package org.webcastellum;

import java.io.BufferedReader;
import java.io.CharArrayWriter;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.crypto.Cipher;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.UnavailableException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.webcastellum.RequestUtils;

/* loaded from: input_file:org/webcastellum/WebCastellumFilter.class */
public final class WebCastellumFilter implements Filter {
    public static final String DEFAULT_CHARACTER_ENCODING = "UTF-8";
    private static final String PARAM_DEBUG = "Debug";
    private static final String PARAM_SHOW_TIMINGS = "ShowTimings";
    private static final String PARAM_BLOCK_ATTACKING_CLIENTS_THRESHOLD = "BlockAttackingClientsThreshold";
    private static final String PARAM_DEV_ATTACK_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "DevelopmentAttackReplyStatusCodeOrMessageResource";
    private static final String PARAM_PROD_ATTACK_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "ProductionAttackReplyStatusCodeOrMessageResource";
    private static final String PARAM_DEV_EXCEPTION_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "DevelopmentExceptionReplyStatusCodeOrMessageResource";
    private static final String PARAM_PROD_EXCEPTION_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "ProductionExceptionReplyStatusCodeOrMessageResource";
    private static final String PARAM_DEV_CONFIG_MISSING_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "DevelopmentConfigurationMissingReplyStatusCodeOrMessageResource";
    private static final String PARAM_PROD_CONFIG_MISSING_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE = "ProductionConfigurationMissingReplyStatusCodeOrMessageResource";
    private static final String PARAM_FLUSH_RESPONSE = "FlushResponse";
    private static final String PARAM_INVALIDATE_SESSION_ON_ATTACK = "InvalidateSessionOnAttack";
    private static final String PARAM_TIE_WEB_SESSION_TO_CLIENT_ADDRESS = "TieWebSessionToClientAddress";
    private static final String PARAM_TIE_WEB_SESSION_TO_HEADER_LIST = "TieWebSessionToHeaderList";
    private static final String PARAM_BLOCK_RESPONSE_HEADERS_WITH_CRLF = "BlockResponseHeadersWithCRLF";
    private static final String PARAM_BLOCK_FUTURE_LAST_MODIFIED_HEADERS = "BlockFutureLastModifiedResponseHeaders";
    private static final String PARAM_BLOCK_INVALID_LAST_MODIFIED_HEADERS = "BlockInvalidLastModifiedResponseHeaders";
    private static final String PARAM_BLOCK_REQUESTS_WITH_UNKNOWN_REFERRER = "BlockRequestsWithUnknownReferrer";
    private static final String PARAM_BLOCK_REQUESTS_WITH_MISSING_REFERRER = "BlockRequestsWithMissingReferrer";
    private static final String PARAM_BLOCK_REQUESTS_WITH_DUPLICATE_HEADERS = "BlockRequestsWithDuplicateHeaders";
    private static final String PARAM_BLOCK_NON_LOCAL_REDIRECTS = "BlockNonLocalRedirects";
    private static final String PARAM_400_OR_404_ATTACK_THRESHOLD = "HttpInvalidRequestOrNotFoundStatusCodeAttackThreshold";
    private static final String PARAM_400_OR_404_ATTACK_THRESHOLD__CLUSTER_AWARE = "HttpInvalidRequestOrNotFoundStatusCodeClusterAware";
    private static final String PARAM_SESSION_CREATION_ATTACK_THRESHOLD = "SessionCreationAttackThreshold";
    private static final String PARAM_SESSION_CREATION_ATTACK_THRESHOLD__CLUSTER_AWARE = "SessionCreationClusterAware";
    private static final String PARAM_SECRET_TOKEN_LINK_INJECTION = "SecretTokenLinkInjection";
    private static final String PARAM_ENCRYPT_QUERY_STRINGS = "QueryStringEncryption";
    private static final String PARAM_PARAMETER_AND_FORM_PROTECTION = "ParameterAndFormProtection";
    private static final String PARAM_EXTRA_DISABLED_FORM_FIELD_PROTECTION = "ExtraDisabledFormFieldProtection";
    private static final String PARAM_EXTRA_READONLY_FORM_FIELD_PROTECTION = "ExtraReadonlyFormFieldProtection";
    private static final String PARAM_EXTRA_REQUEST_PARAM_VALUE_COUNT_PROTECTION = "ExtraRequestParamValueCountProtection";
    private static final String PARAM_EXTRA_HIDDEN_FORM_FIELD_PROTECTION = "ExtraHiddenFormFieldProtection";
    private static final String PARAM_EXTRA_SELECTBOX_PROTECTION = "ExtraSelectboxProtection";
    private static final String PARAM_EXTRA_RADIOBUTTON_PROTECTION = "ExtraRadiobuttonProtection";
    private static final String PARAM_EXTRA_CHECKBOX_PROTECTION = "ExtraCheckboxProtection";
    private static final String PARAM_EXTRA_SELECTBOX_VALUE_MASKING = "ExtraSelectboxValueMasking";
    private static final String PARAM_EXTRA_RADIOBUTTON_VALUE_MASKING = "ExtraRadiobuttonValueMasking";
    private static final String PARAM_EXTRA_CHECKBOX_VALUE_MASKING = "ExtraCheckboxValueMasking";
    private static final String PARAM_EXTRA_HASH_PROTECTION = "ExtraEncryptedValueHashProtection";
    private static final String PARAM_EXTRA_FULL_PATH_PROTECTION = "ExtraEncryptedFullPathProtection";
    private static final String PARAM_EXTRA_MEDIUM_PATH_REMOVAL = "ExtraEncryptedMediumPathRemoval";
    private static final String PARAM_EXTRA_FULL_PATH_REMOVAL = "ExtraEncryptedFullPathRemoval";
    private static final String PARAM_EXTRA_STRICT_PARAMETER_CHECKING_FOR_ENCRYPTED_LINKS = "ExtraStrictParameterCheckingForLinks";
    private static final String PARAM_PATH_TO_BAD_REQUEST_FILES = "PathToBadRequestFiles";
    private static final String PARAM_PATH_TO_WHITELIST_REQUESTS_FILES = "PathToWhitelistRequestFiles";
    private static final String PARAM_PATH_TO_ENTRY_POINT_FILES = "PathToEntryPointFiles";
    private static final String PARAM_PATH_TO_OPTIMIZATION_HINT_FILES = "PathToOptimizationHintFiles";
    private static final String PARAM_PATH_TO_DOS_LIMIT_FILES = "PathToDenialOfServiceLimitFiles";
    private static final String PARAM_PATH_TO_RENEW_SESSION_AND_TOKEN_POINT_FILES = "PathToRenewSessionAndTokenPointFiles";
    private static final String PARAM_PATH_TO_CAPTCHA_POINT_FILES = "PathToCaptchaPointFiles";
    private static final String PARAM_PATH_TO_INCOMING_PROTECTION_EXCLUDE_FILES = "PathToIncomingProtectionExcludeFiles";
    private static final String PARAM_PATH_TO_RESPONSE_MODIFICATION_FILES = "PathToResponseModificationFiles";
    private static final String PARAM_PATH_TO_CONTENT_MODIFICATION_EXCLUDE_FILES = "PathToContentModificationExcludeFiles";
    private static final String PARAM_PATH_TO_TOTAL_EXCLUDE_FILES = "PathToTotalExcludeFiles";
    private static final String PARAM_PATH_TO_SIZE_LIMIT_FILES = "PathToSizeLimitFiles";
    private static final String PARAM_PATH_TO_MULTIPART_SIZE_LIMIT_FILES = "PathToMultipartSizeLimitFiles";
    private static final String PARAM_PATH_TO_DECODING_PERMUTATION_FILES = "PathToDecodingPermutationFiles";
    private static final String PARAM_PATH_TO_FORM_FIELD_MASKING_EXCLUDE_FILES = "PathToFormFieldMaskingExcludeFiles";
    static final String RESPONSE_MODIFICATIONS_DEFAULT = "response-modifications";
    static final String MODIFICATION_EXCLUDES_DEFAULT = "content-modification-excludes";
    private static final String PARAM_MASK_AMPERSANDS_IN_LINK_ADDITIONS = "MaskAmpersandsInLinkAdditions";
    private static final String PARAM_STRIP_HTML_COMMENTS = "StripHtmlComments";
    private static final String PARAM_FORCED_SESSION_INVALIDATION_PERIOD_MINUTES = "ForcedSessionInvalidationPeriod";
    private static final String PARAM_RULE_LOADER = "RuleLoader";
    private static final String LEGACY_PARAM_RULE_FILE_LOADER = "RuleFileLoader";
    private static final String PARAM_GEO_LOCATOR = "GeoLocator";
    private static final String PARAM_ATTACK_LOGGER = "AttackLogger";
    private static final String PARAM_CAPTCHA_GENERATOR = "CaptchaGenerator";
    private static final String PARAM_PRODUCTION_MODE_CHECKER = "ProductionModeChecker";
    private static final String PARAM_CLIENT_IP_DETERMINATOR = "ClientIpDeterminator";
    private static final String PARAM_MULTIPART_REQUEST_PARSER = "MultipartRequestParser";
    private static final String PARAM_BLOCK_ATTACKING_CLIENTS_DURATION = "BlockAttackingClientsDuration";
    private static final String PARAM_RESET_PERIOD_ATTACK = "ResetPeriodAttack";
    private static final String PARAM_RESET_PERIOD_SESSION_CREATION = "ResetPeriodSessionCreation";
    private static final String PARAM_RESET_PERIOD_BAD_RESPONSE_CODE = "ResetPeriodBadResponseCode";
    private static final String PARAM_RESET_PERIOD_REDIRECT_THRESHOLD = "ResetPeriodRedirectThreshold";
    private static final String PARAM_HOUSEKEEPING_INTERVAL = "HousekeepingInterval";
    private static final String PARAM_BLOCK_INVALID_ENCODED_QUERY_STRING = "BlockInvalidEncodedQueryString";
    private static final String PARAM_APPLICATION_NAME = "ApplicationName";
    private static final String PARAM_LEARNING_MODE_AGGREGATION_DIRECTORY = "LearningModeAggregationDirectory";
    private static final String PARAM_LOG_SESSION_VALUES_ON_ATTACK = "LogSessionValuesOnAttack";
    private static final String PARAM_RULE_RELOADING_INTERVAL = "RuleReloadingInterval";
    private static final String LEGACY_PARAM_RULE_FILE_RELOADING_INTERVAL = "RuleFileReloadingInterval";
    private static final String PARAM_CONFIG_RELOADING_INTERVAL = "ConfigurationReinitializationInterval";
    private static final String PARAM_ANTI_CACHE_RESPONSE_HEADER_INJECTION_CONTENT_TYPES = "AntiCacheResponseHeaderInjectionContentTypes";
    private static final String PARAM_RESPONSE_MODIFICATION_CONTENT_TYPES = "ResponseBodyModificationContentTypes";
    private static final String PARAM_FORCE_ENTRANCE_THROUGH_ENTRY_POINTS = "ForceEntranceThroughEntryPoints";
    private static final String PARAM_REDIRECT_WELCOME_PAGE = "RedirectWelcomePage";
    private static final String PARAM_CHARACTER_ENCODING = "CharacterEncoding";
    private static final String LEGACY_PARAM_CHARACTER_ENCODING = "RequestCharacterEncoding";
    private static final String PARAM_HANDLE_UNCAUGHT_EXCEPTIONS = "HandleUncaughtExceptions";
    private static final String PARAM_LOG_VERBOSE_FOR_DEVELOPMENT_MODE = "LogVerboseForDevelopmentMode";
    private static final String PARAM_BLOCK_REPEATED_REDIRECTS_THRESHOLD = "BlockRepeatedRedirectsThreshold";
    private static final String PARAM_REMOVE_SENSITIVE_DATA_REQUEST_PARAM_NAME_PATTERN = "RemoveSensitiveDataRequestParamNamePattern";
    private static final String PARAM_REMOVE_SENSITIVE_DATA_VALUE_PATTERN = "RemoveSensitiveDataValuePattern";
    private static final String PARAM_TREAT_NON_MATCHING_SERVLET_PATH_AS_MATCH_FOR_WHITELIST_RULES = "TreatNonMatchingServletPathAsMatchForWhitelistRules";
    private static final String PARAM_REMEMBER_LAST_CAPTCHA_FOR_MULTI_SUBMITS = "RememberLastCaptchaForMultiSubmits";
    private static final String PARAM_LOG_CLIENT_USER_DATA = "LogClientUserData";
    private static final String PARAM_APPEND_QUESTIONMARK_OR_AMPERSAND_TO_LINKS = "AppendQuestionmarkOrAmpersandToLinks";
    private static final String PARAM_APPEND_SESSIONID_TO_LINKS = "AppendSessionIdToLinks";
    private static final String PARAM_FAILED_CAPTCHA_PER_SESSION_ATTACK_THRESHOLD = "FailedCaptchaPerSessionAttackThreshold";
    private static final String PARAM_CLUSTER_INITIAL_CONTEXT_FACTORY = "ClusterInitialContextFactory";
    private static final String PARAM_CLUSTER_BROADCAST_PERIOD = "ClusterBroadcastPeriod";
    private static final String PARAM_CLUSTER_JMS_PROVIDER_URL = "ClusterJmsProviderUrl";
    private static final String PARAM_CLUSTER_JMS_CONNECTION_FACTORY = "ClusterJmsConnectionFactory";
    private static final String PARAM_CLUSTER_JMS_TOPIC = "ClusterJmsTopic";
    private static final String PARAM_REUSE_SESSION_CONTENT = "ReuseSessionContent";
    private static final String PARAM_PARSE_MULTI_PART_FORMS = "InspectMultipartFormSubmits";
    private static final String PARAM_PRESENT_MULTIPART_FORM_PARAMS_AS_REGULAR_PARAMS_TO_APPLICATION = "PresentMultipartFormParametersAsRegularParametersToApplication";
    private static final String PARAM_HIDE_INTERNAL_SESSION_ATTRIBUTES = "HideInternalSessionAttributes";
    private static final String PARAM_HONEYLINK_PREFIX = "HoneylinkPrefix";
    private static final String PARAM_HONEYLINK_SUFFIX = "HoneylinkSuffix";
    private static final String PARAM_HONEYLINK_MAX_PER_RESPONSE = "HoneylinkMaxPerResponse";
    private static final String PARAM_RANDOMIZE_HONEYLINKS_ON_EVERY_RESPONSE = "HoneylinkRandomizeOnEveryResponse";
    private static final String PARAM_PDF_XSS_PROTECTION = "PdfXssProtection";
    private static final String PARAM_BLOCK_MULTIPART_REQUESTS_FOR_NON_MULTIPART_FORMS = "BlockMultipartRequestsForNonMultipartForms";
    private static final String PARAM_ALLOWED_REQUEST_MIME_TYPES = "AllowedRequestMimeTypes";
    private static final String PARAM_BUFFER_FILE_UPLOADS_TO_DISK = "BufferFileUploadsToDisk";
    private static final String PARAM_APPLY_SET_AFTER_SESSION_WRITE = "ApplySetAfterSessionWrite";
    private static final String PARAM_VALIDATE_CLIENT_ADDRESS_FORMAT = "ValidateClientAddressFormat";
    private static final String PARAM_TRANSPARENT_QUERYSTRING = "TransparentQueryString";
    private static final String LEGACY_PARAM_TRANSPARENT_QUERYSTRING = "TransparentQuerystring";
    private static final String PARAM_TRANSPARENT_FORWARDING = "TransparentForwarding";
    private static final String PARAM_USE_TUNED_BLOCK_PARSER = "UseTunedBlockParser";
    private static final String PARAM_USE_RESPONSE_BUFFERING = "UseResponseBuffering";
    static final String INTERNAL_CONTENT_PREFIX = "WC_";
    static final String SESSION_CLIENT_ADDRESS_KEY = "WC_1";
    static final String SESSION_CLIENT_HEADERS_KEY = "WC_2";
    static final String SESSION_SECRET_RANDOM_TOKEN_KEY_KEY = "WC_3-K";
    static final String SESSION_SECRET_RANDOM_TOKEN_VALUE_KEY = "WC_4-V";
    static final String SESSION_PARAMETER_AND_FORM_PROTECTION_RANDOM_TOKEN_KEY_KEY = "WC_5";
    static final String SESSION_ENCRYPT_QUERY_STRINGS_CRYPTODETECTION_KEY = "WC_6-CD";
    static final String SESSION_ENCRYPT_QUERY_STRINGS_CRYPTOKEY_KEY = "WC_7-CK";
    static final String SESSION_ENTRY_POINT_TOUCHED_KEY = "WC_8-TD";
    static final String SESSION_REUSABLE_KEY_LIST_KEY = "WC_SRKLK";
    static final String SESSION_CAPTCHA_IMAGES = "WC_SCI-";
    static final String SESSION_CAPTCHA_FAILED_COUNTER = "WC_SCFC-";
    static final String SESSION_SELECTBOX_MASKING_PREFIX = "WC_SSMP-";
    static final String SESSION_CHECKBOX_MASKING_PREFIX = "WC_SCMP-";
    static final String SESSION_RADIOBUTTON_MASKING_PREFIX = "WC_SRMP-";
    static final String SESSION_SESSION_WRAPPER_REFERENCE = "WC_SSWR-";
    static final String REQUEST_NESTED_FORWARD_CALL = "WC_NF";
    static final String REQUEST_ALREADY_DECRYPTED_FLAG = "WC_ALD";
    static final String REQUEST_IS_FORM_SUBMIT_FLAG = "WC_FSF";
    static final String REQUEST_IS_URL_MANIPULATED_FLAG = "WC_IUM";
    static final char INTERNAL_URL_DELIMITER = '$';
    static final char INTERNAL_METHOD_TYPE_POST = '6';
    static final char INTERNAL_METHOD_TYPE_GET = '3';
    static final char INTERNAL_METHOD_TYPE_UNDEFINED = '4';
    static final String INTERNAL_TYPE_URL = "0";
    static final String INTERNAL_TYPE_FORM = "1";
    static final char INTERNAL_TYPE_LINK_FLAG = '9';
    static final char INTERNAL_TYPE_FORM_FLAG = '7';
    static final char INTERNAL_MULTIPART_YES_FLAG = '2';
    static final char INTERNAL_MULTIPART_NO_FLAG = '5';
    static final char INTERNAL_RESOURCE_ENDS_WITH_SLASH_YES_FLAG = 'S';
    static final char INTERNAL_RESOURCE_ENDS_WITH_SLASH_NO_FLAG = 'J';
    static final String CAPTCHA_IMAGE = "CI";
    static final String CAPTCHA_FORM = "CF";
    static final String CAPTCHA_VALUE = "CV";
    static final String LAST_CAPTCHA = "_LC";
    static final int STATIC_REQUEST_CRYPTODETECTION_INSERTION_POSITION;
    private static boolean isOldJavaEE13;
    private FilterConfig filterConfig;
    private AttackHandler attackHandler;
    private String developmentAttackReplyMessage;
    private String productionAttackReplyMessage;
    private String developmentConfigurationMissingReplyMessage;
    private String productionConfigurationMissingReplyMessage;
    private String developmentExceptionReplyMessage;
    private String productionExceptionReplyMessage;
    private String redirectWelcomePage;
    private String requestCharacterEncoding;
    private int forcedSessionInvalidationPeriodMinutes;
    private int housekeepingIntervalMinutes;
    private int blockPeriodMinutes;
    private long ruleFileReloadingIntervalMillis;
    private long nextRuleReloadingTime;
    private long configReloadingIntervalMillis;
    private long nextConfigReloadingTime;
    private int resetPeriodMinutesAttack;
    private int resetPeriodMinutesSessionCreation;
    private int resetPeriodMinutesBadResponseCode;
    private int resetPeriodMinutesRedirectThreshold;
    private boolean debug;
    private boolean showTimings;
    private boolean catchAll;
    private boolean forceEntranceThroughEntryPoints;
    private boolean tieSessionToClientAddress;
    private boolean blockResponseHeadersWithCRLF;
    private boolean blockFutureLastModifiedHeaders;
    private boolean blockInvalidLastModifiedHeaders;
    private boolean blockRequestsWithUnknownReferrer;
    private boolean blockRequestsWithMissingReferrer;
    private boolean blockRequestsWithDuplicateHeaders;
    private boolean blockNonLocalRedirects;
    private boolean blockInvalidEncodedQueryString;
    private boolean useFullPathForResourceToBeAccessedProtection;
    private boolean additionalFullResourceRemoval;
    private boolean additionalMediumResourceRemoval;
    private boolean maskAmpersandsInLinkAdditions;
    private boolean hiddenFormFieldProtection;
    private boolean selectboxProtection;
    private boolean checkboxProtection;
    private boolean radiobuttonProtection;
    private boolean selectboxValueMasking;
    private boolean checkboxValueMasking;
    private boolean radiobuttonValueMasking;
    private boolean reuseSessionContent;
    private boolean parseMultipartForms;
    private boolean hideInternalSessionAttributes;
    private boolean bufferFileUploadsToDisk;
    private String[] tieSessionToHeaderList;
    private Set antiCacheResponseHeaderInjectionContentTypes;
    private Set responseBodyModificationContentTypes;
    private HttpStatusCodeTracker httpStatusCodeCounter;
    private SessionCreationTracker sessionCreationCounter;
    private DenialOfServiceLimitTracker denialOfServiceLimitCounter;
    private GeoLocatingCache geoLocatingCache;
    private CaptchaGenerator captchaGenerator;
    private ClientIpDeterminator clientIpDeterminator;
    private MultipartRequestParser multipartRequestParser;
    private String applicationName;
    private String learningModeAggregationDirectory;
    private String clusterInitialContextFactory;
    private String clusterJmsProviderUrl;
    private String clusterJmsConnectionFactory;
    private String clusterJmsTopic;
    private Class ruleFileLoaderClass;
    private Class productionModeCheckerClass;
    private Class clientIpDeterminatorClass;
    private Class multipartRequestParserClass;
    private boolean isProductionMode;
    private boolean logSessionValuesOnAttack;
    private boolean invalidateSessionOnAttack;
    private boolean logVerboseForDevelopmentMode;
    private boolean extraEncryptedValueHashProtection;
    private boolean rememberLastCaptchaForMultiSubmits;
    private boolean appendQuestionmarkOrAmpersandToLinks;
    private boolean appendSessionIdToLinks;
    private boolean presentMultipartFormParametersAsRegularParametersToApplication;
    private boolean blockMultipartRequestsForNonMultipartForms;
    private boolean pdfXssProtection;
    private boolean applySetAfterWrite;
    private int blockRepeatedRedirectsThreshold;
    private int failedCaptchaPerSessionAttackThreshold;
    private int clusterBroadcastPeriod;
    private Pattern removeSensitiveDataRequestParamNamePattern;
    private Pattern removeSensitiveDataValuePattern;
    private String honeylinkPrefix;
    private String honeylinkSuffix;
    private short honeylinkMaxPerPage;
    private boolean randomizeHoneylinksOnEveryRequest;
    private WhitelistRequestDefinitionContainer whiteListDefinitions;
    private boolean treatNonMatchingServletPathAsMatchForWhitelistRules;
    private BadRequestDefinitionContainer badRequestDefinitions;
    private DenialOfServiceLimitDefinitionContainer denialOfServiceLimitDefinitions;
    private EntryPointDefinitionContainer entryPointDefinitions;
    private OptimizationHintDefinitionContainer optimizationHintDefinitions;
    private RenewSessionAndTokenPointDefinitionContainer renewSessionPointDefinitions;
    private CaptchaPointDefinitionContainer captchaPointDefinitions;
    private IncomingProtectionExcludeDefinitionContainer incomingProtectionExcludeDefinitions;
    private ResponseModificationDefinitionContainer responseModificationDefinitions;
    private TotalExcludeDefinitionContainer totalExcludeDefinitions;
    private ContentModificationExcludeDefinitionContainer contentModificationExcludeDefinitions;
    private SizeLimitDefinitionContainer sizeLimitDefinitions;
    private MultipartSizeLimitDefinitionContainer multipartSizeLimitDefinitions;
    private DecodingPermutationDefinitionContainer decodingPermutationDefinitions;
    private FormFieldMaskingExcludeDefinitionContainer formFieldMaskingExcludeDefinitions;
    static final boolean REMOVE_CONTENT_LENGTH_FOR_MODIFIABLE_RESPONSES = true;
    static final boolean REMOVE_COMPRESSION_ACCEPT_ENCODING_HEADER_VALUES = false;
    static final boolean APPEND_EQUALS_SIGN_TO_VALUELESS_URL_PARAM_NAMES = true;
    public static final Pattern PATTERN_VALID_CLIENT_ADDRESS;
    static final File TEMP_DIRECTORY;
    static final int TRIE_MATCHING_THRSHOLD = 60;
    private static final boolean USE_WEB_SERVER_LOG = true;
    private static final boolean INTERNALLY_DUMP_REQUEST_PARAM_NAMES_VERBOSE = false;
    private static final boolean DEBUG_PRINT_UNCOVERING_DETAILS = false;
    static int customerIdentifier;
    static final boolean $assertionsDisabled;
    static Class class$org$webcastellum$WebCastellumFilter;
    private final ContentInjectionHelper contentInjectionHelper = new ContentInjectionHelper();
    private int developmentAttackReplyStatusCode = 200;
    private int productionAttackReplyStatusCode = 200;
    private int developmentConfigurationMissingReplyStatusCode = 503;
    private int productionConfigurationMissingReplyStatusCode = 503;
    private int developmentExceptionReplyStatusCode = 503;
    private int productionExceptionReplyStatusCode = 503;
    private boolean jmsUsed = false;
    private boolean flushResponse = true;
    private Set allowedRequestMimeTypesLowerCased = new HashSet();
    private boolean isHavingEnabledQueryStringCheckingRules = false;
    private boolean isHavingEnabledRequestParameterCheckingRules = false;
    private boolean isHavingEnabledHeaderCheckingRules = false;
    private boolean isHavingEnabledCookieCheckingRules = false;
    private boolean validateClientAddressFormat = false;
    private boolean transparentQuerystring = true;
    private boolean transparentForwarding = true;
    private boolean restartCompletelyOnNextRequest = true;
    private boolean reloadRulesOnNextRequest = false;
    private final Object mutex_reloadRulesOnNextRequest = new Object();
    private final Object mutex_restartCompletelyWhenRequired = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/webcastellum/WebCastellumFilter$AllowedFlagWithMessage.class */
    public static final class AllowedFlagWithMessage {
        private final boolean allowed;
        private Attack attack;
        private Captcha captcha;

        public AllowedFlagWithMessage(boolean z) {
            this.allowed = z;
        }

        public AllowedFlagWithMessage(boolean z, Attack attack) {
            this(z);
            this.attack = attack;
        }

        public AllowedFlagWithMessage(boolean z, Captcha captcha) {
            this(z);
            this.captcha = captcha;
        }

        public boolean isAllowed() {
            return this.allowed;
        }

        public Attack getAttack() {
            return this.attack;
        }

        public Captcha getCaptcha() {
            return this.captcha;
        }
    }

    public WebCastellumFilter() {
        System.out.println(Version.tagLine());
    }

    private static void concatenateParameterMaps(Map map, Map map2) {
        for (Map.Entry entry : map2.entrySet()) {
            String str = (String) entry.getKey();
            String[] strArr = (String[]) entry.getValue();
            if (map.containsKey(str)) {
                strArr = ServerUtils.concatenateArrays(strArr, (String[]) map.get(str));
            }
            map.put(str, strArr);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:416:0x0d0c A[Catch: Exception -> 0x0d1d, TryCatch #10 {Exception -> 0x0d1d, blocks: (B:414:0x0c89, B:416:0x0d0c), top: B:413:0x0c89 }] */
    /* JADX WARN: Removed duplicated region for block: B:459:0x0fe1  */
    /* JADX WARN: Removed duplicated region for block: B:497:0x11f8  */
    /* JADX WARN: Removed duplicated region for block: B:526:0x1336  */
    /* JADX WARN: Removed duplicated region for block: B:542:0x17a2  */
    /* JADX WARN: Removed duplicated region for block: B:550:0x180b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:571:0x18ae  */
    /* JADX WARN: Removed duplicated region for block: B:590:0x1947  */
    /* JADX WARN: Removed duplicated region for block: B:606:0x19b3  */
    /* JADX WARN: Removed duplicated region for block: B:627:0x1ac9 A[Catch: Exception -> 0x1b0b, TryCatch #20 {Exception -> 0x1b0b, blocks: (B:625:0x1a46, B:627:0x1ac9), top: B:624:0x1a46 }] */
    /* JADX WARN: Removed duplicated region for block: B:630:0x1b43  */
    /* JADX WARN: Removed duplicated region for block: B:65:0x025b  */
    /* JADX WARN: Removed duplicated region for block: B:789:0x0d5e A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.webcastellum.WebCastellumFilter.AllowedFlagWithMessage doBeforeProcessing(org.webcastellum.RequestWrapper r34, org.webcastellum.ResponseWrapper r35, org.webcastellum.RequestDetails r36, java.lang.String r37, java.lang.Boolean r38, java.lang.Boolean r39) throws java.io.IOException, javax.servlet.ServletException, org.webcastellum.StopFilterProcessingException, java.security.NoSuchAlgorithmException {
        /*
            Method dump skipped, instructions count: 8710
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.webcastellum.WebCastellumFilter.doBeforeProcessing(org.webcastellum.RequestWrapper, org.webcastellum.ResponseWrapper, org.webcastellum.RequestDetails, java.lang.String, java.lang.Boolean, java.lang.Boolean):org.webcastellum.WebCastellumFilter$AllowedFlagWithMessage");
    }

    private AllowedFlagWithMessage selectboxCheckboxRadiobuttonProtection(HttpSession httpSession, RequestDetails requestDetails, RequestWrapper requestWrapper, ResponseWrapper responseWrapper, Map map, boolean z, boolean z2, String str, boolean z3) throws StopFilterProcessingException, IOException {
        if (!z || map == null || map.isEmpty()) {
            return null;
        }
        String str2 = (String) ServerUtils.getAttributeIncludingInternal(httpSession, str);
        for (Map.Entry entry : map.entrySet()) {
            String str3 = (String) entry.getKey();
            List list = (List) entry.getValue();
            String[] parameterValues = requestWrapper.getParameterValues(str3);
            if (parameterValues != null && parameterValues.length > 0) {
                if (z2) {
                    if (str2 == null && !z3) {
                        if (this.redirectWelcomePage.length() == 0) {
                            return new AllowedFlagWithMessage(false, this.attackHandler.handleAttack(requestWrapper, requestDetails.clientAddress, new StringBuffer().append("Parameter and/or form manipulation (client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("') - and no redirect welcome page configured").toString()));
                        }
                        String stringBuffer = new StringBuffer().append("Client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("'\n\tUnable to locate the random masking prefix in the session.\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                        if (httpSession != null) {
                            try {
                                httpSession.invalidate();
                            } catch (IllegalStateException e) {
                            }
                        }
                        responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                        throw new StopFilterProcessingException(stringBuffer);
                    }
                    String[] strArr = new String[parameterValues.length];
                    for (int i = 0; i < parameterValues.length; i++) {
                        if (str2 != null) {
                            try {
                                if (parameterValues[i].indexOf(str2) == 0) {
                                    parameterValues[i] = parameterValues[i].substring(str2.length());
                                } else if (!z3) {
                                    if (this.redirectWelcomePage.length() == 0) {
                                        return new AllowedFlagWithMessage(false, this.attackHandler.handleAttack(requestWrapper, requestDetails.clientAddress, new StringBuffer().append("Parameter and/or form manipulation (client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("') - and no redirect welcome page configured").toString()));
                                    }
                                    String stringBuffer2 = new StringBuffer().append("Client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("'\n\tUnable to locate the random masking prefix in the submitted identifier.\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                                    if (httpSession != null) {
                                        try {
                                            httpSession.invalidate();
                                        } catch (IllegalStateException e2) {
                                        }
                                    }
                                    responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                                    throw new StopFilterProcessingException(stringBuffer2);
                                }
                            } catch (IndexOutOfBoundsException e3) {
                                if (!z3) {
                                    if (this.redirectWelcomePage.length() == 0) {
                                        return new AllowedFlagWithMessage(false, this.attackHandler.handleAttack(requestWrapper, requestDetails.clientAddress, new StringBuffer().append("Parameter and/or form manipulation (client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("') - and no redirect welcome page configured").toString()));
                                    }
                                    String stringBuffer3 = new StringBuffer().append("Client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("'\n\tThe submitted identifier is out of range of allowed values.\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                                    if (httpSession != null) {
                                        try {
                                            httpSession.invalidate();
                                        } catch (IllegalStateException e4) {
                                            responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                                            throw new StopFilterProcessingException(stringBuffer3);
                                        }
                                    }
                                    responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                                    throw new StopFilterProcessingException(stringBuffer3);
                                }
                                strArr[i] = parameterValues[i];
                            } catch (NumberFormatException e5) {
                                if (!z3) {
                                    if (this.redirectWelcomePage.length() == 0) {
                                        return new AllowedFlagWithMessage(false, this.attackHandler.handleAttack(requestWrapper, requestDetails.clientAddress, new StringBuffer().append("Parameter and/or form manipulation (client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("') - and no redirect welcome page configured").toString()));
                                    }
                                    String stringBuffer4 = new StringBuffer().append("Client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("'\n\tUnable to number-parse the submitted identifier.\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                                    if (httpSession != null) {
                                        try {
                                            httpSession.invalidate();
                                        } catch (IllegalStateException e6) {
                                            responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                                            throw new StopFilterProcessingException(stringBuffer4);
                                        }
                                    }
                                    responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                                    throw new StopFilterProcessingException(stringBuffer4);
                                }
                                strArr[i] = parameterValues[i];
                            }
                        }
                        strArr[i] = (String) list.get(Integer.parseInt(parameterValues[i]));
                    }
                    requestWrapper.setParameter(str3, strArr, true);
                    requestDetails.somethingHasBeenUncovered = true;
                } else if (z3) {
                    continue;
                } else {
                    for (String str4 : parameterValues) {
                        if (!list.contains(str4)) {
                            if (this.redirectWelcomePage.length() == 0) {
                                return new AllowedFlagWithMessage(false, this.attackHandler.handleAttack(requestWrapper, requestDetails.clientAddress, new StringBuffer().append("Parameter and/or form manipulation (client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("') - and no redirect welcome page configured").toString()));
                            }
                            String stringBuffer5 = new StringBuffer().append("Client provided mismatching request parameter value for selectbox/checkbox/radiobutton field '").append(str3).append("'\n\tAllowed: ").append(list).append("\n\tActually received from client: ").append(Arrays.asList(parameterValues)).append("\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                            if (httpSession != null) {
                                try {
                                    httpSession.invalidate();
                                } catch (IllegalStateException e7) {
                                }
                            }
                            responseWrapper.sendRedirectDueToRecentAttack(this.redirectWelcomePage);
                            throw new StopFilterProcessingException(stringBuffer5);
                        }
                    }
                }
            }
        }
        return null;
    }

    private void doAfterProcessing(RequestWrapper requestWrapper, ResponseWrapper responseWrapper) throws IOException, ServletException {
        if (this.debug) {
            logLocal("WebCastellum:doAfterProcessing --- begin");
        }
        int capturedStatus = responseWrapper.getCapturedStatus();
        String determineClientIp = RequestUtils.determineClientIp(requestWrapper, this.clientIpDeterminator);
        if (this.debug) {
            logLocal(new StringBuffer().append("WebCastellum:doAfterProcessing current response status code (up to here): ").append(capturedStatus).toString());
        }
        if (this.honeylinkMaxPerPage > 0 && (capturedStatus == 400 || capturedStatus == 404)) {
            String servletPath = requestWrapper.getServletPath();
            if (servletPath == null) {
                servletPath = requestWrapper.getRequestURI();
            }
            if (HoneylinkUtils.isHoneylinkFilename(servletPath)) {
                this.attackHandler.handleAttack(requestWrapper, determineClientIp, "Potential honeylink accessed");
            }
        }
        this.httpStatusCodeCounter.trackStatusCode(determineClientIp, capturedStatus, requestWrapper);
        String extractContentTypeUpperCased = responseWrapper.extractContentTypeUpperCased();
        if (extractContentTypeUpperCased == null) {
            extractContentTypeUpperCased = "NULL";
        }
        String trim = extractContentTypeUpperCased.trim();
        if (this.antiCacheResponseHeaderInjectionContentTypes != null && this.antiCacheResponseHeaderInjectionContentTypes.size() > 0 && this.antiCacheResponseHeaderInjectionContentTypes.contains(trim)) {
            try {
                if (!responseWrapper.isCommitted()) {
                    responseWrapper.setDateHeader("Expires", -1L);
                    responseWrapper.setHeader("Pragma", "no-cache");
                    responseWrapper.setHeader("Cache-Control", "no-store");
                }
            } catch (RuntimeException e) {
                this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to send anti-cache headers: ").append(e.getMessage()).toString());
            }
        }
        if (this.debug) {
            logLocal("WebCastellum:doAfterProcessing ================================== end");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.totalExcludeDefinitions != null && this.totalExcludeDefinitions.hasEnabledDefinitions() && (servletRequest instanceof HttpServletRequest)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (this.totalExcludeDefinitions.isTotalExclude(httpServletRequest.getServletPath(), httpServletRequest.getRequestURI())) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        if (!this.catchAll) {
            internalDoFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        try {
            internalDoFilter(servletRequest, servletResponse, filterChain);
        } catch (Exception e) {
            logLocal(new StringBuffer().append("Uncaught exception: ").append(e.getClass().getName()).append(": ").append(e.getMessage()).toString());
            try {
                sendUncaughtExceptionResponse((HttpServletResponse) servletResponse, e);
            } catch (Exception e2) {
                logLocal(new StringBuffer().append("Uncaught exception during return of exception message: ").append(e2.getClass().getName()).append(": ").append(e2.getMessage()).toString());
            }
        }
    }

    private void internalDoFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        AllowedFlagWithMessage allowedFlagWithMessage;
        DecodingPermutationDefinition matchingDecodingPermutationDefinition;
        String contentType;
        long currentTimeMillis = System.currentTimeMillis();
        if (Boolean.TRUE.equals(servletRequest.getAttribute(REQUEST_NESTED_FORWARD_CALL))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            if (this.configReloadingIntervalMillis > 0 && System.currentTimeMillis() > this.nextConfigReloadingTime && this.nextConfigReloadingTime > 0) {
                this.nextConfigReloadingTime += this.configReloadingIntervalMillis;
                registerConfigReloadOnNextRequest();
            }
            restartCompletelyWhenRequired();
            try {
                if (this.ruleFileReloadingIntervalMillis > 0 && System.currentTimeMillis() > this.nextRuleReloadingTime && this.nextRuleReloadingTime > 0) {
                    this.nextRuleReloadingTime += this.ruleFileReloadingIntervalMillis;
                    registerRuleReloadOnNextRequest();
                }
                reloadRulesWhenRequired();
                ServletRequest servletRequest2 = (HttpServletRequest) servletRequest;
                if (this.debug) {
                    logLocal(new StringBuffer().append("Original request character encoding: ").append(servletRequest.getCharacterEncoding()).toString());
                }
                if (this.requestCharacterEncoding != null && this.requestCharacterEncoding.length() > 0) {
                    try {
                        servletRequest.setCharacterEncoding(this.requestCharacterEncoding);
                        if (this.debug) {
                            logLocal(new StringBuffer().append("Request character encoding set to: ").append(this.requestCharacterEncoding).toString());
                        }
                    } catch (UnsupportedEncodingException e) {
                        this.attackHandler.handleRegularRequest(servletRequest2, RequestUtils.determineClientIp(servletRequest2, this.clientIpDeterminator));
                        this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Desired stop in filter processing of previously logged request: Unsupported request character encoding configured for WebCastellum: ").append(this.requestCharacterEncoding).toString());
                        sendUnavailableMessage((HttpServletResponse) servletResponse, e);
                        return;
                    }
                }
                String determineClientIp = RequestUtils.determineClientIp(servletRequest2, this.clientIpDeterminator);
                HttpSession session = servletRequest2.getSession(false);
                if (this.attackHandler.shouldBeBlocked(determineClientIp)) {
                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack(new StringBuffer().append("Client is temporarily blocked: ").append(determineClientIp).toString()));
                    return;
                }
                if (this.validateClientAddressFormat && determineClientIp != null && !PATTERN_VALID_CLIENT_ADDRESS.matcher(determineClientIp).find()) {
                    String stringBuffer = new StringBuffer().append("Strange client address (nothing found matching the expected pattern of client address) - not incrementing attack-counter since tracking attacks using strange IP addresses is useless; simply blocking the request: ").append(determineClientIp).toString();
                    this.attackHandler.logWarningRequestMessage(stringBuffer);
                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack(stringBuffer));
                    return;
                }
                String servletPath = servletRequest2.getServletPath();
                String requestURI = servletRequest2.getRequestURI();
                String queryString = servletRequest2.getQueryString();
                if (this.allowedRequestMimeTypesLowerCased != null && !this.allowedRequestMimeTypesLowerCased.isEmpty() && (contentType = servletRequest2.getContentType()) != null) {
                    String str = contentType;
                    int indexOf = contentType.indexOf(59);
                    if (indexOf != -1) {
                        str = contentType.substring(0, indexOf);
                    }
                    if (!this.allowedRequestMimeTypesLowerCased.contains(str.toLowerCase().trim())) {
                        sendDisallowedResponse((HttpServletResponse) servletResponse, this.attackHandler.handleAttack(servletRequest2, determineClientIp, new StringBuffer().append("Mime type of request not allowed (configurable): ").append(contentType).toString()));
                        return;
                    }
                }
                ServletRequest servletRequest3 = null;
                if (servletRequest instanceof MultipartServletRequest) {
                    servletRequest3 = (MultipartServletRequest) servletRequest;
                    servletRequest3.reextractSubmittedUrlValues();
                } else if (this.parseMultipartForms && this.multipartRequestParser.isMultipartRequest(servletRequest2)) {
                    MultipartSizeLimitDefinition multipartSizeLimitDefinition = null;
                    if (this.multipartSizeLimitDefinitions != null && this.multipartSizeLimitDefinitions.hasEnabledDefinitions()) {
                        multipartSizeLimitDefinition = this.multipartSizeLimitDefinitions.getMatchingMultipartSizeLimitDefinition(servletPath, requestURI);
                    }
                    if (!multipartSizeLimitDefinition.isMultipartAllowed()) {
                        sendDisallowedResponse((HttpServletResponse) servletResponse, this.attackHandler.handleAttack(servletRequest2, determineClientIp, "Multipart request not allowed for current resource (see multipart rule file for opening this)"));
                        return;
                    } else {
                        servletRequest3 = new MultipartServletRequest(this.multipartRequestParser, servletRequest2, multipartSizeLimitDefinition, this.bufferFileUploadsToDisk);
                        servletRequest2 = servletRequest3;
                        servletRequest = servletRequest3;
                    }
                }
                if (this.sizeLimitDefinitions != null && this.sizeLimitDefinitions.hasEnabledDefinitions()) {
                    int i = 0;
                    int i2 = 0;
                    int i3 = 0;
                    int i4 = 0;
                    Enumeration headerNames = servletRequest2.getHeaderNames();
                    if (headerNames != null) {
                        while (headerNames.hasMoreElements()) {
                            String str2 = (String) headerNames.nextElement();
                            i++;
                            if (str2 != null) {
                                int length = str2.length();
                                i3 = Math.max(i3, length);
                                i2 += length;
                                Enumeration headers = servletRequest2.getHeaders(str2);
                                if (headers != null) {
                                    while (headers.hasMoreElements()) {
                                        String str3 = (String) headers.nextElement();
                                        if (str3 != null) {
                                            int length2 = str3.length();
                                            i4 = Math.max(i4, length2);
                                            i2 += length2;
                                        }
                                    }
                                } else {
                                    logLocal("Container does not allow to access header information");
                                }
                            }
                        }
                    } else {
                        logLocal("Container does not allow to access header information");
                    }
                    int i5 = 0;
                    int i6 = 0;
                    int i7 = 0;
                    int i8 = 0;
                    Cookie[] cookies = servletRequest2.getCookies();
                    if (cookies != null) {
                        for (Cookie cookie : cookies) {
                            i5++;
                            String comment = cookie.getComment();
                            String domain = cookie.getDomain();
                            String path = cookie.getPath();
                            String name = cookie.getName();
                            String value = cookie.getValue();
                            if (comment != null) {
                                i6 += comment.length();
                            }
                            if (domain != null) {
                                i6 += domain.length();
                            }
                            if (path != null) {
                                i6 += path.length();
                            }
                            if (name != null) {
                                int length3 = name.length();
                                i7 = Math.max(i7, length3);
                                i6 += length3;
                            }
                            if (value != null) {
                                int length4 = value.length();
                                i8 = Math.max(i8, length4);
                                i6 += length4;
                            }
                        }
                    }
                    int i9 = 0;
                    int i10 = 0;
                    int i11 = 0;
                    int i12 = 0;
                    Enumeration parameterNames = servletRequest2.getParameterNames();
                    while (parameterNames.hasMoreElements()) {
                        String str4 = (String) parameterNames.nextElement();
                        i9++;
                        if (str4 != null) {
                            int length5 = str4.length();
                            i11 = Math.max(i11, length5);
                            i10 += length5;
                            String[] parameterValues = servletRequest2.getParameterValues(str4);
                            if (parameterValues != null) {
                                for (String str5 : parameterValues) {
                                    int length6 = str5.length();
                                    i12 = Math.max(i12, length6);
                                    i10 += length6;
                                }
                            }
                        }
                    }
                    if (this.sizeLimitDefinitions.isSizeLimitExceeded(servletPath, requestURI, i, i5, i9, queryString == null ? 0 : queryString.length(), i3, i4, i2, i7, i8, i6, i11, i12, i10)) {
                        this.attackHandler.logWarningRequestMessage("Size limit exceeded by request (therefore not logging details)");
                        sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Size limit exceeded by request (therefore not logging details)"));
                        return;
                    }
                }
                if (this.debug) {
                    logLocal(new StringBuffer().append("doFilter on ").append(servletRequest.getClass().getName()).toString());
                }
                if (this.debug) {
                    logLocal(new StringBuffer().append("... with URL ").append((Object) servletRequest2.getRequestURL()).append(" and query string ").append(queryString).toString());
                }
                if (session != null && this.forcedSessionInvalidationPeriodMinutes > 0) {
                    if (System.currentTimeMillis() > session.getCreationTime() + (this.forcedSessionInvalidationPeriodMinutes * 60 * 1000)) {
                        this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Forced session invalidation: ").append(session.getId()).toString());
                        if (session != null) {
                            try {
                                session.invalidate();
                            } catch (IllegalStateException e2) {
                            }
                        }
                        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                        if (this.redirectWelcomePage.length() == 0) {
                            sendDisallowedResponse(httpServletResponse, new Attack(new StringBuffer().append("Maximum session lifetime exceeded (").append(this.forcedSessionInvalidationPeriodMinutes * 60).append(" seconds) - and no redirect welcome page configured").toString()));
                            return;
                        }
                        String stringBuffer2 = new StringBuffer().append("Maximum session lifetime exceeded (").append(this.forcedSessionInvalidationPeriodMinutes * 60).append(" seconds)\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                        httpServletResponse.sendRedirect(this.redirectWelcomePage);
                        this.attackHandler.handleRegularRequest(servletRequest2, determineClientIp);
                        this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Desired stop in filter processing of previously logged request: ").append(stringBuffer2).toString());
                        return;
                    }
                }
                String str6 = null;
                CryptoKeyAndSalt cryptoKeyAndSalt = null;
                Cipher cipher = null;
                if (this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                    if (session == null) {
                        try {
                            session = servletRequest2.getSession(true);
                        } catch (Exception e3) {
                            this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to define protection content in session: ").append(e3.getMessage()).toString());
                            if (session != null) {
                                try {
                                    session.invalidate();
                                } catch (IllegalStateException e4) {
                                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                                    return;
                                }
                            }
                            sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                            return;
                        }
                    }
                    if (!$assertionsDisabled && session == null) {
                        throw new AssertionError();
                    }
                    str6 = RequestUtils.createOrRetrieveRandomTokenFromSession(session, SESSION_ENCRYPT_QUERY_STRINGS_CRYPTODETECTION_KEY);
                    cipher = CryptoUtils.getCipher();
                    cryptoKeyAndSalt = RequestUtils.createOrRetrieveRandomCryptoKeyFromSession(session, SESSION_ENCRYPT_QUERY_STRINGS_CRYPTOKEY_KEY, this.extraEncryptedValueHashProtection);
                }
                String str7 = null;
                String str8 = null;
                if (this.contentInjectionHelper.isInjectSecretTokenIntoLinks()) {
                    if (session == null) {
                        try {
                            session = servletRequest2.getSession(true);
                        } catch (Exception e5) {
                            this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to define protection content in session: ").append(e5.getMessage()).toString());
                            if (session != null) {
                                try {
                                    session.invalidate();
                                } catch (IllegalStateException e6) {
                                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                                    return;
                                }
                            }
                            sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                            return;
                        }
                    }
                    if (!$assertionsDisabled && session == null) {
                        throw new AssertionError();
                    }
                    str7 = RequestUtils.createOrRetrieveRandomTokenFromSession(session, SESSION_SECRET_RANDOM_TOKEN_KEY_KEY);
                    str8 = RequestUtils.createOrRetrieveRandomTokenFromSession(session, SESSION_SECRET_RANDOM_TOKEN_VALUE_KEY);
                }
                String str9 = null;
                if (this.contentInjectionHelper.isProtectParametersAndForms()) {
                    if (session == null) {
                        try {
                            session = servletRequest2.getSession(true);
                        } catch (Exception e7) {
                            this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to define protection content in session: ").append(e7.getMessage()).toString());
                            if (session != null) {
                                try {
                                    session.invalidate();
                                } catch (IllegalStateException e8) {
                                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                                    return;
                                }
                            }
                            sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack("Unable to define protection content in session"));
                            return;
                        }
                    }
                    if (!$assertionsDisabled && session == null) {
                        throw new AssertionError();
                    }
                    str9 = RequestUtils.createOrRetrieveRandomTokenFromSession(session, SESSION_PARAMETER_AND_FORM_PROTECTION_RANDOM_TOKEN_KEY_KEY);
                }
                if (this.contentInjectionHelper.isEncryptQueryStringInLinks() && str6 != null && cryptoKeyAndSalt != null && servletRequest.getAttribute(REQUEST_ALREADY_DECRYPTED_FLAG) == null) {
                    try {
                        if (this.contentInjectionHelper.isInjectSecretTokenIntoLinks() && str7 != null && servletRequest.getParameter(str7) != null) {
                            throw new ServerAttackException("Additional (unencrypted) secret token parameter provided (potential spoofing)");
                        }
                        if (this.contentInjectionHelper.isProtectParametersAndForms() && str9 != null && servletRequest.getParameter(str9) != null) {
                            throw new ServerAttackException("Additional (unencrypted) parameter-and-form protection token parameter provided (potential spoofing)");
                        }
                        String queryString2 = servletRequest2.getQueryString();
                        String str10 = null;
                        String str11 = null;
                        boolean z = false;
                        Enumeration parameterNames2 = servletRequest2.getParameterNames();
                        while (parameterNames2.hasMoreElements()) {
                            String str12 = (String) parameterNames2.nextElement();
                            if (str12.contains(str6)) {
                                String parameter = servletRequest2.getParameter(str12);
                                if (str11 != null) {
                                    if (!(parameter != null && INTERNAL_TYPE_FORM.equals(parameter))) {
                                        str10 = str12;
                                    } else {
                                        if (str10 != null) {
                                            throw new ServerAttackException(new StringBuffer().append("Multiple (more than the two allowed URL vs. FORM) crypto values provided (potential spoofing): ").append(str12).toString());
                                        }
                                        str10 = str11;
                                    }
                                }
                                if (parameter == null || !(parameter.equals(INTERNAL_TYPE_URL) || parameter.equals(INTERNAL_TYPE_FORM))) {
                                    throw new ServerAttackException(new StringBuffer().append("Missing or wrong value for encrypted name-only parameter provided (potential spoofing): ").append(parameter).toString());
                                }
                                str11 = str12;
                            } else {
                                z = true;
                            }
                        }
                        if (str10 != null) {
                            queryString2 = ServerUtils.removeParameterFromQueryString(queryString2, str10);
                        }
                        if (str11 != null) {
                            boolean z2 = queryString2 != null && queryString2.length() > 0;
                            boolean contains = z2 ? queryString2.contains(str6) : false;
                            StringBuilder sb = new StringBuilder(servletPath);
                            if (z2) {
                                sb.append('?').append(queryString2);
                            }
                            if (!contains) {
                                sb.append(z2 ? '&' : '?').append(str11);
                            }
                            String sb2 = sb.toString();
                            if (!$assertionsDisabled && sb2 == null) {
                                throw new AssertionError();
                            }
                            boolean equalsIgnoreCase = "POST".equalsIgnoreCase(servletRequest2.getMethod());
                            if (!this.contentInjectionHelper.isExtraStrictParameterCheckingForEncryptedLinks()) {
                                z = false;
                            }
                            RequestUtils.DecryptedQuerystring decryptQueryStringInServletPathWithQueryString = RequestUtils.decryptQueryStringInServletPathWithQueryString(servletRequest2.getContextPath(), servletPath, sb2, str6, cryptoKeyAndSalt, requestURI, z, equalsIgnoreCase, this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval || this.additionalMediumResourceRemoval, this.appendQuestionmarkOrAmpersandToLinks);
                            if (decryptQueryStringInServletPathWithQueryString != null) {
                                this.attackHandler.logRegularRequestMessage(new StringBuffer().append("Successfully decrypted request:\n\tEncrypted input: ").append(sb2).append("\n\tDecrypted output without added parameters: ").append(decryptQueryStringInServletPathWithQueryString.decryptedString).toString());
                                if (this.blockMultipartRequestsForNonMultipartForms && servletRequest3 != null && Boolean.FALSE.equals(decryptQueryStringInServletPathWithQueryString.isFormMultipart)) {
                                    throw new ServerAttackException("Multipart encoding used for non-multipart form request");
                                }
                                RequestDispatcher requestDispatcher = servletRequest2.getRequestDispatcher(decryptQueryStringInServletPathWithQueryString.decryptedString);
                                if (servletRequest != null) {
                                    servletRequest.setAttribute(REQUEST_ALREADY_DECRYPTED_FLAG, Boolean.TRUE);
                                    servletRequest.setAttribute(REQUEST_IS_FORM_SUBMIT_FLAG, decryptQueryStringInServletPathWithQueryString.isFormSubmit);
                                    servletRequest.setAttribute(REQUEST_IS_URL_MANIPULATED_FLAG, decryptQueryStringInServletPathWithQueryString.wasManipulated);
                                    servletRequest.removeAttribute(REQUEST_NESTED_FORWARD_CALL);
                                    if (this.requestCharacterEncoding != null && this.requestCharacterEncoding.length() > 0) {
                                        if (isOldJavaEE13) {
                                            servletResponse.setContentType(new StringBuffer().append("text/html; charset=").append(this.requestCharacterEncoding).toString());
                                        } else {
                                            servletResponse.setCharacterEncoding(this.requestCharacterEncoding);
                                        }
                                    }
                                    requestDispatcher.forward(servletRequest, servletResponse);
                                    return;
                                }
                            }
                        }
                    } catch (ServerAttackException e9) {
                        HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
                        if (this.redirectWelcomePage.length() == 0) {
                            sendDisallowedResponse(httpServletResponse2, this.attackHandler.handleAttack(servletRequest2, determineClientIp, new StringBuffer().append("Client provided mismatching crypto values (").append(e9.getMessage()).append(") - and no redirect welcome page configured").toString()));
                            return;
                        }
                        String stringBuffer3 = new StringBuffer().append("Client provided mismatching crypto values (").append(e9.getMessage()).append(")\n\tInstead of letting the request pass we invalidate the session and redirect to the welcome page: ").append(this.redirectWelcomePage).toString();
                        this.attackHandler.handleRegularRequest(servletRequest2, determineClientIp);
                        this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Desired stop in filter processing of previously logged request: ").append(stringBuffer3).toString());
                        if (session != null) {
                            try {
                                session.invalidate();
                            } catch (IllegalStateException e10) {
                                httpServletResponse2.sendRedirect(this.redirectWelcomePage);
                                return;
                            }
                        }
                        httpServletResponse2.sendRedirect(this.redirectWelcomePage);
                        return;
                    }
                }
                byte b = 1;
                if (this.decodingPermutationDefinitions != null && this.decodingPermutationDefinitions.hasEnabledDefinitions() && (matchingDecodingPermutationDefinition = this.decodingPermutationDefinitions.getMatchingDecodingPermutationDefinition(servletPath, requestURI)) != null) {
                    b = matchingDecodingPermutationDefinition.getLevel();
                }
                boolean z3 = (this.whiteListDefinitions.isNonStandardPermutationsAllowed() && this.whiteListDefinitions.hasEnabledDefinitions()) ? true : (this.badRequestDefinitions.isNonStandardPermutationsAllowed() && this.badRequestDefinitions.hasEnabledDefinitions()) ? true : (this.denialOfServiceLimitDefinitions.isNonStandardPermutationsAllowed() && this.denialOfServiceLimitDefinitions.hasEnabledDefinitions()) ? true : (this.entryPointDefinitions.isNonStandardPermutationsAllowed() && this.entryPointDefinitions.hasEnabledDefinitions()) ? true : (this.optimizationHintDefinitions.isNonStandardPermutationsAllowed() && this.optimizationHintDefinitions.hasEnabledDefinitions()) ? true : (this.renewSessionPointDefinitions.isNonStandardPermutationsAllowed() && this.renewSessionPointDefinitions.hasEnabledDefinitions()) ? true : (this.captchaPointDefinitions.isNonStandardPermutationsAllowed() && this.captchaPointDefinitions.hasEnabledDefinitions()) ? true : (this.incomingProtectionExcludeDefinitions.isNonStandardPermutationsAllowed() && this.incomingProtectionExcludeDefinitions.hasEnabledDefinitions()) ? true : this.responseModificationDefinitions.isNonStandardPermutationsAllowed() && this.responseModificationDefinitions.hasEnabledDefinitions();
                RequestDetails requestDetails = new RequestDetails();
                requestDetails.clientAddress = RequestUtils.determineClientIp(servletRequest2, this.clientIpDeterminator);
                requestDetails.agent = servletRequest2.getHeader("user-agent");
                requestDetails.servletPath = servletPath;
                requestDetails.queryString = servletRequest2.getQueryString();
                if (this.isHavingEnabledQueryStringCheckingRules) {
                    requestDetails.queryStringVariants = ServerUtils.permutateVariants(requestDetails.queryString, z3, b);
                }
                requestDetails.requestedSessionId = servletRequest2.getRequestedSessionId();
                requestDetails.sessionCameFromCookie = servletRequest2.isRequestedSessionIdFromCookie();
                requestDetails.sessionCameFromURL = servletRequest2.isRequestedSessionIdFromURL();
                requestDetails.referrer = servletRequest2.getHeader("Referer");
                requestDetails.url = new StringBuffer().append("").append((Object) servletRequest2.getRequestURL()).toString();
                requestDetails.uri = requestURI;
                requestDetails.method = servletRequest2.getMethod();
                requestDetails.protocol = servletRequest2.getProtocol();
                requestDetails.mimeType = servletRequest2.getContentType();
                requestDetails.remoteHost = servletRequest2.getRemoteHost();
                requestDetails.remoteUser = servletRequest2.getRemoteUser();
                requestDetails.headerMap = RequestUtils.createHeaderMap(servletRequest2);
                if (this.isHavingEnabledHeaderCheckingRules) {
                    requestDetails.headerMapVariants = ServerUtils.permutateVariants(requestDetails.headerMap, z3, b);
                }
                requestDetails.cookieMap = RequestUtils.createCookieMap(servletRequest2);
                if (this.isHavingEnabledCookieCheckingRules) {
                    requestDetails.cookieMapVariants = ServerUtils.permutateVariants(requestDetails.cookieMap, z3, b);
                }
                requestDetails.encoding = servletRequest2.getCharacterEncoding();
                requestDetails.contentLength = servletRequest2.getContentLength();
                requestDetails.scheme = servletRequest2.getScheme();
                requestDetails.serverName = servletRequest2.getServerName();
                requestDetails.serverPort = servletRequest2.getServerPort();
                requestDetails.authType = servletRequest2.getAuthType();
                requestDetails.contextPath = servletRequest2.getContextPath();
                requestDetails.pathInfo = servletRequest2.getPathInfo();
                requestDetails.pathTranslated = servletRequest2.getPathTranslated();
                if (this.geoLocatingCache != null && determineClientIp != null) {
                    requestDetails.country = this.geoLocatingCache.getCountryCode(determineClientIp);
                }
                requestDetails.remotePort = 0;
                requestDetails.localPort = 0;
                requestDetails.localAddr = "";
                requestDetails.localName = "";
                if (!isOldJavaEE13) {
                    try {
                        requestDetails.remotePort = servletRequest2.getRemotePort();
                        requestDetails.localPort = servletRequest2.getLocalPort();
                        requestDetails.localAddr = servletRequest2.getLocalAddr();
                        requestDetails.localName = servletRequest2.getLocalName();
                    } catch (NoSuchMethodError e11) {
                        isOldJavaEE13 = true;
                    }
                }
                requestDetails.requestParameterMap = new HashMap(servletRequest2.getParameterMap());
                removeTemporarilyInjectedParametersFromMap(requestDetails.requestParameterMap, servletRequest2.getSession(false), str6);
                if (this.isHavingEnabledRequestParameterCheckingRules) {
                    requestDetails.requestParameterMapVariants = ServerUtils.permutateVariants(requestDetails.requestParameterMap, z3, b);
                }
                requestDetails.nonStandardPermutationsRequired = z3;
                requestDetails.decodingPermutationLevel = b;
                HttpServletRequest requestWrapper = new RequestWrapper(servletRequest2, this.contentInjectionHelper, this.sessionCreationCounter, requestDetails.clientAddress, this.hideInternalSessionAttributes, this.transparentQuerystring, this.transparentForwarding);
                ResponseWrapper responseWrapper = null;
                new AllowedFlagWithMessage(false, new Attack("Disallowed by default"));
                try {
                    if (this.appendQuestionmarkOrAmpersandToLinks) {
                        Enumeration parameterNames3 = requestWrapper.getParameterNames();
                        while (parameterNames3.hasMoreElements()) {
                            String str13 = (String) parameterNames3.nextElement();
                            if (str13 != null && str13.length() > 0 && str13.charAt(0) == '?') {
                                String[] parameterValues2 = requestWrapper.getParameterValues(str13);
                                requestWrapper.removeParameter(str13);
                                requestWrapper.setParameter(str13, parameterValues2, true);
                            }
                        }
                    }
                    ResponseModificationDefinition[] allMatchingResponseModificationDefinitions = this.responseModificationDefinitions.getAllMatchingResponseModificationDefinitions(servletRequest2, requestDetails.servletPath, requestDetails.contextPath, requestDetails.pathInfo, requestDetails.pathTranslated, requestDetails.clientAddress, requestDetails.remoteHost, requestDetails.remotePort, requestDetails.remoteUser, requestDetails.authType, requestDetails.scheme, requestDetails.method, requestDetails.protocol, requestDetails.mimeType, requestDetails.encoding, requestDetails.contentLength, requestDetails.headerMapVariants, requestDetails.url, requestDetails.uri, requestDetails.serverName, requestDetails.serverPort, requestDetails.localAddr, requestDetails.localName, requestDetails.localPort, requestDetails.country, requestDetails.cookieMapVariants, requestDetails.requestedSessionId, requestDetails.queryStringVariants, requestDetails.requestParameterMapVariants, requestDetails.requestParameterMap);
                    ArrayList arrayList = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList2 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList3 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList4 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList5 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList6 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList7 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList8 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList9 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList10 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList11 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList12 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList13 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    ArrayList arrayList14 = new ArrayList(allMatchingResponseModificationDefinitions.length);
                    for (ResponseModificationDefinition responseModificationDefinition : allMatchingResponseModificationDefinitions) {
                        if (responseModificationDefinition.isMatchesScripts()) {
                            arrayList2.add(responseModificationDefinition.getScriptExclusionPattern());
                            arrayList8.add(responseModificationDefinition.getScriptExclusionPrefilter());
                            arrayList3.add(responseModificationDefinition.getUrlExclusionPattern());
                            arrayList9.add(responseModificationDefinition.getUrlExclusionPrefilter());
                            arrayList5.add(responseModificationDefinition.getUrlCapturingPattern());
                            arrayList11.add(responseModificationDefinition.getUrlCapturingPrefilter());
                            arrayList13.add(ServerUtils.convertSimpleToObjectArray(responseModificationDefinition.getCapturingGroupNumbers()));
                        }
                        if (responseModificationDefinition.isMatchesTags()) {
                            arrayList.add(responseModificationDefinition.getTagExclusionPattern());
                            arrayList7.add(responseModificationDefinition.getTagExclusionPrefilter());
                            arrayList4.add(responseModificationDefinition.getUrlExclusionPattern());
                            arrayList10.add(responseModificationDefinition.getUrlExclusionPrefilter());
                            arrayList6.add(responseModificationDefinition.getUrlCapturingPattern());
                            arrayList12.add(responseModificationDefinition.getUrlCapturingPrefilter());
                            arrayList14.add(ServerUtils.convertSimpleToObjectArray(responseModificationDefinition.getCapturingGroupNumbers()));
                        }
                    }
                    responseWrapper = new ResponseWrapper((HttpServletResponse) servletResponse, requestWrapper, this.attackHandler, this.contentInjectionHelper, this.optimizationHintDefinitions.isOptimizationHint(requestWrapper, requestDetails.servletPath, requestDetails.contextPath, requestDetails.pathInfo, requestDetails.pathTranslated, requestDetails.clientAddress, requestDetails.remoteHost, requestDetails.remotePort, requestDetails.remoteUser, requestDetails.authType, requestDetails.scheme, requestDetails.method, requestDetails.protocol, requestDetails.mimeType, requestDetails.encoding, requestDetails.contentLength, requestDetails.headerMapVariants, requestDetails.url, requestDetails.uri, requestDetails.serverName, requestDetails.serverPort, requestDetails.localAddr, requestDetails.localName, requestDetails.localPort, requestDetails.country, requestDetails.cookieMapVariants, requestDetails.requestedSessionId, requestDetails.queryStringVariants, requestDetails.requestParameterMapVariants, requestDetails.requestParameterMap), str6, cipher, cryptoKeyAndSalt, str7, str8, str9, this.blockResponseHeadersWithCRLF, this.blockFutureLastModifiedHeaders, this.blockInvalidLastModifiedHeaders, this.blockNonLocalRedirects, determineClientIp, this.responseBodyModificationContentTypes, (WordDictionary[]) arrayList8.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList2), (WordDictionary[]) arrayList7.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList), (WordDictionary[]) arrayList9.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList3), (WordDictionary[]) arrayList10.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList4), (WordDictionary[]) arrayList11.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList5), (WordDictionary[]) arrayList12.toArray(new WordDictionary[0]), ServerUtils.convertListOfPatternToArrayOfMatcher(arrayList6), ServerUtils.convertArrayIntegerListTo2DimIntArray(arrayList13), ServerUtils.convertArrayIntegerListTo2DimIntArray(arrayList14), this.useFullPathForResourceToBeAccessedProtection, this.additionalFullResourceRemoval, this.additionalMediumResourceRemoval, this.maskAmpersandsInLinkAdditions, this.hiddenFormFieldProtection, this.selectboxProtection, this.checkboxProtection, this.radiobuttonProtection, this.selectboxValueMasking, this.checkboxValueMasking, this.radiobuttonValueMasking, this.appendQuestionmarkOrAmpersandToLinks, this.appendSessionIdToLinks, this.reuseSessionContent, this.honeylinkPrefix, this.honeylinkSuffix, this.honeylinkMaxPerPage, this.randomizeHoneylinksOnEveryRequest, this.pdfXssProtection, this.applySetAfterWrite);
                    allowedFlagWithMessage = doBeforeProcessing(requestWrapper, responseWrapper, requestDetails, str6, (Boolean) servletRequest.getAttribute(REQUEST_IS_FORM_SUBMIT_FLAG), (Boolean) servletRequest.getAttribute(REQUEST_IS_URL_MANIPULATED_FLAG));
                } catch (StopFilterProcessingException e12) {
                    this.attackHandler.handleRegularRequest(servletRequest2, determineClientIp);
                    this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Desired stop in filter processing of previously logged request: ").append(e12.getMessage()).toString());
                    return;
                } catch (Exception e13) {
                    String stringBuffer4 = new StringBuffer().append("Exception (").append(e13.getMessage()).append(") while checking request (therefore disallowing it by default)").toString();
                    allowedFlagWithMessage = new AllowedFlagWithMessage(false, new Attack(stringBuffer4));
                    if (!(e13 instanceof ServerAttackException)) {
                        System.err.println(stringBuffer4);
                        e13.printStackTrace();
                    }
                    this.attackHandler.logWarningRequestMessage(stringBuffer4);
                }
                if (!allowedFlagWithMessage.isAllowed()) {
                    if (allowedFlagWithMessage.getAttack() != null) {
                        sendDisallowedResponse((HttpServletResponse) servletResponse, allowedFlagWithMessage.getAttack());
                        return;
                    }
                    return;
                }
                if (!$assertionsDisabled && responseWrapper == null) {
                    throw new AssertionError();
                }
                ServletException servletException = null;
                boolean z4 = false;
                try {
                    try {
                        removeTemporarilyInjectedParametersFromRequest(requestWrapper, str6);
                        requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(true);
                        requestWrapper.setApplyUnsecureParameterValueChecks(true);
                        requestWrapper.setAttribute(REQUEST_NESTED_FORWARD_CALL, Boolean.TRUE);
                        requestWrapper.removeParameter(CAPTCHA_VALUE);
                        if (!this.presentMultipartFormParametersAsRegularParametersToApplication && servletRequest3 != null) {
                            servletRequest3.setHideMultipartFormParametersSinceWeAreWithingApplicationAccess(true);
                        }
                        if (this.showTimings) {
                            logLocal(new StringBuffer().append("Duration for pre-processing of request: ").append(System.currentTimeMillis() - currentTimeMillis).append(" ms").toString());
                        }
                        filterChain.doFilter(requestWrapper, responseWrapper);
                        if (responseWrapper.getCapturedStatus() < 400) {
                            this.attackHandler.handleLearningModeRequestAggregation(requestWrapper);
                        }
                        requestWrapper.removeAttribute(REQUEST_NESTED_FORWARD_CALL);
                        requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(false);
                        requestWrapper.setApplyUnsecureParameterValueChecks(false);
                        if (!this.presentMultipartFormParametersAsRegularParametersToApplication && servletRequest3 != null) {
                            servletRequest3.setHideMultipartFormParametersSinceWeAreWithingApplicationAccess(false);
                            servletRequest3.clear();
                        }
                    } catch (Throwable th) {
                        requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(false);
                        requestWrapper.setApplyUnsecureParameterValueChecks(false);
                        if (!this.presentMultipartFormParametersAsRegularParametersToApplication && servletRequest3 != null) {
                            servletRequest3.setHideMultipartFormParametersSinceWeAreWithingApplicationAccess(false);
                            servletRequest3.clear();
                        }
                        throw th;
                    }
                } catch (ServerAttackException e14) {
                    z4 = true;
                    if (this.debug) {
                        e14.printStackTrace();
                    }
                    requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(false);
                    sendDisallowedResponse((HttpServletResponse) servletResponse, new Attack(e14.getMessage()));
                    requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(false);
                    requestWrapper.setApplyUnsecureParameterValueChecks(false);
                    if (!this.presentMultipartFormParametersAsRegularParametersToApplication && servletRequest3 != null) {
                        servletRequest3.setHideMultipartFormParametersSinceWeAreWithingApplicationAccess(false);
                        servletRequest3.clear();
                    }
                } catch (Throwable th2) {
                    servletException = th2;
                    th2.printStackTrace();
                    requestWrapper.setTransferProtectiveSessionContentToNewSessionsDefinedByApplication(false);
                    requestWrapper.setApplyUnsecureParameterValueChecks(false);
                    if (!this.presentMultipartFormParametersAsRegularParametersToApplication && servletRequest3 != null) {
                        servletRequest3.setHideMultipartFormParametersSinceWeAreWithingApplicationAccess(false);
                        servletRequest3.clear();
                    }
                }
                long currentTimeMillis2 = System.currentTimeMillis();
                if (!z4) {
                    doAfterProcessing(requestWrapper, responseWrapper);
                }
                if (this.showTimings) {
                    logLocal(new StringBuffer().append("Duration for post-processing of response: ").append(System.currentTimeMillis() - currentTimeMillis2).append(" ms").toString());
                }
                if (servletRequest3 != null) {
                    servletRequest3.clear();
                }
                if (servletException == null) {
                    if (this.flushResponse) {
                        responseWrapper.flushBuffer();
                    }
                } else {
                    if (servletException instanceof ServletException) {
                        throw servletException;
                    }
                    if (servletException instanceof IOException) {
                        throw ((IOException) servletException);
                    }
                    if (servletException instanceof RuntimeException) {
                        throw ((RuntimeException) servletException);
                    }
                    sendProcessingError(servletException, (HttpServletResponse) servletResponse);
                }
            } catch (Exception e15) {
                sendUnavailableMessage((HttpServletResponse) servletResponse, e15);
            }
        } catch (Exception e16) {
            sendUnavailableMessage((HttpServletResponse) servletResponse, e16);
        }
    }

    public void registerRuleReloadOnNextRequest() {
        this.reloadRulesOnNextRequest = true;
    }

    private void reloadRulesWhenRequired() throws RuleLoadingException {
        if (this.reloadRulesOnNextRequest) {
            ArrayList arrayList = null;
            synchronized (this.mutex_reloadRulesOnNextRequest) {
                if (this.reloadRulesOnNextRequest) {
                    try {
                        this.isHavingEnabledQueryStringCheckingRules = false;
                        this.isHavingEnabledRequestParameterCheckingRules = false;
                        this.isHavingEnabledHeaderCheckingRules = false;
                        this.isHavingEnabledCookieCheckingRules = false;
                        arrayList = new ArrayList();
                        if (this.whiteListDefinitions != null) {
                            arrayList.add(this.whiteListDefinitions.parseDefinitions());
                            if (this.whiteListDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.whiteListDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.whiteListDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.whiteListDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.badRequestDefinitions != null) {
                            arrayList.add(this.badRequestDefinitions.parseDefinitions());
                            if (this.badRequestDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.badRequestDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.badRequestDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.badRequestDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.denialOfServiceLimitDefinitions != null) {
                            arrayList.add(this.denialOfServiceLimitDefinitions.parseDefinitions());
                            if (this.denialOfServiceLimitDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.denialOfServiceLimitDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.denialOfServiceLimitDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.denialOfServiceLimitDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.entryPointDefinitions != null) {
                            arrayList.add(this.entryPointDefinitions.parseDefinitions());
                            if (this.entryPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.entryPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.entryPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.entryPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.optimizationHintDefinitions != null) {
                            arrayList.add(this.optimizationHintDefinitions.parseDefinitions());
                            if (this.optimizationHintDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.optimizationHintDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.optimizationHintDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.optimizationHintDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.renewSessionPointDefinitions != null) {
                            arrayList.add(this.renewSessionPointDefinitions.parseDefinitions());
                            if (this.renewSessionPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.renewSessionPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.renewSessionPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.renewSessionPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.captchaPointDefinitions != null) {
                            arrayList.add(this.captchaPointDefinitions.parseDefinitions());
                            if (this.captchaPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.captchaPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.captchaPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.captchaPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.incomingProtectionExcludeDefinitions != null) {
                            arrayList.add(this.incomingProtectionExcludeDefinitions.parseDefinitions());
                            if (this.incomingProtectionExcludeDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.incomingProtectionExcludeDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.incomingProtectionExcludeDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.incomingProtectionExcludeDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.responseModificationDefinitions != null) {
                            arrayList.add(this.responseModificationDefinitions.parseDefinitions());
                            if (this.responseModificationDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                this.isHavingEnabledQueryStringCheckingRules = true;
                            }
                            if (this.responseModificationDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                this.isHavingEnabledRequestParameterCheckingRules = true;
                            }
                            if (this.responseModificationDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                this.isHavingEnabledHeaderCheckingRules = true;
                            }
                            if (this.responseModificationDefinitions.isHavingEnabledCookieCheckingRules()) {
                                this.isHavingEnabledCookieCheckingRules = true;
                            }
                        }
                        if (this.totalExcludeDefinitions != null) {
                            arrayList.add(this.totalExcludeDefinitions.parseDefinitions());
                        }
                        if (this.contentModificationExcludeDefinitions != null) {
                            arrayList.add(this.contentModificationExcludeDefinitions.parseDefinitions());
                        }
                        if (this.sizeLimitDefinitions != null) {
                            arrayList.add(this.sizeLimitDefinitions.parseDefinitions());
                        }
                        if (this.multipartSizeLimitDefinitions != null) {
                            arrayList.add(this.multipartSizeLimitDefinitions.parseDefinitions());
                        }
                        if (this.decodingPermutationDefinitions != null) {
                            arrayList.add(this.decodingPermutationDefinitions.parseDefinitions());
                        }
                        if (this.formFieldMaskingExcludeDefinitions != null) {
                            arrayList.add(this.formFieldMaskingExcludeDefinitions.parseDefinitions());
                        }
                        this.reloadRulesOnNextRequest = false;
                    } catch (RuntimeException e) {
                        this.reloadRulesOnNextRequest = true;
                        logLocal("Unable to (re)load security rules", e);
                        throw e;
                    } catch (RuleLoadingException e2) {
                        this.reloadRulesOnNextRequest = true;
                        logLocal("Unable to (re)load security rules", e2);
                        throw e2;
                    }
                }
            }
            if (arrayList == null || arrayList.isEmpty()) {
                return;
            }
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                logLocal((String) it.next());
            }
        }
    }

    public void registerConfigReloadOnNextRequest() {
        this.restartCompletelyOnNextRequest = true;
    }

    private void restartCompletelyWhenRequired() throws UnavailableException {
        if (this.restartCompletelyOnNextRequest) {
            synchronized (this.mutex_restartCompletelyWhenRequired) {
                if (this.restartCompletelyOnNextRequest) {
                    try {
                        checkRequirementsAndInitialize();
                        this.restartCompletelyOnNextRequest = false;
                        logLocal("Initialized protection layer");
                    } catch (UnavailableException e) {
                        this.restartCompletelyOnNextRequest = true;
                        try {
                            destroy();
                        } catch (Exception e2) {
                            e2.printStackTrace();
                        }
                        e.printStackTrace();
                        throw e;
                    } catch (RuntimeException e3) {
                        this.restartCompletelyOnNextRequest = true;
                        try {
                            destroy();
                        } catch (Exception e4) {
                            e4.printStackTrace();
                        }
                        e3.printStackTrace();
                        throw e3;
                    }
                }
            }
        }
    }

    public void destroy() {
        if (this.httpStatusCodeCounter != null) {
            try {
                this.httpStatusCodeCounter.destroy();
            } catch (Exception e) {
                logLocal(new StringBuffer().append("Exception during destroy: ").append(e).toString());
            }
        }
        if (this.sessionCreationCounter != null) {
            try {
                this.sessionCreationCounter.destroy();
            } catch (Exception e2) {
                logLocal(new StringBuffer().append("Exception during destroy: ").append(e2).toString());
            }
        }
        if (this.denialOfServiceLimitCounter != null) {
            try {
                this.denialOfServiceLimitCounter.destroy();
            } catch (Exception e3) {
                logLocal(new StringBuffer().append("Exception during destroy: ").append(e3).toString());
            }
        }
        if (this.attackHandler != null) {
            try {
                this.attackHandler.destroy();
            } catch (Exception e4) {
                logLocal(new StringBuffer().append("Exception during destroy: ").append(e4).toString());
            }
        }
        if (this.geoLocatingCache != null) {
            try {
                this.geoLocatingCache.destroy();
            } catch (Exception e5) {
                logLocal(new StringBuffer().append("Exception during destroy: ").append(e5).toString());
            }
        }
        if (this.jmsUsed) {
            try {
                JmsUtils.closeQuietly(true);
            } catch (Exception e6) {
                logLocal("JMS utility not destroyed", e6);
            }
        }
        this.restartCompletelyOnNextRequest = true;
    }

    public void init(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
        try {
            restartCompletelyWhenRequired();
        } catch (Exception e) {
            logLocal("Unable to initialize security filter", e);
        }
    }

    /* JADX WARN: Finally extract failed */
    private void checkRequirementsAndInitialize() throws UnavailableException {
        Class cls;
        Class cls2;
        Class cls3;
        Class cls4;
        Class cls5;
        Class cls6;
        if (this.filterConfig == null) {
            throw new IllegalStateException("Filter mit be initialized via web container before 'init()' this method may be called");
        }
        try {
            destroy();
        } catch (RuntimeException e) {
            logLocal("Unable to destroy configuration during (re-)initialization", e);
        }
        try {
            ConfigurationManager configurationManager = new ConfigurationManager(this.filterConfig);
            logLocal(new StringBuffer().append("ConfigurationManager: ").append(configurationManager).toString());
            if (!$assertionsDisabled && configurationManager == null) {
                throw new AssertionError();
            }
            String configurationValue = configurationManager.getConfigurationValue(PARAM_PROD_CONFIG_MISSING_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
            if (configurationValue == null) {
                configurationValue = "503";
            }
            try {
                this.productionConfigurationMissingReplyStatusCode = Integer.parseInt(configurationValue.trim());
            } catch (NumberFormatException e2) {
                if (class$org$webcastellum$WebCastellumFilter == null) {
                    cls = class$("org.webcastellum.WebCastellumFilter");
                    class$org$webcastellum$WebCastellumFilter = cls;
                } else {
                    cls = class$org$webcastellum$WebCastellumFilter;
                }
                InputStream resourceAsStream = cls.getClassLoader().getResourceAsStream(configurationValue);
                if (resourceAsStream == null) {
                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to missing configuration (in production mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue).toString());
                }
                BufferedReader bufferedReader = null;
                try {
                    try {
                        bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
                        StringBuilder sb = new StringBuilder();
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            } else {
                                sb.append(readLine).append("\n");
                            }
                        }
                        this.productionConfigurationMissingReplyMessage = sb.toString().trim();
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e3) {
                            }
                        }
                    } catch (Throwable th) {
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e4) {
                            }
                        }
                        throw th;
                    }
                } catch (Exception e5) {
                    throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue).toString());
                }
            }
            if (this.productionConfigurationMissingReplyStatusCode < 0) {
                throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to missing configuration (in production mode) must not be negative: ").append(configurationValue).toString());
            }
            String configurationValue2 = configurationManager.getConfigurationValue(PARAM_DEV_CONFIG_MISSING_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
            if (configurationValue2 == null) {
                configurationValue2 = "org/webcastellum/missing.html";
            }
            try {
                this.developmentConfigurationMissingReplyStatusCode = Integer.parseInt(configurationValue2.trim());
            } catch (NumberFormatException e6) {
                if (class$org$webcastellum$WebCastellumFilter == null) {
                    cls2 = class$("org.webcastellum.WebCastellumFilter");
                    class$org$webcastellum$WebCastellumFilter = cls2;
                } else {
                    cls2 = class$org$webcastellum$WebCastellumFilter;
                }
                InputStream resourceAsStream2 = cls2.getClassLoader().getResourceAsStream(configurationValue2);
                if (resourceAsStream2 == null) {
                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to missing configuration (in development mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue2).toString());
                }
                BufferedReader bufferedReader2 = null;
                try {
                    try {
                        bufferedReader2 = new BufferedReader(new InputStreamReader(resourceAsStream2));
                        StringBuilder sb2 = new StringBuilder();
                        while (true) {
                            String readLine2 = bufferedReader2.readLine();
                            if (readLine2 == null) {
                                break;
                            } else {
                                sb2.append(readLine2).append("\n");
                            }
                        }
                        this.developmentConfigurationMissingReplyMessage = sb2.toString().trim();
                        if (bufferedReader2 != null) {
                            try {
                                bufferedReader2.close();
                            } catch (IOException e7) {
                            }
                        }
                    } catch (Exception e8) {
                        throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue2).toString());
                    }
                } finally {
                    if (bufferedReader2 != null) {
                        try {
                            bufferedReader2.close();
                        } catch (IOException e9) {
                        }
                    }
                }
            }
            if (this.developmentConfigurationMissingReplyStatusCode < 0) {
                throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to missing configuration (in development mode) must not be negative: ").append(configurationValue2).toString());
            }
            this.isHavingEnabledQueryStringCheckingRules = false;
            this.isHavingEnabledRequestParameterCheckingRules = false;
            this.isHavingEnabledHeaderCheckingRules = false;
            this.isHavingEnabledCookieCheckingRules = false;
            String configurationValue3 = configurationManager.getConfigurationValue(PARAM_DEBUG);
            if (configurationValue3 == null) {
                configurationValue3 = "false";
            }
            this.debug = "true".equals(configurationValue3.trim().toLowerCase());
            String configurationValue4 = configurationManager.getConfigurationValue(PARAM_SHOW_TIMINGS);
            if (configurationValue4 == null) {
                configurationValue4 = "false";
            }
            this.showTimings = "true".equals(configurationValue4.trim().toLowerCase());
            String configurationValue5 = configurationManager.getConfigurationValue(PARAM_REDIRECT_WELCOME_PAGE);
            if (configurationValue5 == null) {
                configurationValue5 = "";
            }
            this.redirectWelcomePage = configurationValue5.trim();
            if (this.debug) {
                logLocal(new StringBuffer().append("Redirect welcome page: ").append(this.redirectWelcomePage).toString());
            }
            String configurationValue6 = configurationManager.getConfigurationValue(PARAM_CHARACTER_ENCODING);
            if (configurationValue6 == null) {
                configurationValue6 = configurationManager.getConfigurationValue(LEGACY_PARAM_CHARACTER_ENCODING);
            }
            if (configurationValue6 == null) {
                configurationValue6 = DEFAULT_CHARACTER_ENCODING;
            }
            this.requestCharacterEncoding = configurationValue6.trim();
            if (this.debug) {
                logLocal(new StringBuffer().append("Request character encoding: ").append(this.requestCharacterEncoding).toString());
            }
            String configurationValue7 = configurationManager.getConfigurationValue(PARAM_LOG_SESSION_VALUES_ON_ATTACK);
            if (configurationValue7 == null) {
                configurationValue7 = "false";
            }
            this.logSessionValuesOnAttack = "true".equals(configurationValue7.trim().toLowerCase());
            String configurationValue8 = configurationManager.getConfigurationValue(PARAM_LEARNING_MODE_AGGREGATION_DIRECTORY);
            if (configurationValue8 == null) {
                configurationValue8 = "";
            }
            this.learningModeAggregationDirectory = configurationValue8.trim();
            if (this.debug) {
                logLocal(new StringBuffer().append("Learning mode aggregation directory: ").append(this.learningModeAggregationDirectory).toString());
            }
            String configurationValue9 = configurationManager.getConfigurationValue(PARAM_APPLICATION_NAME);
            if (configurationValue9 == null) {
                configurationValue9 = "DEFAULT";
            }
            this.applicationName = configurationValue9.trim();
            if (this.debug) {
                logLocal(new StringBuffer().append("Application name: ").append(this.applicationName).toString());
            }
            String configurationValue10 = configurationManager.getConfigurationValue(PARAM_RULE_LOADER);
            if (configurationValue10 == null) {
                configurationValue10 = configurationManager.getConfigurationValue(LEGACY_PARAM_RULE_FILE_LOADER);
            }
            if (configurationValue10 == null) {
                configurationValue10 = "org.webcastellum.ClasspathZipRuleFileLoader";
            }
            String trim = configurationValue10.trim();
            if (trim.length() == 0) {
                throw new UnavailableException("Filter init-param is empty: RuleLoader");
            }
            try {
                this.ruleFileLoaderClass = Class.forName(trim);
                if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                    throw new AssertionError();
                }
                String configurationValue11 = configurationManager.getConfigurationValue(PARAM_CAPTCHA_GENERATOR);
                if (configurationValue11 == null) {
                    configurationValue11 = "org.webcastellum.DefaultCaptchaGenerator";
                }
                String trim2 = configurationValue11.trim();
                if (trim2.length() == 0) {
                    throw new UnavailableException("Filter init-param is empty: CaptchaGenerator");
                }
                try {
                    this.captchaGenerator = (CaptchaGenerator) Class.forName(trim2).newInstance();
                    this.captchaGenerator.setFilterConfig(this.filterConfig);
                    if (!$assertionsDisabled && this.captchaGenerator == null) {
                        throw new AssertionError();
                    }
                    String configurationValue12 = configurationManager.getConfigurationValue(PARAM_PRODUCTION_MODE_CHECKER);
                    if (configurationValue12 == null) {
                        configurationValue12 = "org.webcastellum.DefaultProductionModeChecker";
                    }
                    String trim3 = configurationValue12.trim();
                    if (trim3.length() == 0) {
                        throw new UnavailableException("Filter init-param is empty: ProductionModeChecker");
                    }
                    try {
                        this.productionModeCheckerClass = Class.forName(trim3);
                        try {
                            if (!$assertionsDisabled && this.productionModeCheckerClass == null) {
                                throw new AssertionError();
                            }
                            ProductionModeChecker productionModeChecker = (ProductionModeChecker) this.productionModeCheckerClass.newInstance();
                            productionModeChecker.setFilterConfig(this.filterConfig);
                            this.isProductionMode = productionModeChecker.isProductionMode();
                            System.out.println(new StringBuffer().append("WebCastellum is ").append(this.isProductionMode ? "" : "NOT ").append("set into production mode for application ").append(this.applicationName).toString());
                            String configurationValue13 = configurationManager.getConfigurationValue(PARAM_CLIENT_IP_DETERMINATOR);
                            if (configurationValue13 == null) {
                                configurationValue13 = "org.webcastellum.DefaultClientIpDeterminator";
                            }
                            String trim4 = configurationValue13.trim();
                            if (trim4.length() == 0) {
                                throw new UnavailableException("Filter init-param is empty: ClientIpDeterminator");
                            }
                            try {
                                this.clientIpDeterminatorClass = Class.forName(trim4);
                                try {
                                    if (!$assertionsDisabled && this.clientIpDeterminatorClass == null) {
                                        throw new AssertionError();
                                    }
                                    this.clientIpDeterminator = (ClientIpDeterminator) this.clientIpDeterminatorClass.newInstance();
                                    this.clientIpDeterminator.setFilterConfig(this.filterConfig);
                                    String configurationValue14 = configurationManager.getConfigurationValue(PARAM_MULTIPART_REQUEST_PARSER);
                                    if (configurationValue14 == null) {
                                        configurationValue14 = "org.webcastellum.DefaultMultipartRequestParser";
                                    }
                                    String trim5 = configurationValue14.trim();
                                    if (trim5.length() == 0) {
                                        throw new UnavailableException("Filter init-param is empty: MultipartRequestParser");
                                    }
                                    try {
                                        this.multipartRequestParserClass = Class.forName(trim5);
                                        try {
                                            if (!$assertionsDisabled && this.multipartRequestParserClass == null) {
                                                throw new AssertionError();
                                            }
                                            this.multipartRequestParser = (MultipartRequestParser) this.multipartRequestParserClass.newInstance();
                                            this.multipartRequestParser.setFilterConfig(this.filterConfig);
                                            String configurationValue15 = configurationManager.getConfigurationValue(PARAM_FAILED_CAPTCHA_PER_SESSION_ATTACK_THRESHOLD);
                                            if (configurationValue15 == null) {
                                                configurationValue15 = "30";
                                            }
                                            try {
                                                this.failedCaptchaPerSessionAttackThreshold = Integer.parseInt(configurationValue15.trim());
                                                if (this.failedCaptchaPerSessionAttackThreshold < 0) {
                                                    throw new UnavailableException(new StringBuffer().append("Configured failed captcha per session attack threshold must not be negative: ").append(configurationValue15).toString());
                                                }
                                                if (this.debug) {
                                                    logLocal(new StringBuffer().append("Failed captcha per session attack threshold: ").append(this.failedCaptchaPerSessionAttackThreshold).toString());
                                                }
                                                String configurationValue16 = configurationManager.getConfigurationValue(PARAM_CLUSTER_BROADCAST_PERIOD);
                                                if (configurationValue16 == null) {
                                                    configurationValue16 = "60";
                                                }
                                                try {
                                                    this.clusterBroadcastPeriod = Integer.parseInt(configurationValue16.trim());
                                                    if (this.clusterBroadcastPeriod < 0) {
                                                        throw new UnavailableException(new StringBuffer().append("Configured cluster JMS broadcast period must not be negative: ").append(configurationValue16).toString());
                                                    }
                                                    if (this.debug) {
                                                        logLocal(new StringBuffer().append("Cluster JMS broadcast period: ").append(this.clusterBroadcastPeriod).toString());
                                                    }
                                                    String configurationValue17 = configurationManager.getConfigurationValue(PARAM_CLUSTER_INITIAL_CONTEXT_FACTORY);
                                                    if (configurationValue17 == null) {
                                                        configurationValue17 = "";
                                                    }
                                                    this.clusterInitialContextFactory = configurationValue17.trim();
                                                    if (this.debug) {
                                                        logLocal(new StringBuffer().append("Cluster initial context factory: ").append(configurationValue17).toString());
                                                    }
                                                    String configurationValue18 = configurationManager.getConfigurationValue(PARAM_CLUSTER_JMS_PROVIDER_URL);
                                                    if (configurationValue18 == null) {
                                                        configurationValue18 = "";
                                                    }
                                                    this.clusterJmsProviderUrl = configurationValue18.trim();
                                                    if (this.debug) {
                                                        logLocal(new StringBuffer().append("Cluster JMS provider URL: ").append(configurationValue18).toString());
                                                    }
                                                    String configurationValue19 = configurationManager.getConfigurationValue(PARAM_CLUSTER_JMS_CONNECTION_FACTORY);
                                                    if (configurationValue19 == null) {
                                                        configurationValue19 = "";
                                                    }
                                                    this.clusterJmsConnectionFactory = configurationValue19.trim();
                                                    if (this.debug) {
                                                        logLocal(new StringBuffer().append("Cluster JMS connection factory: ").append(configurationValue19).toString());
                                                    }
                                                    String configurationValue20 = configurationManager.getConfigurationValue(PARAM_CLUSTER_JMS_TOPIC);
                                                    if (configurationValue20 == null) {
                                                        configurationValue20 = "";
                                                    }
                                                    this.clusterJmsTopic = configurationValue20.trim();
                                                    if (this.debug) {
                                                        logLocal(new StringBuffer().append("Cluster JMS topic: ").append(configurationValue20).toString());
                                                    }
                                                    String configurationValue21 = configurationManager.getConfigurationValue(PARAM_HOUSEKEEPING_INTERVAL);
                                                    if (configurationValue21 == null) {
                                                        configurationValue21 = "15";
                                                    }
                                                    try {
                                                        this.housekeepingIntervalMinutes = Integer.parseInt(configurationValue21.trim());
                                                        if (this.debug) {
                                                            logLocal(new StringBuffer().append("Housekeeping interval minutes: ").append(this.housekeepingIntervalMinutes).toString());
                                                        }
                                                        String configurationValue22 = configurationManager.getConfigurationValue(PARAM_RULE_RELOADING_INTERVAL);
                                                        if (configurationValue22 == null) {
                                                            configurationValue22 = configurationManager.getConfigurationValue(LEGACY_PARAM_RULE_FILE_RELOADING_INTERVAL);
                                                        }
                                                        if (configurationValue22 == null) {
                                                            configurationValue22 = INTERNAL_TYPE_URL;
                                                        }
                                                        try {
                                                            this.ruleFileReloadingIntervalMillis = Integer.parseInt(configurationValue22.trim()) * 60 * 1000;
                                                            if (this.ruleFileReloadingIntervalMillis > 0) {
                                                                this.nextRuleReloadingTime = System.currentTimeMillis() + this.ruleFileReloadingIntervalMillis;
                                                            }
                                                            if (this.debug) {
                                                                logLocal(new StringBuffer().append("Rule reloading interval minutes: ").append(configurationValue22).toString());
                                                            }
                                                            String configurationValue23 = configurationManager.getConfigurationValue(PARAM_CONFIG_RELOADING_INTERVAL);
                                                            if (configurationValue23 == null) {
                                                                configurationValue23 = INTERNAL_TYPE_URL;
                                                            }
                                                            try {
                                                                this.configReloadingIntervalMillis = Integer.parseInt(configurationValue23.trim()) * 60 * 1000;
                                                                if (this.configReloadingIntervalMillis > 0) {
                                                                    this.nextConfigReloadingTime = System.currentTimeMillis() + this.configReloadingIntervalMillis;
                                                                }
                                                                if (this.debug) {
                                                                    logLocal(new StringBuffer().append("Config reloading interval minutes: ").append(configurationValue23).toString());
                                                                }
                                                                String configurationValue24 = configurationManager.getConfigurationValue(PARAM_BLOCK_ATTACKING_CLIENTS_DURATION);
                                                                if (configurationValue24 == null) {
                                                                    configurationValue24 = "20";
                                                                }
                                                                try {
                                                                    this.blockPeriodMinutes = Integer.parseInt(configurationValue24.trim());
                                                                    if (this.debug) {
                                                                        logLocal(new StringBuffer().append("Block period minutes: ").append(this.blockPeriodMinutes).toString());
                                                                    }
                                                                    String configurationValue25 = configurationManager.getConfigurationValue(PARAM_RESET_PERIOD_ATTACK);
                                                                    if (configurationValue25 == null) {
                                                                        configurationValue25 = "10";
                                                                    }
                                                                    try {
                                                                        this.resetPeriodMinutesAttack = Integer.parseInt(configurationValue25.trim());
                                                                        if (this.debug) {
                                                                            logLocal(new StringBuffer().append("Reset period minutes (attack): ").append(configurationValue25).toString());
                                                                        }
                                                                        String configurationValue26 = configurationManager.getConfigurationValue(PARAM_RESET_PERIOD_SESSION_CREATION);
                                                                        if (configurationValue26 == null) {
                                                                            configurationValue26 = "5";
                                                                        }
                                                                        try {
                                                                            this.resetPeriodMinutesSessionCreation = Integer.parseInt(configurationValue26.trim());
                                                                            if (this.debug) {
                                                                                logLocal(new StringBuffer().append("Reset period minutes (session creation): ").append(configurationValue26).toString());
                                                                            }
                                                                            String configurationValue27 = configurationManager.getConfigurationValue(PARAM_RESET_PERIOD_BAD_RESPONSE_CODE);
                                                                            if (configurationValue27 == null) {
                                                                                configurationValue27 = "2";
                                                                            }
                                                                            try {
                                                                                this.resetPeriodMinutesBadResponseCode = Integer.parseInt(configurationValue27.trim());
                                                                                if (this.debug) {
                                                                                    logLocal(new StringBuffer().append("Reset period minutes (bad response code): ").append(configurationValue27).toString());
                                                                                }
                                                                                String configurationValue28 = configurationManager.getConfigurationValue(PARAM_RESET_PERIOD_REDIRECT_THRESHOLD);
                                                                                if (configurationValue28 == null) {
                                                                                    configurationValue28 = "2";
                                                                                }
                                                                                try {
                                                                                    this.resetPeriodMinutesRedirectThreshold = Integer.parseInt(configurationValue28.trim());
                                                                                    if (this.debug) {
                                                                                        logLocal(new StringBuffer().append("Reset period minutes (redirect threshold): ").append(configurationValue28).toString());
                                                                                    }
                                                                                    String configurationValue29 = configurationManager.getConfigurationValue(PARAM_FLUSH_RESPONSE);
                                                                                    if (configurationValue29 == null) {
                                                                                        configurationValue29 = "true";
                                                                                    }
                                                                                    this.flushResponse = "true".equals(configurationValue29.trim().toLowerCase());
                                                                                    if (this.debug) {
                                                                                        logLocal(new StringBuffer().append("Flush response: ").append(this.flushResponse).toString());
                                                                                    }
                                                                                    String configurationValue30 = configurationManager.getConfigurationValue(PARAM_INVALIDATE_SESSION_ON_ATTACK);
                                                                                    if (configurationValue30 == null) {
                                                                                        configurationValue30 = "false";
                                                                                    }
                                                                                    this.invalidateSessionOnAttack = "true".equals(configurationValue30.trim().toLowerCase());
                                                                                    if (this.debug) {
                                                                                        logLocal(new StringBuffer().append("Invalidate session on attack: ").append(this.invalidateSessionOnAttack).toString());
                                                                                    }
                                                                                    String configurationValue31 = configurationManager.getConfigurationValue(PARAM_LOG_VERBOSE_FOR_DEVELOPMENT_MODE);
                                                                                    if (configurationValue31 == null) {
                                                                                        configurationValue31 = "false";
                                                                                    }
                                                                                    this.logVerboseForDevelopmentMode = "true".equals(configurationValue31.trim().toLowerCase());
                                                                                    if (this.debug) {
                                                                                        logLocal(new StringBuffer().append("Log verbose for development mode: ").append(this.logVerboseForDevelopmentMode).toString());
                                                                                    }
                                                                                    String configurationValue32 = configurationManager.getConfigurationValue(PARAM_BLOCK_REPEATED_REDIRECTS_THRESHOLD);
                                                                                    if (configurationValue32 == null) {
                                                                                        configurationValue32 = "150";
                                                                                    }
                                                                                    try {
                                                                                        this.blockRepeatedRedirectsThreshold = Integer.parseInt(configurationValue32.trim());
                                                                                        if (this.blockRepeatedRedirectsThreshold < 0) {
                                                                                            throw new UnavailableException(new StringBuffer().append("Configured 'block repeated redirects threshold' must not be negative: ").append(configurationValue32).toString());
                                                                                        }
                                                                                        if (this.debug) {
                                                                                            logLocal(new StringBuffer().append("Block repeated redirects threshold: ").append(this.blockRepeatedRedirectsThreshold).toString());
                                                                                        }
                                                                                        String configurationValue33 = configurationManager.getConfigurationValue(PARAM_REMOVE_SENSITIVE_DATA_REQUEST_PARAM_NAME_PATTERN);
                                                                                        if (configurationValue33 == null) {
                                                                                            configurationValue33 = "(?i)p(?:ass)?(?:wor[dt]|phrase|wd)|kennwort";
                                                                                        }
                                                                                        try {
                                                                                            this.removeSensitiveDataRequestParamNamePattern = Pattern.compile(configurationValue33.trim());
                                                                                            if (this.debug) {
                                                                                                logLocal(new StringBuffer().append("Remove sensitive data request param name pattern: ").append(configurationValue33).toString());
                                                                                            }
                                                                                            String configurationValue34 = configurationManager.getConfigurationValue(PARAM_REMOVE_SENSITIVE_DATA_VALUE_PATTERN);
                                                                                            if (configurationValue34 == null) {
                                                                                                configurationValue34 = "(?:\\d{4}[- \\+]){3}\\d{4}|(?:(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4})";
                                                                                            }
                                                                                            try {
                                                                                                this.removeSensitiveDataValuePattern = Pattern.compile(configurationValue34.trim());
                                                                                                if (this.debug) {
                                                                                                    logLocal(new StringBuffer().append("Remove sensitive data value pattern: ").append(configurationValue34).toString());
                                                                                                }
                                                                                                String configurationValue35 = configurationManager.getConfigurationValue(PARAM_LOG_CLIENT_USER_DATA);
                                                                                                if (configurationValue35 == null) {
                                                                                                    configurationValue35 = "true";
                                                                                                }
                                                                                                boolean equals = "true".equals(configurationValue35.trim().toLowerCase());
                                                                                                if (this.debug) {
                                                                                                    logLocal(new StringBuffer().append("Log client user data: ").append(equals).toString());
                                                                                                }
                                                                                                String configurationValue36 = configurationManager.getConfigurationValue(PARAM_ATTACK_LOGGER);
                                                                                                if (configurationValue36 == null) {
                                                                                                    configurationValue36 = "org.webcastellum.DefaultAttackLogger";
                                                                                                }
                                                                                                String trim6 = configurationValue36.trim();
                                                                                                if (trim6.length() == 0) {
                                                                                                    throw new UnavailableException("Filter init-param is empty: AttackLogger");
                                                                                                }
                                                                                                try {
                                                                                                    AttackLogger attackLogger = (AttackLogger) Class.forName(trim6).newInstance();
                                                                                                    attackLogger.setFilterConfig(this.filterConfig);
                                                                                                    if (!$assertionsDisabled && attackLogger == null) {
                                                                                                        throw new AssertionError();
                                                                                                    }
                                                                                                    String configurationValue37 = configurationManager.getConfigurationValue(PARAM_BLOCK_ATTACKING_CLIENTS_THRESHOLD);
                                                                                                    if (configurationValue37 == null) {
                                                                                                        configurationValue37 = INTERNAL_TYPE_URL;
                                                                                                    }
                                                                                                    try {
                                                                                                        this.attackHandler = new AttackHandler(attackLogger, Integer.parseInt(configurationValue37.trim()), this.housekeepingIntervalMinutes * 60 * 1000, this.blockPeriodMinutes * 60 * 1000, this.resetPeriodMinutesAttack * 60 * 1000, this.resetPeriodMinutesRedirectThreshold * 60 * 1000, this.learningModeAggregationDirectory, this.applicationName, this.logSessionValuesOnAttack, this.invalidateSessionOnAttack, this.blockRepeatedRedirectsThreshold, this.isProductionMode, this.logVerboseForDevelopmentMode, this.removeSensitiveDataRequestParamNamePattern, this.removeSensitiveDataValuePattern, equals);
                                                                                                        if (!$assertionsDisabled && this.attackHandler == null) {
                                                                                                            throw new AssertionError();
                                                                                                        }
                                                                                                        if (this.debug) {
                                                                                                            logLocal(new StringBuffer().append("Attack handler with block attacking clients threshold: ").append(this.attackHandler.getBlockAttackingClientsThreshold()).toString());
                                                                                                        }
                                                                                                        String configurationValue38 = configurationManager.getConfigurationValue(PARAM_GEO_LOCATOR);
                                                                                                        if (configurationValue38 == null) {
                                                                                                            configurationValue38 = "org.webcastellum.DefaultGeoLocator";
                                                                                                        }
                                                                                                        String trim7 = configurationValue38.trim();
                                                                                                        if (trim7.length() == 0) {
                                                                                                            throw new UnavailableException("Filter init-param is empty: GeoLocator");
                                                                                                        }
                                                                                                        try {
                                                                                                            GeoLocator geoLocator = (GeoLocator) Class.forName(trim7).newInstance();
                                                                                                            geoLocator.setFilterConfig(this.filterConfig);
                                                                                                            this.geoLocatingCache = new GeoLocatingCache(geoLocator, this.housekeepingIntervalMinutes * 60 * 1000);
                                                                                                            if (!$assertionsDisabled && this.geoLocatingCache == null) {
                                                                                                                throw new AssertionError();
                                                                                                            }
                                                                                                            String configurationValue39 = configurationManager.getConfigurationValue(PARAM_PATH_TO_ENTRY_POINT_FILES);
                                                                                                            if (configurationValue39 == null) {
                                                                                                                configurationValue39 = "entry-points";
                                                                                                            }
                                                                                                            try {
                                                                                                                if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                    throw new AssertionError();
                                                                                                                }
                                                                                                                RuleFileLoader ruleFileLoader = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                ruleFileLoader.setFilterConfig(this.filterConfig);
                                                                                                                ruleFileLoader.setPath(configurationValue39);
                                                                                                                this.entryPointDefinitions = new EntryPointDefinitionContainer(ruleFileLoader);
                                                                                                                String parseDefinitions = this.entryPointDefinitions.parseDefinitions();
                                                                                                                if (this.entryPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                    this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                }
                                                                                                                if (this.entryPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                    this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                }
                                                                                                                if (this.entryPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                    this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                }
                                                                                                                if (this.entryPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                    this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                }
                                                                                                                logLocal(parseDefinitions);
                                                                                                                if (!$assertionsDisabled && this.entryPointDefinitions == null) {
                                                                                                                    throw new AssertionError();
                                                                                                                }
                                                                                                                String configurationValue40 = configurationManager.getConfigurationValue(PARAM_PATH_TO_OPTIMIZATION_HINT_FILES);
                                                                                                                if (configurationValue40 == null) {
                                                                                                                    configurationValue40 = "optimization-hints";
                                                                                                                }
                                                                                                                try {
                                                                                                                    if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                        throw new AssertionError();
                                                                                                                    }
                                                                                                                    RuleFileLoader ruleFileLoader2 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                    ruleFileLoader2.setFilterConfig(this.filterConfig);
                                                                                                                    ruleFileLoader2.setPath(configurationValue40);
                                                                                                                    this.optimizationHintDefinitions = new OptimizationHintDefinitionContainer(ruleFileLoader2);
                                                                                                                    String parseDefinitions2 = this.optimizationHintDefinitions.parseDefinitions();
                                                                                                                    if (this.optimizationHintDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                        this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                    }
                                                                                                                    if (this.optimizationHintDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                        this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                    }
                                                                                                                    if (this.optimizationHintDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                        this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                    }
                                                                                                                    if (this.optimizationHintDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                        this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                    }
                                                                                                                    logLocal(parseDefinitions2);
                                                                                                                    if (!$assertionsDisabled && this.optimizationHintDefinitions == null) {
                                                                                                                        throw new AssertionError();
                                                                                                                    }
                                                                                                                    String configurationValue41 = configurationManager.getConfigurationValue(PARAM_PATH_TO_RENEW_SESSION_AND_TOKEN_POINT_FILES);
                                                                                                                    if (configurationValue41 == null) {
                                                                                                                        configurationValue41 = "renew-session-and-token-points";
                                                                                                                    }
                                                                                                                    try {
                                                                                                                        if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                            throw new AssertionError();
                                                                                                                        }
                                                                                                                        RuleFileLoader ruleFileLoader3 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                        ruleFileLoader3.setFilterConfig(this.filterConfig);
                                                                                                                        ruleFileLoader3.setPath(configurationValue41);
                                                                                                                        this.renewSessionPointDefinitions = new RenewSessionAndTokenPointDefinitionContainer(ruleFileLoader3);
                                                                                                                        String parseDefinitions3 = this.renewSessionPointDefinitions.parseDefinitions();
                                                                                                                        if (this.renewSessionPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                            this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                        }
                                                                                                                        if (this.renewSessionPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                            this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                        }
                                                                                                                        if (this.renewSessionPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                            this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                        }
                                                                                                                        if (this.renewSessionPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                            this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                        }
                                                                                                                        logLocal(parseDefinitions3);
                                                                                                                        if (!$assertionsDisabled && this.renewSessionPointDefinitions == null) {
                                                                                                                            throw new AssertionError();
                                                                                                                        }
                                                                                                                        String configurationValue42 = configurationManager.getConfigurationValue(PARAM_PATH_TO_CAPTCHA_POINT_FILES);
                                                                                                                        if (configurationValue42 == null) {
                                                                                                                            configurationValue42 = "captcha-points";
                                                                                                                        }
                                                                                                                        try {
                                                                                                                            if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                throw new AssertionError();
                                                                                                                            }
                                                                                                                            RuleFileLoader ruleFileLoader4 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                            ruleFileLoader4.setFilterConfig(this.filterConfig);
                                                                                                                            ruleFileLoader4.setPath(configurationValue42);
                                                                                                                            this.captchaPointDefinitions = new CaptchaPointDefinitionContainer(ruleFileLoader4);
                                                                                                                            String parseDefinitions4 = this.captchaPointDefinitions.parseDefinitions();
                                                                                                                            if (this.captchaPointDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                            }
                                                                                                                            if (this.captchaPointDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                            }
                                                                                                                            if (this.captchaPointDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                            }
                                                                                                                            if (this.captchaPointDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                            }
                                                                                                                            logLocal(parseDefinitions4);
                                                                                                                            if (!$assertionsDisabled && this.captchaPointDefinitions == null) {
                                                                                                                                throw new AssertionError();
                                                                                                                            }
                                                                                                                            String configurationValue43 = configurationManager.getConfigurationValue(PARAM_PATH_TO_INCOMING_PROTECTION_EXCLUDE_FILES);
                                                                                                                            if (configurationValue43 == null) {
                                                                                                                                configurationValue43 = "incoming-protection-excludes";
                                                                                                                            }
                                                                                                                            try {
                                                                                                                                if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                    throw new AssertionError();
                                                                                                                                }
                                                                                                                                RuleFileLoader ruleFileLoader5 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                ruleFileLoader5.setFilterConfig(this.filterConfig);
                                                                                                                                ruleFileLoader5.setPath(configurationValue43);
                                                                                                                                this.incomingProtectionExcludeDefinitions = new IncomingProtectionExcludeDefinitionContainer(ruleFileLoader5);
                                                                                                                                String parseDefinitions5 = this.incomingProtectionExcludeDefinitions.parseDefinitions();
                                                                                                                                if (this.incomingProtectionExcludeDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                    this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                                }
                                                                                                                                if (this.incomingProtectionExcludeDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                    this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                                }
                                                                                                                                if (this.incomingProtectionExcludeDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                    this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                                }
                                                                                                                                if (this.incomingProtectionExcludeDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                    this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                                }
                                                                                                                                logLocal(parseDefinitions5);
                                                                                                                                if (!$assertionsDisabled && this.incomingProtectionExcludeDefinitions == null) {
                                                                                                                                    throw new AssertionError();
                                                                                                                                }
                                                                                                                                String configurationValue44 = configurationManager.getConfigurationValue(PARAM_PATH_TO_RESPONSE_MODIFICATION_FILES);
                                                                                                                                if (configurationValue44 == null) {
                                                                                                                                    configurationValue44 = RESPONSE_MODIFICATIONS_DEFAULT;
                                                                                                                                }
                                                                                                                                try {
                                                                                                                                    if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                        throw new AssertionError();
                                                                                                                                    }
                                                                                                                                    RuleFileLoader ruleFileLoader6 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                    ruleFileLoader6.setFilterConfig(this.filterConfig);
                                                                                                                                    ruleFileLoader6.setPath(configurationValue44);
                                                                                                                                    this.responseModificationDefinitions = new ResponseModificationDefinitionContainer(ruleFileLoader6);
                                                                                                                                    String parseDefinitions6 = this.responseModificationDefinitions.parseDefinitions();
                                                                                                                                    if (this.responseModificationDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                        this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                                    }
                                                                                                                                    if (this.responseModificationDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                        this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                                    }
                                                                                                                                    if (this.responseModificationDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                        this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                                    }
                                                                                                                                    if (this.responseModificationDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                        this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                                    }
                                                                                                                                    logLocal(parseDefinitions6);
                                                                                                                                    if (!$assertionsDisabled && this.responseModificationDefinitions == null) {
                                                                                                                                        throw new AssertionError();
                                                                                                                                    }
                                                                                                                                    String configurationValue45 = configurationManager.getConfigurationValue(PARAM_PATH_TO_WHITELIST_REQUESTS_FILES);
                                                                                                                                    if (configurationValue45 == null) {
                                                                                                                                        configurationValue45 = "whitelist-requests";
                                                                                                                                    }
                                                                                                                                    try {
                                                                                                                                        if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                            throw new AssertionError();
                                                                                                                                        }
                                                                                                                                        RuleFileLoader ruleFileLoader7 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                        ruleFileLoader7.setFilterConfig(this.filterConfig);
                                                                                                                                        ruleFileLoader7.setPath(configurationValue45);
                                                                                                                                        this.whiteListDefinitions = new WhitelistRequestDefinitionContainer(ruleFileLoader7);
                                                                                                                                        String parseDefinitions7 = this.whiteListDefinitions.parseDefinitions();
                                                                                                                                        if (this.whiteListDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                            this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                                        }
                                                                                                                                        if (this.whiteListDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                            this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                                        }
                                                                                                                                        if (this.whiteListDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                            this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                                        }
                                                                                                                                        if (this.whiteListDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                            this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                                        }
                                                                                                                                        logLocal(parseDefinitions7);
                                                                                                                                        if (!$assertionsDisabled && this.whiteListDefinitions == null) {
                                                                                                                                            throw new AssertionError();
                                                                                                                                        }
                                                                                                                                        String configurationValue46 = configurationManager.getConfigurationValue(PARAM_PATH_TO_BAD_REQUEST_FILES);
                                                                                                                                        if (configurationValue46 == null) {
                                                                                                                                            configurationValue46 = "bad-requests";
                                                                                                                                        }
                                                                                                                                        try {
                                                                                                                                            if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                throw new AssertionError();
                                                                                                                                            }
                                                                                                                                            RuleFileLoader ruleFileLoader8 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                            ruleFileLoader8.setFilterConfig(this.filterConfig);
                                                                                                                                            ruleFileLoader8.setPath(configurationValue46);
                                                                                                                                            this.badRequestDefinitions = new BadRequestDefinitionContainer(ruleFileLoader8);
                                                                                                                                            String parseDefinitions8 = this.badRequestDefinitions.parseDefinitions();
                                                                                                                                            if (this.badRequestDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                                this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                                            }
                                                                                                                                            if (this.badRequestDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                                this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                                            }
                                                                                                                                            if (this.badRequestDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                                this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                                            }
                                                                                                                                            if (this.badRequestDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                                this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                                            }
                                                                                                                                            logLocal(parseDefinitions8);
                                                                                                                                            if (!$assertionsDisabled && this.badRequestDefinitions == null) {
                                                                                                                                                throw new AssertionError();
                                                                                                                                            }
                                                                                                                                            if (!$assertionsDisabled && this.attackHandler == null) {
                                                                                                                                                throw new AssertionError();
                                                                                                                                            }
                                                                                                                                            String configurationValue47 = configurationManager.getConfigurationValue(PARAM_PATH_TO_DOS_LIMIT_FILES);
                                                                                                                                            if (configurationValue47 == null) {
                                                                                                                                                configurationValue47 = "denial-of-service-limits";
                                                                                                                                            }
                                                                                                                                            try {
                                                                                                                                                if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                    throw new AssertionError();
                                                                                                                                                }
                                                                                                                                                RuleFileLoader ruleFileLoader9 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                ruleFileLoader9.setFilterConfig(this.filterConfig);
                                                                                                                                                ruleFileLoader9.setPath(configurationValue47);
                                                                                                                                                this.denialOfServiceLimitDefinitions = new DenialOfServiceLimitDefinitionContainer(ruleFileLoader9);
                                                                                                                                                String parseDefinitions9 = this.denialOfServiceLimitDefinitions.parseDefinitions();
                                                                                                                                                if (this.denialOfServiceLimitDefinitions.isHavingEnabledQueryStringCheckingRules()) {
                                                                                                                                                    this.isHavingEnabledQueryStringCheckingRules = true;
                                                                                                                                                }
                                                                                                                                                if (this.denialOfServiceLimitDefinitions.isHavingEnabledRequestParamCheckingRules()) {
                                                                                                                                                    this.isHavingEnabledRequestParameterCheckingRules = true;
                                                                                                                                                }
                                                                                                                                                if (this.denialOfServiceLimitDefinitions.isHavingEnabledHeaderCheckingRules()) {
                                                                                                                                                    this.isHavingEnabledHeaderCheckingRules = true;
                                                                                                                                                }
                                                                                                                                                if (this.denialOfServiceLimitDefinitions.isHavingEnabledCookieCheckingRules()) {
                                                                                                                                                    this.isHavingEnabledCookieCheckingRules = true;
                                                                                                                                                }
                                                                                                                                                logLocal(parseDefinitions9);
                                                                                                                                                this.denialOfServiceLimitCounter = new DenialOfServiceLimitTracker(this.attackHandler, this.housekeepingIntervalMinutes * 60 * 1000);
                                                                                                                                                if (!$assertionsDisabled && this.denialOfServiceLimitDefinitions == null) {
                                                                                                                                                    throw new AssertionError();
                                                                                                                                                }
                                                                                                                                                if (!$assertionsDisabled && this.denialOfServiceLimitCounter == null) {
                                                                                                                                                    throw new AssertionError();
                                                                                                                                                }
                                                                                                                                                String configurationValue48 = configurationManager.getConfigurationValue(PARAM_PATH_TO_TOTAL_EXCLUDE_FILES);
                                                                                                                                                if (configurationValue48 == null) {
                                                                                                                                                    configurationValue48 = "total-excludes";
                                                                                                                                                }
                                                                                                                                                try {
                                                                                                                                                    if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                        throw new AssertionError();
                                                                                                                                                    }
                                                                                                                                                    RuleFileLoader ruleFileLoader10 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                    ruleFileLoader10.setFilterConfig(this.filterConfig);
                                                                                                                                                    ruleFileLoader10.setPath(configurationValue48);
                                                                                                                                                    this.totalExcludeDefinitions = new TotalExcludeDefinitionContainer(ruleFileLoader10);
                                                                                                                                                    logLocal(this.totalExcludeDefinitions.parseDefinitions());
                                                                                                                                                    if (!$assertionsDisabled && this.totalExcludeDefinitions == null) {
                                                                                                                                                        throw new AssertionError();
                                                                                                                                                    }
                                                                                                                                                    String configurationValue49 = configurationManager.getConfigurationValue(PARAM_PATH_TO_CONTENT_MODIFICATION_EXCLUDE_FILES);
                                                                                                                                                    if (configurationValue49 == null) {
                                                                                                                                                        configurationValue49 = MODIFICATION_EXCLUDES_DEFAULT;
                                                                                                                                                    }
                                                                                                                                                    try {
                                                                                                                                                        if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                            throw new AssertionError();
                                                                                                                                                        }
                                                                                                                                                        RuleFileLoader ruleFileLoader11 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                        ruleFileLoader11.setFilterConfig(this.filterConfig);
                                                                                                                                                        ruleFileLoader11.setPath(configurationValue49);
                                                                                                                                                        this.contentModificationExcludeDefinitions = new ContentModificationExcludeDefinitionContainer(ruleFileLoader11);
                                                                                                                                                        String parseDefinitions10 = this.contentModificationExcludeDefinitions.parseDefinitions();
                                                                                                                                                        this.contentInjectionHelper.setContentModificationExcludeDefinitions(this.contentModificationExcludeDefinitions);
                                                                                                                                                        logLocal(parseDefinitions10);
                                                                                                                                                        if (!$assertionsDisabled && this.contentModificationExcludeDefinitions == null) {
                                                                                                                                                            throw new AssertionError();
                                                                                                                                                        }
                                                                                                                                                        String configurationValue50 = configurationManager.getConfigurationValue(PARAM_PATH_TO_SIZE_LIMIT_FILES);
                                                                                                                                                        if (configurationValue50 == null) {
                                                                                                                                                            configurationValue50 = "size-limits";
                                                                                                                                                        }
                                                                                                                                                        try {
                                                                                                                                                            if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                                throw new AssertionError();
                                                                                                                                                            }
                                                                                                                                                            RuleFileLoader ruleFileLoader12 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                            ruleFileLoader12.setFilterConfig(this.filterConfig);
                                                                                                                                                            ruleFileLoader12.setPath(configurationValue50);
                                                                                                                                                            this.sizeLimitDefinitions = new SizeLimitDefinitionContainer(ruleFileLoader12);
                                                                                                                                                            logLocal(this.sizeLimitDefinitions.parseDefinitions());
                                                                                                                                                            if (!$assertionsDisabled && this.sizeLimitDefinitions == null) {
                                                                                                                                                                throw new AssertionError();
                                                                                                                                                            }
                                                                                                                                                            String configurationValue51 = configurationManager.getConfigurationValue(PARAM_PATH_TO_MULTIPART_SIZE_LIMIT_FILES);
                                                                                                                                                            if (configurationValue51 == null) {
                                                                                                                                                                configurationValue51 = "multipart-size-limits";
                                                                                                                                                            }
                                                                                                                                                            try {
                                                                                                                                                                if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                                    throw new AssertionError();
                                                                                                                                                                }
                                                                                                                                                                RuleFileLoader ruleFileLoader13 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                                ruleFileLoader13.setFilterConfig(this.filterConfig);
                                                                                                                                                                ruleFileLoader13.setPath(configurationValue51);
                                                                                                                                                                this.multipartSizeLimitDefinitions = new MultipartSizeLimitDefinitionContainer(ruleFileLoader13);
                                                                                                                                                                logLocal(this.multipartSizeLimitDefinitions.parseDefinitions());
                                                                                                                                                                if (!$assertionsDisabled && this.multipartSizeLimitDefinitions == null) {
                                                                                                                                                                    throw new AssertionError();
                                                                                                                                                                }
                                                                                                                                                                String configurationValue52 = configurationManager.getConfigurationValue(PARAM_PATH_TO_DECODING_PERMUTATION_FILES);
                                                                                                                                                                if (configurationValue52 == null) {
                                                                                                                                                                    configurationValue52 = "decoding-permutations";
                                                                                                                                                                }
                                                                                                                                                                try {
                                                                                                                                                                    if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                                        throw new AssertionError();
                                                                                                                                                                    }
                                                                                                                                                                    RuleFileLoader ruleFileLoader14 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                                    ruleFileLoader14.setFilterConfig(this.filterConfig);
                                                                                                                                                                    ruleFileLoader14.setPath(configurationValue52);
                                                                                                                                                                    this.decodingPermutationDefinitions = new DecodingPermutationDefinitionContainer(ruleFileLoader14);
                                                                                                                                                                    logLocal(this.decodingPermutationDefinitions.parseDefinitions());
                                                                                                                                                                    if (!$assertionsDisabled && this.decodingPermutationDefinitions == null) {
                                                                                                                                                                        throw new AssertionError();
                                                                                                                                                                    }
                                                                                                                                                                    String configurationValue53 = configurationManager.getConfigurationValue(PARAM_PATH_TO_FORM_FIELD_MASKING_EXCLUDE_FILES);
                                                                                                                                                                    if (configurationValue53 == null) {
                                                                                                                                                                        configurationValue53 = "form-field-masking-excludes";
                                                                                                                                                                    }
                                                                                                                                                                    try {
                                                                                                                                                                        if (!$assertionsDisabled && this.ruleFileLoaderClass == null) {
                                                                                                                                                                            throw new AssertionError();
                                                                                                                                                                        }
                                                                                                                                                                        RuleFileLoader ruleFileLoader15 = (RuleFileLoader) this.ruleFileLoaderClass.newInstance();
                                                                                                                                                                        ruleFileLoader15.setFilterConfig(this.filterConfig);
                                                                                                                                                                        ruleFileLoader15.setPath(configurationValue53);
                                                                                                                                                                        this.formFieldMaskingExcludeDefinitions = new FormFieldMaskingExcludeDefinitionContainer(ruleFileLoader15);
                                                                                                                                                                        String parseDefinitions11 = this.formFieldMaskingExcludeDefinitions.parseDefinitions();
                                                                                                                                                                        this.contentInjectionHelper.setFormFieldMaskingExcludeDefinitions(this.formFieldMaskingExcludeDefinitions);
                                                                                                                                                                        logLocal(parseDefinitions11);
                                                                                                                                                                        if (!$assertionsDisabled && this.formFieldMaskingExcludeDefinitions == null) {
                                                                                                                                                                            throw new AssertionError();
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue54 = configurationManager.getConfigurationValue(PARAM_SECRET_TOKEN_LINK_INJECTION);
                                                                                                                                                                        if (configurationValue54 == null) {
                                                                                                                                                                            configurationValue54 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals2 = "true".equals(configurationValue54.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setInjectSecretTokenIntoLinks(equals2);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply secret token link injection: ").append(equals2).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue55 = configurationManager.getConfigurationValue(PARAM_ENCRYPT_QUERY_STRINGS);
                                                                                                                                                                        if (configurationValue55 == null) {
                                                                                                                                                                            configurationValue55 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals3 = "true".equals(configurationValue55.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setEncryptQueryStringInLinks(equals3);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Encrypt query strings: ").append(equals3).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isEncryptQueryStringInLinks() && !this.contentInjectionHelper.isInjectSecretTokenIntoLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'query string encryption' is activated the feature 'secret token link injection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue56 = configurationManager.getConfigurationValue(PARAM_EXTRA_HASH_PROTECTION);
                                                                                                                                                                        if (configurationValue56 == null) {
                                                                                                                                                                            configurationValue56 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals4 = "true".equals(configurationValue56.trim().toLowerCase());
                                                                                                                                                                        this.extraEncryptedValueHashProtection = equals4;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra encrypted value hash protection: ").append(equals4).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.extraEncryptedValueHashProtection && !this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra encrypted value hash protection' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue57 = configurationManager.getConfigurationValue(PARAM_EXTRA_FULL_PATH_PROTECTION);
                                                                                                                                                                        if (configurationValue57 == null) {
                                                                                                                                                                            configurationValue57 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals5 = "true".equals(configurationValue57.trim().toLowerCase());
                                                                                                                                                                        this.useFullPathForResourceToBeAccessedProtection = equals5;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra encrypted full path resource protection: ").append(equals5).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.useFullPathForResourceToBeAccessedProtection && !this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra encrypted full path resource protection' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue58 = configurationManager.getConfigurationValue(PARAM_EXTRA_MEDIUM_PATH_REMOVAL);
                                                                                                                                                                        if (configurationValue58 == null) {
                                                                                                                                                                            configurationValue58 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals6 = "true".equals(configurationValue58.trim().toLowerCase());
                                                                                                                                                                        this.additionalMediumResourceRemoval = equals6;
                                                                                                                                                                        this.contentInjectionHelper.setExtraMediumPathRemoval(equals6);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra encrypted medium path resource removal: ").append(equals6).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.additionalMediumResourceRemoval && !this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra encrypted medium path resource removal' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue59 = configurationManager.getConfigurationValue(PARAM_EXTRA_FULL_PATH_REMOVAL);
                                                                                                                                                                        if (configurationValue59 == null) {
                                                                                                                                                                            configurationValue59 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals7 = "true".equals(configurationValue59.trim().toLowerCase());
                                                                                                                                                                        this.additionalFullResourceRemoval = equals7;
                                                                                                                                                                        this.contentInjectionHelper.setExtraFullPathRemoval(equals7);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra encrypted full path resource removal: ").append(equals7).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.additionalFullResourceRemoval) {
                                                                                                                                                                            if (!this.useFullPathForResourceToBeAccessedProtection) {
                                                                                                                                                                                throw new UnavailableException("When 'extra encrypted full path resource removal' is activated the feature 'extra encrypted full path resource protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                            if (!this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                                throw new UnavailableException("When 'extra encrypted full path resource removal' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                            if (this.additionalMediumResourceRemoval) {
                                                                                                                                                                                throw new UnavailableException("When 'extra encrypted full path resource removal' is activated the feature 'extra encrypted medium path resource removal' makes no sense and should be deactivated");
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.useFullPathForResourceToBeAccessedProtection && !this.additionalMediumResourceRemoval && !this.additionalFullResourceRemoval) {
                                                                                                                                                                            throw new UnavailableException("When 'extra encrypted full path resource protection' is activated either the feature 'extra encrypted medium path resource removal' or 'extra encrypted full path resource removal' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        if (this.additionalMediumResourceRemoval && this.additionalFullResourceRemoval) {
                                                                                                                                                                            throw new UnavailableException("The features 'extra encrypted medium path resource removal' and 'extra encrypted full path resource removal' must not be activated both (does not make sense)");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue60 = configurationManager.getConfigurationValue(PARAM_BLOCK_MULTIPART_REQUESTS_FOR_NON_MULTIPART_FORMS);
                                                                                                                                                                        if (configurationValue60 == null) {
                                                                                                                                                                            configurationValue60 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals8 = "true".equals(configurationValue60.trim().toLowerCase());
                                                                                                                                                                        this.blockMultipartRequestsForNonMultipartForms = equals8;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Block multipart requests for non-multipart forms: ").append(equals8).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.blockMultipartRequestsForNonMultipartForms && !this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'block multipart requests for non-multipart forms' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue61 = configurationManager.getConfigurationValue(PARAM_PARAMETER_AND_FORM_PROTECTION);
                                                                                                                                                                        if (configurationValue61 == null) {
                                                                                                                                                                            configurationValue61 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals9 = "true".equals(configurationValue61.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setProtectParametersAndForms(equals9);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply parameter and form protection: ").append(equals9).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isProtectParametersAndForms() && !this.contentInjectionHelper.isEncryptQueryStringInLinks()) {
                                                                                                                                                                            throw new UnavailableException("When 'parameter and form protection' is activated the feature 'query string encryption' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue62 = configurationManager.getConfigurationValue(PARAM_EXTRA_STRICT_PARAMETER_CHECKING_FOR_ENCRYPTED_LINKS);
                                                                                                                                                                        if (configurationValue62 == null) {
                                                                                                                                                                            configurationValue62 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals10 = "true".equals(configurationValue62.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setExtraStrictParameterCheckingForEncryptedLinks(equals10);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Extra strict parameter checking for encrypted links: ").append(equals10).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isExtraStrictParameterCheckingForEncryptedLinks() && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra strict parameter checking for encrypted links' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue63 = configurationManager.getConfigurationValue(PARAM_EXTRA_DISABLED_FORM_FIELD_PROTECTION);
                                                                                                                                                                        if (configurationValue63 == null) {
                                                                                                                                                                            configurationValue63 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals11 = "true".equals(configurationValue63.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setExtraProtectDisabledFormFields(equals11);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra disabled form field protection: ").append(equals11).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isExtraProtectDisabledFormFields() && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra disabled form field protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue64 = configurationManager.getConfigurationValue(PARAM_EXTRA_READONLY_FORM_FIELD_PROTECTION);
                                                                                                                                                                        if (configurationValue64 == null) {
                                                                                                                                                                            configurationValue64 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals12 = "true".equals(configurationValue64.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setExtraProtectReadonlyFormFields(equals12);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra readonly form field protection: ").append(equals12).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isExtraProtectReadonlyFormFields() && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra readonly form field protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue65 = configurationManager.getConfigurationValue(PARAM_EXTRA_REQUEST_PARAM_VALUE_COUNT_PROTECTION);
                                                                                                                                                                        if (configurationValue65 == null) {
                                                                                                                                                                            configurationValue65 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals13 = "true".equals(configurationValue65.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setExtraProtectRequestParamValueCount(equals13);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra request-param value count protection: ").append(equals13).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (this.contentInjectionHelper.isExtraProtectRequestParamValueCount() && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra request-param value count protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue66 = configurationManager.getConfigurationValue(PARAM_EXTRA_HIDDEN_FORM_FIELD_PROTECTION);
                                                                                                                                                                        if (configurationValue66 == null) {
                                                                                                                                                                            configurationValue66 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals14 = "true".equals(configurationValue66.trim().toLowerCase());
                                                                                                                                                                        this.hiddenFormFieldProtection = equals14;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra hidden form field protection: ").append(equals14).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals14 && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra hidden form field protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue67 = configurationManager.getConfigurationValue(PARAM_EXTRA_SELECTBOX_PROTECTION);
                                                                                                                                                                        if (configurationValue67 == null) {
                                                                                                                                                                            configurationValue67 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals15 = "true".equals(configurationValue67.trim().toLowerCase());
                                                                                                                                                                        this.selectboxProtection = equals15;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra selectbox protection: ").append(equals15).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals15 && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra selectbox protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue68 = configurationManager.getConfigurationValue(PARAM_EXTRA_CHECKBOX_PROTECTION);
                                                                                                                                                                        if (configurationValue68 == null) {
                                                                                                                                                                            configurationValue68 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals16 = "true".equals(configurationValue68.trim().toLowerCase());
                                                                                                                                                                        this.checkboxProtection = equals16;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra checkbox protection: ").append(equals16).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals16 && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra checkbox protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue69 = configurationManager.getConfigurationValue(PARAM_EXTRA_RADIOBUTTON_PROTECTION);
                                                                                                                                                                        if (configurationValue69 == null) {
                                                                                                                                                                            configurationValue69 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals17 = "true".equals(configurationValue69.trim().toLowerCase());
                                                                                                                                                                        this.radiobuttonProtection = equals17;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra radiobutton protection: ").append(equals17).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals17 && !this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                            throw new UnavailableException("When 'extra radiobutton protection' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue70 = configurationManager.getConfigurationValue(PARAM_EXTRA_SELECTBOX_VALUE_MASKING);
                                                                                                                                                                        if (configurationValue70 == null) {
                                                                                                                                                                            configurationValue70 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals18 = "true".equals(configurationValue70.trim().toLowerCase());
                                                                                                                                                                        this.selectboxValueMasking = equals18;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra selectbox value masking: ").append(equals18).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals18) {
                                                                                                                                                                            if (!this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                                throw new UnavailableException("When 'extra selectbox value masking' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                            if (!this.selectboxProtection) {
                                                                                                                                                                                throw new UnavailableException("When 'extra selectbox value masking' is activated the feature 'extra selectbox protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue71 = configurationManager.getConfigurationValue(PARAM_EXTRA_CHECKBOX_VALUE_MASKING);
                                                                                                                                                                        if (configurationValue71 == null) {
                                                                                                                                                                            configurationValue71 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals19 = "true".equals(configurationValue71.trim().toLowerCase());
                                                                                                                                                                        this.checkboxValueMasking = equals19;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra checkbox value masking: ").append(equals19).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals19) {
                                                                                                                                                                            if (!this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                                throw new UnavailableException("When 'extra checkbox value masking' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                            if (!this.checkboxProtection) {
                                                                                                                                                                                throw new UnavailableException("When 'extra checkbox value masking' is activated the feature 'extra checkbox protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue72 = configurationManager.getConfigurationValue(PARAM_EXTRA_RADIOBUTTON_VALUE_MASKING);
                                                                                                                                                                        if (configurationValue72 == null) {
                                                                                                                                                                            configurationValue72 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals20 = "true".equals(configurationValue72.trim().toLowerCase());
                                                                                                                                                                        this.radiobuttonValueMasking = equals20;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Apply extra radiobutton value masking: ").append(equals20).toString());
                                                                                                                                                                        }
                                                                                                                                                                        if (equals20) {
                                                                                                                                                                            if (!this.contentInjectionHelper.isProtectParametersAndForms()) {
                                                                                                                                                                                throw new UnavailableException("When 'extra radiobutton value masking' is activated the feature 'parameter and form protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                            if (!this.radiobuttonProtection) {
                                                                                                                                                                                throw new UnavailableException("When 'extra radiobutton value masking' is activated the feature 'extra radiobutton protection' must be activated also");
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue73 = configurationManager.getConfigurationValue(PARAM_TREAT_NON_MATCHING_SERVLET_PATH_AS_MATCH_FOR_WHITELIST_RULES);
                                                                                                                                                                        if (configurationValue73 == null) {
                                                                                                                                                                            configurationValue73 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals21 = "true".equals(configurationValue73.trim().toLowerCase());
                                                                                                                                                                        this.treatNonMatchingServletPathAsMatchForWhitelistRules = equals21;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Treat non-matchig of servletPath as a match for whitelist rules: ").append(equals21).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue74 = configurationManager.getConfigurationValue(PARAM_REMEMBER_LAST_CAPTCHA_FOR_MULTI_SUBMITS);
                                                                                                                                                                        if (configurationValue74 == null) {
                                                                                                                                                                            configurationValue74 = "true";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals22 = "true".equals(configurationValue74.trim().toLowerCase());
                                                                                                                                                                        this.rememberLastCaptchaForMultiSubmits = equals22;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Remember last captcha for multi submits: ").append(equals22).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue75 = configurationManager.getConfigurationValue(PARAM_APPEND_QUESTIONMARK_OR_AMPERSAND_TO_LINKS);
                                                                                                                                                                        if (configurationValue75 == null) {
                                                                                                                                                                            configurationValue75 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals23 = "true".equals(configurationValue75.trim().toLowerCase());
                                                                                                                                                                        this.appendQuestionmarkOrAmpersandToLinks = equals23;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Append questionmark or ampersand to lnks: ").append(equals23).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue76 = configurationManager.getConfigurationValue(PARAM_APPEND_SESSIONID_TO_LINKS);
                                                                                                                                                                        if (configurationValue76 == null) {
                                                                                                                                                                            configurationValue76 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals24 = "true".equals(configurationValue76.trim().toLowerCase());
                                                                                                                                                                        this.appendSessionIdToLinks = equals24;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Append session-id to lnks: ").append(equals24).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue77 = configurationManager.getConfigurationValue(PARAM_USE_TUNED_BLOCK_PARSER);
                                                                                                                                                                        if (configurationValue77 == null) {
                                                                                                                                                                            configurationValue77 = "true";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals25 = "true".equals(configurationValue77.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setUseTunedBlockParser(equals25);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Use tuned block parser: ").append(equals25).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue78 = configurationManager.getConfigurationValue(PARAM_USE_RESPONSE_BUFFERING);
                                                                                                                                                                        if (configurationValue78 == null) {
                                                                                                                                                                            configurationValue78 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals26 = "true".equals(configurationValue78.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setUseResponseBuffering(equals26);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Use response buffering: ").append(equals26).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue79 = configurationManager.getConfigurationValue(PARAM_STRIP_HTML_COMMENTS);
                                                                                                                                                                        if (configurationValue79 == null) {
                                                                                                                                                                            configurationValue79 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals27 = "true".equals(configurationValue79.trim().toLowerCase());
                                                                                                                                                                        this.contentInjectionHelper.setStripHtmlComments(equals27);
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Strip HTML comments: ").append(equals27).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue80 = configurationManager.getConfigurationValue(PARAM_BLOCK_INVALID_ENCODED_QUERY_STRING);
                                                                                                                                                                        if (configurationValue80 == null) {
                                                                                                                                                                            configurationValue80 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals28 = "true".equals(configurationValue80.trim().toLowerCase());
                                                                                                                                                                        this.blockInvalidEncodedQueryString = equals28;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Block invalid encoded query string: ").append(equals28).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue81 = configurationManager.getConfigurationValue(PARAM_PROD_ATTACK_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
                                                                                                                                                                        if (configurationValue81 == null) {
                                                                                                                                                                            configurationValue81 = "200";
                                                                                                                                                                        }
                                                                                                                                                                        try {
                                                                                                                                                                            this.productionAttackReplyStatusCode = Integer.parseInt(configurationValue81.trim());
                                                                                                                                                                        } catch (NumberFormatException e10) {
                                                                                                                                                                            if (class$org$webcastellum$WebCastellumFilter == null) {
                                                                                                                                                                                cls3 = class$("org.webcastellum.WebCastellumFilter");
                                                                                                                                                                                class$org$webcastellum$WebCastellumFilter = cls3;
                                                                                                                                                                            } else {
                                                                                                                                                                                cls3 = class$org$webcastellum$WebCastellumFilter;
                                                                                                                                                                            }
                                                                                                                                                                            InputStream resourceAsStream3 = cls3.getClassLoader().getResourceAsStream(configurationValue81);
                                                                                                                                                                            if (resourceAsStream3 == null) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to attacks (in production mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue81).toString());
                                                                                                                                                                            }
                                                                                                                                                                            BufferedReader bufferedReader3 = null;
                                                                                                                                                                            try {
                                                                                                                                                                                try {
                                                                                                                                                                                    bufferedReader3 = new BufferedReader(new InputStreamReader(resourceAsStream3));
                                                                                                                                                                                    StringBuilder sb3 = new StringBuilder();
                                                                                                                                                                                    while (true) {
                                                                                                                                                                                        String readLine3 = bufferedReader3.readLine();
                                                                                                                                                                                        if (readLine3 == null) {
                                                                                                                                                                                            break;
                                                                                                                                                                                        } else {
                                                                                                                                                                                            sb3.append(readLine3).append("\n");
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    this.productionAttackReplyMessage = sb3.toString().trim();
                                                                                                                                                                                    if (bufferedReader3 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader3.close();
                                                                                                                                                                                        } catch (IOException e11) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                } catch (Throwable th2) {
                                                                                                                                                                                    if (bufferedReader3 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader3.close();
                                                                                                                                                                                        } catch (IOException e12) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    throw th2;
                                                                                                                                                                                }
                                                                                                                                                                            } catch (Exception e13) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue81).toString());
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.productionAttackReplyStatusCode < 0) {
                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to attacks (in production mode) must not be negative: ").append(configurationValue81).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue82 = configurationManager.getConfigurationValue(PARAM_PROD_EXCEPTION_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
                                                                                                                                                                        if (configurationValue82 == null) {
                                                                                                                                                                            configurationValue82 = "503";
                                                                                                                                                                        }
                                                                                                                                                                        try {
                                                                                                                                                                            this.productionExceptionReplyStatusCode = Integer.parseInt(configurationValue82.trim());
                                                                                                                                                                        } catch (NumberFormatException e14) {
                                                                                                                                                                            if (class$org$webcastellum$WebCastellumFilter == null) {
                                                                                                                                                                                cls4 = class$("org.webcastellum.WebCastellumFilter");
                                                                                                                                                                                class$org$webcastellum$WebCastellumFilter = cls4;
                                                                                                                                                                            } else {
                                                                                                                                                                                cls4 = class$org$webcastellum$WebCastellumFilter;
                                                                                                                                                                            }
                                                                                                                                                                            InputStream resourceAsStream4 = cls4.getClassLoader().getResourceAsStream(configurationValue82);
                                                                                                                                                                            if (resourceAsStream4 == null) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to exceptions (in production mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue82).toString());
                                                                                                                                                                            }
                                                                                                                                                                            BufferedReader bufferedReader4 = null;
                                                                                                                                                                            try {
                                                                                                                                                                                try {
                                                                                                                                                                                    bufferedReader4 = new BufferedReader(new InputStreamReader(resourceAsStream4));
                                                                                                                                                                                    StringBuilder sb4 = new StringBuilder();
                                                                                                                                                                                    while (true) {
                                                                                                                                                                                        String readLine4 = bufferedReader4.readLine();
                                                                                                                                                                                        if (readLine4 == null) {
                                                                                                                                                                                            break;
                                                                                                                                                                                        } else {
                                                                                                                                                                                            sb4.append(readLine4).append("\n");
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    this.productionExceptionReplyMessage = sb4.toString().trim();
                                                                                                                                                                                    if (bufferedReader4 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader4.close();
                                                                                                                                                                                        } catch (IOException e15) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                } catch (Exception e16) {
                                                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue82).toString());
                                                                                                                                                                                }
                                                                                                                                                                            } finally {
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.productionExceptionReplyStatusCode < 0) {
                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to exceptions (in production mode) must not be negative: ").append(configurationValue82).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue83 = configurationManager.getConfigurationValue(PARAM_DEV_ATTACK_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
                                                                                                                                                                        if (configurationValue83 == null) {
                                                                                                                                                                            configurationValue83 = "org/webcastellum/attack.html";
                                                                                                                                                                        }
                                                                                                                                                                        try {
                                                                                                                                                                            this.developmentAttackReplyStatusCode = Integer.parseInt(configurationValue83.trim());
                                                                                                                                                                        } catch (NumberFormatException e17) {
                                                                                                                                                                            if (class$org$webcastellum$WebCastellumFilter == null) {
                                                                                                                                                                                cls5 = class$("org.webcastellum.WebCastellumFilter");
                                                                                                                                                                                class$org$webcastellum$WebCastellumFilter = cls5;
                                                                                                                                                                            } else {
                                                                                                                                                                                cls5 = class$org$webcastellum$WebCastellumFilter;
                                                                                                                                                                            }
                                                                                                                                                                            InputStream resourceAsStream5 = cls5.getClassLoader().getResourceAsStream(configurationValue83);
                                                                                                                                                                            if (resourceAsStream5 == null) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to attacks (in development mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue83).toString());
                                                                                                                                                                            }
                                                                                                                                                                            BufferedReader bufferedReader5 = null;
                                                                                                                                                                            try {
                                                                                                                                                                                try {
                                                                                                                                                                                    bufferedReader5 = new BufferedReader(new InputStreamReader(resourceAsStream5));
                                                                                                                                                                                    StringBuilder sb5 = new StringBuilder();
                                                                                                                                                                                    while (true) {
                                                                                                                                                                                        String readLine5 = bufferedReader5.readLine();
                                                                                                                                                                                        if (readLine5 == null) {
                                                                                                                                                                                            break;
                                                                                                                                                                                        } else {
                                                                                                                                                                                            sb5.append(readLine5).append("\n");
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    this.developmentAttackReplyMessage = sb5.toString().trim();
                                                                                                                                                                                    if (bufferedReader5 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader5.close();
                                                                                                                                                                                        } catch (IOException e18) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                } catch (Exception e19) {
                                                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue83).toString());
                                                                                                                                                                                }
                                                                                                                                                                            } finally {
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.developmentAttackReplyStatusCode < 0) {
                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to attacks (in development mode) must not be negative: ").append(configurationValue83).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue84 = configurationManager.getConfigurationValue(PARAM_DEV_EXCEPTION_REPLY_STATUS_CODE_OR_MESSAGE_RESOURCE);
                                                                                                                                                                        if (configurationValue84 == null) {
                                                                                                                                                                            configurationValue84 = "org/webcastellum/exception.html";
                                                                                                                                                                        }
                                                                                                                                                                        try {
                                                                                                                                                                            this.developmentExceptionReplyStatusCode = Integer.parseInt(configurationValue84.trim());
                                                                                                                                                                        } catch (NumberFormatException e20) {
                                                                                                                                                                            if (class$org$webcastellum$WebCastellumFilter == null) {
                                                                                                                                                                                cls6 = class$("org.webcastellum.WebCastellumFilter");
                                                                                                                                                                                class$org$webcastellum$WebCastellumFilter = cls6;
                                                                                                                                                                            } else {
                                                                                                                                                                                cls6 = class$org$webcastellum$WebCastellumFilter;
                                                                                                                                                                            }
                                                                                                                                                                            InputStream resourceAsStream6 = cls6.getClassLoader().getResourceAsStream(configurationValue84);
                                                                                                                                                                            if (resourceAsStream6 == null) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP status code to send as reply to exceptions (in development mode) as well as unable to locate a resource in classpath with name: ").append(configurationValue84).toString());
                                                                                                                                                                            }
                                                                                                                                                                            BufferedReader bufferedReader6 = null;
                                                                                                                                                                            try {
                                                                                                                                                                                try {
                                                                                                                                                                                    bufferedReader6 = new BufferedReader(new InputStreamReader(resourceAsStream6));
                                                                                                                                                                                    StringBuilder sb6 = new StringBuilder();
                                                                                                                                                                                    while (true) {
                                                                                                                                                                                        String readLine6 = bufferedReader6.readLine();
                                                                                                                                                                                        if (readLine6 == null) {
                                                                                                                                                                                            break;
                                                                                                                                                                                        } else {
                                                                                                                                                                                            sb6.append(readLine6).append("\n");
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    this.developmentExceptionReplyMessage = sb6.toString().trim();
                                                                                                                                                                                    if (bufferedReader6 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader6.close();
                                                                                                                                                                                        } catch (IOException e21) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                } catch (Throwable th3) {
                                                                                                                                                                                    if (bufferedReader6 != null) {
                                                                                                                                                                                        try {
                                                                                                                                                                                            bufferedReader6.close();
                                                                                                                                                                                        } catch (IOException e22) {
                                                                                                                                                                                        }
                                                                                                                                                                                    }
                                                                                                                                                                                    throw th3;
                                                                                                                                                                                }
                                                                                                                                                                            } catch (Exception e23) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load content from the specified resource in classpath with name: ").append(configurationValue84).toString());
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.developmentExceptionReplyStatusCode < 0) {
                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to exceptions (in development mode) must not be negative: ").append(configurationValue84).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue85 = configurationManager.getConfigurationValue(PARAM_HANDLE_UNCAUGHT_EXCEPTIONS);
                                                                                                                                                                        if (configurationValue85 == null) {
                                                                                                                                                                            configurationValue85 = "true";
                                                                                                                                                                        }
                                                                                                                                                                        this.catchAll = "true".equals(configurationValue85.trim().toLowerCase());
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Handle uncaught exceptions: ").append(this.catchAll).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue86 = configurationManager.getConfigurationValue(PARAM_REUSE_SESSION_CONTENT);
                                                                                                                                                                        if (configurationValue86 == null) {
                                                                                                                                                                            configurationValue86 = "true";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals29 = "true".equals(configurationValue86.trim().toLowerCase());
                                                                                                                                                                        this.reuseSessionContent = equals29;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Reuse session content: ").append(equals29).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue87 = configurationManager.getConfigurationValue(PARAM_HIDE_INTERNAL_SESSION_ATTRIBUTES);
                                                                                                                                                                        if (configurationValue87 == null) {
                                                                                                                                                                            configurationValue87 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals30 = "true".equals(configurationValue87.trim().toLowerCase());
                                                                                                                                                                        this.hideInternalSessionAttributes = equals30;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Hide internal session attributes: ").append(equals30).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue88 = configurationManager.getConfigurationValue(PARAM_PARSE_MULTI_PART_FORMS);
                                                                                                                                                                        if (configurationValue88 == null) {
                                                                                                                                                                            configurationValue88 = "true";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals31 = "true".equals(configurationValue88.trim().toLowerCase());
                                                                                                                                                                        this.parseMultipartForms = equals31;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Parse multipart forms: ").append(equals31).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue89 = configurationManager.getConfigurationValue(PARAM_ALLOWED_REQUEST_MIME_TYPES);
                                                                                                                                                                        if (configurationValue89 == null) {
                                                                                                                                                                            configurationValue89 = "application/x-www-form-urlencoded,multipart/form-data,text/plain,text/xml,application/xml";
                                                                                                                                                                        }
                                                                                                                                                                        this.allowedRequestMimeTypesLowerCased.clear();
                                                                                                                                                                        StringTokenizer stringTokenizer = new StringTokenizer(configurationValue89.toLowerCase().trim(), ",");
                                                                                                                                                                        while (stringTokenizer.hasMoreTokens()) {
                                                                                                                                                                            String trim8 = stringTokenizer.nextToken().trim();
                                                                                                                                                                            if (trim8.length() > 0) {
                                                                                                                                                                                this.allowedRequestMimeTypesLowerCased.add(trim8);
                                                                                                                                                                            }
                                                                                                                                                                        }
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Allowed request mime types: ").append(this.allowedRequestMimeTypesLowerCased).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue90 = configurationManager.getConfigurationValue(PARAM_PRESENT_MULTIPART_FORM_PARAMS_AS_REGULAR_PARAMS_TO_APPLICATION);
                                                                                                                                                                        if (configurationValue90 == null) {
                                                                                                                                                                            configurationValue90 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals32 = "true".equals(configurationValue90.trim().toLowerCase());
                                                                                                                                                                        this.presentMultipartFormParametersAsRegularParametersToApplication = equals32;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("Present multipart form params: ").append(equals32).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue91 = configurationManager.getConfigurationValue(PARAM_PDF_XSS_PROTECTION);
                                                                                                                                                                        if (configurationValue91 == null) {
                                                                                                                                                                            configurationValue91 = "false";
                                                                                                                                                                        }
                                                                                                                                                                        boolean equals33 = "true".equals(configurationValue91.trim().toLowerCase());
                                                                                                                                                                        this.pdfXssProtection = equals33;
                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                            logLocal(new StringBuffer().append("PDF XSS protection: ").append(equals33).toString());
                                                                                                                                                                        }
                                                                                                                                                                        String configurationValue92 = configurationManager.getConfigurationValue(PARAM_HONEYLINK_MAX_PER_RESPONSE);
                                                                                                                                                                        if (configurationValue92 == null) {
                                                                                                                                                                            configurationValue92 = INTERNAL_TYPE_URL;
                                                                                                                                                                        }
                                                                                                                                                                        try {
                                                                                                                                                                            this.honeylinkMaxPerPage = Short.parseShort(configurationValue92.trim());
                                                                                                                                                                            if (this.honeylinkMaxPerPage < 0) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Configured 'honeylink max per response' must not be negative: ").append(configurationValue92).toString());
                                                                                                                                                                            }
                                                                                                                                                                            String configurationValue93 = configurationManager.getConfigurationValue(PARAM_HONEYLINK_PREFIX);
                                                                                                                                                                            if (configurationValue93 == null) {
                                                                                                                                                                                configurationValue93 = "";
                                                                                                                                                                            }
                                                                                                                                                                            this.honeylinkPrefix = configurationValue93.trim();
                                                                                                                                                                            if (this.debug) {
                                                                                                                                                                                logLocal(new StringBuffer().append("Honeylink prefix: ").append(configurationValue93).toString());
                                                                                                                                                                            }
                                                                                                                                                                            String configurationValue94 = configurationManager.getConfigurationValue(PARAM_HONEYLINK_SUFFIX);
                                                                                                                                                                            if (configurationValue94 == null) {
                                                                                                                                                                                configurationValue94 = "";
                                                                                                                                                                            }
                                                                                                                                                                            this.honeylinkSuffix = configurationValue94.trim();
                                                                                                                                                                            if (this.debug) {
                                                                                                                                                                                logLocal(new StringBuffer().append("Honeylink suffix: ").append(configurationValue94).toString());
                                                                                                                                                                            }
                                                                                                                                                                            String configurationValue95 = configurationManager.getConfigurationValue(PARAM_RANDOMIZE_HONEYLINKS_ON_EVERY_RESPONSE);
                                                                                                                                                                            if (configurationValue95 == null) {
                                                                                                                                                                                configurationValue95 = "false";
                                                                                                                                                                            }
                                                                                                                                                                            boolean equals34 = "true".equals(configurationValue95.trim().toLowerCase());
                                                                                                                                                                            this.randomizeHoneylinksOnEveryRequest = equals34;
                                                                                                                                                                            if (this.debug) {
                                                                                                                                                                                logLocal(new StringBuffer().append("Randomize honeylinks on every response: ").append(equals34).toString());
                                                                                                                                                                            }
                                                                                                                                                                            String configurationValue96 = configurationManager.getConfigurationValue(PARAM_FORCED_SESSION_INVALIDATION_PERIOD_MINUTES);
                                                                                                                                                                            if (configurationValue96 == null) {
                                                                                                                                                                                configurationValue96 = "900";
                                                                                                                                                                            }
                                                                                                                                                                            try {
                                                                                                                                                                                this.forcedSessionInvalidationPeriodMinutes = Integer.parseInt(configurationValue96.trim());
                                                                                                                                                                                if (this.forcedSessionInvalidationPeriodMinutes < 0) {
                                                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Configured HTTP status code to send as reply to attacks must not be negative: ").append(configurationValue96).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue97 = configurationManager.getConfigurationValue(PARAM_TIE_WEB_SESSION_TO_CLIENT_ADDRESS);
                                                                                                                                                                                if (configurationValue97 == null) {
                                                                                                                                                                                    configurationValue97 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.tieSessionToClientAddress = "true".equals(configurationValue97.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Tie web session to client IP: ").append(this.tieSessionToClientAddress).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue98 = configurationManager.getConfigurationValue(PARAM_TIE_WEB_SESSION_TO_HEADER_LIST);
                                                                                                                                                                                if (configurationValue98 == null) {
                                                                                                                                                                                    configurationValue98 = "User-Agent";
                                                                                                                                                                                }
                                                                                                                                                                                String upperCase = configurationValue98.trim().toUpperCase();
                                                                                                                                                                                if (upperCase.length() > 0) {
                                                                                                                                                                                    this.tieSessionToHeaderList = upperCase.split(",");
                                                                                                                                                                                    for (int i = 0; i < this.tieSessionToHeaderList.length; i++) {
                                                                                                                                                                                        this.tieSessionToHeaderList[i] = this.tieSessionToHeaderList[i].trim();
                                                                                                                                                                                    }
                                                                                                                                                                                    HashSet hashSet = new HashSet(Arrays.asList(this.tieSessionToHeaderList));
                                                                                                                                                                                    this.tieSessionToHeaderList = (String[]) hashSet.toArray(new String[0]);
                                                                                                                                                                                    if (this.debug) {
                                                                                                                                                                                        logLocal(new StringBuffer().append("Tie web session to header list: ").append(hashSet).toString());
                                                                                                                                                                                    }
                                                                                                                                                                                } else {
                                                                                                                                                                                    this.tieSessionToHeaderList = new String[0];
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue99 = configurationManager.getConfigurationValue(PARAM_FORCE_ENTRANCE_THROUGH_ENTRY_POINTS);
                                                                                                                                                                                if (configurationValue99 == null) {
                                                                                                                                                                                    configurationValue99 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.forceEntranceThroughEntryPoints = "true".equals(configurationValue99.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Force entrance through entry-points: ").append(this.forceEntranceThroughEntryPoints).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue100 = configurationManager.getConfigurationValue(PARAM_BLOCK_RESPONSE_HEADERS_WITH_CRLF);
                                                                                                                                                                                if (configurationValue100 == null) {
                                                                                                                                                                                    configurationValue100 = "true";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockResponseHeadersWithCRLF = "true".equals(configurationValue100.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block response headers with CRLF: ").append(this.blockResponseHeadersWithCRLF).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue101 = configurationManager.getConfigurationValue(PARAM_BLOCK_FUTURE_LAST_MODIFIED_HEADERS);
                                                                                                                                                                                if (configurationValue101 == null) {
                                                                                                                                                                                    configurationValue101 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockFutureLastModifiedHeaders = "true".equals(configurationValue101.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block future 'Last-Modified' response headers: ").append(this.blockFutureLastModifiedHeaders).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue102 = configurationManager.getConfigurationValue(PARAM_BLOCK_INVALID_LAST_MODIFIED_HEADERS);
                                                                                                                                                                                if (configurationValue102 == null) {
                                                                                                                                                                                    configurationValue102 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockInvalidLastModifiedHeaders = "true".equals(configurationValue102.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block invalid 'Last-Modified' response headers: ").append(this.blockInvalidLastModifiedHeaders).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue103 = configurationManager.getConfigurationValue(PARAM_BLOCK_REQUESTS_WITH_UNKNOWN_REFERRER);
                                                                                                                                                                                if (configurationValue103 == null) {
                                                                                                                                                                                    configurationValue103 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockRequestsWithUnknownReferrer = "true".equals(configurationValue103.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block requests with unknown referrer: ").append(this.blockRequestsWithUnknownReferrer).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue104 = configurationManager.getConfigurationValue(PARAM_BLOCK_REQUESTS_WITH_MISSING_REFERRER);
                                                                                                                                                                                if (configurationValue104 == null) {
                                                                                                                                                                                    configurationValue104 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockRequestsWithMissingReferrer = "true".equals(configurationValue104.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block requests with missing referrer: ").append(this.blockRequestsWithMissingReferrer).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue105 = configurationManager.getConfigurationValue(PARAM_BLOCK_REQUESTS_WITH_DUPLICATE_HEADERS);
                                                                                                                                                                                if (configurationValue105 == null) {
                                                                                                                                                                                    configurationValue105 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockRequestsWithDuplicateHeaders = "true".equals(configurationValue105.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block requests with duplicate headers: ").append(this.blockRequestsWithDuplicateHeaders).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue106 = configurationManager.getConfigurationValue(PARAM_BLOCK_NON_LOCAL_REDIRECTS);
                                                                                                                                                                                if (configurationValue106 == null) {
                                                                                                                                                                                    configurationValue106 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                this.blockNonLocalRedirects = "true".equals(configurationValue106.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Block non-local redirects: ").append(this.blockNonLocalRedirects).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue107 = configurationManager.getConfigurationValue(PARAM_MASK_AMPERSANDS_IN_LINK_ADDITIONS);
                                                                                                                                                                                if (configurationValue107 == null) {
                                                                                                                                                                                    configurationValue107 = "true";
                                                                                                                                                                                }
                                                                                                                                                                                this.maskAmpersandsInLinkAdditions = "true".equals(configurationValue107.trim().toLowerCase());
                                                                                                                                                                                if (this.debug) {
                                                                                                                                                                                    logLocal(new StringBuffer().append("Mask ampersands in link additions: ").append(this.maskAmpersandsInLinkAdditions).toString());
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue108 = configurationManager.getConfigurationValue(PARAM_ANTI_CACHE_RESPONSE_HEADER_INJECTION_CONTENT_TYPES);
                                                                                                                                                                                if (configurationValue108 == null) {
                                                                                                                                                                                    configurationValue108 = "text/html,null";
                                                                                                                                                                                }
                                                                                                                                                                                String upperCase2 = configurationValue108.trim().toUpperCase();
                                                                                                                                                                                if (upperCase2.length() > 0) {
                                                                                                                                                                                    String[] split = upperCase2.split(",");
                                                                                                                                                                                    for (int i2 = 0; i2 < split.length; i2++) {
                                                                                                                                                                                        split[i2] = split[i2].trim();
                                                                                                                                                                                    }
                                                                                                                                                                                    this.antiCacheResponseHeaderInjectionContentTypes = new HashSet(Arrays.asList(split));
                                                                                                                                                                                    if (this.debug) {
                                                                                                                                                                                        logLocal(new StringBuffer().append("Anti cache response header injection content types: ").append(this.antiCacheResponseHeaderInjectionContentTypes).toString());
                                                                                                                                                                                    }
                                                                                                                                                                                } else {
                                                                                                                                                                                    this.antiCacheResponseHeaderInjectionContentTypes = new HashSet();
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue109 = configurationManager.getConfigurationValue(PARAM_RESPONSE_MODIFICATION_CONTENT_TYPES);
                                                                                                                                                                                if (configurationValue109 == null) {
                                                                                                                                                                                    configurationValue109 = "text/html,null";
                                                                                                                                                                                }
                                                                                                                                                                                String upperCase3 = configurationValue109.trim().toUpperCase();
                                                                                                                                                                                if (upperCase3.length() > 0) {
                                                                                                                                                                                    String[] split2 = upperCase3.split(",");
                                                                                                                                                                                    for (int i3 = 0; i3 < split2.length; i3++) {
                                                                                                                                                                                        split2[i3] = split2[i3].trim();
                                                                                                                                                                                    }
                                                                                                                                                                                    this.responseBodyModificationContentTypes = new HashSet(Arrays.asList(split2));
                                                                                                                                                                                    if (this.debug) {
                                                                                                                                                                                        logLocal(new StringBuffer().append("Response body modification content types: ").append(this.responseBodyModificationContentTypes).toString());
                                                                                                                                                                                    }
                                                                                                                                                                                } else {
                                                                                                                                                                                    this.responseBodyModificationContentTypes = new HashSet();
                                                                                                                                                                                }
                                                                                                                                                                                String configurationValue110 = configurationManager.getConfigurationValue(PARAM_400_OR_404_ATTACK_THRESHOLD__CLUSTER_AWARE);
                                                                                                                                                                                if (configurationValue110 == null) {
                                                                                                                                                                                    configurationValue110 = "false";
                                                                                                                                                                                }
                                                                                                                                                                                boolean equals35 = "true".equals(configurationValue110.trim().toLowerCase());
                                                                                                                                                                                boolean z = equals35;
                                                                                                                                                                                String configurationValue111 = configurationManager.getConfigurationValue(PARAM_400_OR_404_ATTACK_THRESHOLD);
                                                                                                                                                                                if (configurationValue111 == null) {
                                                                                                                                                                                    configurationValue111 = "150";
                                                                                                                                                                                }
                                                                                                                                                                                try {
                                                                                                                                                                                    int parseInt = Integer.parseInt(configurationValue111.trim());
                                                                                                                                                                                    if (parseInt < 0) {
                                                                                                                                                                                        throw new UnavailableException(new StringBuffer().append("Configured HTTP 400/404 attack threshold must not be negative: ").append(configurationValue111).toString());
                                                                                                                                                                                    }
                                                                                                                                                                                    this.httpStatusCodeCounter = new HttpStatusCodeTracker(this.attackHandler, parseInt, this.housekeepingIntervalMinutes * 60 * 1000, this.resetPeriodMinutesBadResponseCode * 60 * 1000, equals35 ? this.clusterBroadcastPeriod * 1000 : 0L, this.clusterInitialContextFactory, this.clusterJmsProviderUrl, this.clusterJmsConnectionFactory, this.clusterJmsTopic);
                                                                                                                                                                                    String configurationValue112 = configurationManager.getConfigurationValue(PARAM_SESSION_CREATION_ATTACK_THRESHOLD__CLUSTER_AWARE);
                                                                                                                                                                                    if (configurationValue112 == null) {
                                                                                                                                                                                        configurationValue112 = "false";
                                                                                                                                                                                    }
                                                                                                                                                                                    boolean equals36 = "true".equals(configurationValue112.trim().toLowerCase());
                                                                                                                                                                                    if (equals36) {
                                                                                                                                                                                        z = true;
                                                                                                                                                                                    }
                                                                                                                                                                                    String configurationValue113 = configurationManager.getConfigurationValue(PARAM_SESSION_CREATION_ATTACK_THRESHOLD);
                                                                                                                                                                                    if (configurationValue113 == null) {
                                                                                                                                                                                        configurationValue113 = INTERNAL_TYPE_URL;
                                                                                                                                                                                    }
                                                                                                                                                                                    try {
                                                                                                                                                                                        int parseInt2 = Integer.parseInt(configurationValue113.trim());
                                                                                                                                                                                        if (parseInt2 < 0) {
                                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Configured session creation attack threshold must not be negative: ").append(configurationValue113).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        this.sessionCreationCounter = new SessionCreationTracker(this.attackHandler, parseInt2, this.housekeepingIntervalMinutes * 60 * 1000, this.resetPeriodMinutesSessionCreation * 60 * 1000, equals36 ? this.clusterBroadcastPeriod * 1000 : 0L, this.clusterInitialContextFactory, this.clusterJmsProviderUrl, this.clusterJmsConnectionFactory, this.clusterJmsTopic);
                                                                                                                                                                                        String configurationValue114 = configurationManager.getConfigurationValue(PARAM_BUFFER_FILE_UPLOADS_TO_DISK);
                                                                                                                                                                                        if (configurationValue114 == null) {
                                                                                                                                                                                            configurationValue114 = "true";
                                                                                                                                                                                        }
                                                                                                                                                                                        this.bufferFileUploadsToDisk = "true".equals(configurationValue114.trim().toLowerCase());
                                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                                            logLocal(new StringBuffer().append("Buffer file uploads to disk: ").append(this.bufferFileUploadsToDisk).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        String configurationValue115 = configurationManager.getConfigurationValue(PARAM_APPLY_SET_AFTER_SESSION_WRITE);
                                                                                                                                                                                        if (configurationValue115 == null) {
                                                                                                                                                                                            configurationValue115 = "false";
                                                                                                                                                                                        }
                                                                                                                                                                                        this.applySetAfterWrite = "true".equals(configurationValue115.trim().toLowerCase());
                                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                                            logLocal(new StringBuffer().append("Apply set after session write: ").append(this.applySetAfterWrite).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        String configurationValue116 = configurationManager.getConfigurationValue(PARAM_VALIDATE_CLIENT_ADDRESS_FORMAT);
                                                                                                                                                                                        if (configurationValue116 == null) {
                                                                                                                                                                                            configurationValue116 = "false";
                                                                                                                                                                                        }
                                                                                                                                                                                        this.validateClientAddressFormat = "true".equals(configurationValue116.trim().toLowerCase());
                                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                                            logLocal(new StringBuffer().append("Validate client address format: ").append(this.validateClientAddressFormat).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        String configurationValue117 = configurationManager.getConfigurationValue(PARAM_TRANSPARENT_QUERYSTRING);
                                                                                                                                                                                        if (configurationValue117 == null) {
                                                                                                                                                                                            configurationValue117 = configurationManager.getConfigurationValue(LEGACY_PARAM_TRANSPARENT_QUERYSTRING);
                                                                                                                                                                                        }
                                                                                                                                                                                        if (configurationValue117 == null) {
                                                                                                                                                                                            configurationValue117 = "true";
                                                                                                                                                                                        }
                                                                                                                                                                                        this.transparentQuerystring = "true".equals(configurationValue117.trim().toLowerCase());
                                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                                            logLocal(new StringBuffer().append("Transparent querystring: ").append(this.transparentQuerystring).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        String configurationValue118 = configurationManager.getConfigurationValue(PARAM_TRANSPARENT_FORWARDING);
                                                                                                                                                                                        if (configurationValue118 == null) {
                                                                                                                                                                                            configurationValue118 = "true";
                                                                                                                                                                                        }
                                                                                                                                                                                        this.transparentForwarding = "true".equals(configurationValue118.trim().toLowerCase());
                                                                                                                                                                                        if (this.debug) {
                                                                                                                                                                                            logLocal(new StringBuffer().append("Transparent forwarding: ").append(this.transparentForwarding).toString());
                                                                                                                                                                                        }
                                                                                                                                                                                        if (this.jmsUsed) {
                                                                                                                                                                                            JmsUtils.closeQuietly(false);
                                                                                                                                                                                        }
                                                                                                                                                                                        if (z) {
                                                                                                                                                                                            try {
                                                                                                                                                                                                JmsUtils.init(this.clusterInitialContextFactory, this.clusterJmsProviderUrl, this.clusterJmsConnectionFactory, this.clusterJmsTopic);
                                                                                                                                                                                                this.jmsUsed = true;
                                                                                                                                                                                            } catch (Exception e24) {
                                                                                                                                                                                                JmsUtils.closeQuietly(false);
                                                                                                                                                                                                logLocal(new StringBuffer().append("Unable to initialize JMS: ").append(e24).toString());
                                                                                                                                                                                            }
                                                                                                                                                                                        }
                                                                                                                                                                                    } catch (NumberFormatException e25) {
                                                                                                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured session creation attack threshold: ").append(configurationValue113).toString());
                                                                                                                                                                                    }
                                                                                                                                                                                } catch (NumberFormatException e26) {
                                                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured HTTP 400/404 attack threshold: ").append(configurationValue111).toString());
                                                                                                                                                                                }
                                                                                                                                                                            } catch (NumberFormatException e27) {
                                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'forced session invalidation period': ").append(configurationValue96).toString());
                                                                                                                                                                            }
                                                                                                                                                                        } catch (NumberFormatException e28) {
                                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to number-parse (short) configured 'honeylink max per response': ").append(configurationValue92).toString());
                                                                                                                                                                        }
                                                                                                                                                                    } catch (Exception e29) {
                                                                                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to load form-field-masking-excludes definitions: ").append(e29.getMessage()).toString());
                                                                                                                                                                    }
                                                                                                                                                                } catch (Exception e30) {
                                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load decoding-permutations definitions: ").append(e30.getMessage()).toString());
                                                                                                                                                                }
                                                                                                                                                            } catch (Exception e31) {
                                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load multipart-size-limits definitions: ").append(e31.getMessage()).toString());
                                                                                                                                                            }
                                                                                                                                                        } catch (Exception e32) {
                                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to load size-limits definitions: ").append(e32.getMessage()).toString());
                                                                                                                                                        }
                                                                                                                                                    } catch (Exception e33) {
                                                                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to load content-modification-excludes definitions: ").append(e33.getMessage()).toString());
                                                                                                                                                    }
                                                                                                                                                } catch (Exception e34) {
                                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load total-excludes definitions: ").append(e34.getMessage()).toString());
                                                                                                                                                }
                                                                                                                                            } catch (Exception e35) {
                                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load DoS limit definitions: ").append(e35.getMessage()).toString());
                                                                                                                                            }
                                                                                                                                        } catch (Exception e36) {
                                                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to load bad request definitions: ").append(e36.getMessage()).toString());
                                                                                                                                        }
                                                                                                                                    } catch (Exception e37) {
                                                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to load white-list definitions: ").append(e37.getMessage()).toString());
                                                                                                                                    }
                                                                                                                                } catch (Exception e38) {
                                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load response modification definitions: ").append(e38.getMessage()).toString());
                                                                                                                                }
                                                                                                                            } catch (Exception e39) {
                                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load incoming-protection exclude definitions: ").append(e39.getMessage()).toString());
                                                                                                                            }
                                                                                                                        } catch (Exception e40) {
                                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to load captcha point definitions: ").append(e40.getMessage()).toString());
                                                                                                                        }
                                                                                                                    } catch (Exception e41) {
                                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to load renew-session-and-token point definitions: ").append(e41.getMessage()).toString());
                                                                                                                    }
                                                                                                                } catch (Exception e42) {
                                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to load optimization hint definitions: ").append(e42.getMessage()).toString());
                                                                                                                }
                                                                                                            } catch (Exception e43) {
                                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to load entry point definitions: ").append(e43.getMessage()).toString());
                                                                                                            }
                                                                                                        } catch (ClassNotFoundException e44) {
                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to find geo-locator class (").append(trim7).append("): ").append(e44.getMessage()).toString());
                                                                                                        } catch (IllegalAccessException e45) {
                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to access geo-locator (").append(trim7).append("): ").append(e45.getMessage()).toString());
                                                                                                        } catch (InstantiationException e46) {
                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to instantiate geo-locator (").append(trim7).append("): ").append(e46.getMessage()).toString());
                                                                                                        } catch (RuntimeException e47) {
                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to use geo-locator (").append(trim7).append("): ").append(e47.getMessage()).toString());
                                                                                                        } catch (FilterConfigurationException e48) {
                                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to configure geo-locator (").append(trim7).append("): ").append(e48.getMessage()).toString());
                                                                                                        }
                                                                                                    } catch (NumberFormatException e49) {
                                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'block attacking clients threshold': ").append(configurationValue37).toString());
                                                                                                    }
                                                                                                } catch (ClassNotFoundException e50) {
                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to find geo-locator class (").append(trim6).append("): ").append(e50.getMessage()).toString());
                                                                                                } catch (IllegalAccessException e51) {
                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to access geo-locator (").append(trim6).append("): ").append(e51.getMessage()).toString());
                                                                                                } catch (InstantiationException e52) {
                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to instantiate geo-locator (").append(trim6).append("): ").append(e52.getMessage()).toString());
                                                                                                } catch (RuntimeException e53) {
                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to use geo-locator (").append(trim6).append("): ").append(e53.getMessage()).toString());
                                                                                                } catch (FilterConfigurationException e54) {
                                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to configure geo-locator (").append(trim6).append("): ").append(e54.getMessage()).toString());
                                                                                                }
                                                                                            } catch (PatternSyntaxException e55) {
                                                                                                throw new UnavailableException(new StringBuffer().append("Unable to compile regular expression pattern for RemoveSensitiveDataValuePattern: ").append(e55.getMessage()).toString());
                                                                                            }
                                                                                        } catch (PatternSyntaxException e56) {
                                                                                            throw new UnavailableException(new StringBuffer().append("Unable to compile regular expression pattern for RemoveSensitiveDataRequestParamNamePattern: ").append(e56.getMessage()).toString());
                                                                                        }
                                                                                    } catch (NumberFormatException e57) {
                                                                                        throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'block repeated redirects threshold': ").append(configurationValue32).toString());
                                                                                    }
                                                                                } catch (NumberFormatException e58) {
                                                                                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'reset period minutes (redirect threshold)': ").append(configurationValue28).toString());
                                                                                }
                                                                            } catch (NumberFormatException e59) {
                                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'reset period minutes (bad response code)': ").append(configurationValue27).toString());
                                                                            }
                                                                        } catch (NumberFormatException e60) {
                                                                            throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'reset period minutes (session creation)': ").append(configurationValue26).toString());
                                                                        }
                                                                    } catch (NumberFormatException e61) {
                                                                        throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'reset period minutes (attack)': ").append(configurationValue25).toString());
                                                                    }
                                                                } catch (NumberFormatException e62) {
                                                                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'block period minutes': ").append(configurationValue24).toString());
                                                                }
                                                            } catch (NumberFormatException e63) {
                                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'config reloading interval': ").append(configurationValue23).toString());
                                                            }
                                                        } catch (NumberFormatException e64) {
                                                            throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'rule reloading interval': ").append(configurationValue22).toString());
                                                        }
                                                    } catch (NumberFormatException e65) {
                                                        throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'housekeeping interval': ").append(configurationValue21).toString());
                                                    }
                                                } catch (NumberFormatException e66) {
                                                    throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'cluster JMS broadcast period': ").append(configurationValue16).toString());
                                                }
                                            } catch (NumberFormatException e67) {
                                                throw new UnavailableException(new StringBuffer().append("Unable to number-parse configured 'failed captcha per session attack threshold': ").append(configurationValue15).toString());
                                            }
                                        } catch (Exception e68) {
                                            throw new UnavailableException(new StringBuffer().append("Unable to create and configure multipart-request-parser instance: ").append(e68.getMessage()).toString());
                                        }
                                    } catch (ClassNotFoundException e69) {
                                        throw new UnavailableException(new StringBuffer().append("Unable to find multipart-request-parser class (").append(trim5).append("): ").append(e69.getMessage()).toString());
                                    }
                                } catch (Exception e70) {
                                    throw new UnavailableException(new StringBuffer().append("Unable to create and configure client-ip-determinator instance: ").append(e70.getMessage()).toString());
                                }
                            } catch (ClassNotFoundException e71) {
                                throw new UnavailableException(new StringBuffer().append("Unable to find client-ip-determinator class (").append(trim4).append("): ").append(e71.getMessage()).toString());
                            }
                        } catch (Exception e72) {
                            throw new UnavailableException(new StringBuffer().append("Unable to check for production mode: ").append(e72.getMessage()).toString());
                        }
                    } catch (ClassNotFoundException e73) {
                        throw new UnavailableException(new StringBuffer().append("Unable to find production-mode-checker class (").append(trim3).append("): ").append(e73.getMessage()).toString());
                    }
                } catch (ClassNotFoundException e74) {
                    throw new UnavailableException(new StringBuffer().append("Unable to find captcha-generator class (").append(trim2).append("): ").append(e74.getMessage()).toString());
                } catch (IllegalAccessException e75) {
                    throw new UnavailableException(new StringBuffer().append("Unable to access captcha-generator (").append(trim2).append("): ").append(e75.getMessage()).toString());
                } catch (InstantiationException e76) {
                    throw new UnavailableException(new StringBuffer().append("Unable to instantiate captcha-generator (").append(trim2).append("): ").append(e76.getMessage()).toString());
                } catch (RuntimeException e77) {
                    throw new UnavailableException(new StringBuffer().append("Unable to use captcha-generator (").append(trim2).append("): ").append(e77.getMessage()).toString());
                } catch (FilterConfigurationException e78) {
                    throw new UnavailableException(new StringBuffer().append("Unable to configure captcha-generator (").append(trim2).append("): ").append(e78.getMessage()).toString());
                }
            } catch (ClassNotFoundException e79) {
                throw new UnavailableException(new StringBuffer().append("Unable to find rule-file-loader class (").append(trim).append("): ").append(e79.getMessage()).toString());
            }
        } catch (ClassNotFoundException e80) {
            throw new UnavailableException(new StringBuffer().append("Unable to initialize ConfigurationManager (caught ClassNotFoundException): ").append(e80.getMessage()).toString());
        } catch (IllegalAccessException e81) {
            throw new UnavailableException(new StringBuffer().append("Unable to initialize ConfigurationManager (caught IllegalAccessException): ").append(e81.getMessage()).toString());
        } catch (InstantiationException e82) {
            throw new UnavailableException(new StringBuffer().append("Unable to initialize ConfigurationManager (caught InstantiationException): ").append(e82.getMessage()).toString());
        } catch (RuntimeException e83) {
            throw new UnavailableException(new StringBuffer().append("Unable to initialize ConfigurationManager (caught RuntimeException): ").append(e83.getMessage()).toString());
        } catch (FilterConfigurationException e84) {
            throw new UnavailableException(new StringBuffer().append("Unable to initialize ConfigurationManager (caught FilterConfigurationException): ").append(e84.getMessage()).toString());
        }
    }

    private void sendProcessingError(Throwable th, HttpServletResponse httpServletResponse) {
        logLocal(new StringBuffer().append("Unable to process filter chain and unable to handle exception: ").append(th).toString());
        th.printStackTrace();
        httpServletResponse.setStatus(500);
    }

    private void sendUnavailableMessage(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        String str;
        int i;
        String stringBuffer = new StringBuffer().append("time ").append(System.currentTimeMillis()).toString();
        StringBuilder sb = new StringBuilder();
        String message = exc == null ? "No exception details available" : exc.getMessage();
        if (this.isProductionMode) {
            str = this.productionConfigurationMissingReplyMessage;
            i = this.productionConfigurationMissingReplyStatusCode;
        } else {
            str = this.developmentConfigurationMissingReplyMessage;
            i = this.developmentConfigurationMissingReplyStatusCode;
            if (message != null) {
                sb.append(message).append("\n");
            }
            if (exc != null) {
                PrintWriter printWriter = null;
                Exception exc2 = exc;
                try {
                    CharArrayWriter charArrayWriter = new CharArrayWriter();
                    printWriter = new PrintWriter(charArrayWriter);
                    exc2.printStackTrace(printWriter);
                    do {
                        exc2 = exc2.getCause();
                        if (exc2 != null) {
                            printWriter.println(new StringBuffer().append("\nCaused by: ").append(exc2.getMessage()).toString());
                            exc2.printStackTrace(printWriter);
                        }
                    } while (exc2 != null);
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    sb.append(charArrayWriter.toString());
                } catch (Throwable th) {
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    throw th;
                }
            }
        }
        if (this.attackHandler != null) {
            this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Unable to initialize protection layer:\n\t").append(sb.toString().replaceAll("\n", "\n\t")).toString());
        }
        try {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.reset();
                if (str == null || str.length() <= 0) {
                    httpServletResponse.sendError(i);
                } else {
                    String replaceAll = str.replaceAll("\\$\\{id\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(stringBuffer))).replaceAll("\\$\\{message\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(message.toString()))).replaceAll("\\$\\{details\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(sb.toString())));
                    httpServletResponse.setContentType("text/html");
                    httpServletResponse.getWriter().write(replaceAll);
                    httpServletResponse.flushBuffer();
                }
            }
        } catch (Exception e) {
            logLocal("Unable to send 'unavailable message' in response", e);
            httpServletResponse.sendError(i);
        }
    }

    private void sendUncaughtExceptionResponse(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        String str;
        int i;
        String stringBuffer = new StringBuffer().append("time ").append(System.currentTimeMillis()).toString();
        StringBuilder sb = new StringBuilder();
        String message = exc == null ? "No exception details available" : exc.getMessage();
        if (this.isProductionMode) {
            str = this.productionExceptionReplyMessage;
            i = this.productionExceptionReplyStatusCode;
        } else {
            str = this.developmentExceptionReplyMessage;
            i = this.developmentExceptionReplyStatusCode;
            if (message != null) {
                sb.append(message).append("\n");
            }
            if (exc != null) {
                PrintWriter printWriter = null;
                Exception exc2 = exc;
                try {
                    CharArrayWriter charArrayWriter = new CharArrayWriter();
                    printWriter = new PrintWriter(charArrayWriter);
                    exc2.printStackTrace(printWriter);
                    do {
                        exc2 = exc2.getCause();
                        if (exc2 != null) {
                            printWriter.println(new StringBuffer().append("\nCaused by: ").append(exc2.getMessage()).toString());
                            exc2.printStackTrace(printWriter);
                        }
                    } while (exc2 != null);
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    sb.append(charArrayWriter.toString());
                } catch (Throwable th) {
                    if (printWriter != null) {
                        printWriter.close();
                    }
                    throw th;
                }
            }
        }
        this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Uncaught exception blocked:\n\t").append(sb.toString().replaceAll("\n", "\n\t")).toString());
        try {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.reset();
                if (str == null || str.length() <= 0) {
                    httpServletResponse.sendError(i);
                } else {
                    String replaceAll = str.replaceAll("\\$\\{id\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(stringBuffer))).replaceAll("\\$\\{message\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(message))).replaceAll("\\$\\{details\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(sb.toString())));
                    httpServletResponse.setContentType("text/html");
                    httpServletResponse.getWriter().write(replaceAll);
                    httpServletResponse.flushBuffer();
                }
            }
        } catch (Exception e) {
            if (!(e instanceof IllegalStateException)) {
                logLocal("Unable to send 'uncaught exception' in response", e);
            }
            httpServletResponse.sendError(i);
        }
    }

    private void sendDisallowedResponse(HttpServletResponse httpServletResponse, Attack attack) throws IOException {
        String message;
        String str;
        int i;
        if (attack == null) {
            throw new NullPointerException("attack must not be null");
        }
        String logReferenceId = attack.getLogReferenceId();
        String stringBuffer = logReferenceId != null ? new StringBuffer().append("log ").append(logReferenceId).toString() : new StringBuffer().append("time ").append(System.currentTimeMillis()).toString();
        if (this.isProductionMode) {
            message = "";
            str = this.productionAttackReplyMessage;
            i = this.productionAttackReplyStatusCode;
        } else {
            message = attack.getMessage();
            str = this.developmentAttackReplyMessage;
            i = this.developmentAttackReplyStatusCode;
        }
        try {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.reset();
                if (str == null || str.length() <= 0) {
                    httpServletResponse.sendError(i);
                } else {
                    String replaceAll = str.replaceAll("\\$\\{id\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(stringBuffer))).replaceAll("\\$\\{message\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML("Protection rule or security setting match"))).replaceAll("\\$\\{details\\}", ServerUtils.quoteReplacement(ServerUtils.escapeSpecialCharactersHTML(message)));
                    httpServletResponse.setContentType("text/html");
                    httpServletResponse.getWriter().write(replaceAll);
                    httpServletResponse.flushBuffer();
                }
            }
        } catch (Exception e) {
            if (!(e instanceof IllegalStateException)) {
                logLocal("Unable to send 'disallowed message' in response", e);
            }
            httpServletResponse.sendError(i);
        }
    }

    private void sendErrorMessageResponse(HttpServletResponse httpServletResponse, String str, String str2) throws IOException {
        if (str2 != null) {
            this.attackHandler.logWarningRequestMessage(new StringBuffer().append("Sening error message response:\n\t").append(str2.replaceAll("\n", "\n\t")).toString());
        }
        try {
            if (!httpServletResponse.isCommitted()) {
                httpServletResponse.reset();
                if (str2 == null || str2.trim().length() <= 0) {
                    httpServletResponse.sendError(500, str2);
                } else {
                    httpServletResponse.setContentType("text/html");
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.write("<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>");
                    writer.write("<html xmlns=\"http://www.w3.org/1999/xhtml\"><head>");
                    writer.write("<meta content=\"text/html; charset=ISO-8859-1\" http-equiv=\"Content-Type\" /><meta content=\"0\" http-equiv=\"Expires\" />");
                    writer.write("<meta content=\"no-cache\" http-equiv=\"Pragma\" /><meta content=\"no-cache, no-store, must-revalidate\" http-equiv=\"Cache-control\" />");
                    writer.write(new StringBuffer().append("<title>").append(ServerUtils.escapeSpecialCharactersHTML(str)).append("</title></head>").toString());
                    writer.write("<body bgproperties=\"FIXED\" style=\"font-family: Arial, Helvetica, sans-serif, Verdana, Geneva;\">");
                    writer.write("<span style=\"background-color: #ffffbb; border: 1px dotted #999999; padding: 2px 4px 2px 12px; width: 90%; margin-top: 7px; margin-left: 5px; display:block; color: black;\">");
                    writer.write("<table style=\"border: 1px; border-width: 0px; cell-spacing: 0px; cell-padding: 0px; margin: 0px 0px 0px 0px;\">");
                    writer.write("<tr><td style=\"horizontal-align: left; vertical-align: middle; padding-bottom: 8px;\">");
                    writer.write(new StringBuffer().append("<br/><h2 style=\"margin:0; padding:0; font-size: 0.9em;\">").append(ServerUtils.escapeSpecialCharactersHTML(str)).append("</h2></td></tr>").toString());
                    writer.write("<tr><td style=\"horizontal-align: left; font-size: 0.8em;\"><ul><li>");
                    writer.write(ServerUtils.escapeSpecialCharactersHTML(str2));
                    writer.write("<p/></li></ul></td></tr></table></span></body></html>");
                    httpServletResponse.flushBuffer();
                }
            }
        } catch (Exception e) {
            if (!(e instanceof IllegalStateException)) {
                logLocal("Unable to send 'error message' in response", e);
            }
            httpServletResponse.sendError(500, str2);
        }
    }

    private void logLocal(String str) {
        logLocal(str, null);
    }

    private void logLocal(String str, Exception exc) {
        if (exc != null) {
            if (this.filterConfig == null || this.filterConfig.getServletContext() == null) {
                System.out.println(new StringBuffer().append(str).append(": ").append(exc).toString());
                return;
            } else {
                this.filterConfig.getServletContext().log(str, exc);
                return;
            }
        }
        if (this.filterConfig == null || this.filterConfig.getServletContext() == null) {
            System.out.println(str);
        } else {
            this.filterConfig.getServletContext().log(str);
        }
    }

    private void removeTemporarilyInjectedParametersFromRequest(RequestWrapper requestWrapper, String str) {
        if (requestWrapper == null) {
            return;
        }
        if (str != null && str.trim().length() > 0) {
            requestWrapper.removeEncryptedQueryString(str);
        }
        requestWrapper.removeParameter(CAPTCHA_FORM);
        HttpSession session = requestWrapper.getSession(false);
        if (session == null) {
            return;
        }
        try {
            requestWrapper.removeParameter((String) ServerUtils.getAttributeIncludingInternal(session, SESSION_SECRET_RANDOM_TOKEN_KEY_KEY));
            requestWrapper.removeParameter((String) ServerUtils.getAttributeIncludingInternal(session, SESSION_PARAMETER_AND_FORM_PROTECTION_RANDOM_TOKEN_KEY_KEY));
        } catch (IllegalStateException e) {
        }
    }

    private void removeTemporarilyInjectedParametersFromMap(Map map, HttpSession httpSession, String str) {
        if (map == null) {
            return;
        }
        if (str != null && str.trim().length() > 0) {
            removeKeysContainingCryptoDetectionString(map, str);
        }
        removeKey(map, CAPTCHA_FORM);
        if (httpSession == null) {
            return;
        }
        try {
            removeKey(map, (String) ServerUtils.getAttributeIncludingInternal(httpSession, SESSION_SECRET_RANDOM_TOKEN_KEY_KEY));
            removeKey(map, (String) ServerUtils.getAttributeIncludingInternal(httpSession, SESSION_PARAMETER_AND_FORM_PROTECTION_RANDOM_TOKEN_KEY_KEY));
        } catch (IllegalStateException e) {
        }
    }

    private void removeKey(Map map, String str) {
        if (str == null || str.trim().length() == 0) {
            return;
        }
        map.remove(str);
    }

    private void removeKeysContainingCryptoDetectionString(Map map, String str) {
        if (str == null || str.trim().length() == 0) {
            return;
        }
        Iterator it = map.keySet().iterator();
        while (it.hasNext()) {
            if (((String) it.next()).indexOf(str) != -1) {
                it.remove();
            }
        }
    }

    public String toString() {
        return Version.tagLine();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$webcastellum$WebCastellumFilter == null) {
            cls = class$("org.webcastellum.WebCastellumFilter");
            class$org$webcastellum$WebCastellumFilter = cls;
        } else {
            cls = class$org$webcastellum$WebCastellumFilter;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        STATIC_REQUEST_CRYPTODETECTION_INSERTION_POSITION = CryptoUtils.generateRandomNumber(false, 0, 150);
        isOldJavaEE13 = false;
        PATTERN_VALID_CLIENT_ADDRESS = Pattern.compile("[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b)\\.){3}(\\b((25[0-5])|(1\\d{2})|(2[0-4]\\d)|(\\d{1,2}))\\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))(%[0-9A-Fa-f]{1,4})?");
        TEMP_DIRECTORY = null;
    }
}
