package com.ibm.ws.webcontainer.security;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.webcontainer.security.internal.StringUtil;
import com.ibm.ws.webcontainer.srt.SRTServletRequest;
import com.ibm.wsspi.webcontainer.servlet.IExtendedRequest;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/webcontainer/security/PostParameterHelper.class */
public class PostParameterHelper {
    private static final TraceComponent tc = Tr.register(PostParameterHelper.class);
    public static final String INITIAL_URL = "INITIAL_URL";
    public static final String PARAM_NAMES = "PARAM_NAMES";
    public static final String PARAM_VALUES = "PARAM_VALUES";
    public static final String POSTPARAM_COOKIE = "WASPostParam";
    public static final String ATTRIB_HASH_MAP = "ServletRequestWrapperHashmap";
    private static final int LENGTH_INT = 4;
    private static final int OFFSET_REQURL = 0;
    private static final int OFFSET_DATA = 1;
    private final WebAppSecurityConfig webAppSecurityConfig;
    static final long serialVersionUID = 119653149498264543L;

    public PostParameterHelper(WebAppSecurityConfig webAppSecurityConfig) {
        this.webAppSecurityConfig = webAppSecurityConfig;
    }

    public void save(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, (String) null);
        save(httpServletRequest, httpServletResponse, authenticationResult);
        List<Cookie> cookies = authenticationResult.getCookies();
        if (cookies == null || cookies.size() <= 0) {
            return;
        }
        CookieHelper.addCookiesToResponse(cookies, httpServletResponse);
    }

    public void save(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult) {
        save(httpServletRequest, httpServletResponse, authenticationResult, false);
    }

    public void save(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationResult authenticationResult, boolean z) {
        if (httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            if (!(httpServletRequest instanceof IExtendedRequest)) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "It is not an IExtendedRequest object", new Object[OFFSET_REQURL]);
                    return;
                }
                return;
            }
            restorePostParams((SRTServletRequest) httpServletRequest);
            String requestURI = httpServletRequest.getRequestURI();
            try {
                String postParamSaveMethod = this.webAppSecurityConfig.getPostParamSaveMethod();
                if (postParamSaveMethod.equalsIgnoreCase(WebAppSecurityConfig.POST_PARAM_SAVE_TO_COOKIE)) {
                    saveToCookie((IExtendedRequest) httpServletRequest, requestURI, authenticationResult, z);
                } else if (postParamSaveMethod.equalsIgnoreCase(WebAppSecurityConfig.POST_PARAM_SAVE_TO_SESSION)) {
                    saveToSession(httpServletRequest, requestURI, ((IExtendedRequest) httpServletRequest).getInputStreamData());
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "117", this, new Object[]{httpServletRequest, httpServletResponse, authenticationResult, Boolean.valueOf(z)});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "IO Exception storing POST parameters onto a cookie or session: ", new Object[]{e});
                }
            }
        }
    }

    private void saveToCookie(IExtendedRequest iExtendedRequest, String str, AuthenticationResult authenticationResult, boolean z) {
        String str2 = OFFSET_REQURL;
        try {
            str2 = serializePostParam(iExtendedRequest, str, z);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "137", this, new Object[]{iExtendedRequest, str, authenticationResult, Boolean.valueOf(z)});
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IO Exception storing POST parameters onto a cookie: ", new Object[]{e});
            }
        }
        if (str2 != null) {
            Cookie cookie = new Cookie(POSTPARAM_COOKIE, str2);
            cookie.setMaxAge(-1);
            cookie.setPath(str);
            if (this.webAppSecurityConfig.getHttpOnlyCookies()) {
                cookie.setHttpOnly(true);
            }
            if (this.webAppSecurityConfig.getSSORequiresSSL()) {
                cookie.setSecure(true);
            }
            authenticationResult.setCookie(cookie);
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "encoded POST parameters: " + str2, new Object[OFFSET_REQURL]);
        }
    }

    private void saveToSession(HttpServletRequest httpServletRequest, String str, Map map) {
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null || httpServletRequest.getParameterNames() == null) {
            return;
        }
        session.setAttribute(INITIAL_URL, str);
        session.setAttribute(PARAM_NAMES, (Object) null);
        session.setAttribute(PARAM_VALUES, map);
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "URL saved: " + str.toString(), new Object[OFFSET_REQURL]);
        }
    }

    public void restore(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        restore(httpServletRequest, httpServletResponse, false);
    }

    public void restore(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) {
        if (!(httpServletRequest instanceof IExtendedRequest)) {
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "It is not an IExtendedRequest object", new Object[OFFSET_REQURL]);
                return;
            }
            return;
        }
        if (z || httpServletRequest.getMethod().equalsIgnoreCase("GET")) {
            String requestURI = httpServletRequest.getRequestURI();
            IExtendedRequest iExtendedRequest = (IExtendedRequest) httpServletRequest;
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, " method : " + httpServletRequest.getMethod() + " URL:" + requestURI, new Object[OFFSET_REQURL]);
            }
            String postParamSaveMethod = this.webAppSecurityConfig.getPostParamSaveMethod();
            if (postParamSaveMethod.equalsIgnoreCase(WebAppSecurityConfig.POST_PARAM_SAVE_TO_COOKIE)) {
                restoreFromCookie(iExtendedRequest, httpServletResponse, requestURI);
            } else if (postParamSaveMethod.equalsIgnoreCase(WebAppSecurityConfig.POST_PARAM_SAVE_TO_SESSION)) {
                restoreFromSession(iExtendedRequest, httpServletRequest, requestURI);
            }
        }
    }

    private void restoreFromSession(IExtendedRequest iExtendedRequest, HttpServletRequest httpServletRequest, String str) {
        HttpSession session = httpServletRequest.getSession(false);
        if (session == null) {
            return;
        }
        String str2 = (String) session.getAttribute(INITIAL_URL);
        if (str2 != null && str2.equals(str)) {
            try {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Found the session, restoring POST parameters.", new Object[OFFSET_REQURL]);
                }
                iExtendedRequest.setMethod("POST");
                Map map = (Map) session.getAttribute(PARAM_VALUES);
                if (map != null && !map.isEmpty()) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "Restoring POST paramameters for URL : " + str, new Object[OFFSET_REQURL]);
                    }
                    iExtendedRequest.setInputStreamData((HashMap) map);
                }
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "247", this, new Object[]{iExtendedRequest, httpServletRequest, str});
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "IOException restoring POST parameters onto a cookie: ", new Object[]{e});
                }
            }
        } else if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Parameters NOT restored. Original URL : " + str2 + " req. URL : " + str, new Object[OFFSET_REQURL]);
        }
        session.setAttribute(INITIAL_URL, (Object) null);
        session.setAttribute(PARAM_NAMES, (Object) null);
        session.setAttribute(PARAM_VALUES, (Object) null);
    }

    private void restoreFromCookie(IExtendedRequest iExtendedRequest, HttpServletResponse httpServletResponse, String str) {
        byte[] cookieValueAsBytes = iExtendedRequest.getCookieValueAsBytes(POSTPARAM_COOKIE);
        if (cookieValueAsBytes == null || cookieValueAsBytes.length <= 2) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
            Tr.debug(tc, "Found the cookie, restoring POST parameters: " + new String(cookieValueAsBytes), new Object[OFFSET_REQURL]);
        }
        try {
            iExtendedRequest.setInputStreamData(deserializePostParam(iExtendedRequest, cookieValueAsBytes, str));
            iExtendedRequest.setMethod("POST");
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "281", this, new Object[]{iExtendedRequest, httpServletResponse, str});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception restoring POST parameters from the cookie: ", new Object[]{e});
            }
        }
        Cookie cookie = new Cookie(POSTPARAM_COOKIE, "");
        cookie.setPath(str);
        cookie.setMaxAge(OFFSET_REQURL);
        if (this.webAppSecurityConfig.getHttpOnlyCookies()) {
            cookie.setHttpOnly(true);
        }
        if (this.webAppSecurityConfig.getSSORequiresSSL()) {
            cookie.setSecure(true);
        }
        httpServletResponse.addCookie(cookie);
    }

    private String serializePostParam(IExtendedRequest iExtendedRequest, String str, boolean z) throws IOException, UnsupportedEncodingException, IllegalStateException {
        String str2 = OFFSET_REQURL;
        HashMap inputStreamData = iExtendedRequest.getInputStreamData();
        if (inputStreamData != null) {
            long sizeInputStreamData = iExtendedRequest.sizeInputStreamData(inputStreamData);
            byte[] bytes = str.getBytes("UTF-8");
            long length = sizeInputStreamData + bytes.length + 4;
            long postParamCookieSize = this.webAppSecurityConfig.getPostParamCookieSize();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "length:" + length + "  maximum length:" + postParamCookieSize, new Object[OFFSET_REQURL]);
            }
            if (length < postParamCookieSize) {
                byte[][] serializeInputStreamData = iExtendedRequest.serializeInputStreamData(inputStreamData);
                StringBuffer stringBuffer = new StringBuffer();
                stringBuffer.append(StringUtil.toString(Base64Coder.base64Encode(bytes)));
                for (int i = OFFSET_REQURL; i < serializeInputStreamData.length; i += OFFSET_DATA) {
                    stringBuffer.append(".").append(StringUtil.toString(Base64Coder.base64Encode(serializeInputStreamData[i])));
                }
                str2 = stringBuffer.toString();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "encoded length:" + str2.length(), new Object[OFFSET_REQURL]);
                }
                if (z) {
                    iExtendedRequest.setInputStreamData(inputStreamData);
                }
            } else {
                Tr.warning(tc, "SEC_FORM_POST_NULL_OR_TOO_LARGE", new Object[OFFSET_REQURL]);
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "encoded POST parameters: " + str2, new Object[OFFSET_REQURL]);
            }
        } else {
            Tr.warning(tc, "SEC_FORM_POST_NULL_OR_TOO_LARGE", new Object[OFFSET_REQURL]);
        }
        return str2;
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [byte[], byte[][]] */
    private HashMap deserializePostParam(IExtendedRequest iExtendedRequest, byte[] bArr, String str) throws IOException, UnsupportedEncodingException, IllegalStateException {
        List<byte[]> splitBytes = splitBytes(bArr, (byte) 46);
        int size = splitBytes.size();
        if (size <= OFFSET_DATA) {
            throw new IllegalStateException("The data of the post param cookie is too short. The data might be truncated.");
        }
        String str2 = new String(Base64Coder.base64Decode(splitBytes.get(OFFSET_REQURL)), "UTF-8");
        if (str2 == null || !str2.equals(str)) {
            throw new IllegalStateException("The url in the post param cookie does not match the requested url");
        }
        ?? r0 = new byte[size - OFFSET_DATA];
        for (int i = OFFSET_REQURL; i < size - OFFSET_DATA; i += OFFSET_DATA) {
            r0[i] = Base64Coder.base64Decode(splitBytes.get(OFFSET_DATA + i));
        }
        return iExtendedRequest.deserializeInputStreamData((byte[][]) r0);
    }

    private List<byte[]> splitBytes(byte[] bArr, byte b) {
        ArrayList arrayList = new ArrayList();
        int i = OFFSET_REQURL;
        int i2 = OFFSET_REQURL;
        while (i2 < bArr.length) {
            while (i2 < bArr.length && bArr[i2] != b) {
                i2 += OFFSET_DATA;
            }
            arrayList.add(Arrays.copyOfRange(bArr, i, i2));
            i = i2 + OFFSET_DATA;
            i2 += OFFSET_DATA;
        }
        return arrayList;
    }

    public static void savePostParams(SRTServletRequest sRTServletRequest) {
        if (sRTServletRequest.getMethod().equalsIgnoreCase("POST") && ((HashMap) sRTServletRequest.getAttribute(ATTRIB_HASH_MAP)) == null) {
            try {
                HashMap inputStreamData = sRTServletRequest.getInputStreamData();
                sRTServletRequest.setInputStreamData(inputStreamData);
                sRTServletRequest.setAttribute(ATTRIB_HASH_MAP, inputStreamData);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "402", (Object) null, new Object[]{sRTServletRequest});
            }
        }
    }

    public static void restorePostParams(SRTServletRequest sRTServletRequest) {
        HashMap hashMap = (HashMap) sRTServletRequest.getAttribute(ATTRIB_HASH_MAP);
        if (hashMap != null) {
            try {
                sRTServletRequest.setAttribute(ATTRIB_HASH_MAP, (Object) null);
                sRTServletRequest.setInputStreamData(hashMap);
            } catch (IOException e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.PostParameterHelper", "415", (Object) null, new Object[]{sRTServletRequest});
            }
        }
    }
}
