package com.ibm.ws.security.common.web;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.common.TraceConstants;
import com.ibm.ws.webcontainer.internalRuntimeExport.srt.IPrivateRequestAttributes;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.util.regex.Pattern;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/common/web/WebUtils.class */
public class WebUtils {
    private static final TraceComponent tc = Tr.register(WebUtils.class, TraceConstants.TRACE_GROUP, TraceConstants.MESSAGE_BUNDLE);
    static final long serialVersionUID = 5419490200450585718L;

    public static String urlEncode(String str) {
        if (str == null) {
            return str;
        }
        try {
            str = URLEncoder.encode(str, CommonWebConstants.UTF_8);
        } catch (UnsupportedEncodingException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.common.web.WebUtils", "53", (Object) null, new Object[]{str});
        }
        return str;
    }

    public static String encodeQueryString(String str) {
        if (str == null) {
            return null;
        }
        StringBuilder sb = new StringBuilder();
        for (String str2 : str.split("&")) {
            String urlEncode = urlEncode(str2);
            int indexOf = str2.indexOf("=");
            if (indexOf > -1) {
                urlEncode = urlEncode(str2.substring(0, indexOf)) + "=" + urlEncode(indexOf < str2.length() - 1 ? str2.substring(indexOf + 1) : "");
            }
            if (!urlEncode.isEmpty()) {
                sb.append(urlEncode + "&");
            }
        }
        if (sb.length() > 0 && sb.charAt(sb.length() - 1) == '&') {
            sb.deleteCharAt(sb.length() - 1);
        }
        return sb.toString();
    }

    public static String encodeCookie(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("%", "%25").replaceAll(";", "%3B").replaceAll(",", "%2C");
    }

    public static String decodeCookie(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("%2C", ",").replaceAll("%3B", ";").replaceAll("%25", "%");
    }

    public static String htmlEncode(String str) {
        return htmlEncode(str, true, true, true);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x002a. Please report as an issue. */
    public static String htmlEncode(String str, boolean z, boolean z2, boolean z3) {
        if (str == null) {
            return "";
        }
        StringBuilder sb = null;
        for (int i = 0; i < str.length(); i++) {
            String str2 = null;
            char charAt = str.charAt(i);
            if (charAt < 'A') {
                switch (charAt) {
                    case '\n':
                        if (z) {
                            str2 = "<br/>";
                            break;
                        }
                        break;
                    case ' ':
                        if (z2 && (i == 0 || (i - 1 >= 0 && str.charAt(i - 1) == ' '))) {
                            str2 = "&#160;";
                            break;
                        }
                        break;
                    case '\"':
                        str2 = "&quot;";
                        break;
                    case '&':
                        str2 = "&amp;";
                        break;
                    case '<':
                        str2 = "&lt;";
                        break;
                    case '>':
                        str2 = "&gt;";
                        break;
                }
            } else if (z3 && charAt > 128) {
                switch (charAt) {
                    case 160:
                        str2 = "&#160;";
                        break;
                    case 171:
                        str2 = "&laquo;";
                        break;
                    case 187:
                        str2 = "&raquo;";
                        break;
                    case 196:
                        str2 = "&Auml;";
                        break;
                    case 214:
                        str2 = "&Ouml;";
                        break;
                    case 220:
                        str2 = "&Uuml;";
                        break;
                    case 223:
                        str2 = "&szlig;";
                        break;
                    case 228:
                        str2 = "&auml;";
                        break;
                    case 246:
                        str2 = "&ouml;";
                        break;
                    case 252:
                        str2 = "&uuml;";
                        break;
                    case 8364:
                        str2 = "&euro;";
                        break;
                    default:
                        str2 = "&#" + ((int) charAt) + ";";
                        break;
                }
            }
            if (str2 != null) {
                if (sb == null) {
                    sb = new StringBuilder(str.substring(0, i));
                }
                sb.append(str2);
            } else if (sb != null) {
                sb.append(charAt);
            }
        }
        return sb == null ? str : sb.toString();
    }

    public static boolean validateUriFormat(String str) {
        return validateUriFormat(str, "https?://[a-zA-Z0-9._~%!$&'()*+,;=:@/-]+");
    }

    @FFDCIgnore({PrivilegedActionException.class})
    public static boolean validateUriFormat(final String str, String str2) {
        if (str == null || str.isEmpty()) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Provided URI [" + str + "] was null or empty", new Object[0]);
            return false;
        }
        try {
            AccessController.doPrivileged(new PrivilegedExceptionAction<URI>() { // from class: com.ibm.ws.security.common.web.WebUtils.1
                static final long serialVersionUID = -3160082492214724487L;
                private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.common.web.WebUtils$1", AnonymousClass1.class, (String) null, (String) null);

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public URI run() throws URISyntaxException {
                    return new URI(str);
                }
            });
            if (Pattern.matches(str2, str)) {
                return true;
            }
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "URI did not match expected URI pattern", new Object[0]);
            return false;
        } catch (PrivilegedActionException e) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "URI was not formatted correctly: " + e.getException().getLocalizedMessage(), new Object[0]);
            return false;
        }
    }

    public Integer getRedirectPortFromRequest(HttpServletRequest httpServletRequest) {
        IPrivateRequestAttributes wrappedServletRequestObject = getWrappedServletRequestObject(httpServletRequest);
        if (wrappedServletRequestObject instanceof IPrivateRequestAttributes) {
            return (Integer) wrappedServletRequestObject.getPrivateAttribute("SecurityRedirectPort");
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "getRedirectUrl called for non-IPrivateRequestAttributes object", new Object[]{httpServletRequest});
        return null;
    }

    public HttpServletRequest getWrappedServletRequestObject(HttpServletRequest httpServletRequest) {
        if (httpServletRequest instanceof HttpServletRequestWrapper) {
            ServletRequest request = ((HttpServletRequestWrapper) httpServletRequest).getRequest();
            while (true) {
                httpServletRequest = (HttpServletRequest) request;
                if (!(httpServletRequest instanceof HttpServletRequestWrapper)) {
                    break;
                }
                request = ((HttpServletRequestWrapper) httpServletRequest).getRequest();
            }
        }
        return httpServletRequest;
    }

    @Trivial
    public static String stripSecretsFromUrl(String str, String[] strArr) {
        String str2 = str;
        if (str != null) {
            String[] realSecretList = getRealSecretList(strArr);
            if (realSecretList == null || realSecretList.length == 0) {
                return str;
            }
            for (String str3 : realSecretList) {
                str2 = stripSecretFromUrl(str2, str3);
            }
        }
        return str2;
    }

    @Trivial
    public static String stripSecretFromUrl(String str, String str2) {
        StringBuffer stringBuffer;
        if (str2 == null || str2.length() == 0) {
            return str;
        }
        String str3 = str;
        String str4 = str2 + "=";
        int length = str4.length();
        if (str != null && str.length() > length && str.indexOf(str4) > -1) {
            int indexOf = str.indexOf("?");
            if (indexOf > -1) {
                stringBuffer = new StringBuffer(str.substring(0, indexOf + 1));
                if (str.length() > indexOf + 1) {
                    str = str.substring(indexOf + 1);
                }
            } else {
                stringBuffer = new StringBuffer();
            }
            String[] split = str.split("&");
            int length2 = split.length;
            String str5 = str4 + ".*";
            String str6 = str4 + "*****";
            for (String str7 : split) {
                length2--;
                if (!str7.startsWith(str4) || str7.length() <= length) {
                    stringBuffer.append(str7);
                } else {
                    stringBuffer.append(str7.replaceAll(str5, str6));
                }
                if (length2 > 0) {
                    stringBuffer.append("&");
                }
            }
            str3 = stringBuffer.toString();
        }
        return str3;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v38, types: [java.util.List] */
    @Trivial
    public static String stripSecretsFromParameters(Map<String, String[]> map, String[] strArr) {
        String str = null;
        String[] realSecretList = getRealSecretList(strArr);
        if (map != null && map.size() > 0) {
            ArrayList arrayList = (realSecretList == null || realSecretList.length == 0) ? new ArrayList() : Arrays.asList(realSecretList);
            StringBuffer stringBuffer = new StringBuffer();
            for (String str2 : map.keySet()) {
                stringBuffer.append("{" + str2 + "=");
                if (arrayList.contains(str2)) {
                    stringBuffer.append("*****");
                } else {
                    stringBuffer.append(Arrays.toString(map.get(str2)));
                }
                stringBuffer.append("}");
            }
            str = stringBuffer.toString();
        }
        return str;
    }

    @Trivial
    public static String stripSecretFromParameters(Map<String, String[]> map, String str) {
        return stripSecretsFromParameters(map, new String[]{str});
    }

    @Trivial
    public static String getRequestStringForTrace(HttpServletRequest httpServletRequest, String[] strArr) {
        if (httpServletRequest == null || httpServletRequest.getRequestURL() == null) {
            return "[]";
        }
        StringBuffer stringBuffer = new StringBuffer("[" + stripSecretsFromUrl(httpServletRequest.getRequestURL().toString(), strArr) + "]");
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            String stripSecretsFromUrl = stripSecretsFromUrl(queryString, strArr);
            if (stripSecretsFromUrl != null) {
                stringBuffer.append(", queryString[" + stripSecretsFromUrl + "]");
            }
        } else {
            String stripSecretsFromParameters = stripSecretsFromParameters(httpServletRequest.getParameterMap(), strArr);
            if (stripSecretsFromParameters != null) {
                stringBuffer.append(", parameters[" + stripSecretsFromParameters + "]");
            }
        }
        return stringBuffer.toString();
    }

    @Trivial
    public static String getRequestStringForTrace(HttpServletRequest httpServletRequest, String str) {
        return getRequestStringForTrace(httpServletRequest, new String[]{str});
    }

    @Trivial
    private static String[] getRealSecretList(String[] strArr) {
        ArrayList arrayList;
        if (strArr == null || strArr.length == 0) {
            arrayList = new ArrayList();
            arrayList.add("password");
            arrayList.add("Password");
        } else {
            arrayList = new ArrayList(Arrays.asList(strArr));
            if (!arrayList.contains("password")) {
                arrayList.add("password");
            }
            if (!arrayList.contains("Password")) {
                arrayList.add("Password");
            }
        }
        return (String[]) arrayList.toArray(new String[]{"type"});
    }
}
