package org.owasp.stinger;

import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import org.owasp.stinger.actions.AbstractAction;
import org.owasp.stinger.http.MutableHttpRequest;
import org.owasp.stinger.rules.CookieRule;
import org.owasp.stinger.rules.Rule;
import org.owasp.stinger.rules.RuleSet;
import org.owasp.stinger.violation.Violation;
import org.owasp.stinger.violation.ViolationList;

/* loaded from: input_file:org/owasp/stinger/Stinger.class */
public class Stinger {
    private static final int STOP = -1;
    private static final int CONTINUE = 0;
    private RuleSet set;
    private ServletContext context;

    public Stinger(RuleSet ruleSet, ServletContext servletContext) {
        this.set = null;
        this.context = null;
        this.set = ruleSet;
        this.context = servletContext;
    }

    private void handleViolationActions(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, Violation violation) {
        Iterator<AbstractAction> it = violation.getActions().iterator();
        while (it.hasNext()) {
            it.next().doAction(violation, mutableHttpRequest, httpServletResponse);
        }
    }

    private void handleViolations(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, ViolationList violationList) {
        Iterator it = violationList.iterator();
        while (it.hasNext()) {
            handleViolationActions(mutableHttpRequest, httpServletResponse, (Violation) it.next());
        }
    }

    private int checkMissingCookies(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, ViolationList violationList) {
        int i = 0;
        String requestURI = mutableHttpRequest.getRequestURI();
        Cookie[] cookies = mutableHttpRequest.getCookies();
        HashMap hashMap = new HashMap();
        LinkedList<CookieRule> cookieRules = this.set.getCookieRules();
        if (cookies != null) {
            for (int i2 = 0; i2 < cookies.length; i2++) {
                hashMap.put(cookies[i2].getName(), cookies[i2]);
            }
            for (CookieRule cookieRule : cookieRules) {
                String name = cookieRule.getName();
                if (!hashMap.containsKey(name) && !cookieRule.isCreatedUri(requestURI) && cookieRule.isEnforced(requestURI)) {
                    Violation violation = new Violation(cookieRule.getMissing(), name, null, cookieRule.getPattern(), requestURI);
                    if (violation.getSeverity().equals(Severity.FATAL)) {
                        handleViolationActions(mutableHttpRequest, httpServletResponse, violation);
                        i = -1;
                    } else if (violation.getSeverity().equals(Severity.CONTINUE)) {
                        violationList.add(violation);
                    } else {
                        this.context.log("[Stinger-Filter] - ignoring missing violation for the " + violation.getName() + " cookie");
                    }
                }
            }
        } else {
            this.context.log("[Stinger-Filter] - there exists no rules for the following URI: " + mutableHttpRequest.getRequestURI());
        }
        return i;
    }

    private int checkMalformedCookies(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, ViolationList violationList) {
        int i = 0;
        String requestURI = mutableHttpRequest.getRequestURI();
        Cookie[] cookies = mutableHttpRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                CookieRule cookieRule = this.set.getCookieRule(cookie.getName());
                if (cookieRule != null && cookieRule.isEnforced(requestURI) && !cookieRule.isValid(cookie.getValue())) {
                    Violation violation = new Violation(cookieRule.getMissing(), cookieRule.getName(), cookie.getValue(), cookieRule.getPattern(), requestURI);
                    if (violation.getSeverity().equals(Severity.FATAL)) {
                        handleViolationActions(mutableHttpRequest, httpServletResponse, violation);
                        i = -1;
                    } else if (violation.getSeverity().equals(Severity.CONTINUE)) {
                        violationList.add(violation);
                    } else {
                        this.context.log("[Stinger-Filter] - ignoring malformed violation for the " + violation.getName() + " cookie");
                    }
                }
            }
        }
        return i;
    }

    private int checkMissingParameters(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, ViolationList violationList) {
        int i = 0;
        String requestURI = mutableHttpRequest.getRequestURI();
        List<Rule> parameterRules = this.set.getParameterRules(requestURI);
        if (parameterRules != null) {
            for (Rule rule : parameterRules) {
                String name = rule.getName();
                if (!name.equals(RuleSet.STINGER_ALL) && (mutableHttpRequest.getParameter(name) == null || mutableHttpRequest.getParameter(name).equals(""))) {
                    Violation violation = new Violation(rule.getMissing(), name, null, rule.getPattern(), requestURI);
                    if (violation.getSeverity().equals(Severity.FATAL)) {
                        handleViolationActions(mutableHttpRequest, httpServletResponse, violation);
                        i = -1;
                    } else if (violation.getSeverity().equals(Severity.CONTINUE)) {
                        violationList.add(violation);
                    } else {
                        this.context.log("[Stinger-Filter] - ignoring missing violation for the " + violation.getName() + " parameter at " + mutableHttpRequest.getRequestURI());
                    }
                }
            }
        } else {
            this.context.log("[Stinger-Filter] there exists no rules for the following URI: " + mutableHttpRequest.getRequestURI());
        }
        return i;
    }

    private int checkMalformedParameters(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse, ViolationList violationList) {
        int i = 0;
        String requestURI = mutableHttpRequest.getRequestURI();
        Enumeration parameterNames = mutableHttpRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = mutableHttpRequest.getParameter(str);
            Rule parameterRule = this.set.getParameterRule(requestURI, str);
            if (parameterRule != null && !parameterRule.isValid(parameter)) {
                Violation violation = new Violation(parameterRule.getMalformed(), str, parameter, parameterRule.getPattern(), requestURI);
                if (violation.getSeverity().equals(Severity.FATAL)) {
                    handleViolationActions(mutableHttpRequest, httpServletResponse, violation);
                    i = -1;
                } else if (violation.getSeverity().equals(Severity.CONTINUE)) {
                    violationList.add(violation);
                } else {
                    this.context.log("[Stinger-Filter] - ignoring malformed violation for the " + violation.getName() + " parameter at " + mutableHttpRequest.getRequestURI());
                }
            }
        }
        return i;
    }

    private int doValidate(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse) {
        ViolationList violationList = new ViolationList();
        int checkMissingCookies = checkMissingCookies(mutableHttpRequest, httpServletResponse, violationList);
        if (checkMissingCookies == 0) {
            checkMissingCookies = checkMalformedCookies(mutableHttpRequest, httpServletResponse, violationList);
            if (checkMissingCookies == 0) {
                checkMissingCookies = checkMissingParameters(mutableHttpRequest, httpServletResponse, violationList);
                if (checkMissingCookies == 0) {
                    checkMissingCookies = checkMalformedParameters(mutableHttpRequest, httpServletResponse, violationList);
                }
            }
        }
        handleViolations(mutableHttpRequest, httpServletResponse, violationList);
        return checkMissingCookies;
    }

    public int validate(MutableHttpRequest mutableHttpRequest, HttpServletResponse httpServletResponse) {
        return this.set.isExcluded(mutableHttpRequest.getRequestURI()) ? 0 : doValidate(mutableHttpRequest, httpServletResponse);
    }
}
