package org.owasp.esapi.waf;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.log4j.xml.DOMConfigurator;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.BlockAction;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.RedirectAction;
import org.owasp.esapi.waf.configuration.AppGuardianConfiguration;
import org.owasp.esapi.waf.configuration.ConfigurationParser;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;
import org.owasp.esapi.waf.rules.Rule;
import org.springframework.util.backoff.ExponentialBackOff;

/* loaded from: input_file:WEB-INF/lib/esapi-2.0GA.jar:org/owasp/esapi/waf/ESAPIWebApplicationFirewallFilter.class */
public class ESAPIWebApplicationFirewallFilter implements Filter {
    private AppGuardianConfiguration appGuardConfig;
    private static final String CONFIGURATION_FILE_PARAM = "configuration";
    private static final String LOGGING_FILE_PARAM = "log_settings";
    private static final String POLLING_TIME_PARAM = "polling_time";
    private static final int DEFAULT_POLLING_TIME = 30000;
    private long pollingTime;
    private long lastConfigReadTime;
    private FilterConfig fc;
    private String configurationFilename = null;
    private final Logger logger = ESAPI.getLogger(ESAPIWebApplicationFirewallFilter.class);

    public void setConfiguration(String str, String str2) throws FileNotFoundException {
        try {
            this.appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(new File(str)), str2);
            this.lastConfigReadTime = System.currentTimeMillis();
            this.configurationFilename = str;
        } catch (ConfigurationException e) {
            e.printStackTrace();
        }
    }

    public AppGuardianConfiguration getConfiguration() {
        return this.appGuardConfig;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.fc = filterConfig;
        this.logger.debug(Logger.EVENT_SUCCESS, ">> Initializing WAF");
        String realPath = filterConfig.getServletContext().getRealPath(filterConfig.getInitParameter(LOGGING_FILE_PARAM));
        if (realPath == null || !new File(realPath).exists()) {
            throw new ServletException("[ESAPI WAF] Could not find log file at resolved path: " + realPath);
        }
        this.configurationFilename = filterConfig.getInitParameter(CONFIGURATION_FILE_PARAM);
        this.configurationFilename = filterConfig.getServletContext().getRealPath(this.configurationFilename);
        if (this.configurationFilename == null || !new File(this.configurationFilename).exists()) {
            throw new ServletException("[ESAPI WAF] Could not find configuration file at resolved path: " + this.configurationFilename);
        }
        String initParameter = filterConfig.getInitParameter(POLLING_TIME_PARAM);
        if (initParameter != null) {
            this.pollingTime = Long.parseLong(initParameter);
        } else {
            this.pollingTime = ExponentialBackOff.DEFAULT_MAX_INTERVAL;
        }
        try {
            this.appGuardConfig = ConfigurationParser.readConfigurationFile(new FileInputStream(this.configurationFilename), filterConfig.getServletContext().getRealPath("/"));
            DOMConfigurator.configure(realPath);
            this.lastConfigReadTime = System.currentTimeMillis();
        } catch (FileNotFoundException e) {
            throw new ServletException(e);
        } catch (ConfigurationException e2) {
            throw new ServletException(e2);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (System.currentTimeMillis() - this.lastConfigReadTime > this.pollingTime && new File(this.configurationFilename).lastModified() > this.lastConfigReadTime) {
            this.logger.debug(Logger.EVENT_SUCCESS, ">> Re-reading WAF policy");
            init(this.fc);
        }
        this.logger.debug(Logger.EVENT_SUCCESS, ">>In WAF doFilter");
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        InterceptingHTTPServletResponse interceptingHTTPServletResponse = (HttpServletResponse) servletResponse;
        InterceptingHTTPServletRequest interceptingHTTPServletRequest = null;
        InterceptingHTTPServletResponse interceptingHTTPServletResponse2 = this.appGuardConfig.getCookieRules().size() + this.appGuardConfig.getBeforeResponseRules().size() > 0 ? new InterceptingHTTPServletResponse(interceptingHTTPServletResponse, true, this.appGuardConfig.getCookieRules()) : null;
        this.logger.debug(Logger.EVENT_SUCCESS, ">> Starting stage 1");
        List<Rule> beforeBodyRules = this.appGuardConfig.getBeforeBodyRules();
        for (int i = 0; i < beforeBodyRules.size(); i++) {
            Rule rule = beforeBodyRules.get(i);
            this.logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE rule:  " + rule.getClass().getName());
            Action check = rule.check(httpServletRequest, interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
            if (check.isActionNecessary()) {
                if (check instanceof BlockAction) {
                    if (interceptingHTTPServletResponse2 != null) {
                        interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    } else {
                        interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    }
                }
                if (check instanceof RedirectAction) {
                    sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse, ((RedirectAction) check).getRedirectURL());
                    return;
                }
                if (check instanceof DefaultAction) {
                    switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
                        case 1:
                            sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
                            return;
                        case 2:
                            if (interceptingHTTPServletResponse2 != null) {
                                interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            } else {
                                interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            }
                    }
                }
                continue;
            }
        }
        try {
            interceptingHTTPServletRequest = new InterceptingHTTPServletRequest((HttpServletRequest) servletRequest);
        } catch (FileUploadException e) {
            this.logger.error(Logger.EVENT_SUCCESS, "Error Wrapping Request", e);
        }
        this.logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 2");
        List<Rule> afterBodyRules = this.appGuardConfig.getAfterBodyRules();
        for (int i2 = 0; i2 < afterBodyRules.size(); i2++) {
            Rule rule2 = afterBodyRules.get(i2);
            this.logger.debug(Logger.EVENT_SUCCESS, "  Applying BEFORE CHAIN rule:  " + rule2.getClass().getName());
            Action check2 = rule2.check(interceptingHTTPServletRequest, interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
            if (check2.isActionNecessary()) {
                if (check2 instanceof BlockAction) {
                    if (interceptingHTTPServletResponse2 != null) {
                        interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    } else {
                        interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    }
                }
                if (check2 instanceof RedirectAction) {
                    sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse, ((RedirectAction) check2).getRedirectURL());
                    return;
                }
                if (check2 instanceof DefaultAction) {
                    switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
                        case 1:
                            sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
                            return;
                        case 2:
                            if (interceptingHTTPServletResponse2 != null) {
                                interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            } else {
                                interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            }
                    }
                }
                continue;
            }
        }
        this.logger.debug(Logger.EVENT_SUCCESS, ">> Calling the FilterChain: " + filterChain);
        filterChain.doFilter(interceptingHTTPServletRequest, interceptingHTTPServletResponse2 != null ? interceptingHTTPServletResponse2 : interceptingHTTPServletResponse);
        this.logger.debug(Logger.EVENT_SUCCESS, ">> Starting Stage 3");
        List<Rule> beforeResponseRules = this.appGuardConfig.getBeforeResponseRules();
        for (int i3 = 0; i3 < beforeResponseRules.size(); i3++) {
            Rule rule3 = beforeResponseRules.get(i3);
            this.logger.debug(Logger.EVENT_SUCCESS, "  Applying AFTER CHAIN rule:  " + rule3.getClass().getName());
            Action check3 = rule3.check(interceptingHTTPServletRequest, interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
            if (check3.isActionNecessary()) {
                if (check3 instanceof BlockAction) {
                    if (interceptingHTTPServletResponse2 != null) {
                        interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    } else {
                        interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                        return;
                    }
                }
                if (check3 instanceof RedirectAction) {
                    sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse, ((RedirectAction) check3).getRedirectURL());
                    return;
                }
                if (check3 instanceof DefaultAction) {
                    switch (AppGuardianConfiguration.DEFAULT_FAIL_ACTION) {
                        case 1:
                            sendRedirect(interceptingHTTPServletResponse2, interceptingHTTPServletResponse);
                            return;
                        case 2:
                            if (interceptingHTTPServletResponse2 != null) {
                                interceptingHTTPServletResponse2.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            } else {
                                interceptingHTTPServletResponse.setStatus(this.appGuardConfig.getDefaultResponseCode());
                                return;
                            }
                    }
                }
                continue;
            }
        }
        if (interceptingHTTPServletResponse2 != null) {
            this.logger.debug(Logger.EVENT_SUCCESS, ">>> committing reponse");
            interceptingHTTPServletResponse2.commit();
        }
    }

    private void sendRedirect(InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse, String str) throws IOException {
        if (interceptingHTTPServletResponse == null) {
            httpServletResponse.sendRedirect(str);
            return;
        }
        interceptingHTTPServletResponse.reset();
        interceptingHTTPServletResponse.resetBuffer();
        interceptingHTTPServletResponse.sendRedirect(str);
        interceptingHTTPServletResponse.commit();
    }

    public void destroy() {
    }

    private void sendRedirect(InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) throws IOException {
        if (interceptingHTTPServletResponse != null) {
            interceptingHTTPServletResponse.reset();
            interceptingHTTPServletResponse.resetBuffer();
            interceptingHTTPServletResponse.sendRedirect(this.appGuardConfig.getDefaultErrorPage());
        } else {
            if (httpServletResponse.isCommitted()) {
                return;
            }
            httpServletResponse.sendRedirect(this.appGuardConfig.getDefaultErrorPage());
        }
    }
}
