package blackboard.platform.servlet;

import blackboard.platform.extension.service.ExtensionRegistryFactory;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.proxytool.impl.OAuthSecurityProfileArgs;
import blackboard.platform.servlet.ext.NonceCheckExclusionExtension;
import blackboard.util.UrlUtil;
import java.io.IOException;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:blackboard/platform/servlet/DevNonceFilter.class */
public class DevNonceFilter implements Filter {
    private static final String NONCE_CHECKED = "development.mode.nonce.checked";
    private static boolean _devMode = false;
    private static Set<String> _loggedPaths = new HashSet();

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Boolean bool;
        try {
            if (_devMode && (servletResponse instanceof HttpServletResponse)) {
                ((HttpServletResponse) servletResponse).addHeader("X-Blackboard-noncefilter", Boolean.toString(_devMode));
            }
            filterChain.doFilter(servletRequest, servletResponse);
            if (_devMode && (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse) && OAuthSecurityProfileArgs.METHOD_POST.equals(((HttpServletRequest) servletRequest).getMethod())) {
                Boolean bool2 = (Boolean) servletRequest.getAttribute(NONCE_CHECKED);
                if (bool2 == null || !bool2.booleanValue()) {
                    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
                    String requestURI = httpServletRequest.getRequestURI();
                    String constructQueryString = UrlUtil.constructQueryString(httpServletRequest);
                    if (knownSafePOSTorLoggedAlready(httpServletRequest, requestURI)) {
                        return;
                    }
                    LogServiceFactory.getInstance().logWarning("NONCEWARNING: No nonce check on: " + requestURI + "?" + constructQueryString);
                }
            }
        } catch (Throwable th) {
            if (_devMode && (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse) && OAuthSecurityProfileArgs.METHOD_POST.equals(((HttpServletRequest) servletRequest).getMethod()) && ((bool = (Boolean) servletRequest.getAttribute(NONCE_CHECKED)) == null || !bool.booleanValue())) {
                HttpServletRequest httpServletRequest2 = (HttpServletRequest) servletRequest;
                String requestURI2 = httpServletRequest2.getRequestURI();
                String constructQueryString2 = UrlUtil.constructQueryString(httpServletRequest2);
                if (!knownSafePOSTorLoggedAlready(httpServletRequest2, requestURI2)) {
                    LogServiceFactory.getInstance().logWarning("NONCEWARNING: No nonce check on: " + requestURI2 + "?" + constructQueryString2);
                }
            }
            throw th;
        }
    }

    private boolean knownSafePOSTorLoggedAlready(HttpServletRequest httpServletRequest, String str) {
        if (str == null || str.indexOf("dwr_open/call/plaincall") != -1 || str.indexOf("/webapps/login/") != -1) {
            return true;
        }
        Collection extensions = ExtensionRegistryFactory.getInstance().getExtensions(NonceCheckExclusionExtension.EXTENSION_POINT);
        if (extensions != null) {
            Iterator it = extensions.iterator();
            while (it.hasNext()) {
                Boolean knownSafePOSTorLoggedAlready = ((NonceCheckExclusionExtension) it.next()).knownSafePOSTorLoggedAlready(httpServletRequest, str);
                if (knownSafePOSTorLoggedAlready != null) {
                    return knownSafePOSTorLoggedAlready.booleanValue();
                }
            }
        }
        if (_loggedPaths.contains(str)) {
            return true;
        }
        _loggedPaths.add(str);
        return false;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public static void clearLoggedPaths() {
        _loggedPaths.clear();
        LogServiceFactory.getInstance().logWarning("NONCEWARNING: Paths cleared");
    }

    public static void setDevMode(boolean z) {
        _devMode = z;
        LogServiceFactory.getInstance().logWarning("NONCEFILTER: " + (_devMode ? "Enabled" : "Disabled"));
    }

    public static boolean getDevMode() {
        return _devMode;
    }

    public static void recordNonceCheck(HttpServletRequest httpServletRequest) {
        if (_devMode) {
            httpServletRequest.setAttribute(NONCE_CHECKED, Boolean.TRUE);
        }
    }
}
