package blackboard.xss.request;

import blackboard.base.NameValue;
import blackboard.platform.user.MyPlacesUtil;
import blackboard.util.StringUtil;
import blackboard.util.URLUTF8Encoder;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:blackboard/xss/request/BaseXssRequestWrapper.class */
public abstract class BaseXssRequestWrapper extends HttpServletRequestWrapper {
    private static final Pattern PATTERN_HEX_CHARACTERS = Pattern.compile("%[0-9a-fA-F]{2}");
    private static final String UNFILTERED_MULTIPART_ATTRIBUTE = "XssFilterRequestWrapper.unfiltered.multipart.params";
    private static final String MULTIPART_BOUNDARY_DEF = "boundary=";
    private final boolean _multipart;
    private final String _multipartBoundary;
    private final Map<String, List<String>> _unfilteredMultipartParameters;
    private final Map<NameValue, String> _filteredParameters;

    protected abstract String filter(String str, String str2);

    protected abstract ServletInputStream getFilteredInputStream(ServletInputStream servletInputStream, byte[] bArr, Map<String, List<String>> map) throws IOException;

    public BaseXssRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this._filteredParameters = new HashMap();
        String contentType = httpServletRequest.getContentType();
        if (!StringUtil.notEmpty(contentType) || !contentType.toLowerCase().startsWith("multipart/form-data") || contentType.lastIndexOf(MULTIPART_BOUNDARY_DEF) < 0) {
            this._multipart = false;
            this._multipartBoundary = null;
            this._unfilteredMultipartParameters = null;
        } else {
            this._multipart = true;
            this._multipartBoundary = "--" + contentType.substring(contentType.lastIndexOf(MULTIPART_BOUNDARY_DEF) + MULTIPART_BOUNDARY_DEF.length());
            this._unfilteredMultipartParameters = new HashMap();
            httpServletRequest.setAttribute(UNFILTERED_MULTIPART_ATTRIBUTE, this._unfilteredMultipartParameters);
        }
    }

    public ServletInputStream getInputStream() throws IOException {
        byte[] bytes;
        ServletInputStream inputStream = super.getInputStream();
        if (!this._multipart) {
            return inputStream;
        }
        try {
            bytes = this._multipartBoundary.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            bytes = this._multipartBoundary.getBytes();
        }
        return getFilteredInputStream(inputStream, bytes, this._unfilteredMultipartParameters);
    }

    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    public String getQueryString() {
        String str = null;
        String queryString = getRequest().getQueryString();
        if (StringUtil.notEmpty(queryString)) {
            StringBuilder sb = new StringBuilder();
            StringTokenizer stringTokenizer = new StringTokenizer(queryString, "&", false);
            while (stringTokenizer.hasMoreElements()) {
                String[] split = ((String) stringTokenizer.nextElement()).split(MyPlacesUtil.SEPARATOR, 2);
                String str2 = split[0];
                String str3 = split.length > 1 ? split[1] : "";
                String encode = PATTERN_HEX_CHARACTERS.matcher(str3).find() ? URLUTF8Encoder.encode(doFilter(str2, URLUTF8Encoder.decode(str3))) : doFilter(str2, str3);
                if (StringUtil.notEmpty(encode)) {
                    sb.append(String.format("%s=%s", str2, encode));
                } else {
                    sb.append(str2);
                }
                if (stringTokenizer.hasMoreElements()) {
                    sb.append('&');
                }
            }
            str = sb.toString();
        }
        return str;
    }

    public Map getParameterMap() {
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : getRequest().getParameterMap().entrySet()) {
            String[] strArr = new String[((String[]) entry.getValue()).length];
            hashMap.put(entry.getKey(), strArr);
            int i = 0;
            for (String str : (String[]) entry.getValue()) {
                int i2 = i;
                i++;
                strArr[i2] = doFilter((String) entry.getKey(), str);
            }
        }
        return hashMap;
    }

    public String getParameter(String str) {
        String parameter = getRequest().getParameter(str);
        if (parameter != null) {
            parameter = doFilter(str, parameter);
        }
        return parameter;
    }

    public String[] getParameterValues(String str) {
        String[] strArr = null;
        String[] parameterValues = getRequest().getParameterValues(str);
        if (parameterValues != null) {
            strArr = new String[parameterValues.length];
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = doFilter(str, parameterValues[i]);
            }
        }
        return strArr;
    }

    private String doFilter(String str, String str2) {
        NameValue nameValue = new NameValue(str, str2);
        if (this._filteredParameters.containsKey(nameValue)) {
            return this._filteredParameters.get(nameValue);
        }
        String filter = filter(str, str2);
        this._filteredParameters.put(nameValue, filter);
        return filter;
    }

    public static String getUnfilteredParameter(HttpServletRequest httpServletRequest, String str) {
        List list;
        HttpServletRequest unfilteredRequest = getUnfilteredRequest(httpServletRequest);
        Map map = (Map) httpServletRequest.getAttribute(UNFILTERED_MULTIPART_ATTRIBUTE);
        String str2 = null;
        if (map != null && (list = (List) map.get(str)) != null && !list.isEmpty()) {
            str2 = (String) list.get(0);
        }
        if (str2 == null) {
            str2 = unfilteredRequest.getParameter(str);
        }
        return str2;
    }

    public static String[] getUnfilteredParameterValues(HttpServletRequest httpServletRequest, String str) {
        List list;
        HttpServletRequest unfilteredRequest = getUnfilteredRequest(httpServletRequest);
        Map map = (Map) httpServletRequest.getAttribute(UNFILTERED_MULTIPART_ATTRIBUTE);
        String[] strArr = null;
        if (map != null && (list = (List) map.get(str)) != null && !list.isEmpty()) {
            strArr = (String[]) list.toArray(new String[list.size()]);
        }
        if (strArr == null) {
            strArr = unfilteredRequest.getParameterValues(str);
        }
        return strArr;
    }

    private static HttpServletRequest getUnfilteredRequest(HttpServletRequest httpServletRequest) {
        HttpServletRequest httpServletRequest2;
        HttpServletRequest httpServletRequest3 = httpServletRequest;
        while (true) {
            httpServletRequest2 = httpServletRequest3;
            if (httpServletRequest2 == null) {
                break;
            }
            if (!(httpServletRequest2 instanceof HttpServletRequestWrapper)) {
                httpServletRequest2 = httpServletRequest;
                break;
            }
            if (httpServletRequest2 instanceof BaseXssRequestWrapper) {
                httpServletRequest2 = ((BaseXssRequestWrapper) httpServletRequest2).getRequest();
                break;
            }
            httpServletRequest3 = ((ServletRequestWrapper) httpServletRequest2).getRequest();
        }
        return httpServletRequest2;
    }
}
