package org.owasp.esapi.filters;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Vector;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletInputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpSession;
import org.apache.batik.util.XMLConstants;
import org.apache.xpath.compiler.PsuedoNames;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.ValidationException;

/* loaded from: input_file:org/owasp/esapi/filters/SecurityWrapperRequest.class */
public class SecurityWrapperRequest extends HttpServletRequestWrapper implements HttpServletRequest {
    private final Logger logger;
    private String allowableContentRoot;

    public SecurityWrapperRequest(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.logger = ESAPI.getLogger("SecurityWrapperRequest");
        this.allowableContentRoot = "WEB-INF";
    }

    private HttpServletRequest getHttpServletRequest() {
        return super.getRequest();
    }

    public Object getAttribute(String str) {
        return getHttpServletRequest().getAttribute(str);
    }

    public Enumeration getAttributeNames() {
        return getHttpServletRequest().getAttributeNames();
    }

    public String getAuthType() {
        return getHttpServletRequest().getAuthType();
    }

    public String getCharacterEncoding() {
        return getHttpServletRequest().getCharacterEncoding();
    }

    public int getContentLength() {
        return getHttpServletRequest().getContentLength();
    }

    public String getContentType() {
        return getHttpServletRequest().getContentType();
    }

    public String getContextPath() {
        String contextPath = getHttpServletRequest().getContextPath();
        if (contextPath == null || "".equals(contextPath.trim())) {
            return "";
        }
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP context path: " + contextPath, contextPath, "HTTPContextPath", 150, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public Cookie[] getCookies() {
        Cookie[] cookies = getHttpServletRequest().getCookies();
        if (cookies == null) {
            return new Cookie[0];
        }
        ArrayList arrayList = new ArrayList();
        for (Cookie cookie : cookies) {
            try {
                String validInput = ESAPI.validator().getValidInput("Cookie name: " + cookie.getName(), cookie.getName(), "HTTPCookieName", 150, true);
                String validInput2 = ESAPI.validator().getValidInput("Cookie value: " + cookie.getValue(), cookie.getValue(), "HTTPCookieValue", 1000, true);
                int maxAge = cookie.getMaxAge();
                String domain = cookie.getDomain();
                String path = cookie.getPath();
                Cookie cookie2 = new Cookie(validInput, validInput2);
                cookie2.setMaxAge(maxAge);
                if (domain != null) {
                    cookie2.setDomain(ESAPI.validator().getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
                }
                if (path != null) {
                    cookie2.setPath(ESAPI.validator().getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 200, false));
                }
                arrayList.add(cookie2);
            } catch (ValidationException e) {
                this.logger.warning(Logger.SECURITY_FAILURE, "Skipping bad cookie: " + cookie.getName() + XMLConstants.XML_EQUAL_SIGN + cookie.getValue(), e);
            }
        }
        return (Cookie[]) arrayList.toArray(new Cookie[arrayList.size()]);
    }

    public long getDateHeader(String str) {
        return getHttpServletRequest().getDateHeader(str);
    }

    public String getHeader(String str) {
        String header = getHttpServletRequest().getHeader(str);
        String str2 = "";
        try {
            str2 = ESAPI.validator().getValidInput("HTTP header value: " + header, header, "HTTPHeaderValue", 200, true);
        } catch (ValidationException e) {
        }
        return str2;
    }

    public Enumeration getHeaderNames() {
        Vector vector = new Vector();
        Enumeration headerNames = getHttpServletRequest().getHeaderNames();
        while (headerNames.hasMoreElements()) {
            try {
                String str = (String) headerNames.nextElement();
                vector.add(ESAPI.validator().getValidInput("HTTP header name: " + str, str, "HTTPHeaderName", 150, true));
            } catch (ValidationException e) {
            }
        }
        return vector.elements();
    }

    public Enumeration getHeaders(String str) {
        Vector vector = new Vector();
        Enumeration headers = getHttpServletRequest().getHeaders(str);
        while (headers.hasMoreElements()) {
            try {
                String str2 = (String) headers.nextElement();
                vector.add(ESAPI.validator().getValidInput("HTTP header value (" + str + "): " + str2, str2, "HTTPHeaderValue", 200, true));
            } catch (ValidationException e) {
            }
        }
        return vector.elements();
    }

    public ServletInputStream getInputStream() throws IOException {
        return getHttpServletRequest().getInputStream();
    }

    public int getIntHeader(String str) {
        return getHttpServletRequest().getIntHeader(str);
    }

    public String getLocalAddr() {
        return getHttpServletRequest().getLocalAddr();
    }

    public Locale getLocale() {
        return getHttpServletRequest().getLocale();
    }

    public Enumeration getLocales() {
        return getHttpServletRequest().getLocales();
    }

    public String getLocalName() {
        return getHttpServletRequest().getLocalName();
    }

    public int getLocalPort() {
        return getHttpServletRequest().getLocalPort();
    }

    public String getMethod() {
        return getHttpServletRequest().getMethod();
    }

    public String getParameter(String str) {
        return getParameter(str, true);
    }

    public String getParameter(String str, boolean z) {
        return getParameter(str, z, 2000, "HTTPParameterValue");
    }

    public String getParameter(String str, boolean z, int i) {
        return getParameter(str, z, i, "HTTPParameterValue");
    }

    public String getParameter(String str, boolean z, int i, String str2) {
        String str3 = null;
        try {
            str3 = ESAPI.validator().getValidInput("HTTP parameter name: " + str, getHttpServletRequest().getParameter(str), str2, i, z);
        } catch (ValidationException e) {
        }
        return str3;
    }

    public Map getParameterMap() {
        Map parameterMap = getHttpServletRequest().getParameterMap();
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : parameterMap.entrySet()) {
            try {
                String str = (String) entry.getKey();
                String validInput = ESAPI.validator().getValidInput("HTTP parameter name: " + str, str, "HTTPParameterName", 100, true);
                String[] strArr = (String[]) entry.getValue();
                String[] strArr2 = new String[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    strArr2[i] = ESAPI.validator().getValidInput("HTTP parameter value: " + strArr[i], strArr[i], "HTTPParameterValue", 2000, true);
                }
                hashMap.put(validInput, strArr2);
            } catch (ValidationException e) {
            }
        }
        return hashMap;
    }

    public Enumeration getParameterNames() {
        Vector vector = new Vector();
        Enumeration parameterNames = getHttpServletRequest().getParameterNames();
        while (parameterNames.hasMoreElements()) {
            try {
                String str = (String) parameterNames.nextElement();
                vector.add(ESAPI.validator().getValidInput("HTTP parameter name: " + str, str, "HTTPParameterName", 150, true));
            } catch (ValidationException e) {
            }
        }
        return vector.elements();
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = getHttpServletRequest().getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : parameterValues) {
            try {
                arrayList.add(ESAPI.validator().getValidInput("HTTP parameter value: " + str2, str2, "HTTPParameterValue", 2000, true));
            } catch (ValidationException e) {
                this.logger.warning(Logger.SECURITY_FAILURE, "Skipping bad parameter");
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String getPathInfo() {
        String pathInfo = getHttpServletRequest().getPathInfo();
        if (pathInfo == null) {
            return null;
        }
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP path: " + pathInfo, pathInfo, "HTTPPath", 150, true);
        } catch (ValidationException e) {
        }
        return str;
    }

    public String getPathTranslated() {
        return getHttpServletRequest().getPathTranslated();
    }

    public String getProtocol() {
        return getHttpServletRequest().getProtocol();
    }

    public String getQueryString() {
        String queryString = getHttpServletRequest().getQueryString();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP query string: " + queryString, queryString, "HTTPQueryString", 2000, true);
        } catch (ValidationException e) {
        }
        return str;
    }

    public BufferedReader getReader() throws IOException {
        return getHttpServletRequest().getReader();
    }

    @Deprecated
    public String getRealPath(String str) {
        return getHttpServletRequest().getRealPath(str);
    }

    public String getRemoteAddr() {
        return getHttpServletRequest().getRemoteAddr();
    }

    public String getRemoteHost() {
        return getHttpServletRequest().getRemoteHost();
    }

    public int getRemotePort() {
        return getHttpServletRequest().getRemotePort();
    }

    public String getRemoteUser() {
        return ESAPI.authenticator().getCurrentUser().getAccountName();
    }

    public RequestDispatcher getRequestDispatcher(String str) {
        if (str.startsWith(this.allowableContentRoot)) {
            return getHttpServletRequest().getRequestDispatcher(str);
        }
        return null;
    }

    public String getRequestedSessionId() {
        String requestedSessionId = getHttpServletRequest().getRequestedSessionId();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("Requested cookie: " + requestedSessionId, requestedSessionId, "HTTPJSESSIONID", 50, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public String getRequestURI() {
        String requestURI = getHttpServletRequest().getRequestURI();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP URI: " + requestURI, requestURI, "HTTPURI", 2000, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public StringBuffer getRequestURL() {
        String stringBuffer = getHttpServletRequest().getRequestURL().toString();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP URL: " + stringBuffer, stringBuffer, "HTTPURL", 2000, false);
        } catch (ValidationException e) {
        }
        return new StringBuffer(str);
    }

    public String getScheme() {
        String scheme = getHttpServletRequest().getScheme();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public String getServerName() {
        String serverName = getHttpServletRequest().getServerName();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP server name: " + serverName, serverName, "HTTPServerName", 100, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public int getServerPort() {
        int serverPort = getHttpServletRequest().getServerPort();
        if (serverPort < 0 || serverPort > 65535) {
            this.logger.warning(Logger.SECURITY_FAILURE, "HTTP server port out of range: " + serverPort);
            serverPort = 0;
        }
        return serverPort;
    }

    public String getServletPath() {
        String servletPath = getHttpServletRequest().getServletPath();
        String str = "";
        try {
            str = ESAPI.validator().getValidInput("HTTP servlet path: " + servletPath, servletPath, "HTTPServletPath", 100, false);
        } catch (ValidationException e) {
        }
        return str;
    }

    public HttpSession getSession() {
        HttpSession session = getHttpServletRequest().getSession();
        if (ESAPI.securityConfiguration().getForceHttpOnlySession() && session.getAttribute("HTTP_ONLY") == null) {
            session.setAttribute("HTTP_ONLY", "set");
            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
            cookie.setPath(getHttpServletRequest().getContextPath());
            cookie.setMaxAge(-1);
            if (ESAPI.currentResponse() != null) {
                ESAPI.currentResponse().addCookie(cookie);
            }
        }
        return session;
    }

    public HttpSession getSession(boolean z) {
        HttpSession session = getHttpServletRequest().getSession(z);
        if (session == null) {
            return null;
        }
        if (ESAPI.securityConfiguration().getForceHttpOnlySession() && session.getAttribute("HTTP_ONLY") == null) {
            session.setAttribute("HTTP_ONLY", "set");
            Cookie cookie = new Cookie(ESAPI.securityConfiguration().getHttpSessionIdName(), session.getId());
            cookie.setMaxAge(-1);
            cookie.setPath(getHttpServletRequest().getContextPath());
            if (ESAPI.currentResponse() != null) {
                ESAPI.currentResponse().addCookie(cookie);
            }
        }
        return session;
    }

    public Principal getUserPrincipal() {
        return ESAPI.authenticator().getCurrentUser();
    }

    public boolean isRequestedSessionIdFromCookie() {
        return getHttpServletRequest().isRequestedSessionIdFromCookie();
    }

    @Deprecated
    public boolean isRequestedSessionIdFromUrl() {
        return getHttpServletRequest().isRequestedSessionIdFromUrl();
    }

    public boolean isRequestedSessionIdFromURL() {
        return getHttpServletRequest().isRequestedSessionIdFromURL();
    }

    public boolean isRequestedSessionIdValid() {
        return getHttpServletRequest().isRequestedSessionIdValid();
    }

    public boolean isSecure() {
        try {
            ESAPI.httpUtilities().assertSecureChannel();
            return true;
        } catch (AccessControlException e) {
            return false;
        }
    }

    public boolean isUserInRole(String str) {
        return ESAPI.authenticator().getCurrentUser().isInRole(str);
    }

    public void removeAttribute(String str) {
        getHttpServletRequest().removeAttribute(str);
    }

    public void setAttribute(String str, Object obj) {
        getHttpServletRequest().setAttribute(str, obj);
    }

    public void setCharacterEncoding(String str) throws UnsupportedEncodingException {
        getHttpServletRequest().setCharacterEncoding(ESAPI.securityConfiguration().getCharacterEncoding());
    }

    public String getAllowableContentRoot() {
        return this.allowableContentRoot;
    }

    public void setAllowableContentRoot(String str) {
        this.allowableContentRoot = str.startsWith(PsuedoNames.PSEUDONAME_ROOT) ? str : PsuedoNames.PSEUDONAME_ROOT + str;
    }
}
