package org.parosproxy.paros.core.scanner;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.core.scanner.MultipartFormParameter;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.extension.alert.AlertEventPublisher;

/* loaded from: input_file:org/parosproxy/paros/core/scanner/VariantMultipartFormParameters.class */
public class VariantMultipartFormParameters implements Variant {
    private static final Logger LOGGER = Logger.getLogger(VariantMultipartFormParameters.class);
    private static final Pattern FIELD_NAME_PATTERN = Pattern.compile("\\s*content-disposition\\s*:.*\\s+name\\s*\\=?\\s*\\\"?(?<name>.[^;\\\"\\n]*)\\\"?\\;?.*", 2);
    private static final Pattern FIELD_VALUE_PATTERN = Pattern.compile("[\\r\\n]{2}(?<value>.*)");
    private static final Pattern FILENAME_PART_PATTERN = Pattern.compile("\\s*content-disposition\\s*:.*filename\\s*\\=?\\s*\\\"?(?<filename>.[^;\"\\n]*)\\\"?\\;?.*", 2);
    private static final Pattern CONTENTTYPE_PART_PATTERN = Pattern.compile("\\s*content-disposition.*content-type\\s*:\\s*\\s*\\\"?(?<contenttype>.[^;\"\\r\\n]*)\\\"?\\;?.*", 34);
    private List<NameValuePair> params = Collections.emptyList();
    private List<MultipartFormParameter> multiPartParams = new ArrayList();

    @Override // org.parosproxy.paros.core.scanner.Variant
    public void setMessage(HttpMessage httpMessage) {
        if (httpMessage == null) {
            throw new IllegalArgumentException("Parameter message must not be null.");
        }
        String header = httpMessage.getRequestHeader().getHeader(HttpHeader.CONTENT_TYPE);
        if (header == null || !header.toLowerCase().startsWith("multipart/form-data")) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        int i = 0;
        int i2 = 0;
        String str = getBoundary(header) + HttpHeader.CRLF;
        for (String str2 : httpMessage.getRequestBody().toString().split(str)) {
            if (!StringUtils.isBlank(str2)) {
                String substring = str2.substring(0, str2.indexOf("\r\n\r\n"));
                boolean contains = substring.contains("filename=");
                str2 = str + str2;
                Matcher matcher = FIELD_NAME_PATTERN.matcher(substring);
                Matcher matcher2 = FIELD_VALUE_PATTERN.matcher(str2);
                matcher.find();
                matcher2.find();
                if (StringUtils.isBlank(matcher2.group("value"))) {
                    matcher2.find();
                }
                String group = matcher.group(AlertEventPublisher.NAME);
                String replaceAll = str2.replaceAll(Pattern.quote(str + substring) + HttpHeader.CRLF + HttpHeader.CRLF, Constant.USER_AGENT).replaceAll("\r\n(" + Pattern.quote(getBoundary(header)) + "--" + HttpHeader.CRLF + ")?$", Constant.USER_AGENT);
                if (contains) {
                    arrayList.add(new NameValuePair(34, group, replaceAll, i));
                } else {
                    arrayList.add(new NameValuePair(33, group, replaceAll, i));
                }
                int indexOf = i2 + str2.indexOf("\r\n\r\n") + 4;
                int length = indexOf + replaceAll.length();
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Name: " + group + " O: " + i2 + " S: " + indexOf + " E: " + length + " Pos: " + i);
                }
                this.multiPartParams.add(new MultipartFormParameter(group, matcher2.group("value"), indexOf, length, i, MultipartFormParameter.Type.GENERAL));
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Name: " + group + " value: " + matcher2.group("value"));
                }
                if (contains) {
                    Matcher matcher3 = FILENAME_PART_PATTERN.matcher(str2);
                    matcher3.find();
                    String group2 = matcher3.group("filename");
                    int i3 = i + 1;
                    arrayList.add(new NameValuePair(35, group, group2, i3));
                    int indexOf2 = i2 + str2.indexOf(group2);
                    int length2 = indexOf2 + group2.length();
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Name: " + group + " O: " + i2 + " S: " + indexOf2 + " E: " + length2 + " Pos: " + i3);
                    }
                    this.multiPartParams.add(new MultipartFormParameter(group, group2, indexOf2, length2, i3, MultipartFormParameter.Type.FILE_NAME));
                    Matcher matcher4 = CONTENTTYPE_PART_PATTERN.matcher(str2);
                    matcher4.find();
                    String group3 = matcher4.group("contenttype");
                    i = i3 + 1;
                    arrayList.add(new NameValuePair(36, group, group3, i));
                    int indexOf3 = i2 + str2.indexOf(group3);
                    int length3 = indexOf3 + group3.length();
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Name: " + group + " O: " + i2 + " S: " + indexOf3 + " E: " + length3 + " Pos: " + i);
                    }
                    this.multiPartParams.add(new MultipartFormParameter(group, group3, indexOf3, length3, i, MultipartFormParameter.Type.FILE_CONTENT_TYPE));
                }
            }
            i++;
            i2 += str2.length();
        }
        this.params = Collections.unmodifiableList(arrayList);
    }

    @Override // org.parosproxy.paros.core.scanner.Variant
    public List<NameValuePair> getParamList() {
        return this.params;
    }

    @Override // org.parosproxy.paros.core.scanner.Variant
    public String setParameter(HttpMessage httpMessage, NameValuePair nameValuePair, String str, String str2) {
        return setParameter(httpMessage, nameValuePair, str2);
    }

    @Override // org.parosproxy.paros.core.scanner.Variant
    public String setEscapedParameter(HttpMessage httpMessage, NameValuePair nameValuePair, String str, String str2) {
        return setParameter(httpMessage, nameValuePair, str2);
    }

    private String setParameter(HttpMessage httpMessage, NameValuePair nameValuePair, String str) {
        StringBuilder sb = new StringBuilder(httpMessage.getRequestBody().toString());
        int position = nameValuePair.getPosition() - 1;
        MultipartFormParameter multipartFormParameter = this.multiPartParams.get(position);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("i: " + position + " pos: " + nameValuePair.getPosition() + " S: " + multipartFormParameter.getStart() + " E: " + multipartFormParameter.getEnd());
        }
        sb.replace(multipartFormParameter.getStart(), multipartFormParameter.getEnd(), str);
        String sb2 = sb.toString();
        httpMessage.getRequestBody().setBody(sb2);
        return sb2;
    }

    private String getBoundary(String str) {
        int lastIndexOf = str.lastIndexOf("boundary=");
        if (lastIndexOf == -1) {
            return null;
        }
        String substring = str.substring(lastIndexOf + 9);
        if (substring.charAt(0) == '\"') {
            substring = substring.substring(1, substring.lastIndexOf(34));
        }
        return "--" + substring;
    }
}
