package org.apache.geronimo.console.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/console-filter-2.2.jar:org/apache/geronimo/console/filter/XSSXSRFFilter.class */
public class XSSXSRFFilter implements Filter, HttpSessionListener {
    private static final Logger log = LoggerFactory.getLogger(XSSXSRFFilter.class);
    private XSSHandler xss = new XSSHandler();
    private XSRFHandler xsrf = new XSRFHandler();
    private boolean enableXSS = true;
    private boolean enableXSRF = true;

    public void init(FilterConfig filterConfig) throws ServletException {
        log.debug("init() called");
        String initParameter = filterConfig.getInitParameter("enableXSS");
        String initParameter2 = filterConfig.getInitParameter("enableXSRF");
        if (initParameter != null && initParameter.equals("false")) {
            this.enableXSS = false;
        }
        if (initParameter2 == null || !initParameter2.equals("false")) {
            return;
        }
        this.enableXSRF = false;
    }

    public void sessionCreated(HttpSessionEvent httpSessionEvent) {
        log.debug("sessionCreated() called for sesId=" + httpSessionEvent.getSession().getId());
    }

    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
        log.debug("sessionDestroyed() called for sesId=" + httpSessionEvent.getSession().getId());
        this.xsrf.destroySession(httpSessionEvent);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
            log.debug("Request not HttpServletRequest and/or Response not HttpServletResponse");
            log.debug("Request: " + servletRequest);
            log.debug("Response: " + servletResponse);
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        httpServletRequest.setCharacterEncoding("UTF-8");
        String str = null;
        if (this.enableXSS && this.xss.isInvalidURI(httpServletRequest)) {
            str = new String("XSSXSRFFilter blocked HttpServletRequest due to invalid URI content.");
        } else if (this.enableXSS && this.xss.isInvalidParameters(httpServletRequest)) {
            str = new String("XSSXSRFFilter blocked HttpServletRequest due to invalid POST content.");
        } else if (this.enableXSRF && this.xsrf.isInvalidSession(httpServletRequest)) {
            str = new String("XSSXSRFFilter blocked HttpServletRequest due to invalid FORM content.");
        }
        if (str != null) {
            log.error(str);
            ((HttpServletResponse) servletResponse).sendError(400, str);
            return;
        }
        String replacement = this.xsrf.getReplacement(httpServletRequest);
        ServletResponse servletResponse2 = servletResponse;
        if (replacement != null) {
            servletResponse2 = new SubstituteResponseWrapper((HttpServletResponse) servletResponse, replacement);
        }
        filterChain.doFilter(httpServletRequest, servletResponse2);
    }

    public void destroy() {
        log.debug("destroy() called");
        this.xsrf.clearSessions();
    }
}
