package org.webcastellum;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import java.util.regex.Matcher;
import javax.crypto.Cipher;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/webcastellum/ResponseFilterStream.class */
public final class ResponseFilterStream extends AbstractRelaxingHtmlParserStream {
    private static final boolean DEBUG = false;
    private final ByteArrayOutputStream scriptBody;
    private final ByteArrayOutputStream collectedDisplayValue;
    private final boolean stripHtmlEnabled;
    private final boolean injectSecretTokensEnabled;
    private final boolean protectParamsAndFormsEnabled;
    private final boolean encryptQueryStringsEnabled;
    private final boolean useFullPathForResourceToBeAccessedProtection;
    private final boolean additionalFullResourceRemoval;
    private final boolean additionalMediumResourceRemoval;
    private final boolean appendSessionIdToLinks;
    private final boolean applySetAfterWrite;
    private final String currentRequestUrlToCompareWith;
    private final String servletPath;
    private final String contextPath;
    private final String tokenKey;
    private final String tokenValue;
    private final String protectionTokenKeyKey;
    private final ContentInjectionHelper contentInjectionHelper;
    private final String cryptoDetectionString;
    private final RequestWrapper request;
    private final ResponseWrapper response;
    private final Cipher cipher;
    private final CryptoKeyAndSalt cryptoKey;
    private final boolean applyExtraProtectionForDisabledFormFields;
    private final boolean applyExtraProtectionForReadonlyFormFields;
    private final boolean applyExtraProtectionForRequestParamValueCount;
    private final boolean maskAmpersandsInModifiedLinks;
    private final boolean hiddenFormFieldProtection;
    private final boolean selectboxProtection;
    private final boolean checkboxProtection;
    private final boolean radiobuttonProtection;
    private final boolean selectboxValueMasking;
    private final boolean checkboxValueMasking;
    private final boolean radiobuttonValueMasking;
    private final boolean appendQuestionmarkOrAmpersandToLinks;
    private final boolean reuseSessionContent;
    private final Matcher[] matchersToExcludeLinksWithinScripts;
    private final Matcher[] matchersToExcludeLinksWithinTags;
    private final Matcher[] matchersToExcludeCompleteScript;
    private final Matcher[] matchersToExcludeCompleteTag;
    private final Matcher[] matchersToCaptureLinksWithinScripts;
    private final Matcher[] matchersToCaptureLinksWithinTags;
    private final WordDictionary[] prefiltersToExcludeLinksWithinScripts;
    private final WordDictionary[] prefiltersToExcludeLinksWithinTags;
    private final WordDictionary[] prefiltersToExcludeCompleteScript;
    private final WordDictionary[] prefiltersToExcludeCompleteTag;
    private final WordDictionary[] prefiltersToCaptureLinksWithinScripts;
    private final WordDictionary[] prefiltersToCaptureLinksWithinTags;
    private final int[][] groupNumbersToCaptureLinksWithinScripts;
    private final int[][] groupNumbersToCaptureLinksWithinTags;
    private boolean isWithinScript;
    private boolean isWithinStyle;
    private boolean isWithinForm;
    private boolean isWithinSelectBox;
    private boolean isWithinOption;
    private boolean isCollectingDisplayValueAsOptionValue;
    private ParameterAndFormProtection parameterAndFormProtectionOfCurrentForm;
    private String actionUrlOfCurrentForm;
    private String nameOfCurrentSelectBox;
    private String selectBoxMaskingPrefix;
    private String checkBoxMaskingPrefix;
    private String radioButtonMaskingPrefix;
    private boolean isCurrentFormRequestMethodPOST;
    private boolean isWithinHtmlBody;
    private boolean isWithinHtmlTable;
    private boolean isMultipartForm;
    private short honeylinkCount;
    private short tagPartCounter;
    private short tagPartCounterTarget;
    private final Random honeylinkRandom;
    private final short honeylinkMaxPerPage;
    private final String honeylinkPrefix;
    private final String honeylinkSuffix;
    private final FormFieldMaskingExcludeDefinition[] matchingFormFieldMaskingExclusions;
    private final List formFieldExclusionsOfCurrentForm;
    private Matcher matcherFormMethodPost;
    private Matcher matcherRequiredInputFormFieldExcludingHiddenFields;
    private Matcher matcherRequiredInputFormField;
    private Matcher matcherHiddenFormField;
    private Matcher matcherCheckbox;
    private Matcher matcherRadiobutton;
    private HttpSession session;

    public ResponseFilterStream(OutputStream outputStream, String str, boolean z, String str2, String str3, String str4, String str5, String str6, String str7, Cipher cipher, CryptoKeyAndSalt cryptoKeyAndSalt, ContentInjectionHelper contentInjectionHelper, String str8, RequestWrapper requestWrapper, ResponseWrapper responseWrapper, boolean z2, boolean z3, boolean z4, boolean z5, boolean z6, boolean z7, boolean z8, WordDictionary[] wordDictionaryArr, Matcher[] matcherArr, WordDictionary[] wordDictionaryArr2, Matcher[] matcherArr2, WordDictionary[] wordDictionaryArr3, Matcher[] matcherArr3, WordDictionary[] wordDictionaryArr4, Matcher[] matcherArr4, WordDictionary[] wordDictionaryArr5, Matcher[] matcherArr5, WordDictionary[] wordDictionaryArr6, Matcher[] matcherArr6, int[][] iArr, int[][] iArr2, boolean z9, boolean z10, boolean z11, boolean z12, boolean z13, boolean z14, boolean z15, boolean z16, boolean z17, boolean z18, boolean z19, boolean z20, boolean z21, boolean z22, String str9, String str10, short s, boolean z23, boolean z24) {
        super(outputStream, str, z);
        this.scriptBody = new ByteArrayOutputStream();
        this.collectedDisplayValue = new ByteArrayOutputStream();
        this.isWithinScript = false;
        this.isWithinStyle = false;
        this.isWithinForm = false;
        this.isWithinSelectBox = false;
        this.isWithinOption = false;
        this.isCollectingDisplayValueAsOptionValue = false;
        this.parameterAndFormProtectionOfCurrentForm = null;
        this.isCurrentFormRequestMethodPOST = false;
        this.isWithinHtmlBody = false;
        this.isWithinHtmlTable = false;
        this.isMultipartForm = false;
        this.tagPartCounterTarget = (short) 17;
        this.formFieldExclusionsOfCurrentForm = new ArrayList();
        if (str2 == null) {
            throw new NullPointerException("currentRequestUrlToCompareWith must not be null");
        }
        this.currentRequestUrlToCompareWith = str2;
        if (str3 == null) {
            throw new NullPointerException("contextPath must not be null");
        }
        this.contextPath = str3;
        if (str4 == null) {
            throw new NullPointerException("servletPath must not be null");
        }
        this.servletPath = str4;
        if (responseWrapper == null) {
            throw new NullPointerException("response must not be null");
        }
        this.response = responseWrapper;
        this.applySetAfterWrite = z24;
        if (matcherArr == null) {
            throw new NullPointerException("matchersToExcludeCompleteScript must not be null");
        }
        if (matcherArr2 == null) {
            throw new NullPointerException("matchersToExcludeCompleteTag must not be null");
        }
        this.prefiltersToExcludeCompleteScript = wordDictionaryArr;
        this.matchersToExcludeCompleteScript = ServerUtils.replaceEmptyMatchersWithNull(matcherArr);
        this.prefiltersToExcludeCompleteTag = wordDictionaryArr2;
        this.matchersToExcludeCompleteTag = ServerUtils.replaceEmptyMatchersWithNull(matcherArr2);
        if (matcherArr3 == null) {
            throw new NullPointerException("matchersToExcludeLinksWithinScripts must not be null");
        }
        if (matcherArr4 == null) {
            throw new NullPointerException("matchersToExcludeLinksWithinTags must not be null");
        }
        this.prefiltersToExcludeLinksWithinScripts = wordDictionaryArr3;
        this.matchersToExcludeLinksWithinScripts = ServerUtils.replaceEmptyMatchersWithNull(matcherArr3);
        this.prefiltersToExcludeLinksWithinTags = wordDictionaryArr4;
        this.matchersToExcludeLinksWithinTags = ServerUtils.replaceEmptyMatchersWithNull(matcherArr4);
        if (matcherArr5 == null) {
            throw new NullPointerException("matchersToCaptureLinksWithinScripts must not be null");
        }
        if (matcherArr6 == null) {
            throw new NullPointerException("matchersToCaptureLinksWithinTags must not be null");
        }
        this.prefiltersToCaptureLinksWithinScripts = wordDictionaryArr5;
        this.matchersToCaptureLinksWithinScripts = matcherArr5;
        this.prefiltersToCaptureLinksWithinTags = wordDictionaryArr6;
        this.matchersToCaptureLinksWithinTags = matcherArr6;
        this.groupNumbersToCaptureLinksWithinScripts = iArr;
        this.groupNumbersToCaptureLinksWithinTags = iArr2;
        if (matcherArr5.length != iArr.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and group-number array must be equal");
        }
        if (matcherArr6.length != iArr2.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and group-number array must be equal");
        }
        if (matcherArr5.length != matcherArr3.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and exclusion pattern array must be equal");
        }
        if (matcherArr6.length != matcherArr4.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and exclusion pattern array must be equal");
        }
        this.tokenKey = str5;
        this.tokenValue = str6;
        this.protectionTokenKeyKey = str7;
        this.cipher = cipher;
        this.cryptoKey = cryptoKeyAndSalt;
        if (contentInjectionHelper == null) {
            throw new NullPointerException("contentInjectionHelper must not be null");
        }
        this.contentInjectionHelper = contentInjectionHelper;
        this.cryptoDetectionString = str8;
        this.request = requestWrapper;
        this.useFullPathForResourceToBeAccessedProtection = z9;
        this.additionalFullResourceRemoval = z10;
        this.additionalMediumResourceRemoval = z11;
        this.stripHtmlEnabled = z2;
        this.injectSecretTokensEnabled = z3;
        this.protectParamsAndFormsEnabled = z4;
        this.encryptQueryStringsEnabled = z5;
        this.applyExtraProtectionForDisabledFormFields = z6;
        this.applyExtraProtectionForReadonlyFormFields = z7;
        this.applyExtraProtectionForRequestParamValueCount = z8;
        this.maskAmpersandsInModifiedLinks = z12;
        this.matchingFormFieldMaskingExclusions = contentInjectionHelper.getFormFieldMaskingExcludeDefinitions() == null ? new FormFieldMaskingExcludeDefinition[DEBUG] : contentInjectionHelper.getFormFieldMaskingExcludeDefinitions().getAllMatchingFormFieldMaskingExcludeDefinitions(str4, requestWrapper.getRequestURI());
        if (this.injectSecretTokensEnabled && (this.tokenKey == null || this.tokenValue == null)) {
            throw new NullPointerException("tokenKey and/or tokenValue must not be null when injectSecretTokensEnabled is set");
        }
        if (this.protectParamsAndFormsEnabled && (this.request == null || this.protectionTokenKeyKey == null)) {
            throw new NullPointerException("request and/or protectionTokenKeyKey must not be null when protectParamsAndFormsEnabled is set");
        }
        if (this.encryptQueryStringsEnabled && (this.cryptoDetectionString == null || this.cryptoKey == null)) {
            throw new NullPointerException("cryptoDetectionString and/or cryptoKey must not be null when encryptQueryStringsEnabled is set");
        }
        if (this.encryptQueryStringsEnabled && !this.injectSecretTokensEnabled) {
            throw new IllegalArgumentException("encryptQueryStringsEnabled also requires to set injectSecretTokensEnabled");
        }
        if (this.protectParamsAndFormsEnabled && !this.encryptQueryStringsEnabled) {
            throw new IllegalArgumentException("protectParamsAndFormsEnabled also requires to set encryptQueryStringsEnabled");
        }
        if (this.applyExtraProtectionForDisabledFormFields && !this.protectParamsAndFormsEnabled) {
            throw new IllegalArgumentException("applyExtraProtectionForDisabledFormFields also requires to set protectParamsAndFormsEnabled");
        }
        if (this.applyExtraProtectionForReadonlyFormFields && !this.protectParamsAndFormsEnabled) {
            throw new IllegalArgumentException("applyExtraProtectionForReadonlyFormFields also requires to set protectParamsAndFormsEnabled");
        }
        if (this.applyExtraProtectionForRequestParamValueCount && !this.protectParamsAndFormsEnabled) {
            throw new IllegalArgumentException("applyExtraProtectionForRequestParamValueCount also requires to set protectParamsAndFormsEnabled");
        }
        this.hiddenFormFieldProtection = z13;
        this.selectboxProtection = z14;
        this.checkboxProtection = z15;
        this.radiobuttonProtection = z16;
        this.selectboxValueMasking = z17;
        this.checkboxValueMasking = z18;
        this.radiobuttonValueMasking = z19;
        this.appendQuestionmarkOrAmpersandToLinks = z20;
        this.appendSessionIdToLinks = z21;
        this.reuseSessionContent = z22;
        this.honeylinkPrefix = str9;
        this.honeylinkSuffix = str10;
        this.honeylinkMaxPerPage = s;
        if (s <= 0) {
            this.honeylinkRandom = null;
        } else {
            this.honeylinkRandom = z23 ? null : new Random(this.servletPath.hashCode() + WebCastellumFilter.customerIdentifier);
            this.tagPartCounterTarget = HoneylinkUtils.nextTagPartCounterTarget(this.honeylinkRandom);
        }
    }

    @Override // org.webcastellum.AbstractRelaxingHtmlParserStream, org.webcastellum.RelaxingHtmlParser
    public void handleTag(String str) throws IOException {
        String extractFieldName;
        boolean find;
        boolean z;
        boolean z2 = DEBUG;
        boolean z3 = DEBUG;
        boolean z4 = DEBUG;
        boolean z5 = DEBUG;
        boolean z6 = DEBUG;
        boolean z7 = DEBUG;
        boolean z8 = DEBUG;
        boolean z9 = DEBUG;
        boolean z10 = DEBUG;
        if (str.length() >= 4) {
            z4 = str.charAt(1) == '!' && str.charAt(2) == '-' && str.charAt(3) == '-';
            if (str.length() >= 5) {
                z5 = (str.charAt(1) == 'f' || str.charAt(1) == 'F') && (str.charAt(2) == 'o' || str.charAt(2) == 'O') && ((str.charAt(3) == 'r' || str.charAt(3) == 'R') && (str.charAt(4) == 'm' || str.charAt(4) == 'M'));
                if (str.length() >= 6) {
                    z3 = (str.charAt(1) == 's' || str.charAt(1) == 'S') && (str.charAt(2) == 't' || str.charAt(2) == 'T') && ((str.charAt(3) == 'y' || str.charAt(3) == 'Y') && ((str.charAt(4) == 'l' || str.charAt(4) == 'L') && (str.charAt(5) == 'e' || str.charAt(5) == 'E')));
                    z6 = (str.charAt(1) == 'i' || str.charAt(1) == 'I') && (str.charAt(2) == 'n' || str.charAt(2) == 'N') && ((str.charAt(3) == 'p' || str.charAt(3) == 'P') && ((str.charAt(4) == 'u' || str.charAt(4) == 'U') && (str.charAt(5) == 't' || str.charAt(5) == 'T')));
                    if (str.length() >= 7) {
                        if ((str.charAt(1) == 's' || str.charAt(1) == 'S') && (str.charAt(6) == 't' || str.charAt(6) == 'T')) {
                            z2 = (str.charAt(2) == 'c' || str.charAt(2) == 'C') && (str.charAt(3) == 'r' || str.charAt(3) == 'R') && ((str.charAt(4) == 'i' || str.charAt(4) == 'I') && (str.charAt(5) == 'p' || str.charAt(5) == 'P'));
                            z9 = (str.charAt(2) == 'e' || str.charAt(2) == 'E') && (str.charAt(3) == 'l' || str.charAt(3) == 'L') && ((str.charAt(4) == 'e' || str.charAt(4) == 'E') && (str.charAt(5) == 'c' || str.charAt(5) == 'C'));
                        } else if ((str.charAt(3) == 't' || str.charAt(3) == 'T') && ((str.charAt(5) == 'o' || str.charAt(5) == 'O') && (str.charAt(6) == 'n' || str.charAt(6) == 'N'))) {
                            z7 = (str.charAt(1) == 'b' || str.charAt(1) == 'B') && (str.charAt(2) == 'u' || str.charAt(2) == 'U') && (str.charAt(4) == 't' || str.charAt(4) == 'T');
                            z10 = (str.charAt(1) == 'o' || str.charAt(1) == 'O') && (str.charAt(2) == 'p' || str.charAt(2) == 'P') && (str.charAt(4) == 'i' || str.charAt(4) == 'I');
                        }
                        if (str.length() >= 9) {
                            z8 = (str.charAt(1) == 't' || str.charAt(1) == 'T') && (str.charAt(2) == 'e' || str.charAt(2) == 'E') && ((str.charAt(3) == 'x' || str.charAt(3) == 'X') && ((str.charAt(4) == 't' || str.charAt(4) == 'T') && ((str.charAt(5) == 'a' || str.charAt(5) == 'A') && ((str.charAt(6) == 'r' || str.charAt(6) == 'R') && ((str.charAt(7) == 'e' || str.charAt(7) == 'E') && (str.charAt(8) == 'a' || str.charAt(8) == 'A'))))));
                        }
                    }
                }
            }
        }
        if (!this.stripHtmlEnabled || this.isWithinScript || this.isWithinStyle || !z4) {
            if (this.honeylinkMaxPerPage > 0) {
                if (str.length() >= 5 && ((str.charAt(1) == 'b' || str.charAt(1) == 'B') && ((str.charAt(2) == 'o' || str.charAt(2) == 'O') && ((str.charAt(3) == 'd' || str.charAt(3) == 'D') && (str.charAt(4) == 'y' || str.charAt(4) == 'Y'))))) {
                    this.isWithinHtmlBody = true;
                }
                if (str.length() >= 6 && ((str.charAt(1) == 't' || str.charAt(1) == 'T') && ((str.charAt(2) == 'a' || str.charAt(2) == 'A') && ((str.charAt(3) == 'b' || str.charAt(3) == 'B') && ((str.charAt(4) == 'l' || str.charAt(4) == 'L') && (str.charAt(5) == 'e' || str.charAt(5) == 'E')))))) {
                    this.isWithinHtmlTable = true;
                }
            }
            if (z3) {
                this.isWithinStyle = true;
            }
            if (z2) {
                if (this.isWithinScript) {
                    return;
                }
                this.isWithinScript = true;
                this.scriptBody.reset();
            }
            boolean z11 = DEBUG;
            if (z5) {
                if (this.matcherFormMethodPost == null) {
                    this.matcherFormMethodPost = PATTERN_FORM_METHOD_POST.matcher(str);
                } else {
                    this.matcherFormMethodPost.reset(str);
                }
                this.isMultipartForm = ResponseUtils.isMultipartForm(str);
                if (this.matcherFormMethodPost.find()) {
                    z11 = true;
                }
            }
            if (this.protectParamsAndFormsEnabled && this.isWithinForm && !this.isWithinScript && !this.isWithinStyle && this.parameterAndFormProtectionOfCurrentForm != null && ((z6 || z7 || z9 || z8) && (extractFieldName = ResponseUtils.extractFieldName(str)) != null && (!this.applyExtraProtectionForDisabledFormFields || !ResponseUtils.isFormFieldDisabled(str)))) {
                if (this.hiddenFormFieldProtection) {
                    if (this.matcherRequiredInputFormFieldExcludingHiddenFields == null) {
                        this.matcherRequiredInputFormFieldExcludingHiddenFields = PATTERN_REQUIRED_INPUT_FORM_FIELD_EXCLUDING_HIDDEN_FIELDS.matcher(str);
                    } else {
                        this.matcherRequiredInputFormFieldExcludingHiddenFields.reset(str);
                    }
                    find = this.matcherRequiredInputFormFieldExcludingHiddenFields.find();
                } else {
                    if (this.matcherRequiredInputFormField == null) {
                        this.matcherRequiredInputFormField = PATTERN_REQUIRED_INPUT_FORM_FIELD.matcher(str);
                    } else {
                        this.matcherRequiredInputFormField.reset(str);
                    }
                    find = this.matcherRequiredInputFormField.find();
                }
                if (this.applyExtraProtectionForDisabledFormFields) {
                    z = z8 || (z6 && find);
                } else {
                    z = DEBUG;
                }
                String decodeBrokenValueExceptUrlEncoding = ServerUtils.decodeBrokenValueExceptUrlEncoding(extractFieldName);
                if (this.hiddenFormFieldProtection) {
                    if (this.matcherHiddenFormField == null) {
                        this.matcherHiddenFormField = PATTERN_HIDDEN_FORM_FIELD.matcher(str);
                    } else {
                        this.matcherHiddenFormField.reset(str);
                    }
                    if (this.matcherHiddenFormField.find() && !isFormFieldMaskingExclusion(decodeBrokenValueExceptUrlEncoding)) {
                        String extractFieldValue = ResponseUtils.extractFieldValue(str);
                        if (!"CF".equals(decodeBrokenValueExceptUrlEncoding)) {
                            if (ResponseUtils.isFormFieldDisabled(str)) {
                                return;
                            }
                            this.parameterAndFormProtectionOfCurrentForm.addHiddenFieldRemovedValue(decodeBrokenValueExceptUrlEncoding, ServerUtils.decodeBrokenValueExceptUrlEncoding(extractFieldValue));
                            return;
                        }
                    }
                }
                if (this.selectboxProtection && !this.isWithinSelectBox && z9 && !isFormFieldMaskingExclusion(decodeBrokenValueExceptUrlEncoding)) {
                    this.isWithinSelectBox = true;
                    this.nameOfCurrentSelectBox = decodeBrokenValueExceptUrlEncoding;
                }
                if (z6) {
                    if (this.checkboxProtection) {
                        if (this.matcherCheckbox == null) {
                            this.matcherCheckbox = PATTERN_CHECKBOX.matcher(str);
                        } else {
                            this.matcherCheckbox.reset(str);
                        }
                        if (this.matcherCheckbox.find() && !isFormFieldMaskingExclusion(decodeBrokenValueExceptUrlEncoding)) {
                            String extractFieldValue2 = ResponseUtils.extractFieldValue(str);
                            if (this.checkboxValueMasking) {
                                if (this.checkBoxMaskingPrefix == null) {
                                    this.checkBoxMaskingPrefix = RequestUtils.createOrRetrieveRandomTokenFromSession(getSession(), "WC_SCMP-", 5, 7);
                                }
                                str = ResponseUtils.setFieldValue(str, new StringBuffer().append(this.checkBoxMaskingPrefix).append(this.parameterAndFormProtectionOfCurrentForm.getIndexOfNextCheckboxFieldAllowedValue(decodeBrokenValueExceptUrlEncoding)).toString());
                            }
                            String decodeBrokenValueExceptUrlEncoding2 = ServerUtils.decodeBrokenValueExceptUrlEncoding(extractFieldValue2);
                            if (decodeBrokenValueExceptUrlEncoding2 == null) {
                                decodeBrokenValueExceptUrlEncoding2 = "";
                            }
                            this.parameterAndFormProtectionOfCurrentForm.addCheckboxFieldAllowedValue(decodeBrokenValueExceptUrlEncoding, decodeBrokenValueExceptUrlEncoding2);
                        }
                    }
                    if (this.radiobuttonProtection) {
                        if (this.matcherRadiobutton == null) {
                            this.matcherRadiobutton = PATTERN_RADIOBUTTON.matcher(str);
                        } else {
                            this.matcherRadiobutton.reset(str);
                        }
                        if (this.matcherRadiobutton.find() && !isFormFieldMaskingExclusion(decodeBrokenValueExceptUrlEncoding)) {
                            String extractFieldValue3 = ResponseUtils.extractFieldValue(str);
                            if (this.radiobuttonValueMasking) {
                                if (this.radioButtonMaskingPrefix == null) {
                                    this.radioButtonMaskingPrefix = RequestUtils.createOrRetrieveRandomTokenFromSession(getSession(), "WC_SRMP-", 5, 7);
                                }
                                str = ResponseUtils.setFieldValue(str, new StringBuffer().append(this.radioButtonMaskingPrefix).append(this.parameterAndFormProtectionOfCurrentForm.getIndexOfNextRadiobuttonFieldAllowedValue(decodeBrokenValueExceptUrlEncoding)).toString());
                            }
                            String decodeBrokenValueExceptUrlEncoding3 = ServerUtils.decodeBrokenValueExceptUrlEncoding(extractFieldValue3);
                            if (decodeBrokenValueExceptUrlEncoding3 == null) {
                                decodeBrokenValueExceptUrlEncoding3 = "";
                            }
                            this.parameterAndFormProtectionOfCurrentForm.addRadiobuttonFieldAllowedValue(decodeBrokenValueExceptUrlEncoding, decodeBrokenValueExceptUrlEncoding3);
                        }
                    }
                }
                this.parameterAndFormProtectionOfCurrentForm.addParameterName(decodeBrokenValueExceptUrlEncoding, z);
                if (this.applyExtraProtectionForReadonlyFormFields) {
                    if (ResponseUtils.isFormFieldReadonly(str)) {
                        this.parameterAndFormProtectionOfCurrentForm.addReadonlyFieldExpectedValue(decodeBrokenValueExceptUrlEncoding, ServerUtils.decodeBrokenValueExceptUrlEncoding(ResponseUtils.extractFormFieldValue(str)));
                    } else {
                        this.parameterAndFormProtectionOfCurrentForm.addReadwriteFieldName(decodeBrokenValueExceptUrlEncoding);
                    }
                }
                if (this.applyExtraProtectionForRequestParamValueCount) {
                    if (z8) {
                        this.parameterAndFormProtectionOfCurrentForm.incrementMinimumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                        this.parameterAndFormProtectionOfCurrentForm.incrementMaximumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                    } else if (z6) {
                        if (!find) {
                            System.err.println("not implemented");
                            throw new UnsupportedOperationException("not implemented");
                        }
                        this.parameterAndFormProtectionOfCurrentForm.incrementMinimumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                        this.parameterAndFormProtectionOfCurrentForm.incrementMaximumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                    } else if (z9) {
                        this.parameterAndFormProtectionOfCurrentForm.incrementMinimumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                        if (ResponseUtils.isFormFieldMultiple(str)) {
                            System.err.println("not implemented");
                            throw new UnsupportedOperationException("not implemented");
                        }
                        this.parameterAndFormProtectionOfCurrentForm.incrementMaximumValueCountForParameterName(decodeBrokenValueExceptUrlEncoding, 1);
                    }
                }
            }
            if (this.selectboxProtection) {
                if (this.isWithinOption) {
                    finishOptionDisplayValueCollecting();
                }
                if (this.protectParamsAndFormsEnabled && this.isWithinForm && this.parameterAndFormProtectionOfCurrentForm != null && this.isWithinSelectBox && !this.isWithinOption && z10) {
                    boolean endsWith = str.endsWith("/>");
                    this.isWithinOption = !endsWith;
                    String extractFieldValue4 = ResponseUtils.extractFieldValue(str);
                    if (this.selectboxValueMasking) {
                        if (this.selectBoxMaskingPrefix == null) {
                            this.selectBoxMaskingPrefix = RequestUtils.createOrRetrieveRandomTokenFromSession(getSession(), "WC_SSMP-", 5, 7);
                        }
                        str = ResponseUtils.setFieldValue(str, new StringBuffer().append(this.selectBoxMaskingPrefix).append(this.parameterAndFormProtectionOfCurrentForm.getIndexOfNextSelectboxFieldAllowedValue(this.nameOfCurrentSelectBox)).toString());
                    }
                    if (extractFieldValue4 == null && endsWith) {
                        extractFieldValue4 = "";
                    }
                    if (extractFieldValue4 == null) {
                        this.isCollectingDisplayValueAsOptionValue = true;
                    } else {
                        this.parameterAndFormProtectionOfCurrentForm.addSelectboxFieldAllowedValue(this.nameOfCurrentSelectBox, ServerUtils.decodeBrokenValueExceptUrlEncoding(extractFieldValue4));
                    }
                }
            }
            if (!this.isWithinScript && !this.isWithinStyle) {
                if (!z5) {
                    str = applyLinkModifications(applyLinkModifications(str, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.groupNumbersToCaptureLinksWithinScripts), this.prefiltersToCaptureLinksWithinTags, this.matchersToCaptureLinksWithinTags, this.prefiltersToExcludeCompleteTag, this.matchersToExcludeCompleteTag, this.prefiltersToExcludeLinksWithinTags, this.matchersToExcludeLinksWithinTags, this.groupNumbersToCaptureLinksWithinTags);
                } else {
                    if (this.isWithinForm) {
                        return;
                    }
                    String extractActionUrlOfCurrentForm = ResponseUtils.extractActionUrlOfCurrentForm(str, z11);
                    if (ServerUtils.isInternalHostURL(this.currentRequestUrlToCompareWith, ServerUtils.decodeBrokenValueHtmlOnly(extractActionUrlOfCurrentForm, false))) {
                        this.isWithinForm = true;
                        prefilterMatchingFormMaskingExclusions(ServerUtils.decodeBrokenValueExceptUrlEncoding(ResponseUtils.extractFieldName(str)));
                        if ((this.injectSecretTokensEnabled && !z11) || this.encryptQueryStringsEnabled || this.protectParamsAndFormsEnabled) {
                            this.actionUrlOfCurrentForm = extractActionUrlOfCurrentForm;
                            if ((this.additionalFullResourceRemoval || this.additionalMediumResourceRemoval) && (this.actionUrlOfCurrentForm == null || this.actionUrlOfCurrentForm.length() == 0)) {
                                if (this.additionalMediumResourceRemoval) {
                                    String extractFileFromURL = ServerUtils.extractFileFromURL(this.currentRequestUrlToCompareWith);
                                    this.actionUrlOfCurrentForm = extractFileFromURL != null ? extractFileFromURL : this.currentRequestUrlToCompareWith;
                                } else if (this.additionalFullResourceRemoval) {
                                    this.actionUrlOfCurrentForm = this.currentRequestUrlToCompareWith;
                                }
                                if (this.actionUrlOfCurrentForm != null) {
                                    this.actionUrlOfCurrentForm = this.response.encodeURL(this.actionUrlOfCurrentForm);
                                }
                                str = ResponseUtils.setFieldAction(str, this.actionUrlOfCurrentForm);
                            }
                            String removeQueryStringFromActionUrlOfCurrentForm = ResponseUtils.removeQueryStringFromActionUrlOfCurrentForm(str, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.contextPath, this.response, this.appendQuestionmarkOrAmpersandToLinks, this.appendSessionIdToLinks);
                            this.parameterAndFormProtectionOfCurrentForm = new ParameterAndFormProtection(this.hiddenFormFieldProtection);
                            this.isCurrentFormRequestMethodPOST = z11;
                            str = applyLinkModifications(removeQueryStringFromActionUrlOfCurrentForm, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.groupNumbersToCaptureLinksWithinScripts);
                        } else {
                            str = applyLinkModifications(applyLinkModifications(str, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.groupNumbersToCaptureLinksWithinScripts), this.prefiltersToCaptureLinksWithinTags, this.matchersToCaptureLinksWithinTags, this.prefiltersToExcludeCompleteTag, this.matchersToExcludeCompleteTag, this.prefiltersToExcludeLinksWithinTags, this.matchersToExcludeLinksWithinTags, this.groupNumbersToCaptureLinksWithinTags);
                        }
                    }
                }
                if (this.honeylinkMaxPerPage > 0 && this.isWithinHtmlBody && this.honeylinkCount < this.honeylinkMaxPerPage) {
                    short s = (short) (this.tagPartCounter + 1);
                    this.tagPartCounter = s;
                    if (s % this.tagPartCounterTarget == 0) {
                        str = new StringBuffer().append(str).append(HoneylinkUtils.generateHoneylink(this.honeylinkRandom, this.honeylinkPrefix, this.honeylinkSuffix, this.isWithinHtmlTable)).toString();
                        this.honeylinkCount = (short) (this.honeylinkCount + 1);
                        this.tagPartCounter = (short) 0;
                        this.tagPartCounterTarget = HoneylinkUtils.nextTagPartCounterTarget(this.honeylinkRandom);
                    }
                }
            }
            if (!this.isWithinScript || z2) {
                writeToUnderlyingSink(str);
            } else {
                this.scriptBody.write(str.getBytes(this.encoding));
            }
        }
    }

    @Override // org.webcastellum.AbstractRelaxingHtmlParserStream, org.webcastellum.RelaxingHtmlParser
    public void handleTagClose(String str) throws IOException {
        if (this.honeylinkMaxPerPage > 0) {
            if (this.isWithinHtmlBody && str.length() >= 6 && ((str.charAt(2) == 'b' || str.charAt(2) == 'B') && ((str.charAt(3) == 'o' || str.charAt(3) == 'O') && ((str.charAt(4) == 'd' || str.charAt(4) == 'D') && (str.charAt(5) == 'y' || str.charAt(5) == 'Y'))))) {
                this.isWithinHtmlBody = false;
            }
            if (this.isWithinHtmlTable && str.length() >= 7 && ((str.charAt(2) == 't' || str.charAt(2) == 'T') && ((str.charAt(3) == 'a' || str.charAt(3) == 'A') && ((str.charAt(4) == 'b' || str.charAt(4) == 'B') && ((str.charAt(5) == 'l' || str.charAt(5) == 'L') && (str.charAt(6) == 'e' || str.charAt(6) == 'E')))))) {
                this.isWithinHtmlTable = false;
            }
        }
        if (this.isWithinStyle && str.length() >= 7 && ((str.charAt(2) == 's' || str.charAt(2) == 'S') && ((str.charAt(3) == 't' || str.charAt(3) == 'T') && ((str.charAt(4) == 'y' || str.charAt(4) == 'Y') && ((str.charAt(5) == 'l' || str.charAt(5) == 'L') && (str.charAt(6) == 'e' || str.charAt(6) == 'E')))))) {
            this.isWithinStyle = false;
        }
        boolean z = this.isWithinScript && str.length() >= 8 && (str.charAt(2) == 's' || str.charAt(2) == 'S') && ((str.charAt(3) == 'c' || str.charAt(3) == 'C') && ((str.charAt(4) == 'r' || str.charAt(4) == 'R') && ((str.charAt(5) == 'i' || str.charAt(5) == 'I') && ((str.charAt(6) == 'p' || str.charAt(6) == 'P') && (str.charAt(7) == 't' || str.charAt(7) == 'T')))));
        boolean z2 = this.isWithinForm && str.length() >= 6 && (str.charAt(2) == 'f' || str.charAt(2) == 'F') && ((str.charAt(3) == 'o' || str.charAt(3) == 'O') && ((str.charAt(4) == 'r' || str.charAt(4) == 'R') && (str.charAt(5) == 'm' || str.charAt(5) == 'M')));
        boolean z3 = this.selectboxProtection && this.isWithinSelectBox && str.length() >= 8 && (str.charAt(2) == 's' || str.charAt(2) == 'S') && ((str.charAt(3) == 'e' || str.charAt(3) == 'E') && ((str.charAt(4) == 'l' || str.charAt(4) == 'L') && ((str.charAt(5) == 'e' || str.charAt(5) == 'E') && ((str.charAt(6) == 'c' || str.charAt(6) == 'C') && (str.charAt(7) == 't' || str.charAt(7) == 'T')))));
        if (z) {
            this.isWithinScript = false;
            writeScriptBodyWithLinksAdjusted();
            this.scriptBody.reset();
        } else if (z2) {
            if (this.actionUrlOfCurrentForm != null) {
                if ((!this.encryptQueryStringsEnabled || !ResponseUtils.isAlreadyEncrypted(this.cryptoDetectionString, this.actionUrlOfCurrentForm)) && this.injectSecretTokensEnabled) {
                    String decodeBrokenValueHtmlOnly = ServerUtils.decodeBrokenValueHtmlOnly(this.actionUrlOfCurrentForm, false);
                    if (!ServerUtils.startsWithJavaScriptOrMailto(decodeBrokenValueHtmlOnly)) {
                        this.actionUrlOfCurrentForm = decodeBrokenValueHtmlOnly;
                        this.actionUrlOfCurrentForm = ResponseUtils.injectParameterIntoURL(this.actionUrlOfCurrentForm, this.tokenKey, this.tokenValue, this.maskAmpersandsInModifiedLinks, this.appendQuestionmarkOrAmpersandToLinks, true);
                        if (this.protectParamsAndFormsEnabled && this.parameterAndFormProtectionOfCurrentForm != null) {
                            this.actionUrlOfCurrentForm = ResponseUtils.injectParameterIntoURL(this.actionUrlOfCurrentForm, this.protectionTokenKeyKey, ResponseUtils.getKeyForParameterAndFormProtection(this.actionUrlOfCurrentForm, this.parameterAndFormProtectionOfCurrentForm, getSession(), this.reuseSessionContent, this.applySetAfterWrite), this.maskAmpersandsInModifiedLinks, this.appendQuestionmarkOrAmpersandToLinks, true);
                        }
                        this.actionUrlOfCurrentForm = ServerUtils.encodeHtmlSafe(this.actionUrlOfCurrentForm);
                        if (this.encryptQueryStringsEnabled) {
                            this.actionUrlOfCurrentForm = ResponseUtils.encryptQueryStringInURL(this.currentRequestUrlToCompareWith, this.contextPath, this.servletPath, this.actionUrlOfCurrentForm, true, this.isMultipartForm, Boolean.valueOf(this.isCurrentFormRequestMethodPOST), this.contentInjectionHelper.isSupposedToBeStaticResource(ResponseUtils.extractURI(this.actionUrlOfCurrentForm)), this.cryptoDetectionString, this.cipher, this.cryptoKey, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.response, this.appendQuestionmarkOrAmpersandToLinks);
                        }
                        if (this.appendSessionIdToLinks && this.actionUrlOfCurrentForm != null) {
                            this.actionUrlOfCurrentForm = this.response.encodeURL(this.actionUrlOfCurrentForm);
                        }
                    }
                }
                String extractQueryStringOfActionUrl = ResponseUtils.extractQueryStringOfActionUrl(this.actionUrlOfCurrentForm);
                if (extractQueryStringOfActionUrl != null) {
                    int indexOf = extractQueryStringOfActionUrl.indexOf(61);
                    String substring = extractQueryStringOfActionUrl.substring(DEBUG, indexOf > -1 ? indexOf : extractQueryStringOfActionUrl.length());
                    if (this.appendQuestionmarkOrAmpersandToLinks && substring.endsWith("&")) {
                        substring = substring.substring(DEBUG, substring.length() - 1);
                    }
                    String substring2 = extractQueryStringOfActionUrl.substring((indexOf <= -1 || indexOf >= extractQueryStringOfActionUrl.length() - 1) ? extractQueryStringOfActionUrl.length() : indexOf + 1);
                    if (this.encryptQueryStringsEnabled && "0".equals(substring2)) {
                        substring2 = "1";
                    }
                    writeToUnderlyingSink(new StringBuffer().append(" <input type=\"hidden\" name=\"").append(substring).append("\" value=\"").append(substring2).append("\" /> ").toString());
                }
            }
            this.isWithinForm = false;
            this.formFieldExclusionsOfCurrentForm.clear();
            this.parameterAndFormProtectionOfCurrentForm = null;
            this.actionUrlOfCurrentForm = null;
        }
        if (this.selectboxProtection) {
            if (this.isWithinOption) {
                finishOptionDisplayValueCollecting();
            }
            if (z3) {
                this.isWithinSelectBox = false;
                this.nameOfCurrentSelectBox = null;
            }
        }
        if (this.isWithinScript) {
            this.scriptBody.write(str.getBytes(this.encoding));
        } else {
            writeToUnderlyingSink(str);
        }
    }

    @Override // org.webcastellum.AbstractRelaxingHtmlParserStream, org.webcastellum.RelaxingHtmlParser
    public void handlePseudoTagRestart(char[] cArr) throws IOException {
        if (this.isWithinScript) {
            this.scriptBody.write(new String(cArr).getBytes(this.encoding));
        } else {
            writeToUnderlyingSink(cArr, DEBUG, cArr.length);
        }
    }

    @Override // org.webcastellum.AbstractRelaxingHtmlParserStream, org.webcastellum.RelaxingHtmlParser
    public void handleText(int i) throws IOException {
        if (this.isWithinScript) {
            this.scriptBody.write(i);
            return;
        }
        if (this.selectboxProtection && this.isCollectingDisplayValueAsOptionValue) {
            this.collectedDisplayValue.write(i);
        }
        super.handleText(i);
    }

    @Override // org.webcastellum.AbstractRelaxingHtmlParserStream, org.webcastellum.RelaxingHtmlParser
    public void handleText(String str) throws IOException {
        if (this.isWithinScript) {
            this.scriptBody.write(str.getBytes(this.encoding));
            return;
        }
        if (this.selectboxProtection && this.isCollectingDisplayValueAsOptionValue) {
            this.collectedDisplayValue.write(str.getBytes(this.encoding));
        }
        super.handleText(str);
    }

    private void finishOptionDisplayValueCollecting() throws UnsupportedEncodingException {
        this.isWithinOption = false;
        if (!this.isCollectingDisplayValueAsOptionValue || this.parameterAndFormProtectionOfCurrentForm == null) {
            return;
        }
        this.parameterAndFormProtectionOfCurrentForm.addSelectboxFieldAllowedValue(this.nameOfCurrentSelectBox, ServerUtils.decodeBrokenValueExceptUrlEncoding(this.collectedDisplayValue.toString(this.encoding)));
        this.isCollectingDisplayValueAsOptionValue = false;
        this.collectedDisplayValue.reset();
    }

    private void prefilterMatchingFormMaskingExclusions(String str) {
        if (str == null) {
            str = "";
        }
        for (int i = DEBUG; i < this.matchingFormFieldMaskingExclusions.length; i++) {
            FormFieldMaskingExcludeDefinition formFieldMaskingExcludeDefinition = this.matchingFormFieldMaskingExclusions[i];
            if ((formFieldMaskingExcludeDefinition.getFormNamePrefilter() == null || WordMatchingUtils.matchesWord(formFieldMaskingExcludeDefinition.getFormNamePrefilter(), str, 60)) && formFieldMaskingExcludeDefinition.getFormNamePattern().matcher(str).find()) {
                this.formFieldExclusionsOfCurrentForm.add(formFieldMaskingExcludeDefinition);
            }
        }
    }

    private boolean isFormFieldMaskingExclusion(String str) {
        if (str == null) {
            str = "";
        }
        for (FormFieldMaskingExcludeDefinition formFieldMaskingExcludeDefinition : this.formFieldExclusionsOfCurrentForm) {
            if (formFieldMaskingExcludeDefinition.getFieldNamePrefilter() == null || WordMatchingUtils.matchesWord(formFieldMaskingExcludeDefinition.getFieldNamePrefilter(), str, 60)) {
                if (formFieldMaskingExcludeDefinition.getFieldNamePattern().matcher(str).find()) {
                    return true;
                }
            }
        }
        return false;
    }

    private void writeScriptBodyWithLinksAdjusted() throws IOException {
        if (this.scriptBody == null || this.scriptBody.size() <= 0) {
            return;
        }
        String byteArrayOutputStream = this.scriptBody.toString(this.encoding);
        this.scriptBody.reset();
        writeToUnderlyingSink(applyLinkModifications(byteArrayOutputStream, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.groupNumbersToCaptureLinksWithinScripts));
    }

    private String applyLinkModifications(String str, WordDictionary[] wordDictionaryArr, Matcher[] matcherArr, WordDictionary[] wordDictionaryArr2, Matcher[] matcherArr2, WordDictionary[] wordDictionaryArr3, Matcher[] matcherArr3, int[][] iArr) {
        if (str == null) {
            return null;
        }
        for (int i = DEBUG; i < matcherArr.length; i++) {
            str = replaceAllLocations(str, wordDictionaryArr[i], matcherArr[i], wordDictionaryArr2[i], matcherArr2[i], wordDictionaryArr3[i], matcherArr3[i], iArr[i]);
        }
        return str;
    }

    private String replaceAllLocations(String str, WordDictionary wordDictionary, Matcher matcher, WordDictionary wordDictionary2, Matcher matcher2, WordDictionary wordDictionary3, Matcher matcher3, int[] iArr) {
        int i;
        String group;
        if (matcher == null) {
            return str;
        }
        if (wordDictionary != null && !WordMatchingUtils.matchesWord(wordDictionary, str, 60)) {
            return str;
        }
        if (matcher2 != null && WordMatchingUtils.matchesWord(wordDictionary2, str, 60) && matcher2.reset(str).find()) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str.length() + 100);
        matcher.reset(str);
        int i2 = DEBUG;
        while (matcher.find()) {
            String group2 = matcher.group();
            if (matcher3 == null || !WordMatchingUtils.matchesWord(wordDictionary3, group2, 60) || !matcher3.reset(group2).find()) {
                int i3 = DEBUG;
                while (true) {
                    int i4 = i3;
                    i3++;
                    i = iArr[i4];
                    group = matcher.group(i);
                    if (group == null) {
                        if (i <= 0 || group != null) {
                            break;
                        }
                    } else {
                        group = group.trim();
                        break;
                    }
                }
                int start = matcher.start(i);
                if (ServerUtils.isInternalHostURL(this.currentRequestUrlToCompareWith, ServerUtils.decodeBrokenValueHtmlOnly(group, false))) {
                    String extractURI = ResponseUtils.extractURI(group);
                    if (!this.contentInjectionHelper.isMatchingIncomingLinkModificationExclusion(extractURI)) {
                        int end = matcher.end(i);
                        sb.append(str.substring(i2, start));
                        if ((!this.encryptQueryStringsEnabled || !ResponseUtils.isAlreadyEncrypted(this.cryptoDetectionString, group)) && this.injectSecretTokensEnabled) {
                            String decodeBrokenValueHtmlOnly = ServerUtils.decodeBrokenValueHtmlOnly(group, false);
                            if (!ServerUtils.startsWithJavaScriptOrMailto(decodeBrokenValueHtmlOnly)) {
                                String injectParameterIntoURL = ResponseUtils.injectParameterIntoURL(decodeBrokenValueHtmlOnly, this.tokenKey, this.tokenValue, this.maskAmpersandsInModifiedLinks, this.appendQuestionmarkOrAmpersandToLinks, true);
                                if (this.protectParamsAndFormsEnabled && !this.contentInjectionHelper.isExtraStrictParameterCheckingForEncryptedLinks()) {
                                    injectParameterIntoURL = ResponseUtils.injectParameterIntoURL(injectParameterIntoURL, this.protectionTokenKeyKey, ResponseUtils.getKeyForParameterProtectionOnly(injectParameterIntoURL, getSession(), this.hiddenFormFieldProtection, this.reuseSessionContent, this.applySetAfterWrite), this.maskAmpersandsInModifiedLinks, this.appendQuestionmarkOrAmpersandToLinks, true);
                                }
                                group = ServerUtils.encodeHtmlSafe(injectParameterIntoURL);
                                if (this.encryptQueryStringsEnabled) {
                                    group = ResponseUtils.encryptQueryStringInURL(this.currentRequestUrlToCompareWith, this.contextPath, this.servletPath, group, false, false, null, this.contentInjectionHelper.isSupposedToBeStaticResource(extractURI), this.cryptoDetectionString, this.cipher, this.cryptoKey, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.response, this.appendQuestionmarkOrAmpersandToLinks);
                                }
                                if (this.appendSessionIdToLinks && group != null) {
                                    group = this.response.encodeURL(group);
                                }
                            }
                        }
                        sb.append(group);
                        i2 = end;
                    }
                }
            }
        }
        sb.append(str.substring(i2));
        return sb.toString();
    }

    private HttpSession getSession() {
        if (this.session == null) {
            this.session = this.request.getSession(false);
            if (this.session == null) {
                System.err.println("Strange situation: session is null where it should not be null");
            }
        }
        return this.session;
    }
}
