package org.eclnt.jsfserver.util;

import com.lowagie.text.xml.xmp.PdfSchema;
import com.veracode.annotation.CRLFCleanser;
import com.veracode.annotation.XSSCleanser;
import java.io.IOException;
import java.net.URLDecoder;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import net.sf.jasperreports.engine.JRRenderable;
import org.apache.batik.util.XMLConstants;
import org.apache.http.cookie.SM;
import org.eclnt.jsfserver.elements.ThreadData;
import org.eclnt.jsfserver.util.SystemXml;
import org.eclnt.util.log.CLog;
import org.eclnt.util.logdt.IDTLogConstants;
import org.eclnt.util.mitigation.CCMitigation;
import org.eclnt.util.valuemgmt.ValueManager;
import org.jfree.chart.encoders.ImageFormat;
import org.owasp.encoder.Encode;
import org.owasp.esapi.StringUtilities;

/* loaded from: input_file:org/eclnt/jsfserver/util/ServletUtil.class */
public class ServletUtil implements ICCServerConstants {
    public static final String ECLNTID_COOKIE_NAME = "eclnt-id";
    private static boolean ECLNTID_COOKIE_HTTPONLY = true;
    private static String ECLNTID_COOKIE_SECURE = "false";
    private static String ECLNTID_COOKIE_SAMESITE = "Strict";
    static final String COMMENT_writeTrustedDataToResponseOutputStream = "This method is explicitly designed to write any content to the output stream without any sanitzizing of the content. It must only be used of the caller can ensure that the data is coming from trusted sources and that the data is not directly related to user input.";

    /* loaded from: input_file:org/eclnt/jsfserver/util/ServletUtil$GetRequestBlockedByConfigurationException.class */
    public static class GetRequestBlockedByConfigurationException extends RuntimeException {
        public GetRequestBlockedByConfigurationException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:org/eclnt/jsfserver/util/ServletUtil$SessionIsNotAvailableOrInvalidException.class */
    public static class SessionIsNotAvailableOrInvalidException extends ClientToBeReloadedException {
    }

    public static void initialize() {
        createSimpleDateFormatForExpirationDate();
        initClientIdCookieParamHttpOnly(SystemXml.getClientIdManagementCookieHttpOnly());
        initClientIdCookieParamSecure(SystemXml.getClientIdManagementCookieSecure());
        initClientIdCookieParamSameSite(SystemXml.getClientIdManagementCookieSameSite());
    }

    public static void initClientIdCookieParamHttpOnly(boolean z) {
        ECLNTID_COOKIE_HTTPONLY = z;
    }

    public static void initClientIdCookieParamSecure(boolean z) {
        ECLNTID_COOKIE_SECURE = "" + z;
    }

    public static void initClientIdCookieParamSecure(String str) {
        ECLNTID_COOKIE_SECURE = str;
    }

    public static void initClientIdCookieParamSameSite(String str) {
        ECLNTID_COOKIE_SAMESITE = str;
    }

    public static String encodeURL(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return encodeURLExecute(str, httpServletRequest, httpServletResponse, true);
    }

    public static String encodeURLWithoutURLEncoding(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return encodeURLExecute(str, httpServletRequest, httpServletResponse, false);
    }

    private static String encodeURLExecute(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        if (TypeOfSessionMgmt.getSessionMgmtViaCookie()) {
            try {
                str = addQueryParameterToURL(str, ICCServerConstants.QP_SUBPAGEID, ThreadData.getInstance().getSubpageId());
            } catch (Throwable th) {
            }
        } else if (z) {
            str = (httpServletRequest.isRequestedSessionIdFromCookie() || SystemXml.getEncodeEnforceOwnEncoding()) ? toEncoded(str, httpServletRequest.getSession().getId()) : httpServletResponse.encodeURL(str);
        }
        return str;
    }

    public static String decodeURL(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLDecoder.decode(str, "UTF-8");
        } catch (Throwable th) {
            throw new Error("Problem decoding URL " + str, th);
        }
    }

    public static String addQueryParameterToURL(String str, String str2, String str3) {
        int indexOf = str.indexOf("?");
        return indexOf > 0 ? str.substring(0, indexOf + 1) + str2 + XMLConstants.XML_EQUAL_SIGN + str3 + "&" + str.substring(indexOf + 1) : str + "?" + str2 + XMLConstants.XML_EQUAL_SIGN + str3;
    }

    public static void ensureServletGetIsAllowed(Class cls) {
        SystemXml.ServletConfiguration servletConfiguration = SystemXml.getServletConfiguration(cls);
        if (servletConfiguration != null && servletConfiguration.getBlockget()) {
            throw new GetRequestBlockedByConfigurationException(cls.getName());
        }
    }

    public static String isolateResourcePath(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        int indexOf = requestURI.indexOf(";");
        if (indexOf > 0) {
            requestURI = requestURI.substring(0, indexOf);
        }
        String contextPath = httpServletRequest.getContextPath();
        String substring = requestURI.substring(requestURI.indexOf(contextPath) + contextPath.length());
        if (substring.startsWith("/")) {
            substring = substring.substring(1);
        }
        return substring;
    }

    public static String findWebappCookiePath(HttpServletRequest httpServletRequest) {
        String isolateOriginalUrlWebappContextPath = isolateOriginalUrlWebappContextPath(httpServletRequest);
        return isolateOriginalUrlWebappContextPath == null ? "/" : isolateOriginalUrlWebappContextPath;
    }

    public static String isolateOriginalUrlWebappContextPath(HttpServletRequest httpServletRequest) {
        try {
            String header = httpServletRequest.getHeader(ICCServerConstants.HEADER_ATTRIBUTE_ORIGINALURL);
            String substring = header.substring(0, header.indexOf("/faces/"));
            return substring.substring(substring.indexOf("/", substring.indexOf("://") + 3));
        } catch (Throwable th) {
            return null;
        }
    }

    public static String isolateOriginalProtocol(HttpServletRequest httpServletRequest, boolean z) {
        try {
            String header = httpServletRequest.getHeader(ICCServerConstants.HEADER_ATTRIBUTE_ORIGINALURL);
            if (header == null) {
                throw new Exception("Could not find header attribute in URL: eclnt-originalurl");
            }
            return header.substring(0, header.indexOf("://"));
        } catch (Throwable th) {
            if (z) {
                throw new Error("The original protocol is not visible in the request passed: " + httpServletRequest.getRequestURI(), th);
            }
            return null;
        }
    }

    public static String isolateOriginalServer(HttpServletRequest httpServletRequest, boolean z) {
        try {
            String header = httpServletRequest.getHeader(ICCServerConstants.HEADER_ATTRIBUTE_ORIGINALURL);
            if (header == null) {
                throw new Exception("Could not find header attribute in URL: eclnt-originalurl");
            }
            int indexOf = header.indexOf("://");
            int indexOf2 = header.indexOf(":", indexOf + 3);
            int indexOf3 = header.indexOf("/", indexOf + 3);
            int i = indexOf3;
            if (indexOf2 >= 0 && indexOf2 < indexOf3) {
                i = indexOf2;
            }
            return header.substring(indexOf + 3, i);
        } catch (Throwable th) {
            if (z) {
                throw new Error("The original protocol is not visible in the request passed: " + httpServletRequest.getRequestURI(), th);
            }
            return null;
        }
    }

    private static String toEncoded(String str, String str2) {
        if (str == null || str2 == null) {
            return str;
        }
        String str3 = str;
        String str4 = "";
        String str5 = "";
        int indexOf = str.indexOf(63);
        if (indexOf >= 0) {
            str3 = str.substring(0, indexOf);
            str4 = str.substring(indexOf);
        }
        int indexOf2 = str3.indexOf(35);
        if (indexOf2 >= 0) {
            str5 = str3.substring(indexOf2);
            str3 = str3.substring(0, indexOf2);
        }
        StringBuffer stringBuffer = new StringBuffer(str3);
        if (stringBuffer.length() > 0) {
            stringBuffer.append(";");
            stringBuffer.append(SystemXml.getEncodenamejsessionid());
            stringBuffer.append(XMLConstants.XML_EQUAL_SIGN);
            stringBuffer.append(str2);
        }
        stringBuffer.append(str5);
        stringBuffer.append(str4);
        return stringBuffer.toString();
    }

    public static String updateResource(HttpServletRequest httpServletRequest, String str) {
        return str;
    }

    public static String proposeContentType(String str) {
        if (str == null || str.trim().length() == 0) {
            return "application/octet-stream";
        }
        String lowerCaseId = ValueManager.toLowerCaseId(str);
        return ("html".equals(lowerCaseId) || "htm".equals(lowerCaseId)) ? ICCServerConstants.TEXTPANE_CONTENTTYPE_HTML : "css".equals(lowerCaseId) ? "text/css" : "js".equals(lowerCaseId) ? "text/javascript" : IDTLogConstants.FILE_BASEEXTENSION.equals(lowerCaseId) ? "text/plain" : ("jpg".equals(lowerCaseId) || ImageFormat.JPEG.equals(lowerCaseId)) ? "image/jpg" : ImageFormat.PNG.equals(lowerCaseId) ? JRRenderable.MIME_TYPE_PNG : ImageFormat.GIF.equals(lowerCaseId) ? JRRenderable.MIME_TYPE_GIF : "giff".equals(lowerCaseId) ? "image/giff" : "svg".equals(lowerCaseId) ? "image/svg+xml" : ("tif".equals(lowerCaseId) || "tiff".equals(lowerCaseId)) ? "image/tif" : PdfSchema.DEFAULT_XPATH_ID.equals(lowerCaseId) ? "application/pdf" : "mp3".equals(lowerCaseId) ? "audio/mpeg" : "mp4".equals(lowerCaseId) ? "video/mp4" : "webm".equals(lowerCaseId) ? "video/webm" : "xlsx".equals(lowerCaseId) ? "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" : XMLConstants.XML_PREFIX.equals(lowerCaseId) ? "application/xml" : "json".equals(lowerCaseId) ? "application/json" : "application/" + lowerCaseId;
    }

    public static void writeEclntIdCookie(HttpServletResponse httpServletResponse, String str) {
        String str2 = ECLNTID_COOKIE_SECURE;
        writeCookie(httpServletResponse, ECLNTID_COOKIE_NAME, null, str, ECLNTID_COOKIE_HTTPONLY, ECLNTID_COOKIE_SAMESITE, "auto".equals(str2) ? HttpSessionAccess.checkIfCurrentSessionWasStartedByHttps() : ValueManager.decodeBoolean(str2, false));
    }

    public static void writeCookie(HttpServletResponse httpServletResponse, String str, String str2, String str3, boolean z, String str4, boolean z2) {
        if (httpServletResponse == null) {
            return;
        }
        String sanitizeCookieValue = sanitizeCookieValue(str3);
        String sanitizeCookieValue2 = sanitizeCookieValue(str2);
        String sanitizeCookieValue3 = sanitizeCookieValue(str4);
        String str5 = str + XMLConstants.XML_EQUAL_SIGN + sanitizeCookieValue + ";";
        if (sanitizeCookieValue2 != null) {
            str5 = str5 + " Path=" + sanitizeCookieValue2 + ";";
        }
        if (z) {
            str5 = str5 + " HttpOnly;";
        }
        if (sanitizeCookieValue3 != null) {
            str5 = str5 + " SameSite=" + sanitizeCookieValue3 + ";";
        }
        if (z2) {
            str5 = str5 + " secure;";
        }
        httpServletResponse.addHeader(SM.SET_COOKIE, str5 + " Expires=" + calculateExpirationDateForever());
    }

    public static String calculateExpirationDateForever() {
        return createSimpleDateFormatForExpirationDate().format(new Date(System.currentTimeMillis() + 864000000000L));
    }

    public static void ensureSessionIsAvailableAndValid(HttpServletRequest httpServletRequest) throws SessionIsNotAvailableOrInvalidException {
        try {
            HttpSession session = httpServletRequest.getSession(false);
            if (session != null) {
                session.setAttribute("cctestsession", "cctestsession");
                return;
            }
        } catch (Throwable th) {
        }
        throw new SessionIsNotAvailableOrInvalidException();
    }

    public static boolean checkIfRISCUrlStartedInDevelopmentMode(HttpServletRequest httpServletRequest) {
        if ("true".equals(httpServletRequest.getParameter("ccprodmode"))) {
            return false;
        }
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        return stringBuffer.startsWith("http://localhost") || stringBuffer.startsWith("https://localhost");
    }

    public static String getPathBehindContextPath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
    }

    public static void setResponseContentType(HttpServletResponse httpServletResponse, String str) {
        if (httpServletResponse == null || str == null) {
            return;
        }
        httpServletResponse.setContentType(sanitizeContentType(str));
    }

    public static void setResponseHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        if (httpServletResponse == null || str == null || str2 == null) {
            return;
        }
        addHeaderByESAPICode(httpServletResponse, str, str2);
    }

    private static void addHeaderByESAPICode(HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            String replaceLinearWhiteSpace = StringUtilities.replaceLinearWhiteSpace(str);
            String replaceLinearWhiteSpace2 = StringUtilities.replaceLinearWhiteSpace(str2);
            boolean checkIfStringMatchesRegularExpression = ValueManager.checkIfStringMatchesRegularExpression(replaceLinearWhiteSpace, "^[a-zA-Z0-9\\\\\\-_]{1,32}$");
            boolean checkIfStringMatchesRegularExpression2 = ValueManager.checkIfStringMatchesRegularExpression(replaceLinearWhiteSpace2, "^[a-zA-Z0-9()'\\\\\\-=\\*\\.\\?;,+\\/:&_ ]*$");
            if (!checkIfStringMatchesRegularExpression) {
                throw new Exception("Name does not meet regex: ^[a-zA-Z0-9\\\\\\-_]{1,32}$");
            }
            if (!checkIfStringMatchesRegularExpression2) {
                throw new Exception("Value does not meet regex^[a-zA-Z0-9()'\\\\\\-=\\*\\.\\?;,+\\/:&_ ]*$");
            }
            httpServletResponse.setHeader(replaceLinearWhiteSpace, replaceLinearWhiteSpace2);
        } catch (Throwable th) {
            throw new Error("ESAPI does not accept header: " + str + ": " + str2, th);
        }
    }

    public static String sanitizeContentType(String str) {
        return Encode.forJava(str);
    }

    public static String sanitizeCookieValue(String str) {
        return Encode.forJava(str);
    }

    public static String readRequestParameterFromDesignTimeRequest(HttpServletRequest httpServletRequest, String str) {
        if (checkIfRequestIsDesignTimerRequest(httpServletRequest)) {
            return httpServletRequest.getParameter(str);
        }
        return null;
    }

    public static void ensureRequestIsDesignTimeRequest(HttpServletRequest httpServletRequest) {
        if (!checkIfRequestIsDesignTimerRequest(httpServletRequest)) {
            throw new Error("The request must only be executed in a design time environment of the server.");
        }
    }

    public static boolean checkIfRequestIsDesignTimerRequest(HttpServletRequest httpServletRequest) {
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        return stringBuffer.startsWith("http://localhost") || stringBuffer.startsWith("https://localhost");
    }

    private static SimpleDateFormat createSimpleDateFormatForExpirationDate() {
        try {
            TimeZone timeZone = TimeZone.getTimeZone("GMT");
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, dd-MMM-yyyy HH:mm:ss zzz", new Locale("en", "EN"));
            simpleDateFormat.setTimeZone(timeZone);
            return simpleDateFormat;
        } catch (Throwable th) {
            CLog.L.log(CLog.LL_ERR, "Problem occurred createing SimpleDateFormat", th);
            throw new Error("Problem occurred createing SimpleDateFormat", th);
        }
    }

    public static void setSessionAttributeWithTrustedName(HttpSession httpSession, String str, Object obj) {
        httpSession.setAttribute(str, obj);
    }

    @CCMitigation(cweIds = {"113"}, comment = COMMENT_writeTrustedDataToResponseOutputStream)
    @XSSCleanser
    @CRLFCleanser
    public static void writeTrustedDataToResponseOutputStream(HttpServletResponse httpServletResponse, byte[] bArr) throws IOException {
        httpServletResponse.getOutputStream().write(bArr);
    }

    public static String addFileNameAdviceIntoURL(String str, String str2) {
        if (str2 == null || str2.trim().length() == 0) {
            return str;
        }
        int lastIndexOf = str2.lastIndexOf("/");
        if (lastIndexOf >= 0) {
            str2 = str2.substring(lastIndexOf + 1);
        }
        int lastIndexOf2 = str2.lastIndexOf("\\");
        if (lastIndexOf2 >= 0) {
            str2 = str2.substring(lastIndexOf2 + 1);
        }
        int indexOf = str.indexOf(63);
        return indexOf < 0 ? str + ";filename=/" + str2 : str.substring(0, indexOf) + ";filename=/" + str2 + str.substring(indexOf);
    }
}
