package org.owasp.esapi.reference;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.ProgressListener;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.http.cookie.SM;
import org.apache.log4j.Level;
import org.openid4java.association.Association;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.HTTPUtilities;
import org.owasp.esapi.Logger;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.User;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.codecs.Hex;
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.errors.AccessControlException;
import org.owasp.esapi.errors.AuthenticationException;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.errors.IntegrityException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.errors.ValidationUploadException;
import org.slf4j.Marker;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:esapi-2.1.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities.class
 */
/* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities.class */
public class DefaultHTTPUtilities implements HTTPUtilities {
    private final Logger logger = ESAPI.getLogger("HTTPUtilities");
    private ThreadLocalRequest currentRequest = new ThreadLocalRequest();
    private ThreadLocalResponse currentResponse = new ThreadLocalResponse();
    private static volatile HTTPUtilities instance = null;
    static final int maxBytes = ESAPI.securityConfiguration().getAllowedFileUploadSize();

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:esapi-2.1.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalRequest.class
     */
    /* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalRequest.class */
    public class ThreadLocalRequest extends InheritableThreadLocal<HttpServletRequest> {
        private ThreadLocalRequest() {
        }

        public HttpServletRequest getRequest() {
            return (HttpServletRequest) super.get();
        }

        @Override // java.lang.ThreadLocal
        public HttpServletRequest initialValue() {
            return null;
        }

        public void setRequest(HttpServletRequest httpServletRequest) {
            super.set(httpServletRequest);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:esapi-2.1.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalResponse.class
     */
    /* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/reference/DefaultHTTPUtilities$ThreadLocalResponse.class */
    public class ThreadLocalResponse extends InheritableThreadLocal<HttpServletResponse> {
        private ThreadLocalResponse() {
        }

        public HttpServletResponse getResponse() {
            return (HttpServletResponse) super.get();
        }

        @Override // java.lang.ThreadLocal
        public HttpServletResponse initialValue() {
            return null;
        }

        public void setResponse(HttpServletResponse httpServletResponse) {
            super.set(httpServletResponse);
        }
    }

    public static HTTPUtilities getInstance() {
        if (instance == null) {
            synchronized (DefaultHTTPUtilities.class) {
                if (instance == null) {
                    instance = new DefaultHTTPUtilities();
                }
            }
        }
        return instance;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void addCookie(Cookie cookie) {
        addCookie(getCurrentResponse(), cookie);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void addCookie(HttpServletResponse httpServletResponse, Cookie cookie) {
        String name = cookie.getName();
        String value = cookie.getValue();
        int maxAge = cookie.getMaxAge();
        String domain = cookie.getDomain();
        String path = cookie.getPath();
        boolean secure = cookie.getSecure();
        ValidationErrorList validationErrorList = new ValidationErrorList();
        String validInput = ESAPI.validator().getValidInput("cookie name", name, "HTTPCookieName", 50, false, validationErrorList);
        String validInput2 = ESAPI.validator().getValidInput("cookie value", value, "HTTPCookieValue", Level.TRACE_INT, false, validationErrorList);
        if (validationErrorList.size() != 0) {
            this.logger.warning(Logger.SECURITY_FAILURE, "Attempt to add unsafe data to cookie (skip mode). Skipping cookie and continuing.");
        } else if (ESAPI.securityConfiguration().getForceHttpOnlyCookies()) {
            addHeader(httpServletResponse, SM.SET_COOKIE, createCookieHeader(validInput, validInput2, maxAge, domain, path, secure));
        } else {
            cookie.setSecure(secure || ESAPI.securityConfiguration().getForceSecureCookies());
            httpServletResponse.addCookie(cookie);
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String addCSRFToken(String str) {
        User currentUser = ESAPI.authenticator().getCurrentUser();
        if (currentUser.isAnonymous()) {
            return str;
        }
        String str2 = "ctoken=" + currentUser.getCSRFToken();
        return str.indexOf(63) != -1 ? str + "&" + str2 : str + "?" + str2;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void addHeader(String str, String str2) {
        addHeader(getCurrentResponse(), str, str2);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void addHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            httpServletResponse.addHeader(ESAPI.validator().getValidInput("addHeader", StringUtilities.replaceLinearWhiteSpace(str), "HTTPHeaderName", 20, false), ESAPI.validator().getValidInput("addHeader", StringUtilities.replaceLinearWhiteSpace(str2), "HTTPHeaderValue", 500, false));
        } catch (ValidationException e) {
            this.logger.warning(Logger.SECURITY_FAILURE, "Attempt to add invalid header denied", e);
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void assertSecureChannel() throws AccessControlException {
        assertSecureChannel(getCurrentRequest());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void assertSecureChannel(HttpServletRequest httpServletRequest) throws AccessControlException {
        if (httpServletRequest == null) {
            throw new AccessControlException("Insecure request received", "HTTP request was null");
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (requestURL == null) {
            throw new AccessControlException("Insecure request received", "HTTP request URL was null");
        }
        if (!requestURL.toString().startsWith("https")) {
            throw new AccessControlException("Insecure request received", "HTTP request did not use SSL");
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void assertSecureRequest() throws AccessControlException {
        assertSecureRequest(getCurrentRequest());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void assertSecureRequest(HttpServletRequest httpServletRequest) throws AccessControlException {
        assertSecureChannel(httpServletRequest);
        String method = httpServletRequest.getMethod();
        if (!method.equals("POST")) {
            throw new AccessControlException("Insecure request received", "Received request using " + method + " when only POST is allowed");
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public HttpSession changeSessionIdentifier() throws AuthenticationException {
        return changeSessionIdentifier(getCurrentRequest());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public HttpSession changeSessionIdentifier(HttpServletRequest httpServletRequest) throws AuthenticationException {
        HttpSession session = httpServletRequest.getSession();
        ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
        Enumeration<String> attributeNames = session.getAttributeNames();
        while (attributeNames != null && attributeNames.hasMoreElements()) {
            String nextElement = attributeNames.nextElement();
            concurrentHashMap.put(nextElement, session.getAttribute(nextElement));
        }
        session.invalidate();
        HttpSession session2 = httpServletRequest.getSession();
        User currentUser = ESAPI.authenticator().getCurrentUser();
        currentUser.addSession(session2);
        currentUser.removeSession(session);
        for (Map.Entry entry : concurrentHashMap.entrySet()) {
            session2.setAttribute((String) entry.getKey(), entry.getValue());
        }
        return session2;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void clearCurrent() {
        this.currentRequest.set(null);
        this.currentResponse.set(null);
    }

    private String createCookieHeader(String str, String str2, int i, String str3, String str4, boolean z) {
        String str5 = (str + "=" + str2) + "; Max-Age=" + i;
        if (str3 != null) {
            str5 = str5 + "; Domain=" + str3;
        }
        if (str4 != null) {
            str5 = str5 + "; Path=" + str4;
        }
        if (z || ESAPI.securityConfiguration().getForceSecureCookies()) {
            str5 = str5 + "; Secure";
        }
        if (ESAPI.securityConfiguration().getForceHttpOnlyCookies()) {
            str5 = str5 + "; HttpOnly";
        }
        return str5;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String decryptHiddenField(String str) {
        try {
            return decryptString(str);
        } catch (EncryptionException e) {
            throw new IntrusionException("Invalid request", "Tampering detected. Hidden field data did not decrypt properly.", e);
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public Map<String, String> decryptQueryString(String str) throws EncryptionException {
        return queryToMap(decryptString(str));
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public Map<String, String> decryptStateFromCookie() throws EncryptionException {
        return decryptStateFromCookie(getCurrentRequest());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public Map<String, String> decryptStateFromCookie(HttpServletRequest httpServletRequest) throws EncryptionException {
        try {
            String cookie = getCookie(httpServletRequest, HTTPUtilities.ESAPI_STATE);
            return cookie == null ? new HashMap() : queryToMap(decryptString(cookie));
        } catch (ValidationException e) {
            return null;
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String encryptHiddenField(String str) throws EncryptionException {
        return encryptString(str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String encryptQueryString(String str) throws EncryptionException {
        return encryptString(str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void encryptStateInCookie(HttpServletResponse httpServletResponse, Map<String, String> map) throws EncryptionException {
        StringBuilder sb = new StringBuilder();
        Iterator<Map.Entry<String, String>> it = map.entrySet().iterator();
        while (it.hasNext()) {
            try {
                Map.Entry<String, String> next = it.next();
                sb.append(ESAPI.encoder().encodeForURL(next.getKey().toString())).append("=").append(ESAPI.encoder().encodeForURL(next.getValue().toString()));
                if (it.hasNext()) {
                    sb.append("&");
                }
            } catch (EncodingException e) {
                this.logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry", e);
            }
        }
        String encryptString = encryptString(sb.toString());
        if (encryptString.length() > 4096) {
            this.logger.error(Logger.SECURITY_FAILURE, "Problem encrypting state in cookie - skipping entry");
            throw new EncryptionException("Encryption failure", "Encrypted cookie state of " + encryptString.length() + " longer than allowed 4096");
        }
        addCookie(httpServletResponse, new Cookie(HTTPUtilities.ESAPI_STATE, encryptString));
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void encryptStateInCookie(Map<String, String> map) throws EncryptionException {
        encryptStateInCookie(getCurrentResponse(), map);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getCookie(HttpServletRequest httpServletRequest, String str) throws ValidationException {
        Cookie firstCookie = getFirstCookie(httpServletRequest, str);
        if (firstCookie == null) {
            return null;
        }
        String value = firstCookie.getValue();
        return ESAPI.validator().getValidInput("HTTP cookie value: " + value, value, "HTTPCookieValue", 1000, false);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getCookie(String str) throws ValidationException {
        return getCookie(getCurrentRequest(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getCSRFToken() {
        User currentUser = ESAPI.authenticator().getCurrentUser();
        if (currentUser == null) {
            return null;
        }
        return currentUser.getCSRFToken();
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public HttpServletRequest getCurrentRequest() {
        return this.currentRequest.getRequest();
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public HttpServletResponse getCurrentResponse() {
        return this.currentResponse.getResponse();
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public List<File> getFileUploads() throws ValidationException {
        return getFileUploads(getCurrentRequest(), ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public List<File> getFileUploads(HttpServletRequest httpServletRequest) throws ValidationException {
        return getFileUploads(httpServletRequest, ESAPI.securityConfiguration().getUploadDirectory(), ESAPI.securityConfiguration().getAllowedFileExtensions());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public List<File> getFileUploads(HttpServletRequest httpServletRequest, File file) throws ValidationException {
        return getFileUploads(httpServletRequest, file, ESAPI.securityConfiguration().getAllowedFileExtensions());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public List<File> getFileUploads(HttpServletRequest httpServletRequest, File file, List list) throws ValidationException {
        File uploadTempDirectory = ESAPI.securityConfiguration().getUploadTempDirectory();
        if (!uploadTempDirectory.exists() && !uploadTempDirectory.mkdirs()) {
            throw new ValidationUploadException("Upload failed", "Could not create temp directory: " + uploadTempDirectory.getAbsolutePath());
        }
        if (file == null) {
            if (!ESAPI.securityConfiguration().getUploadDirectory().exists() && !ESAPI.securityConfiguration().getUploadDirectory().mkdirs()) {
                throw new ValidationUploadException("Upload failed", "Could not create final upload directory: " + ESAPI.securityConfiguration().getUploadDirectory().getAbsolutePath());
            }
            file = ESAPI.securityConfiguration().getUploadDirectory();
        } else if (!file.exists() && !file.mkdirs()) {
            throw new ValidationUploadException("Upload failed", "Could not create final upload directory: " + file.getAbsolutePath());
        }
        ArrayList arrayList = new ArrayList();
        try {
            final HttpSession session = httpServletRequest.getSession(false);
            if (!ServletFileUpload.isMultipartContent(httpServletRequest)) {
                throw new ValidationUploadException("Upload failed", "Not a multipart request");
            }
            ServletFileUpload servletFileUpload = new ServletFileUpload(new DiskFileItemFactory(0, uploadTempDirectory));
            servletFileUpload.setSizeMax(maxBytes);
            servletFileUpload.setProgressListener(new ProgressListener() { // from class: org.owasp.esapi.reference.DefaultHTTPUtilities.1
                private long megaBytes = -1;
                private long progress = 0;

                public void update(long j, long j2, int i) {
                    if (i == 0) {
                        return;
                    }
                    long j3 = j / 1000000;
                    if (this.megaBytes == j3) {
                        return;
                    }
                    this.megaBytes = j3;
                    this.progress = (long) ((j / j2) * 100.0d);
                    if (session != null) {
                        session.setAttribute("progress", Long.toString(this.progress));
                    }
                }
            });
            for (FileItem fileItem : servletFileUpload.parseRequest(httpServletRequest)) {
                if (!fileItem.isFormField() && fileItem.getName() != null && !fileItem.getName().equals("")) {
                    String[] split = fileItem.getName().split("[\\/\\\\]");
                    String str = split[split.length - 1];
                    if (!ESAPI.validator().isValidFileName("upload", str, (List<String>) list, false)) {
                        throw new ValidationUploadException("Upload only simple filenames with the following extensions " + list, "Upload failed isValidFileName check");
                    }
                    this.logger.info(Logger.SECURITY_SUCCESS, "File upload requested: " + str);
                    File file2 = new File(file, str);
                    if (file2.exists()) {
                        String[] split2 = str.split("\\/.");
                        String str2 = split2.length > 1 ? split2[split2.length - 1] : "";
                        file2 = File.createTempFile(str.substring(0, str.length() - str2.length()), "." + str2, file);
                    }
                    fileItem.write(file2);
                    arrayList.add(file2);
                    fileItem.delete();
                    this.logger.fatal(Logger.SECURITY_SUCCESS, "File successfully uploaded: " + file2);
                    if (session != null) {
                        session.setAttribute("progress", Long.toString(0L));
                    }
                }
            }
            return Collections.synchronizedList(arrayList);
        } catch (Exception e) {
            if (e instanceof ValidationUploadException) {
                throw ((ValidationException) e);
            }
            throw new ValidationUploadException("Upload failure", "Problem during upload:" + e.getMessage(), e);
        }
    }

    private Cookie getFirstCookie(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals(str)) {
                return cookie;
            }
        }
        return null;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getHeader(HttpServletRequest httpServletRequest, String str) throws ValidationException {
        String header = httpServletRequest.getHeader(str);
        return ESAPI.validator().getValidInput("HTTP header value: " + header, header, "HTTPHeaderValue", 150, false);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getHeader(String str) throws ValidationException {
        return getHeader(getCurrentRequest(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getParameter(HttpServletRequest httpServletRequest, String str) throws ValidationException {
        String parameter = httpServletRequest.getParameter(str);
        return ESAPI.validator().getValidInput("HTTP parameter value: " + parameter, parameter, "HTTPParameterValue", 2000, true);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String getParameter(String str) throws ValidationException {
        return getParameter(getCurrentRequest(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void killAllCookies() {
        killAllCookies(getCurrentRequest(), getCurrentResponse());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void killAllCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                killCookie(httpServletRequest, httpServletResponse, cookie.getName());
            }
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void killCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String str2 = "//";
        String str3 = "";
        Cookie firstCookie = getFirstCookie(httpServletRequest, str);
        if (firstCookie != null) {
            str2 = firstCookie.getPath();
            str3 = firstCookie.getDomain();
        }
        Cookie cookie = new Cookie(str, "deleted");
        cookie.setMaxAge(0);
        if (str3 != null) {
            cookie.setDomain(str3);
        }
        if (str2 != null) {
            cookie.setPath(str2);
        }
        httpServletResponse.addCookie(cookie);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void killCookie(String str) {
        killCookie(getCurrentRequest(), getCurrentResponse(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void logHTTPRequest() {
        logHTTPRequest(getCurrentRequest(), this.logger, null);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void logHTTPRequest(HttpServletRequest httpServletRequest, Logger logger) {
        logHTTPRequest(httpServletRequest, logger, null);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void logHTTPRequest(HttpServletRequest httpServletRequest, Logger logger, List list) {
        StringBuilder sb = new StringBuilder();
        Iterator<String> it = httpServletRequest.getParameterMap().keySet().iterator();
        while (it.hasNext()) {
            String next = it.next();
            String[] strArr = httpServletRequest.getParameterMap().get(next);
            for (int i = 0; i < strArr.length; i++) {
                sb.append(next).append("=");
                if (list == null || !list.contains(next)) {
                    sb.append(strArr[i]);
                } else {
                    sb.append("********");
                }
                if (i < strArr.length - 1) {
                    sb.append("&");
                }
            }
            if (it.hasNext()) {
                sb.append("&");
            }
        }
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (!cookie.getName().equals(ESAPI.securityConfiguration().getHttpSessionIdName())) {
                    sb.append(Marker.ANY_NON_NULL_MARKER).append(cookie.getName()).append("=").append(cookie.getValue());
                }
            }
        }
        logger.info(Logger.SECURITY_SUCCESS, httpServletRequest.getMethod() + Association.FAILED_ASSOC_HANDLE + ((Object) httpServletRequest.getRequestURL()) + (sb.length() > 0 ? "?" + ((Object) sb) : ""));
    }

    private Map<String, String> queryToMap(String str) {
        TreeMap treeMap = new TreeMap();
        for (String str2 : str.split("&")) {
            try {
                String[] split = str2.split("=");
                treeMap.put(ESAPI.encoder().decodeFromURL(split[0]), ESAPI.encoder().decodeFromURL(split[1]));
            } catch (EncodingException e) {
            }
        }
        return treeMap;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void sendForward(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws AccessControlException, ServletException, IOException {
        if (!str.startsWith("WEB-INF")) {
            throw new AccessControlException("Forward failed", "Bad forward location: " + str);
        }
        httpServletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void sendForward(String str) throws AccessControlException, ServletException, IOException {
        sendForward(getCurrentRequest(), getCurrentResponse(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void sendRedirect(HttpServletResponse httpServletResponse, String str) throws AccessControlException, IOException {
        if (ESAPI.validator().isValidRedirectLocation("Redirect", str, false)) {
            httpServletResponse.sendRedirect(str);
        } else {
            this.logger.fatal(Logger.SECURITY_FAILURE, "Bad redirect location: " + str);
            throw new IOException("Redirect failed");
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void sendRedirect(String str) throws AccessControlException, IOException {
        sendRedirect(getCurrentResponse(), str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setContentType() {
        setContentType(getCurrentResponse());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setContentType(HttpServletResponse httpServletResponse) {
        httpServletResponse.setContentType(ESAPI.securityConfiguration().getResponseContentType());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setCurrentHTTP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.currentRequest.setRequest(httpServletRequest);
        this.currentResponse.setResponse(httpServletResponse);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setHeader(HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            httpServletResponse.setHeader(ESAPI.validator().getValidInput("setHeader", StringUtilities.replaceLinearWhiteSpace(str), "HTTPHeaderName", 20, false), ESAPI.validator().getValidInput("setHeader", StringUtilities.replaceLinearWhiteSpace(str2), "HTTPHeaderValue", 500, false));
        } catch (ValidationException e) {
            this.logger.warning(Logger.SECURITY_FAILURE, "Attempt to set invalid header denied", e);
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setHeader(String str, String str2) {
        setHeader(getCurrentResponse(), str, str2);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setNoCacheHeaders() {
        setNoCacheHeaders(getCurrentResponse());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void setNoCacheHeaders(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setDateHeader("Expires", -1L);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String setRememberToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, int i, String str2, String str3) {
        User currentUser = ESAPI.authenticator().getCurrentUser();
        try {
            killCookie(httpServletRequest, httpServletResponse, HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME);
            String seal = ESAPI.encryptor().seal(currentUser.getAccountName() + "|" + str, ESAPI.encryptor().getRelativeTimeStamp(i * 1000));
            Cookie cookie = new Cookie(HTTPUtilities.REMEMBER_TOKEN_COOKIE_NAME, seal);
            cookie.setMaxAge(i);
            cookie.setDomain(str2);
            cookie.setPath(str3);
            httpServletResponse.addCookie(cookie);
            this.logger.info(Logger.SECURITY_SUCCESS, "Enabled remember me token for " + currentUser.getAccountName());
            return seal;
        } catch (IntegrityException e) {
            this.logger.warning(Logger.SECURITY_FAILURE, "Attempt to set remember me token failed for " + currentUser.getAccountName(), e);
            return null;
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public String setRememberToken(String str, int i, String str2, String str3) {
        return setRememberToken(getCurrentRequest(), getCurrentResponse(), str, i, str2, str3);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void verifyCSRFToken() throws IntrusionException {
        verifyCSRFToken(getCurrentRequest());
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public void verifyCSRFToken(HttpServletRequest httpServletRequest) throws IntrusionException {
        User currentUser = ESAPI.authenticator().getCurrentUser();
        if (httpServletRequest.getAttribute(currentUser.getCSRFToken()) != null) {
            return;
        }
        if (!currentUser.getCSRFToken().equals(httpServletRequest.getParameter(HTTPUtilities.CSRF_TOKEN_NAME))) {
            throw new IntrusionException("Authentication failed", "Possibly forged HTTP request without proper CSRF token detected");
        }
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public <T> T getSessionAttribute(String str) {
        HttpSession session = ESAPI.currentRequest().getSession(false);
        if (session != null) {
            return (T) session.getAttribute(str);
        }
        return null;
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public <T> T getSessionAttribute(HttpSession httpSession, String str) {
        return (T) httpSession.getAttribute(str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public <T> T getRequestAttribute(String str) {
        return (T) ESAPI.currentRequest().getAttribute(str);
    }

    @Override // org.owasp.esapi.HTTPUtilities
    public <T> T getRequestAttribute(HttpServletRequest httpServletRequest, String str) {
        return (T) httpServletRequest.getAttribute(str);
    }

    private String encryptString(String str) throws EncryptionException {
        return Hex.encode(ESAPI.encryptor().encrypt(new PlainText(str)).asPortableSerializedByteArray(), false);
    }

    private String decryptString(String str) throws EncryptionException {
        return ESAPI.encryptor().decrypt(CipherText.fromPortableSerializedBytes(Hex.decode(str))).toString();
    }
}
