package org.owasp.csrfguard.http;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.owasp.csrfguard.CsrfGuard;

/* loaded from: input_file:org/owasp/csrfguard/http/InterceptRedirectResponse.class */
public class InterceptRedirectResponse extends HttpServletResponseWrapper {
    private HttpServletResponse response;
    private CsrfGuard csrfGuard;
    private HttpServletRequest request;

    public InterceptRedirectResponse(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, CsrfGuard csrfGuard) {
        super(httpServletResponse);
        this.response = null;
        this.response = httpServletResponse;
        this.request = httpServletRequest;
        this.csrfGuard = csrfGuard;
    }

    public void sendRedirect(String str) throws IOException {
        String replaceAll = str.replaceAll("(\\r|\\n|%0D|%0A|%0a|%0d)", "");
        if (replaceAll.contains("://") || !this.csrfGuard.isProtectedPageAndMethod(replaceAll, "GET")) {
            this.response.sendRedirect(replaceAll);
            return;
        }
        this.csrfGuard.updateTokens(this.request);
        StringBuilder sb = new StringBuilder();
        if (replaceAll.startsWith("/")) {
            sb.append(replaceAll);
        } else {
            sb.append(this.request.getContextPath() + "/" + replaceAll);
        }
        if (replaceAll.contains("?")) {
            sb.append('&');
        } else {
            sb.append('?');
        }
        String str2 = replaceAll.split("\\?", 2)[0];
        sb.append(this.csrfGuard.getTokenName());
        sb.append('=');
        sb.append(this.csrfGuard.getTokenValue(this.request, str2));
        this.response.sendRedirect(sb.toString());
    }
}
