package org.apache.catalina.filters;

import java.io.IOException;
import java.io.Serializable;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:WEB-INF/lib-provided/tomcat-embed-core-8.5.15.jar:org/apache/catalina/filters/CsrfPreventionFilter.class */
public class CsrfPreventionFilter extends CsrfPreventionFilterBase {
    private final Set<String> entryPoints = new HashSet();
    private int nonceCacheSize = 5;

    /* loaded from: input_file:WEB-INF/lib-provided/tomcat-embed-core-8.5.15.jar:org/apache/catalina/filters/CsrfPreventionFilter$CsrfResponseWrapper.class */
    protected static class CsrfResponseWrapper extends HttpServletResponseWrapper {
        private final String nonce;

        public CsrfResponseWrapper(HttpServletResponse httpServletResponse, String str) {
            super(httpServletResponse);
            this.nonce = str;
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        @Deprecated
        public String encodeRedirectUrl(String str) {
            return encodeRedirectURL(str);
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeRedirectURL(String str) {
            return addNonce(super.encodeRedirectURL(str));
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        @Deprecated
        public String encodeUrl(String str) {
            return encodeURL(str);
        }

        @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
        public String encodeURL(String str) {
            return addNonce(super.encodeURL(str));
        }

        private String addNonce(String str) {
            if (str == null || this.nonce == null) {
                return str;
            }
            String str2 = str;
            String str3 = "";
            String str4 = "";
            int indexOf = str2.indexOf(35);
            if (indexOf >= 0) {
                str4 = str2.substring(indexOf);
                str2 = str2.substring(0, indexOf);
            }
            int indexOf2 = str2.indexOf(63);
            if (indexOf2 >= 0) {
                str3 = str2.substring(indexOf2);
                str2 = str2.substring(0, indexOf2);
            }
            StringBuilder sb = new StringBuilder(str2);
            if (str3.length() > 0) {
                sb.append(str3);
                sb.append('&');
            } else {
                sb.append('?');
            }
            sb.append("org.apache.catalina.filters.CSRF_NONCE");
            sb.append('=');
            sb.append(this.nonce);
            sb.append(str4);
            return sb.toString();
        }
    }

    /* loaded from: input_file:WEB-INF/lib-provided/tomcat-embed-core-8.5.15.jar:org/apache/catalina/filters/CsrfPreventionFilter$LruCache.class */
    protected static class LruCache<T> implements Serializable {
        private static final long serialVersionUID = 1;
        private final Map<T, T> cache;

        public LruCache(final int i) {
            this.cache = new LinkedHashMap<T, T>() { // from class: org.apache.catalina.filters.CsrfPreventionFilter.LruCache.1
                private static final long serialVersionUID = 1;

                @Override // java.util.LinkedHashMap
                protected boolean removeEldestEntry(Map.Entry<T, T> entry) {
                    return size() > i;
                }
            };
        }

        public void add(T t) {
            synchronized (this.cache) {
                this.cache.put(t, null);
            }
        }

        public boolean contains(T t) {
            boolean containsKey;
            synchronized (this.cache) {
                containsKey = this.cache.containsKey(t);
            }
            return containsKey;
        }
    }

    public void setEntryPoints(String str) {
        for (String str2 : str.split(",")) {
            this.entryPoints.add(str2.trim());
        }
    }

    public void setNonceCacheSize(int i) {
        this.nonceCacheSize = i;
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        ServletResponse servletResponse2;
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            boolean z = false;
            if ("GET".equals(httpServletRequest.getMethod()) && this.entryPoints.contains(getRequestedPath(httpServletRequest))) {
                z = true;
            }
            HttpSession session = httpServletRequest.getSession(false);
            LruCache lruCache = session == null ? null : (LruCache) session.getAttribute("org.apache.catalina.filters.CSRF_NONCE");
            if (!z) {
                String parameter = httpServletRequest.getParameter("org.apache.catalina.filters.CSRF_NONCE");
                if (lruCache == null || parameter == null || !lruCache.contains(parameter)) {
                    httpServletResponse.sendError(getDenyStatus());
                    return;
                }
            }
            if (lruCache == null) {
                lruCache = new LruCache(this.nonceCacheSize);
                if (session == null) {
                    session = httpServletRequest.getSession(true);
                }
                session.setAttribute("org.apache.catalina.filters.CSRF_NONCE", lruCache);
            }
            String generateNonce = generateNonce();
            lruCache.add(generateNonce);
            servletResponse2 = new CsrfResponseWrapper(httpServletResponse, generateNonce);
        } else {
            servletResponse2 = servletResponse;
        }
        filterChain.doFilter(servletRequest, servletResponse2);
    }
}
