReader bufferedReader = null;
            try {
                try {
                    ServletInputStream inputStream = servletRequest.getInputStream();
                    if (inputStream != null) {
                        String characterEncoding = getCharacterEncoding();
                        bufferedReader = characterEncoding == null ? new BufferedReader(new InputStreamReader(inputStream)) : new BufferedReader(new InputStreamReader((InputStream) inputStream, characterEncoding));
                        char[] cArr = new char[128];
                        while (true) {
                            int read = bufferedReader.read(cArr);
                            if (read <= 0) {
                                break;
                            } else {
                                sb.append(cArr, 0, read);
                            }
                        }
                    } else {
                        sb.append("");
                    }
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            logCatchedException(e);
                        }
                    }
                } catch (IOException e2) {
                    logCatchedException(e2);
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                            logCatchedException(e3);
                        }
                    }
                }
                this.body = sb.toString();
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        logCatchedException(e4);
                    }
                }
                throw th;
            }
        }

        public Enumeration getParameterNames() {
            ArrayList arrayList = new ArrayList();
            for (String str : Collections.list(super.getParameterNames())) {
                if (!this.pattern.matcher(str).matches()) {
                    arrayList.add(str);
                }
            }
            return Collections.enumeration(arrayList);
        }

        public ServletInputStream getInputStream() throws IOException {
            ByteArrayInputStream byteArrayInputStream;
            if (ParamWrapperFilter.LOG.isTraceEnabled()) {
                ParamWrapperFilter.LOG.trace(this.body);
            }
            if (this.pattern.matcher(this.body).matches()) {
                if (ParamWrapperFilter.LOG.isWarnEnabled()) {
                    ParamWrapperFilter.LOG.warn("[getInputStream]: found body to match blacklisted parameter pattern");
                }
                byteArrayInputStream = new ByteArrayInputStream("".getBytes());
            } else if (this.read_stream) {
                byteArrayInputStream = new ByteArrayInputStream("".getBytes());
            } else {
                if (ParamWrapperFilter.LOG.isDebugEnabled()) {
                    ParamWrapperFilter.LOG.debug("[getInputStream]: OK - body does not match blacklisted parameter pattern");
                }
                byteArrayInputStream = new ByteArrayInputStream(this.body.getBytes());
                this.read_stream = true;
            }
            final ByteArrayInputStream byteArrayInputStream2 = byteArrayInputStream;
            return new ServletInputStream() { // from class: nl.nn.adapterframework.webcontrol.ParamWrapperFilter.ParamFilteredRequest.1
                public int read() throws IOException {
                    return byteArrayInputStream2.read();
                }
            };
        }

        public String getHeader(String str) {
            return (this.pattern.matcher(this.body).matches() && this.content_length_pattern.matcher(str).matches()) ? "0" : super.getHeader(str);
        }

        public int getContentLength() {
            if (this.pattern.matcher(this.body).matches()) {
                return 0;
            }
            return super.getContentLength();
        }

        private void logCatchedException(IOException iOException) {
            ParamWrapperFilter.LOG.error("[ParamFilteredRequest]: Exception catched: ", iOException);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(INIT_PARAM_NAME);
        String str = (initParameter == null || initParameter.trim().length() <= 0) ? DEFAULT_BLACKLIST_PATTERN : initParameter;
        this.iaflog.info("INFO Message: Struts1 'do'-Filter active");
        this.pattern = Pattern.compile(str, 32);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.getParameterMap();
        ParamFilteredRequest paramFilteredRequest = null;
        if (servletRequest instanceof HttpServletRequest) {
            paramFilteredRequest = new ParamFilteredRequest(servletRequest, this.pattern);
        }
        if (paramFilteredRequest != null) {
            filterChain.doFilter(paramFilteredRequest, servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
