package org.webcastellum;

import java.io.IOException;
import java.io.PrintWriter;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.Set;
import java.util.TimeZone;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;

/* loaded from: input_file:org/webcastellum/ResponseWrapper.class */
public final class ResponseWrapper extends HttpServletResponseWrapper {
    private static final boolean DEBUG = false;
    private static final Pattern PATTERN_CRLF = Pattern.compile("\r\n");
    private Matcher matcherCRLF;
    private static final String HEADER_LAST_MODIFIED = "Last-Modified";
    private static final int FUTURE_LAST_MODIFIED_TOLERANCE = 250;
    private static final String CONTENT_DISPOSITION = "Content-Disposition";
    private static final String APPLICATION_PDF = "application/pdf";
    private static final String APPLICATION_BINARY = "application/octet-stream";
    private final SimpleDateFormat[] HTTP_DATE_FORMATS;
    private final TimeZone GMT_TIMEZONE;
    private final RequestWrapper request;
    private final boolean blockResponseHeadersWithCRLF;
    private final boolean blockFutureLastModifiedHeaders;
    private final boolean blockInvalidLastModifiedHeaders;
    private final boolean blockNonLocalRedirects;
    private final boolean useFullPathForResourceToBeAccessedProtection;
    private final boolean additionalFullResourceRemoval;
    private final boolean additionalMediumResourceRemoval;
    private final boolean maskAmpersandsInModifiedLinks;
    private final boolean hiddenFormFieldProtection;
    private final boolean selectboxProtection;
    private final boolean checkboxProtection;
    private final boolean radiobuttonProtection;
    private final boolean selectboxValueMasking;
    private final boolean checkboxValueMasking;
    private final boolean radiobuttonValueMasking;
    private final boolean reuseSessionContent;
    private final boolean applySetAfterWrite;
    private final String honeylinkPrefix;
    private final String honeylinkSuffix;
    private final short honeylinkMaxPerPage;
    private final boolean randomizeHoneylinksOnEveryRequest;
    private final AttackHandler attackHandler;
    private final ContentInjectionHelper contentInjectionHelper;
    private final String requestedURL;
    private final String servletPath;
    private final String contextPath;
    private final String ip;
    private final Set responseModificationContentTypes;
    private final boolean isCurrentRequestOfRelevantResourceType;
    private final boolean isOptimizationHint;
    private final boolean appendQuestionmarkOrAmpersandToLinks;
    private final boolean appendSessionIdToLinks;
    private final Matcher[] matchersToExcludeLinksWithinScripts;
    private final Matcher[] matchersToExcludeLinksWithinTags;
    private final Matcher[] matchersToExcludeCompleteScript;
    private final Matcher[] matchersToExcludeCompleteTag;
    private final Matcher[] matchersToCaptureLinksWithinScripts;
    private final Matcher[] matchersToCaptureLinksWithinTags;
    private final WordDictionary[] prefiltersToExcludeLinksWithinScripts;
    private final WordDictionary[] prefiltersToExcludeLinksWithinTags;
    private final WordDictionary[] prefiltersToExcludeCompleteScript;
    private final WordDictionary[] prefiltersToExcludeCompleteTag;
    private final WordDictionary[] prefiltersToCaptureLinksWithinScripts;
    private final WordDictionary[] prefiltersToCaptureLinksWithinTags;
    private final int[][] groupNumbersToCaptureLinksWithinScripts;
    private final int[][] groupNumbersToCaptureLinksWithinTags;
    private String tokenKey;
    private String tokenValue;
    private String parameterAndFormProtectionKeyKey;
    private boolean secretTokensApplied;
    private boolean parameterAndFormTokensApplied;
    private String cryptoDetectionString;
    private final Cipher cipher;
    private CryptoKeyAndSalt cryptoKey;
    private boolean cryptoApplied;
    private boolean pdfXssProtection;
    private int statusCode;
    private String contentType;
    private String contentDisposition;
    private ServletOutputStream cachedServletOutputStream;
    private PrintWriter cachedPrintWriter;
    private boolean isRedirectingDueToRecentAttack;

    public ResponseWrapper(HttpServletResponse httpServletResponse, RequestWrapper requestWrapper, AttackHandler attackHandler, ContentInjectionHelper contentInjectionHelper, boolean z, String str, Cipher cipher, CryptoKeyAndSalt cryptoKeyAndSalt, String str2, String str3, String str4, boolean z2, boolean z3, boolean z4, boolean z5, String str5, Set set, WordDictionary[] wordDictionaryArr, Matcher[] matcherArr, WordDictionary[] wordDictionaryArr2, Matcher[] matcherArr2, WordDictionary[] wordDictionaryArr3, Matcher[] matcherArr3, WordDictionary[] wordDictionaryArr4, Matcher[] matcherArr4, WordDictionary[] wordDictionaryArr5, Matcher[] matcherArr5, WordDictionary[] wordDictionaryArr6, Matcher[] matcherArr6, int[][] iArr, int[][] iArr2, boolean z6, boolean z7, boolean z8, boolean z9, boolean z10, boolean z11, boolean z12, boolean z13, boolean z14, boolean z15, boolean z16, boolean z17, boolean z18, boolean z19, String str6, String str7, short s, boolean z20, boolean z21, boolean z22) {
        super(httpServletResponse);
        this.HTTP_DATE_FORMATS = new SimpleDateFormat[]{new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss zzz", Locale.US), new SimpleDateFormat("EEEEEE, dd-MMM-yy HH:mm:ss zzz", Locale.US), new SimpleDateFormat("EEE MMMM d HH:mm:ss yyyy", Locale.US)};
        this.GMT_TIMEZONE = TimeZone.getTimeZone("GMT");
        this.HTTP_DATE_FORMATS[DEBUG].setTimeZone(this.GMT_TIMEZONE);
        this.HTTP_DATE_FORMATS[1].setTimeZone(this.GMT_TIMEZONE);
        this.HTTP_DATE_FORMATS[2].setTimeZone(this.GMT_TIMEZONE);
        this.secretTokensApplied = false;
        this.parameterAndFormTokensApplied = false;
        this.cryptoApplied = false;
        this.pdfXssProtection = false;
        this.isRedirectingDueToRecentAttack = false;
        if (requestWrapper == null) {
            throw new NullPointerException("request must not be null");
        }
        if (attackHandler == null) {
            throw new NullPointerException("attackHandler must not be null");
        }
        if (contentInjectionHelper == null) {
            throw new NullPointerException("contentInjectionHelper must not be null");
        }
        if (str5 == null) {
            throw new NullPointerException("ip must not be null");
        }
        this.request = requestWrapper;
        this.attackHandler = attackHandler;
        this.contentInjectionHelper = contentInjectionHelper;
        this.cryptoDetectionString = str;
        this.cipher = cipher;
        this.cryptoKey = cryptoKeyAndSalt;
        this.tokenKey = str2;
        this.tokenValue = str3;
        this.useFullPathForResourceToBeAccessedProtection = z6;
        this.additionalFullResourceRemoval = z7;
        this.additionalMediumResourceRemoval = z8;
        if (matcherArr == null) {
            throw new NullPointerException("matchersToExcludeCompleteScript must not be null");
        }
        if (matcherArr2 == null) {
            throw new NullPointerException("matchersToExcludeCompleteTag must not be null");
        }
        this.prefiltersToExcludeCompleteScript = wordDictionaryArr;
        this.matchersToExcludeCompleteScript = matcherArr;
        this.prefiltersToExcludeCompleteTag = wordDictionaryArr2;
        this.matchersToExcludeCompleteTag = matcherArr2;
        if (matcherArr3 == null) {
            throw new NullPointerException("matchersToExcludeLinksWithinScripts must not be null");
        }
        if (matcherArr4 == null) {
            throw new NullPointerException("matchersToExcludeLinksWithinTags must not be null");
        }
        this.prefiltersToExcludeLinksWithinScripts = wordDictionaryArr3;
        this.matchersToExcludeLinksWithinScripts = matcherArr3;
        this.prefiltersToExcludeLinksWithinTags = wordDictionaryArr4;
        this.matchersToExcludeLinksWithinTags = matcherArr4;
        if (matcherArr5 == null) {
            throw new NullPointerException("matchersToCaptureLinksWithinScripts must not be null");
        }
        if (matcherArr6 == null) {
            throw new NullPointerException("matchersToCaptureLinksWithinTags must not be null");
        }
        this.prefiltersToCaptureLinksWithinScripts = wordDictionaryArr5;
        this.matchersToCaptureLinksWithinScripts = matcherArr5;
        this.prefiltersToCaptureLinksWithinTags = wordDictionaryArr6;
        this.matchersToCaptureLinksWithinTags = matcherArr6;
        for (int i = DEBUG; i < matcherArr5.length; i++) {
            if (matcherArr5[i].groupCount() < 1) {
                throw new IllegalArgumentException(new StringBuffer().append("Pattern must have an explicitly defined capturing group to identify the URL: ").append(matcherArr5[i].pattern()).toString());
            }
        }
        for (int i2 = DEBUG; i2 < matcherArr6.length; i2++) {
            if (matcherArr6[i2].groupCount() < 1) {
                throw new IllegalArgumentException(new StringBuffer().append("Pattern must have an explicitly defined capturing group to identify the URL: ").append(matcherArr6[i2].pattern()).toString());
            }
        }
        this.groupNumbersToCaptureLinksWithinScripts = iArr;
        this.groupNumbersToCaptureLinksWithinTags = iArr2;
        if (matcherArr5.length != iArr.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and group-number array must be equal");
        }
        if (matcherArr6.length != iArr2.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and group-number array must be equal");
        }
        if (matcherArr5.length != matcherArr3.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and exclusion pattern array must be equal");
        }
        if (matcherArr6.length != matcherArr4.length) {
            throw new IllegalArgumentException("Lengths of capturing pattern and exclusion pattern array must be equal");
        }
        this.parameterAndFormProtectionKeyKey = str4;
        this.blockResponseHeadersWithCRLF = z2;
        this.blockFutureLastModifiedHeaders = z3;
        this.blockInvalidLastModifiedHeaders = z4;
        this.blockNonLocalRedirects = z5;
        this.requestedURL = new StringBuffer().append("").append((Object) requestWrapper.getRequestURL()).toString();
        this.servletPath = requestWrapper.getServletPath();
        this.contextPath = requestWrapper.getContextPath();
        this.ip = str5;
        this.responseModificationContentTypes = set;
        this.isCurrentRequestOfRelevantResourceType = !this.contentInjectionHelper.isMatchingOutgoingResponseModificationExclusion(this.servletPath, requestWrapper.getRequestURI());
        this.isOptimizationHint = z;
        this.maskAmpersandsInModifiedLinks = z9;
        this.hiddenFormFieldProtection = z10;
        this.selectboxProtection = z11;
        this.checkboxProtection = z12;
        this.radiobuttonProtection = z13;
        this.selectboxValueMasking = z14;
        this.checkboxValueMasking = z15;
        this.radiobuttonValueMasking = z16;
        this.appendQuestionmarkOrAmpersandToLinks = z17;
        this.appendSessionIdToLinks = z18;
        this.reuseSessionContent = z19;
        this.honeylinkPrefix = str6;
        this.honeylinkSuffix = str7;
        this.honeylinkMaxPerPage = s;
        this.randomizeHoneylinksOnEveryRequest = z20;
        this.pdfXssProtection = z21;
        this.applySetAfterWrite = z22;
    }

    public void redefineCryptoDetectionString(String str) {
        if (this.cryptoApplied) {
            throw new IllegalStateException("Crypto setting already applied to response (can not redefine any more)");
        }
        this.cryptoDetectionString = str;
    }

    public void redefineCryptoKey(CryptoKeyAndSalt cryptoKeyAndSalt) {
        if (this.cryptoApplied) {
            throw new IllegalStateException("Crypto setting already applied to response (can not redefine any more)");
        }
        this.cryptoKey = cryptoKeyAndSalt;
    }

    public void redefineSecretTokenKey(String str) {
        if (this.secretTokensApplied) {
            throw new IllegalStateException("Secret tokens already applied to response (can not redefine any more)");
        }
        this.tokenKey = str;
    }

    public void redefineSecretTokenValue(String str) {
        if (this.secretTokensApplied) {
            throw new IllegalStateException("Secret tokens already applied to response (can not redefine any more)");
        }
        this.tokenValue = str;
    }

    public void redefineParameterAndFormProtectionKey(String str) {
        if (this.parameterAndFormTokensApplied) {
            throw new IllegalStateException("Param-and-Form tokens already applied to response (can not redefine any more)");
        }
        this.parameterAndFormProtectionKeyKey = str;
    }

    private boolean isResponseModificationAllowed() {
        if (!this.isCurrentRequestOfRelevantResourceType) {
            return false;
        }
        String extractContentTypeUpperCased = extractContentTypeUpperCased();
        if (extractContentTypeUpperCased == null) {
            extractContentTypeUpperCased = "NULL";
        }
        return this.responseModificationContentTypes != null && this.responseModificationContentTypes.size() > 0 && this.responseModificationContentTypes.contains(extractContentTypeUpperCased);
    }

    public ServletOutputStream getOutputStream() throws IOException {
        if (this.cachedServletOutputStream == null) {
            this.secretTokensApplied = true;
            this.parameterAndFormTokensApplied = true;
            this.cryptoApplied = true;
            if (this.isOptimizationHint || !isResponseModificationAllowed()) {
                this.cachedServletOutputStream = super.getOutputStream();
            } else {
                this.cachedServletOutputStream = this.contentInjectionHelper.addActivatedFilters(super.getCharacterEncoding(), super.getOutputStream(), this.requestedURL, this.contextPath, this.servletPath, this.tokenKey, this.tokenValue, this.cryptoDetectionString, this.cipher, this.cryptoKey, this.parameterAndFormProtectionKeyKey, this.request, this, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeCompleteTag, this.matchersToExcludeCompleteTag, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.prefiltersToExcludeLinksWithinTags, this.matchersToExcludeLinksWithinTags, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToCaptureLinksWithinTags, this.matchersToCaptureLinksWithinTags, this.groupNumbersToCaptureLinksWithinScripts, this.groupNumbersToCaptureLinksWithinTags, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.maskAmpersandsInModifiedLinks, this.hiddenFormFieldProtection, this.selectboxProtection, this.checkboxProtection, this.radiobuttonProtection, this.selectboxValueMasking, this.checkboxValueMasking, this.radiobuttonValueMasking, this.appendQuestionmarkOrAmpersandToLinks, this.appendSessionIdToLinks, this.reuseSessionContent, this.honeylinkPrefix, this.honeylinkSuffix, this.honeylinkMaxPerPage, this.randomizeHoneylinksOnEveryRequest, this.applySetAfterWrite);
            }
        }
        return this.cachedServletOutputStream;
    }

    public PrintWriter getWriter() throws IOException {
        if (this.cachedPrintWriter == null) {
            this.secretTokensApplied = true;
            this.parameterAndFormTokensApplied = true;
            this.cryptoApplied = true;
            if (this.isOptimizationHint || !isResponseModificationAllowed()) {
                this.cachedPrintWriter = super.getWriter();
            } else {
                this.cachedPrintWriter = this.contentInjectionHelper.addActivatedFilters(super.getWriter(), this.requestedURL, this.contextPath, this.servletPath, this.tokenKey, this.tokenValue, this.cryptoDetectionString, this.cipher, this.cryptoKey, this.parameterAndFormProtectionKeyKey, this.request, this, this.prefiltersToExcludeCompleteScript, this.matchersToExcludeCompleteScript, this.prefiltersToExcludeCompleteTag, this.matchersToExcludeCompleteTag, this.prefiltersToExcludeLinksWithinScripts, this.matchersToExcludeLinksWithinScripts, this.prefiltersToExcludeLinksWithinTags, this.matchersToExcludeLinksWithinTags, this.prefiltersToCaptureLinksWithinScripts, this.matchersToCaptureLinksWithinScripts, this.prefiltersToCaptureLinksWithinTags, this.matchersToCaptureLinksWithinTags, this.groupNumbersToCaptureLinksWithinScripts, this.groupNumbersToCaptureLinksWithinTags, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.maskAmpersandsInModifiedLinks, this.hiddenFormFieldProtection, this.selectboxProtection, this.checkboxProtection, this.radiobuttonProtection, this.selectboxValueMasking, this.checkboxValueMasking, this.radiobuttonValueMasking, this.appendQuestionmarkOrAmpersandToLinks, this.appendSessionIdToLinks, this.reuseSessionContent, this.honeylinkPrefix, this.honeylinkSuffix, this.honeylinkMaxPerPage, this.randomizeHoneylinksOnEveryRequest, this.applySetAfterWrite);
            }
        }
        return this.cachedPrintWriter;
    }

    public void flushBuffer() throws IOException {
        super.flushBuffer();
        if (this.cachedPrintWriter != null) {
            this.cachedPrintWriter.flush();
        }
        if (this.cachedServletOutputStream != null) {
            this.cachedServletOutputStream.flush();
        }
    }

    public void setStatus(int i) {
        this.statusCode = i;
        super.setStatus(i);
    }

    public void setStatus(int i, String str) {
        this.statusCode = i;
        super.setStatus(i, str);
    }

    public void sendError(int i) throws IOException {
        this.statusCode = i;
        super.sendError(i);
    }

    public void sendError(int i, String str) throws IOException {
        this.statusCode = i;
        super.sendError(i, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getCapturedStatus() {
        return this.statusCode;
    }

    public void setContentLength(int i) {
        if (isResponseModificationAllowed()) {
            return;
        }
        super.setContentLength(i);
    }

    public void setContentType(String str) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        if (this.pdfXssProtection && APPLICATION_PDF.equalsIgnoreCase(str)) {
            String str2 = DEBUG;
            try {
                if (this.contentDisposition != null) {
                    str2 = (String) ServerUtils.parseContentDisposition(this.contentDisposition).get("filename");
                }
            } catch (Exception e) {
                this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to extract filename from download (using default) due to exception: ").append(e.getMessage()).toString());
            }
            if (str2 == null) {
                str2 = "download.pdf";
            }
            setHeader(CONTENT_DISPOSITION, new StringBuffer().append("attachment; filename=").append(str2).toString());
            str = APPLICATION_BINARY;
        }
        this.contentType = str;
        super.setContentType(str);
    }

    public String getFullCapturedContentType() {
        return this.contentType;
    }

    public String extractContentTypeUpperCased() {
        if (this.contentType == null) {
            return null;
        }
        String upperCase = this.contentType.trim().toUpperCase();
        int indexOf = upperCase.indexOf(";");
        if (indexOf > -1) {
            upperCase = upperCase.substring(DEBUG, indexOf);
        }
        return upperCase;
    }

    public String getFullCapturedContentDisposition() {
        return this.contentDisposition;
    }

    public void setCharacterEncoding(String str) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        super.setCharacterEncoding(str);
    }

    public void addCookie(Cookie cookie) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(cookie.getComment());
            checkHeaderAgainstCRLF(cookie.getDomain());
            checkHeaderAgainstCRLF(cookie.getName());
            checkHeaderAgainstCRLF(cookie.getPath());
            checkHeaderAgainstCRLF(cookie.getValue());
        }
        super.addCookie(cookie);
    }

    public void addDateHeader(String str, long j) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        if (this.blockFutureLastModifiedHeaders) {
            checkHeaderAgainstFutureLastModified(str, j);
        }
        super.addDateHeader(str, j);
    }

    public void setDateHeader(String str, long j) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        if (this.blockFutureLastModifiedHeaders) {
            checkHeaderAgainstFutureLastModified(str, j);
        }
        super.setDateHeader(str, j);
    }

    public void addIntHeader(String str, int i) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        super.addIntHeader(str, i);
    }

    public void setIntHeader(String str, int i) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        super.setIntHeader(str, i);
    }

    public void addHeader(String str, String str2) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
            checkHeaderAgainstCRLF(str2);
        }
        checkHeaderAgainstFutureAndInvalidLastModified(str, str2);
        if (CONTENT_DISPOSITION.equals(str)) {
            this.contentDisposition = str2;
        }
        super.addHeader(str, str2);
    }

    public void setHeader(String str, String str2) {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
            checkHeaderAgainstCRLF(str2);
        }
        checkHeaderAgainstFutureAndInvalidLastModified(str, str2);
        if (CONTENT_DISPOSITION.equals(str)) {
            this.contentDisposition = str2;
        }
        super.setHeader(str, str2);
    }

    public void sendRedirect(String str) throws IOException {
        if (this.blockResponseHeadersWithCRLF) {
            checkHeaderAgainstCRLF(str);
        }
        if (this.blockNonLocalRedirects && !isLocalRedirect(str)) {
            handleAttack(new StringBuffer().append("Non-local redirect detected: ").append(str).append(" (check your web app paths in the security configuration when the redirect is app internal)").toString());
        }
        if (this.attackHandler.isRedirectThresholdReached(this.ip)) {
            handleAttack(new StringBuffer().append("Redirect per-client threshold (").append(this.attackHandler.getRedirectThreshold()).append(" per reset period ").append(this.attackHandler.getRedirectThresholdResetPeriod() / 1000).append(" seconds) reached: ").append(str).toString());
        }
        if (this.isCurrentRequestOfRelevantResourceType && !this.contentInjectionHelper.isMatchingIncomingLinkModificationExclusion(str) && isLocalRedirect(str) && !this.isRedirectingDueToRecentAttack) {
            str = encryptQueryStringInLink(injectParameterAndFormProtectionIntoLink(injectSecretTokenIntoLink(str, false, true), false, true), null);
            if (this.appendSessionIdToLinks) {
                str = encodeURL(str);
            }
        }
        super.sendRedirect(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void sendRedirectDueToRecentAttack(String str) throws IOException {
        if (this.attackHandler.isRedirectThresholdReached(this.ip)) {
            handleAttack(new StringBuffer().append("Redirect per-client threshold (").append(this.attackHandler.getRedirectThreshold()).append(" per reset period ").append(this.attackHandler.getRedirectThresholdResetPeriod() / 1000).append(" seconds) reached: ").append(str).toString());
        }
        this.isRedirectingDueToRecentAttack = true;
        sendRedirect(str);
        this.isRedirectingDueToRecentAttack = false;
    }

    public String encodeURL(String str) {
        if (!this.isOptimizationHint) {
            return super.encodeURL(str);
        }
        String encodeURL = super.encodeURL(str);
        String decodeBrokenValueHtmlOnly = ServerUtils.decodeBrokenValueHtmlOnly(encodeURL, false);
        if (!ServerUtils.startsWithJavaScriptOrMailto(decodeBrokenValueHtmlOnly)) {
            encodeURL = encryptQueryStringInLink(ServerUtils.encodeHtmlSafe(injectParameterAndFormProtectionIntoLink(injectSecretTokenIntoLink(decodeBrokenValueHtmlOnly, true, true), true, true)), null);
        }
        return encodeURL;
    }

    public String encodeUrl(String str) {
        return encodeURL(str);
    }

    private void checkHeaderAgainstCRLF(String str) {
        if (str != null) {
            if (this.matcherCRLF == null) {
                this.matcherCRLF = PATTERN_CRLF.matcher(str);
            } else {
                this.matcherCRLF.reset(str);
            }
            if (this.matcherCRLF.find()) {
                handleAttack("CRLF detected in response header field");
            }
        }
    }

    private void checkHeaderAgainstFutureLastModified(String str, long j) {
        if (str == null || !HEADER_LAST_MODIFIED.equalsIgnoreCase(str) || j <= System.currentTimeMillis() + 250) {
            return;
        }
        handleAttack(new StringBuffer().append("Future Last-Modified response header detected: ").append(new Date(j)).toString());
    }

    private void checkHeaderAgainstFutureAndInvalidLastModified(String str, String str2) {
        if ((this.blockFutureLastModifiedHeaders || this.blockInvalidLastModifiedHeaders) && str != null && str2 != null && str2.length() > 0 && HEADER_LAST_MODIFIED.equalsIgnoreCase(str)) {
            Date parseHttpDate = parseHttpDate(str2);
            if (parseHttpDate == null) {
                if (this.blockInvalidLastModifiedHeaders) {
                    handleAttack(new StringBuffer().append("Strange date format used for date header 'Last-Modified': ").append(str2).toString());
                }
            } else if (this.blockFutureLastModifiedHeaders) {
                checkHeaderAgainstFutureLastModified(str, parseHttpDate.getTime());
            }
        }
    }

    private void handleAttack(String str) {
        this.attackHandler.handleAttack(this.request, this.ip, str);
        throw new ServerAttackException(str);
    }

    private boolean isLocalRedirect(String str) {
        if (str == null) {
            return false;
        }
        if (ServerUtils.containsColonBeforeFirstSlashOrQuestionmark(str)) {
            return ServerUtils.isSameServer(str, this.requestedURL);
        }
        char charAt = str.charAt(DEBUG);
        return charAt == '?' || charAt == '.' || charAt == '/' || Character.isLetter(charAt) || Character.isDigit(charAt) || str.startsWith(this.contextPath);
    }

    private Date parseHttpDate(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        Date date = DEBUG;
        for (int i = DEBUG; i < this.HTTP_DATE_FORMATS.length; i++) {
            try {
                date = this.HTTP_DATE_FORMATS[i].parse(str);
            } catch (RuntimeException e) {
            } catch (ParseException e2) {
            }
        }
        return date;
    }

    private String injectSecretTokenIntoLink(String str, boolean z, boolean z2) {
        if (str == null) {
            return null;
        }
        this.secretTokensApplied = true;
        if (this.contentInjectionHelper.isInjectSecretTokenIntoLinks() && (!this.contentInjectionHelper.isEncryptQueryStringInLinks() || !ResponseUtils.isAlreadyEncrypted(this.cryptoDetectionString, str))) {
            str = ResponseUtils.injectParameterIntoURL(str, this.tokenKey, this.tokenValue, this.maskAmpersandsInModifiedLinks && !z2, this.appendQuestionmarkOrAmpersandToLinks, z);
        }
        return str;
    }

    private String injectParameterAndFormProtectionIntoLink(String str, boolean z, boolean z2) {
        if (str == null) {
            return null;
        }
        this.parameterAndFormTokensApplied = true;
        if (this.contentInjectionHelper.isProtectParametersAndForms() && !this.contentInjectionHelper.isExtraStrictParameterCheckingForEncryptedLinks() && !ResponseUtils.isAlreadyEncrypted(this.cryptoDetectionString, str)) {
            HttpSession session = this.request.getSession(false);
            if (session != null) {
                String keyForParameterProtectionOnly = ResponseUtils.getKeyForParameterProtectionOnly(str, session, this.hiddenFormFieldProtection, this.reuseSessionContent, this.applySetAfterWrite);
                if (keyForParameterProtectionOnly != null) {
                    str = ResponseUtils.injectParameterIntoURL(str, this.parameterAndFormProtectionKeyKey, keyForParameterProtectionOnly, this.maskAmpersandsInModifiedLinks && !z2, this.appendQuestionmarkOrAmpersandToLinks, z);
                }
            } else {
                System.err.println("Strange situation: session does not exist where expected: injectParameterAndFormProtectionIntoLink()");
            }
        }
        return str;
    }

    private String encryptQueryStringInLink(String str, Boolean bool) {
        if (str == null) {
            return null;
        }
        this.cryptoApplied = true;
        if (this.contentInjectionHelper.isEncryptQueryStringInLinks() && !ResponseUtils.isAlreadyEncrypted(this.cryptoDetectionString, str) && ServerUtils.isInternalHostURL(this.requestedURL, ServerUtils.decodeBrokenValueHtmlOnly(str, false))) {
            str = ResponseUtils.encryptQueryStringInURL(this.requestedURL, this.contextPath, this.servletPath, str, false, false, bool, this.contentInjectionHelper.isSupposedToBeStaticResource(ResponseUtils.extractURI(str)), this.cryptoDetectionString, this.cipher, this.cryptoKey, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this, this.appendQuestionmarkOrAmpersandToLinks);
        }
        return str;
    }
}
