package org.apache.wicket.protocol.http.request;

import java.util.Locale;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.wicket.Application;
import org.apache.wicket.IRequestTarget;
import org.apache.wicket.Request;
import org.apache.wicket.RequestCycle;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.protocol.http.PageExpiredException;
import org.apache.wicket.protocol.http.RequestUtils;
import org.apache.wicket.protocol.http.WicketURLDecoder;
import org.apache.wicket.protocol.http.WicketURLEncoder;
import org.apache.wicket.request.IRequestCodingStrategy;
import org.apache.wicket.request.RequestParameters;
import org.apache.wicket.request.target.coding.IRequestTargetUrlCodingStrategy;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.string.AppendingStringBuffer;
import org.apache.wicket.util.string.Strings;
import org.apache.wicket.util.string.UrlUtils;
import org.apache.wicket.util.value.ValueMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/wicket-1.4.16.jar:org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy.class */
public class CryptedUrlWebRequestCodingStrategy implements IRequestCodingStrategy {
    private static final Logger log = LoggerFactory.getLogger(CryptedUrlWebRequestCodingStrategy.class);
    private final IRequestCodingStrategy defaultStrategy;

    /* loaded from: input_file:WEB-INF/lib/wicket-1.4.16.jar:org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy$DecodedUrlRequest.class */
    private static class DecodedUrlRequest extends Request {
        private final Request request;
        private final String url;
        private final Map parameterMap;

        public DecodedUrlRequest(Request request, String str, String str2) {
            this.request = request;
            this.parameterMap = this.request.getParameterMap();
            this.parameterMap.remove("x");
            String decode = WicketURLDecoder.QUERY_INSTANCE.decode(Strings.replaceAll(str2, "&amp;", "&").toString());
            ValueMap valueMap = new ValueMap();
            RequestUtils.decodeParameters(decode, valueMap);
            this.parameterMap.putAll(valueMap);
            int indexOf = str.indexOf("?x=");
            indexOf = indexOf == -1 ? str.indexOf("&x=") : indexOf;
            if (indexOf == -1) {
                throw new WicketRuntimeException("Programming error: we should come here");
            }
            int indexOf2 = str.indexOf("&");
            AppendingStringBuffer appendingStringBuffer = new AppendingStringBuffer(str.length() + str2.length());
            appendingStringBuffer.append(str.subSequence(0, indexOf + 1));
            appendingStringBuffer.append(str2);
            if (indexOf2 != -1) {
                appendingStringBuffer.append(str.substring(indexOf2));
            }
            this.url = appendingStringBuffer.toString();
        }

        @Override // org.apache.wicket.Request
        public Locale getLocale() {
            return this.request.getLocale();
        }

        @Override // org.apache.wicket.Request
        public String getParameter(String str) {
            Object obj;
            if (str == null || (obj = this.parameterMap.get(str)) == null) {
                return null;
            }
            if (!(obj instanceof String[])) {
                return obj instanceof String ? (String) obj : obj.toString();
            }
            String[] strArr = (String[]) obj;
            if (strArr.length > 0) {
                return strArr[0];
            }
            return null;
        }

        @Override // org.apache.wicket.Request
        public Map getParameterMap() {
            return this.parameterMap;
        }

        @Override // org.apache.wicket.Request
        public String[] getParameters(String str) {
            Object obj;
            if (str == null || (obj = this.parameterMap.get(str)) == null) {
                return null;
            }
            return obj instanceof String[] ? (String[]) obj : obj instanceof String ? new String[]{(String) obj} : new String[]{obj.toString()};
        }

        @Override // org.apache.wicket.Request
        public String getPath() {
            return this.request.getPath();
        }

        @Override // org.apache.wicket.Request
        public String getRelativePathPrefixToContextRoot() {
            return this.request.getRelativePathPrefixToContextRoot();
        }

        @Override // org.apache.wicket.Request
        public String getRelativePathPrefixToWicketHandler() {
            return this.request.getRelativePathPrefixToWicketHandler();
        }

        @Override // org.apache.wicket.Request
        public String getURL() {
            return this.url;
        }

        @Override // org.apache.wicket.Request
        public String getQueryString() {
            return this.request.getQueryString();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/wicket-1.4.16.jar:org/apache/wicket/protocol/http/request/CryptedUrlWebRequestCodingStrategy$HackAttackException.class */
    public class HackAttackException extends WicketRuntimeException {
        private static final long serialVersionUID = 1;

        public HackAttackException(String str) {
            super(str);
        }

        @Override // java.lang.Throwable
        public StackTraceElement[] getStackTrace() {
            return new StackTraceElement[0];
        }

        @Override // java.lang.Throwable
        public String toString() {
            return getMessage();
        }
    }

    public CryptedUrlWebRequestCodingStrategy(IRequestCodingStrategy iRequestCodingStrategy) {
        this.defaultStrategy = iRequestCodingStrategy;
    }

    @Override // org.apache.wicket.request.IRequestCodingStrategy
    public RequestParameters decode(Request request) {
        String decodeURL = request.decodeURL(request.getURL());
        String decodeURL2 = decodeURL(decodeURL);
        if (decodeURL2 == null) {
            return this.defaultStrategy.decode(request);
        }
        return this.defaultStrategy.decode(new DecodedUrlRequest(request, decodeURL, decodeURL2));
    }

    @Override // org.apache.wicket.request.IRequestCodingStrategy
    public CharSequence encode(RequestCycle requestCycle, IRequestTarget iRequestTarget) {
        return encodeURL(this.defaultStrategy.encode(requestCycle, iRequestTarget));
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public void mount(IRequestTargetUrlCodingStrategy iRequestTargetUrlCodingStrategy) {
        this.defaultStrategy.mount(iRequestTargetUrlCodingStrategy);
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public void unmount(String str) {
        this.defaultStrategy.unmount(str);
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public void addIgnoreMountPath(String str) {
        this.defaultStrategy.addIgnoreMountPath(str);
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public IRequestTargetUrlCodingStrategy urlCodingStrategyForPath(String str) {
        return this.defaultStrategy.urlCodingStrategyForPath(str);
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public CharSequence pathForTarget(IRequestTarget iRequestTarget) {
        return this.defaultStrategy.pathForTarget(iRequestTarget);
    }

    @Override // org.apache.wicket.request.IRequestTargetMounter
    public IRequestTarget targetForRequest(RequestParameters requestParameters) {
        return this.defaultStrategy.targetForRequest(requestParameters);
    }

    protected CharSequence encodeURL(CharSequence charSequence) {
        int indexOf;
        ICrypt newCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();
        if (newCrypt != null && (indexOf = charSequence.toString().indexOf(63)) > -1) {
            CharSequence subSequence = charSequence.subSequence(0, indexOf);
            String obj = charSequence.subSequence(indexOf + 1, charSequence.length()).toString();
            if (!obj.startsWith("x=")) {
                return new AppendingStringBuffer(subSequence).append("?x=").append(WicketURLEncoder.QUERY_INSTANCE.encode(newCrypt.encryptUrlSafe(shortenUrl(obj).toString())));
            }
        }
        return charSequence;
    }

    protected String decodeURL(String str) {
        int indexOf = str.indexOf("?x=");
        if (indexOf == -1) {
            indexOf = str.indexOf("&x=");
        }
        if (indexOf == -1) {
            return null;
        }
        try {
            int i = indexOf + 3;
            int indexOf2 = str.indexOf("&", i);
            return rebuildUrl(Application.get().getSecuritySettings().getCryptFactory().newCrypt().decryptUrlSafe(WicketURLDecoder.QUERY_INSTANCE.decode(indexOf2 == -1 ? str.substring(i) : str.substring(i, indexOf2))));
        } catch (Exception e) {
            return onError(e, str);
        }
    }

    @Deprecated
    protected String onError(Exception exc) {
        throw new PageExpiredException("Invalid URL", exc);
    }

    protected String onError(Exception exc, String str) {
        log.info("Invalid URL: " + str + ", exception type: " + exc.getClass().getName() + ", exception message:" + exc.getMessage());
        return onError(exc);
    }

    protected CharSequence shortenUrl(CharSequence charSequence) {
        CharSequence replaceAll = Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(charSequence, "wicket:behaviorId=", "1*"), "wicket:interface=IRedirectListener", "2*"), "wicket:interface=IFormSubmitListener", "3*"), "wicket:interface=IOnChangeListener", "4*"), "wicket:interface=ILinkListener", "5*"), "wicket:interface=", "6*"), "wicket:bookmarkablePage=", "7*");
        if (log.isDebugEnabled()) {
            Matcher matcher = Pattern.compile("\\w\\w\\w+").matcher(replaceAll);
            while (matcher.find()) {
                log.debug("URL pattern NOT shortened: '" + ((Object) replaceAll.subSequence(matcher.start(), matcher.end())) + "' - '" + ((Object) replaceAll) + "'");
            }
        }
        return replaceAll;
    }

    protected String rebuildUrl(CharSequence charSequence) {
        return Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(Strings.replaceAll(charSequence, "1*", "wicket:behaviorId="), "2*", "wicket:interface=IRedirectListener"), "3*", "wicket:interface=IFormSubmitListener"), "4*", "wicket:interface=IOnChangeListener"), "5*", "wicket:interface=ILinkListener"), "6*", "wicket:interface="), "7*", "wicket:bookmarkablePage=").toString();
    }

    @Override // org.apache.wicket.request.IRequestCodingStrategy
    public String rewriteStaticRelativeUrl(String str) {
        return UrlUtils.rewriteToContextRelative(str, RequestCycle.get().getRequest());
    }
}
