package blackboard.platform.security;

import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.authentication.BbSecurityException;
import blackboard.platform.user.MyPlacesUtil;
import blackboard.util.StringUtil;
import blackboard.util.UrlUtil;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.NameValuePair;

/* loaded from: input_file:blackboard/platform/security/UrlParameterLock.class */
public class UrlParameterLock {
    protected static final String SECURITY_PARAMETER = "cR2XilcGYOo";
    private static final String REGEX_REMOVE_PARAM_STR = String.format("&%s(=[^&]*)?(?=&|$)|^%s(=[^&]*)?(&|$)", SECURITY_PARAMETER, SECURITY_PARAMETER);
    private static final String PATTERN_REMOVE_PARAM_STR = "&([^=&]*)%s(=[^&]*)?(?=&|$)|^([^=&]*)%s(=[^&]*)?(&|$)";
    protected static final String SECURITY_PARAMETER_SINGLE_POSTFIX = "j61e2KiA00M";
    private static final String REGEX_REMOVE_PARAM_SINGEL_STR = String.format(PATTERN_REMOVE_PARAM_STR, SECURITY_PARAMETER_SINGLE_POSTFIX, SECURITY_PARAMETER_SINGLE_POSTFIX);
    private static Pattern REGEX_REMOVE_PARAM = Pattern.compile(REGEX_REMOVE_PARAM_STR);
    private static Pattern REGEX_REMOVE_PARAM_SINGLE = Pattern.compile(REGEX_REMOVE_PARAM_SINGEL_STR);
    private static final UrlParameterLock INSTANCE = new UrlParameterLock();

    private UrlParameterLock() {
    }

    public static UrlParameterLock getInstance() {
        return INSTANCE;
    }

    public NameValuePair getSecureUrlParameter(NameValuePair nameValuePair) {
        if (nameValuePair == null) {
            return null;
        }
        return new NameValuePair(nameValuePair.getName() + SECURITY_PARAMETER_SINGLE_POSTFIX, calculateSingleHash(nameValuePair.getName(), nameValuePair.getValue()));
    }

    public String secureUrlParameter(String str, String str2) {
        Map<String, List<String>> paramMapForParam = getParamMapForParam(str, str2);
        return paramMapForParam == null ? str : UrlUtil.addParameterToUrl(stripParameterOfSecurity(str, str2), str2 + SECURITY_PARAMETER_SINGLE_POSTFIX, calculateSingleHash(str2, paramMapForParam.get(str2), false), true);
    }

    public String secureUrlParameters(String str) {
        String queryString = UrlUtil.getQueryString(str);
        return StringUtil.isEmpty(queryString) ? str : UrlUtil.addParameterToUrl(stripUrlOfSecurity(str), SECURITY_PARAMETER, calculateHash(queryString), true);
    }

    public void verifyUrlParameters(HttpServletRequest httpServletRequest, boolean z) throws SecurityException {
        String queryString = httpServletRequest.getQueryString();
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        verifyUrlParameters((StringUtil.isEmpty(queryString) ? requestURL : requestURL.append("?").append(queryString)).toString(), z);
    }

    public void verifyUrlParameters(String str, boolean z) throws SecurityException {
        Map<String, List<String>> parameterMapping = UrlUtil.getParameterMapping(str);
        if (z && !parameterMapping.containsKey(SECURITY_PARAMETER)) {
            throw new SecurityException("Secure token required but missing from the URL");
        }
        verifyUrlParametersTotalLock(str);
        Iterator<String> it = parameterMapping.keySet().iterator();
        while (it.hasNext()) {
            verifyUrlParameter(it.next(), parameterMapping);
        }
    }

    private void verifyUrlParameter(String str, Map<String, List<String>> map) throws SecurityException {
        if (isSecurityParameter(str)) {
            return;
        }
        if (!map.containsKey(str)) {
            throw new IllegalArgumentException(String.format("Url does not contain parameter [%s]", str));
        }
        String str2 = str + SECURITY_PARAMETER_SINGLE_POSTFIX;
        if (map.containsKey(str2)) {
            List<String> list = map.get(str2);
            if (list.isEmpty() || StringUtil.isEmpty(list.get(0))) {
                throw new SecurityException(String.format("Unverifiable secure url detected for parameter [%s]", str));
            }
            String str3 = list.get(0);
            if (!str3.equals(calculateSingleHash(str, map.get(str), false)) && !str3.equals(calculateSingleHash(str, map.get(str), true))) {
                throw new SecurityException(String.format("Secure url verification failure for parameter [%s]", str));
            }
        }
    }

    private void verifyUrlParametersTotalLock(String str) throws SecurityException {
        Map<String, List<String>> parameterMapping = UrlUtil.getParameterMapping(str);
        if (parameterMapping.containsKey(SECURITY_PARAMETER)) {
            List<String> list = parameterMapping.get(SECURITY_PARAMETER);
            if (list.isEmpty() || StringUtil.isEmpty(list.get(0))) {
                throw new SecurityException("Unverifiable secure url detected");
            }
            if (!list.get(0).equals(calculateHash(UrlUtil.getQueryString(str)))) {
                throw new SecurityException("Secure url verification failure");
            }
        }
    }

    protected String stripParameterOfSecurity(String str, String str2) {
        String str3 = str2 + SECURITY_PARAMETER_SINGLE_POSTFIX;
        return Pattern.compile(String.format(PATTERN_REMOVE_PARAM_STR, str3, str3)).matcher(str).replaceAll("");
    }

    protected String stripUrlOfSecurity(String str) {
        return REGEX_REMOVE_PARAM_SINGLE.matcher(REGEX_REMOVE_PARAM.matcher(str).replaceAll("")).replaceAll("");
    }

    private String calculateSingleHash(String str, List<String> list, boolean z) {
        if (list == null || list.size() < 1) {
            return calculateHash(str);
        }
        String str2 = list.get(0);
        return calculateSingleHash(str, z ? urlDecode(str2) : str2);
    }

    private String calculateSingleHash(String str, String str2) {
        return StringUtil.isEmpty(str2) ? calculateHash(str) : calculateHash(str + MyPlacesUtil.SEPARATOR + str2);
    }

    private String calculateHash(String str) {
        try {
            return DigitalSignatureSecretUtil.getSignature(stripUrlOfSecurity(str));
        } catch (BbSecurityException e) {
            LogServiceFactory.getInstance().logError("Unable to secure url parameters due to error", e);
            return "";
        }
    }

    private boolean isSecurityParameter(String str) {
        return str.equals(SECURITY_PARAMETER) || str.endsWith(SECURITY_PARAMETER_SINGLE_POSTFIX);
    }

    private Map<String, List<String>> getParamMapForParam(String str, String str2) {
        String queryString = UrlUtil.getQueryString(str);
        if (StringUtil.isEmpty(queryString)) {
            return null;
        }
        Map<String, List<String>> parameterMapping = UrlUtil.getParameterMapping(queryString);
        if (parameterMapping.containsKey(str2)) {
            return parameterMapping;
        }
        return null;
    }

    protected static String urlDecode(String str) {
        return UrlUtil.decodeUrl(str);
    }
}
