package org.owasp.csrfguard.servlet;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.owasp.csrfguard.CsrfGuard;
import org.owasp.csrfguard.util.Streams;
import org.owasp.csrfguard.util.Strings;
import org.owasp.csrfguard.util.Writers;

/* loaded from: input_file:org/owasp/csrfguard/servlet/JavaScriptServlet.class */
public final class JavaScriptServlet extends HttpServlet {
    private static final long serialVersionUID = -1459584282530150483L;
    private static final String TOKEN_NAME_IDENTIFIER = "%TOKEN_NAME%";
    private static final String TOKEN_VALUE_IDENTIFIER = "%TOKEN_VALUE%";
    private static final String DOMAIN_ORIGIN_IDENTIFIER = "%DOMAIN_ORIGIN%";
    private static final String DOMAIN_STRICT_IDENTIFIER = "%DOMAIN_STRICT%";
    private static final String INJECT_INTO_XHR_IDENTIFIER = "%INJECT_XHR%";
    private static final String INJECT_INTO_FORMS_IDENTIFIER = "%INJECT_FORMS%";
    private static final String INJECT_INTO_ATTRIBUTES_IDENTIFIER = "%INJECT_ATTRIBUTES%";
    private static final String CONTEXT_PATH_IDENTIFIER = "%CONTEXT_PATH%";
    private static final String SERVLET_PATH_IDENTIFIER = "%SERVLET_PATH%";
    private static final String X_REQUESTED_WITH_IDENTIFIER = "%X_REQUESTED_WITH%";
    private static final String TOKENS_PER_PAGE_IDENTIFIER = "%TOKENS_PER_PAGE%";
    private String templateCode = null;
    private String sourceFile = null;
    private String injectIntoForms = null;
    private String injectIntoAttributes = null;
    private String domainStrict = null;
    private String cacheControl = null;
    private Pattern refererPattern = null;
    private String xRequestedWith = null;

    public void init(ServletConfig servletConfig) {
        this.sourceFile = getInitParameter(servletConfig, "source-file", "WEB-INF/Owasp.CsrfGuard.js");
        this.domainStrict = getInitParameter(servletConfig, "domain-strict", "true");
        this.cacheControl = getInitParameter(servletConfig, "cache-control", "private, maxage=28800");
        this.refererPattern = Pattern.compile(getInitParameter(servletConfig, "referer-pattern", ".*"));
        this.injectIntoForms = getInitParameter(servletConfig, "inject-into-forms", "true");
        this.injectIntoAttributes = getInitParameter(servletConfig, "inject-into-attributes", "true");
        this.xRequestedWith = getInitParameter(servletConfig, "x-requested-with", "OWASP CSRFGuard Project");
        this.templateCode = readFileContent(servletConfig.getServletContext().getRealPath(this.sourceFile));
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header = httpServletRequest.getHeader("referer");
        if (header == null || this.refererPattern.matcher(header).matches()) {
            writeJavaScript(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(404);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        CsrfGuard csrfGuard = CsrfGuard.getInstance();
        if (csrfGuard == null || !csrfGuard.isTokenPerPageEnabled()) {
            httpServletResponse.sendError(404);
        } else {
            writePageTokens(httpServletRequest, httpServletResponse);
        }
    }

    private void writePageTokens(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Map<String, String> map = (Map) httpServletRequest.getSession(true).getAttribute(CsrfGuard.PAGE_TOKENS_KEY);
        String parsePageTokens = map != null ? parsePageTokens(map) : Strings.EMPTY;
        httpServletResponse.setContentType("text/plain");
        httpServletResponse.setContentLength(parsePageTokens.length());
        OutputStream outputStream = null;
        PrintWriter printWriter = null;
        try {
            outputStream = httpServletResponse.getOutputStream();
            printWriter = new PrintWriter(outputStream);
            printWriter.write(parsePageTokens);
            printWriter.flush();
            Writers.close(printWriter);
            Streams.close(outputStream);
        } catch (Throwable th) {
            Writers.close(printWriter);
            Streams.close(outputStream);
            throw th;
        }
    }

    private void writeJavaScript(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HttpSession session = httpServletRequest.getSession(true);
        CsrfGuard csrfGuard = CsrfGuard.getInstance();
        if (csrfGuard.isRotateEnabled() || csrfGuard.isTokenPerPageEnabled()) {
            httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
            httpServletResponse.setHeader("Pragma", "no-cache");
            httpServletResponse.setHeader("Expires", "0");
        } else {
            httpServletResponse.setHeader("Cache-Control", this.cacheControl);
        }
        httpServletResponse.setContentType("text/javascript");
        String replaceAll = this.templateCode.replaceAll(TOKEN_NAME_IDENTIFIER, csrfGuard.getTokenName()).replaceAll(TOKEN_VALUE_IDENTIFIER, (String) session.getAttribute(csrfGuard.getSessionKey())).replaceAll(INJECT_INTO_FORMS_IDENTIFIER, this.injectIntoForms).replaceAll(INJECT_INTO_ATTRIBUTES_IDENTIFIER, this.injectIntoAttributes).replaceAll(INJECT_INTO_XHR_IDENTIFIER, String.valueOf(csrfGuard.isAjaxEnabled())).replaceAll(TOKENS_PER_PAGE_IDENTIFIER, String.valueOf(csrfGuard.isTokenPerPageEnabled())).replaceAll(DOMAIN_ORIGIN_IDENTIFIER, parseDomain(httpServletRequest.getRequestURL())).replaceAll(DOMAIN_STRICT_IDENTIFIER, this.domainStrict).replaceAll(CONTEXT_PATH_IDENTIFIER, httpServletRequest.getContextPath()).replaceAll(SERVLET_PATH_IDENTIFIER, httpServletRequest.getContextPath() + httpServletRequest.getServletPath()).replaceAll(X_REQUESTED_WITH_IDENTIFIER, this.xRequestedWith);
        OutputStream outputStream = null;
        PrintWriter printWriter = null;
        try {
            outputStream = httpServletResponse.getOutputStream();
            printWriter = new PrintWriter(outputStream);
            printWriter.write(replaceAll);
            printWriter.flush();
            Writers.close(printWriter);
            Streams.close(outputStream);
        } catch (Throwable th) {
            Writers.close(printWriter);
            Streams.close(outputStream);
            throw th;
        }
    }

    private String parsePageTokens(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            String next = it.next();
            String str = map.get(next);
            sb.append(next);
            sb.append(':');
            sb.append(str);
            if (it.hasNext()) {
                sb.append(',');
            }
        }
        return sb.toString();
    }

    private String getInitParameter(ServletConfig servletConfig, String str, String str2) {
        String initParameter = servletConfig.getInitParameter(str);
        if (initParameter == null) {
            initParameter = str2;
        }
        return initParameter;
    }

    private String readFileContent(String str) {
        StringBuilder sb = new StringBuilder();
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = new FileInputStream(str);
                while (true) {
                    int read = fileInputStream.read();
                    if (read <= 0) {
                        Streams.close(fileInputStream);
                        return sb.toString();
                    }
                    sb.append((char) read);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            Streams.close(fileInputStream);
            throw th;
        }
    }

    private String parseDomain(StringBuffer stringBuffer) {
        char charAt;
        String substring = stringBuffer.substring(stringBuffer.indexOf("://") + "://".length());
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < substring.length() && (charAt = substring.charAt(i)) != '/' && charAt != ':'; i++) {
            sb.append(charAt);
        }
        return sb.toString();
    }
}
