package org.apache.jetspeed.engine.servlet;

import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jetspeed/engine/servlet/XSSRequestWrapper.class */
public class XSSRequestWrapper extends HttpServletRequestWrapper {
    private static final Logger log = LoggerFactory.getLogger(XSSRequestWrapper.class);
    private static Pattern[] patterns = null;
    private static Pattern[] hardCodedPatterns = {Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("onload(.*?)=", 42)};

    public static synchronized void initPatterns(String[] strArr, String[] strArr2) {
        if (strArr == null || strArr.length == 0) {
            log.error("Error: Empty XSS Regex array provided from jetspeed.properties");
            return;
        }
        if (strArr2 == null || strArr2.length == 0) {
            log.error("Error: Empty XSS Regex Flag array provided from jetspeed.properties");
            return;
        }
        if (strArr.length != strArr2.length) {
            log.error("XSS Regex and flag arrays not equal in jetspeed.properties");
            return;
        }
        patterns = new Pattern[strArr.length];
        int i = 0;
        for (String str : strArr) {
            try {
                try {
                    int i2 = 0;
                    for (String str2 : strArr2[i].split("\\s*\\|\\s*")) {
                        i2 |= Integer.parseInt(str2);
                    }
                    if (log.isDebugEnabled()) {
                        log.debug(String.format("--- adding pattern: [%s] with flags %d\n", str, Integer.valueOf(i2)));
                    }
                    patterns[i] = Pattern.compile(str, i2);
                } catch (Exception e) {
                    log.error("Failed to compile regex: " + str, e);
                }
                i++;
            } catch (Throwable th) {
                int i3 = i + 1;
                throw th;
            }
        }
    }

    public XSSRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        if (parameterValues.length == 0) {
            return parameterValues;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = stripXSS(parameterValues[i]);
        }
        return strArr;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        return parameter == null ? parameter : stripXSS(parameter);
    }

    public Map<String, String[]> getParameterMap() {
        Map<String, String[]> parameterMap = super.getParameterMap();
        if (parameterMap != null && parameterMap.size() != 0) {
            Iterator<String> it = parameterMap.keySet().iterator();
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            while (it.hasNext()) {
                String str = it.next().toString();
                String[] strArr = parameterMap.get(str);
                if (strArr != null) {
                    String[] strArr2 = new String[strArr.length];
                    for (int i = 0; i < strArr.length; i++) {
                        strArr2[i] = stripXSS(strArr[i]);
                    }
                    linkedHashMap.put(str, strArr2);
                }
            }
            return linkedHashMap;
        }
        return parameterMap;
    }

    private String stripXSS(String str) {
        if (str != null) {
            str = str.replaceAll("��", "");
            if (patterns != null) {
                for (Pattern pattern : patterns) {
                    int length = str.length();
                    str = pattern.matcher(str).replaceAll("");
                    if (str.length() != length) {
                        log.error("XSS attack post data found: " + str);
                    }
                }
            }
        }
        return str;
    }
}
