package org.owasp.stinger;

import java.io.File;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.stinger.actions.AbstractAction;
import org.owasp.stinger.http.MutableHttpRequest;
import org.owasp.stinger.rules.RuleSet;

/* loaded from: input_file:org/owasp/stinger/StingerFilter.class */
public class StingerFilter implements Filter {
    private static final String POST = "POST";
    private static final String URL_FORM_ENCODING = "application/x-www-form-urlencoded";
    private Stinger stinger = null;
    private Object stingerLock = new Object();
    private String config = null;
    private Boolean reload = false;
    private String errorPage = null;
    private ServletContext context = null;

    public void init(FilterConfig filterConfig) {
        this.context = filterConfig.getServletContext();
        this.config = (filterConfig.getServletContext().getRealPath("WEB-INF") + "/") + filterConfig.getInitParameter("config");
        File file = new File(this.config);
        if (!file.exists() || !file.isFile()) {
            this.context.log("[Stinger-Filter] (Error): unable to locate " + this.config + ". Attempting " + file.getAbsolutePath());
        }
        this.errorPage = filterConfig.getInitParameter("error-page");
        this.reload = Boolean.valueOf(filterConfig.getInitParameter("reload"));
        this.stinger = new Stinger(new RuleSet(this.config, this.context), this.context);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            MutableHttpRequest mutableHttpRequest = new MutableHttpRequest((HttpServletRequest) servletRequest);
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (this.reload.booleanValue()) {
                reloadStinger();
            }
            try {
                if (isValidRequest(mutableHttpRequest)) {
                    doStinger(mutableHttpRequest, httpServletResponse, filterChain);
                } else {
                    this.context.log("[Stinger-Filter] caught a POST request with an incorrect content type header (" + mutableHttpRequest.getContentType() + ") . Redirected to error page at " + this.errorPage);
                    httpServletResponse.sendRedirect(this.errorPage);
                }
            } catch (Exception e) {
                this.context.log("[Stinger-Filter] - " + e.getMessage(), e);
                try {
                    httpServletResponse.sendRedirect(this.errorPage);
                } catch (Exception e2) {
                    this.context.log("[Stinger-Filter] error attempting to redirect to " + this.errorPage, e2);
                }
            }
        }
    }

    public void destroy() {
    }

    private boolean isValidRequest(MutableHttpRequest mutableHttpRequest) {
        boolean z = true;
        String method = mutableHttpRequest.getMethod();
        String contentType = mutableHttpRequest.getContentType();
        if (POST.equalsIgnoreCase(method) && !URL_FORM_ENCODING.equalsIgnoreCase(contentType)) {
            z = false;
        }
        return z;
    }

    private void doStinger(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        switch (this.stinger.validate(mutableHttpRequest, httpServletResponse)) {
            case AbstractAction.DROP /* -1 */:
            default:
                return;
            case AbstractAction.CONTINUE /* 0 */:
            case AbstractAction.PROCESS /* 1 */:
                filterChain.doFilter(mutableHttpRequest, httpServletResponse);
                return;
        }
    }

    private void reloadStinger() {
        synchronized (this.stingerLock) {
            this.stinger = new Stinger(new RuleSet(this.config, this.context), this.context);
        }
    }
}
