package org.owasp.esapi;

import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.errors.ValidationUploadException;
import org.owasp.esapi.interfaces.IHTTPUtilities;
import org.owasp.esapi.interfaces.ILogger;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/HTTPUtilities.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/HTTPUtilities.class */
public class HTTPUtilities implements IHTTPUtilities {
    private static HTTPUtilities instance = new HTTPUtilities();
    private static final Logger logger = Logger.getLogger("ESAPI", "HTTPUtilities");
    int maxBytes = SecurityConfiguration.getInstance().getAllowedFileUploadSize();

    public static HTTPUtilities getInstance() {
        return instance;
    }

    private HTTPUtilities() {
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public String addCSRFToken(String str) {
        User currentUser = Authenticator.getInstance().getCurrentUser();
        return (currentUser.isAnonymous() || currentUser == null) ? str : (str.indexOf(63) == -1 && str.indexOf(38) == -1) ? String.valueOf(str) + "?" + currentUser.getCSRFToken() : String.valueOf(str) + "&" + currentUser.getCSRFToken();
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void addSafeCookie(String str, String str2, int i, String str3, String str4) {
        Authenticator.getInstance().getCurrentResponse().addHeader("Set-Cookie", String.valueOf(str) + "=" + str2 + "; Max-Age=" + i + "; Domain=" + str3 + "; Path=" + str4 + "; Secure; HttpOnly");
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void addSafeHeader(String str, String str2) throws ValidationException {
        HttpServletResponse currentResponse = Authenticator.getInstance().getCurrentResponse();
        if (!SecurityConfiguration.getInstance().getValidationPattern("HTTPHeaderName").matcher(str).matches()) {
            throw new ValidationException("Invalid header", "Attempt to set a header name that violates the global rule in ESAPI.properties: " + str);
        }
        if (!SecurityConfiguration.getInstance().getValidationPattern("HTTPHeaderValue").matcher(str2).matches()) {
            throw new ValidationException("Invalid header", "Attempt to set a header value that violates the global rule in ESAPI.properties: " + str2);
        }
        currentResponse.addHeader(str, str2);
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public HttpSession changeSessionIdentifier() throws AuthenticationException {
        HttpServletRequest currentRequest = Authenticator.getInstance().getCurrentRequest();
        HashMap hashMap = new HashMap();
        HttpSession session = currentRequest.getSession();
        Enumeration attributeNames = session.getAttributeNames();
        while (attributeNames != null && attributeNames.hasMoreElements()) {
            String str = (String) attributeNames.nextElement();
            hashMap.put(str, session.getAttribute(str));
        }
        session.invalidate();
        HttpSession session2 = currentRequest.getSession(true);
        for (Map.Entry entry : hashMap.entrySet()) {
            session2.setAttribute((String) entry.getKey(), entry.getValue());
        }
        return session2;
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void checkCSRFToken() throws IntrusionException {
        HttpServletRequest currentRequest = Authenticator.getInstance().getCurrentRequest();
        User currentUser = Authenticator.getInstance().getCurrentUser();
        if (!currentUser.isFirstRequest() && currentRequest.getParameter(currentUser.getCSRFToken()) == null) {
            throw new IntrusionException("Authentication failed", "Attempt to access application without appropriate token");
        }
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void getSafeFileUploads(File file, File file2) throws ValidationException {
        HttpServletRequest currentRequest = Authenticator.getInstance().getCurrentRequest();
        try {
            final HttpSession session = currentRequest.getSession();
            if (!ServletFileUpload.isMultipartContent(currentRequest)) {
                throw new ValidationUploadException("Upload failed", "Not a multipart request");
            }
            ServletFileUpload servletFileUpload = new ServletFileUpload(new DiskFileItemFactory(0, file));
            servletFileUpload.setSizeMax(this.maxBytes);
            servletFileUpload.setProgressListener(new ProgressListener() { // from class: org.owasp.esapi.HTTPUtilities.1
                private long megaBytes = -1;
                private long progress = 0;

                @Override // org.apache.commons.fileupload.ProgressListener
                public void update(long j, long j2, int i) {
                    if (i == 0) {
                        return;
                    }
                    long j3 = j / 1000000;
                    if (this.megaBytes == j3) {
                        return;
                    }
                    this.megaBytes = j3;
                    this.progress = (long) ((j / j2) * 100.0d);
                    session.setAttribute("progress", Long.valueOf(this.progress));
                    HTTPUtilities.logger.logSuccess(ILogger.SECURITY, "   Item " + i + " (" + this.progress + "% of " + j2 + " bytes]");
                }
            });
            for (FileItem fileItem : servletFileUpload.parseRequest(currentRequest)) {
                if (!fileItem.isFormField() && fileItem.getName() != null && !fileItem.getName().isEmpty()) {
                    String[] split = fileItem.getName().split("[\\/\\\\]");
                    String str = split[split.length - 1];
                    if (!Validator.getInstance().isValidFileName(str)) {
                        throw new ValidationUploadException("Upload only simple filenames with the following extensions " + SecurityConfiguration.getInstance().getAllowedFileExtensions(), "Invalid filename for upload");
                    }
                    logger.logCritical(ILogger.SECURITY, "File upload requested: " + str);
                    File file3 = new File(file2, str);
                    if (file3.exists()) {
                        String[] split2 = str.split("\\.");
                        String str2 = split2.length > 1 ? split2[split2.length - 1] : "";
                        file3 = File.createTempFile(str.substring(0, str.length() - str2.length()), "." + str2, file2);
                    }
                    fileItem.write(file3);
                    fileItem.delete();
                    logger.logCritical(ILogger.SECURITY, "File successfully uploaded: " + file3);
                    session.setAttribute("progress", 0L);
                }
            }
        } catch (Exception e) {
            if (!(e instanceof ValidationUploadException)) {
                throw new ValidationUploadException("Upload failure", "Problem during upload", e);
            }
            throw ((ValidationException) e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public boolean isSecureChannel() {
        return Authenticator.getInstance().getCurrentRequest().getRequestURL().charAt(4) == 'x';
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void killAllCookies() {
        Cookie[] cookies = Authenticator.getInstance().getCurrentRequest().getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                killCookie(cookie.getName());
            }
        }
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void killCookie(String str) {
        HttpServletRequest currentRequest = Authenticator.getInstance().getCurrentRequest();
        HttpServletResponse currentResponse = Authenticator.getInstance().getCurrentResponse();
        Cookie[] cookies = currentRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals(str)) {
                    currentResponse.addHeader("Set-Cookie", String.valueOf(str) + "=deleted; Max-Age=0; Path=" + currentRequest.getContextPath());
                }
            }
        }
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void sendSafeRedirect(String str) throws ValidationException, IOException {
        HttpServletResponse currentResponse = Authenticator.getInstance().getCurrentResponse();
        if (!Validator.getInstance().isValidRedirectLocation(str)) {
            throw new ValidationException("Redirect failed", "Bad redirect location: " + str);
        }
        currentResponse.sendRedirect(str);
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void setContentType() {
        Authenticator.getInstance().getCurrentResponse().setContentType(SecurityConfiguration.getInstance().getResponseContentType());
    }

    @Override // org.owasp.esapi.interfaces.IHTTPUtilities
    public void setNoCacheHeaders() {
        HttpServletResponse currentResponse = Authenticator.getInstance().getCurrentResponse();
        currentResponse.setHeader("Cache-Control", "no-store");
        currentResponse.setHeader("Cache-Control", "no-cache");
        currentResponse.setHeader("Cache-Control", "must-revalidate");
        currentResponse.setDateHeader("Expires", -1L);
    }
}
