package com.opensymphony.xwork2.interceptor;

import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.TextProvider;
import com.opensymphony.xwork2.XWorkConstants;
import com.opensymphony.xwork2.inject.Inject;
import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
import com.opensymphony.xwork2.util.ClearableValueStack;
import com.opensymphony.xwork2.util.MemberAccessValueStack;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.ValueStackFactory;
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
import java.util.Collection;
import java.util.Comparator;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.struts2.dispatcher.HttpParameters;
import org.apache.struts2.dispatcher.Parameter;
import org.apache.struts2.interceptor.MessageStoreInterceptor;

/* loaded from: input_file:WEB-INF/lib/struts2-core-2.5.28.3.jar:com/opensymphony/xwork2/interceptor/ParametersInterceptor.class */
public class ParametersInterceptor extends MethodFilterInterceptor {
    protected static final int PARAM_NAME_MAX_LENGTH = 100;
    private int paramNameMaxLength = 100;
    private boolean devMode = false;
    protected boolean ordered = false;
    private ValueStackFactory valueStackFactory;
    private ExcludedPatternsChecker excludedPatterns;
    private AcceptedPatternsChecker acceptedPatterns;
    private static final Logger LOG = LogManager.getLogger((Class<?>) ParametersInterceptor.class);
    static final Comparator<String> rbCollator = new Comparator<String>() { // from class: com.opensymphony.xwork2.interceptor.ParametersInterceptor.1
        @Override // java.util.Comparator
        public int compare(String str, String str2) {
            int countOGNLCharacters = ParametersInterceptor.countOGNLCharacters(str);
            int countOGNLCharacters2 = ParametersInterceptor.countOGNLCharacters(str2);
            if (countOGNLCharacters < countOGNLCharacters2) {
                return -1;
            }
            if (countOGNLCharacters2 < countOGNLCharacters) {
                return 1;
            }
            return str.compareTo(str2);
        }
    };

    @Inject
    public void setValueStackFactory(ValueStackFactory valueStackFactory) {
        this.valueStackFactory = valueStackFactory;
    }

    @Inject(XWorkConstants.DEV_MODE)
    public void setDevMode(String str) {
        this.devMode = BooleanUtils.toBoolean(str);
    }

    @Inject
    public void setExcludedPatterns(ExcludedPatternsChecker excludedPatternsChecker) {
        this.excludedPatterns = excludedPatternsChecker;
    }

    @Inject
    public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatternsChecker) {
        this.acceptedPatterns = acceptedPatternsChecker;
    }

    public void setParamNameMaxLength(int i) {
        this.paramNameMaxLength = i;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int countOGNLCharacters(String str) {
        int i = 0;
        for (int length = str.length() - 1; length >= 0; length--) {
            char charAt = str.charAt(length);
            if (charAt == '.' || charAt == '[') {
                i++;
            }
        }
        return i;
    }

    @Override // com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
    public String doIntercept(ActionInvocation actionInvocation) throws Exception {
        Object action = actionInvocation.getAction();
        if (!(action instanceof NoParameters)) {
            ActionContext invocationContext = actionInvocation.getInvocationContext();
            HttpParameters retrieveParameters = retrieveParameters(invocationContext);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Setting params {}", getParameterLogMap(retrieveParameters));
            }
            if (retrieveParameters != null) {
                Map<String, Object> contextMap = invocationContext.getContextMap();
                try {
                    ReflectionContextState.setCreatingNullObjects(contextMap, true);
                    ReflectionContextState.setDenyMethodExecution(contextMap, true);
                    ReflectionContextState.setReportingConversionErrors(contextMap, true);
                    setParameters(action, invocationContext.getValueStack(), retrieveParameters);
                    ReflectionContextState.setCreatingNullObjects(contextMap, false);
                    ReflectionContextState.setDenyMethodExecution(contextMap, false);
                    ReflectionContextState.setReportingConversionErrors(contextMap, false);
                } catch (Throwable th) {
                    ReflectionContextState.setCreatingNullObjects(contextMap, false);
                    ReflectionContextState.setDenyMethodExecution(contextMap, false);
                    ReflectionContextState.setReportingConversionErrors(contextMap, false);
                    throw th;
                }
            }
        }
        return actionInvocation.invoke();
    }

    protected HttpParameters retrieveParameters(ActionContext actionContext) {
        return actionContext.getParameters();
    }

    protected void addParametersToContext(ActionContext actionContext, Map<String, ?> map) {
    }

    protected void setParameters(Object obj, ValueStack valueStack, HttpParameters httpParameters) {
        HttpParameters build;
        TreeMap treeMap;
        if (this.ordered) {
            build = HttpParameters.create().withComparator(getOrderedComparator()).withParent(httpParameters).build();
            treeMap = new TreeMap(getOrderedComparator());
        } else {
            build = HttpParameters.create().withParent(httpParameters).build();
            treeMap = new TreeMap();
        }
        for (Map.Entry<String, Parameter> entry : build.entrySet()) {
            String key = entry.getKey();
            if (isAcceptableParameter(key, obj)) {
                treeMap.put(key, entry.getValue());
            }
        }
        ValueStack createValueStack = this.valueStackFactory.createValueStack(valueStack);
        boolean z = createValueStack instanceof ClearableValueStack;
        if (z) {
            ((ClearableValueStack) createValueStack).clearContextValues();
            Map<String, Object> context = createValueStack.getContext();
            ReflectionContextState.setCreatingNullObjects(context, true);
            ReflectionContextState.setDenyMethodExecution(context, true);
            ReflectionContextState.setReportingConversionErrors(context, true);
            context.put(ActionContext.LOCALE, valueStack.getContext().get(ActionContext.LOCALE));
        }
        if (createValueStack instanceof MemberAccessValueStack) {
            MemberAccessValueStack memberAccessValueStack = (MemberAccessValueStack) createValueStack;
            memberAccessValueStack.setAcceptProperties(this.acceptedPatterns.getAcceptedPatterns());
            memberAccessValueStack.setExcludeProperties(this.excludedPatterns.getExcludedPatterns());
        }
        for (Map.Entry<String, ?> entry2 : treeMap.entrySet()) {
            String key2 = entry2.getKey();
            try {
                createValueStack.setParameter(key2, ((Parameter) entry2.getValue()).getObject());
            } catch (RuntimeException e) {
                if (this.devMode) {
                    notifyDeveloperParameterException(obj, key2, e.getMessage());
                }
            }
        }
        if (z && valueStack.getContext() != null && createValueStack.getContext() != null) {
            valueStack.getContext().put(ActionContext.CONVERSION_ERRORS, createValueStack.getContext().get(ActionContext.CONVERSION_ERRORS));
        }
        addParametersToContext(ActionContext.getContext(), treeMap);
    }

    protected void notifyDeveloperParameterException(Object obj, String str, String str2) {
        String str3 = "Unexpected Exception caught setting '" + str + "' on '" + obj.getClass() + ": " + str2;
        if (obj instanceof TextProvider) {
            str3 = ((TextProvider) obj).getText("devmode.notification", "Developer Notification:\n{0}", new String[]{str3});
        }
        LOG.error(str3);
        if (obj instanceof ValidationAware) {
            Collection<String> actionMessages = ((ValidationAware) obj).getActionMessages();
            actionMessages.add(str2);
            ((ValidationAware) obj).setActionMessages(actionMessages);
        }
    }

    protected boolean isAcceptableParameter(String str, Object obj) {
        ParameterNameAware parameterNameAware = obj instanceof ParameterNameAware ? (ParameterNameAware) obj : null;
        return acceptableName(str) && (parameterNameAware == null || parameterNameAware.acceptableParameterName(str));
    }

    protected Comparator<String> getOrderedComparator() {
        return rbCollator;
    }

    protected String getParameterLogMap(HttpParameters httpParameters) {
        if (httpParameters == null) {
            return MessageStoreInterceptor.NONE;
        }
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Parameter> entry : httpParameters.entrySet()) {
            sb.append(entry.getKey());
            sb.append(" => ");
            sb.append(entry.getValue().getValue());
            sb.append(StringUtils.SPACE);
        }
        return sb.toString();
    }

    protected boolean acceptableName(String str) {
        boolean z = isWithinLengthLimit(str) && !isExcluded(str) && isAccepted(str);
        if (this.devMode && z) {
            LOG.debug("Parameter [{}] was accepted and will be appended to action!", str);
        }
        return z;
    }

    protected boolean isWithinLengthLimit(String str) {
        boolean z = str.length() <= this.paramNameMaxLength;
        if (!z) {
            if (this.devMode) {
                LOG.warn("Parameter [{}] is too long, allowed length is [{}]. Use Interceptor Parameter Overriding to override the limit, see more at\nhttps://struts.apache.org/core-developers/interceptors.html#interceptor-parameter-overriding", str, Integer.valueOf(this.paramNameMaxLength));
            } else {
                LOG.warn("Parameter [{}] is too long, allowed length is [{}]", str, Integer.valueOf(this.paramNameMaxLength));
            }
        }
        return z;
    }

    protected boolean isAccepted(String str) {
        AcceptedPatternsChecker.IsAccepted isAccepted = this.acceptedPatterns.isAccepted(str);
        if (isAccepted.isAccepted()) {
            return true;
        }
        if (this.devMode) {
            LOG.warn("Parameter [{}] didn't match accepted pattern [{}]! See Accepted / Excluded patterns at\nhttps://struts.apache.org/security/#accepted--excluded-patterns", str, isAccepted.getAcceptedPattern());
            return false;
        }
        LOG.debug("Parameter [{}] didn't match accepted pattern [{}]!", str, isAccepted.getAcceptedPattern());
        return false;
    }

    protected boolean isExcluded(String str) {
        ExcludedPatternsChecker.IsExcluded isExcluded = this.excludedPatterns.isExcluded(str);
        if (!isExcluded.isExcluded()) {
            return false;
        }
        if (this.devMode) {
            LOG.warn("Parameter [{}] matches excluded pattern [{}]! See Accepted / Excluded patterns at\nhttps://struts.apache.org/security/#accepted--excluded-patterns", str, isExcluded.getExcludedPattern());
            return true;
        }
        LOG.debug("Parameter [{}] matches excluded pattern [{}]!", str, isExcluded.getExcludedPattern());
        return true;
    }

    public boolean isOrdered() {
        return this.ordered;
    }

    public void setOrdered(boolean z) {
        this.ordered = z;
    }

    public void setAcceptParamNames(String str) {
        this.acceptedPatterns.setAcceptedPatterns(str);
    }

    public void setExcludeParams(String str) {
        this.excludedPatterns.setExcludedPatterns(str);
    }
}
