package org.owasp.esapi.waf.rules;

import java.util.Collection;
import java.util.Enumeration;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletRequest;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml-2.6.4.wso2v3.jar:esapi-2.0.1.jar:org/owasp/esapi/waf/rules/MustMatchRule.class
 */
/* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/waf/rules/MustMatchRule.class */
public class MustMatchRule extends Rule {
    private static final String REQUEST_PARAMETERS = "request.parameters.";
    private static final String REQUEST_HEADERS = "request.headers.";
    private static final String REQUEST_URI = "request.uri";
    private static final String REQUEST_URL = "request.url";
    private static final String SESSION_ATTRIBUTES = "session.";
    private Pattern path;
    private String variable;
    private int operator;
    private String value;

    public MustMatchRule(String str, Pattern pattern, String str2, int i, String str3) {
        this.path = pattern;
        this.variable = str2;
        this.operator = i;
        this.value = str3;
        setId(str);
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        InterceptingHTTPServletRequest interceptingHTTPServletRequest = (InterceptingHTTPServletRequest) httpServletRequest;
        if (!this.path.matcher(interceptingHTTPServletRequest.getRequestURI()).matches()) {
            return new DoNothingAction();
        }
        if (this.variable.startsWith(REQUEST_PARAMETERS)) {
            if (this.operator == 3) {
                if (interceptingHTTPServletRequest.getParameter(this.variable.substring(REQUEST_PARAMETERS.length())) != null) {
                    return new DoNothingAction();
                }
            } else if (this.operator != 2 && (this.operator == 0 || this.operator == 1)) {
                String substring = this.variable.substring(REQUEST_PARAMETERS.length());
                if (substring.contains("*") || substring.contains("?")) {
                    Pattern compile = Pattern.compile(substring.replaceAll("*", ".*"));
                    Enumeration<String> parameterNames = interceptingHTTPServletRequest.getParameterNames();
                    while (parameterNames.hasMoreElements()) {
                        String nextElement = parameterNames.nextElement();
                        if (compile.matcher(nextElement).matches()) {
                            String parameter = interceptingHTTPServletRequest.getParameter(nextElement);
                            if (!RuleUtil.testValue(parameter, this.value, this.operator)) {
                                log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', input='" + parameter + "' parameter='" + nextElement + "'");
                                return new DefaultAction();
                            }
                        }
                    }
                } else {
                    String parameter2 = interceptingHTTPServletRequest.getParameter(substring);
                    if (!RuleUtil.testValue(parameter2, this.value, this.operator)) {
                        log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', input='" + parameter2 + "', parameter='" + substring + "'");
                        return new DefaultAction();
                    }
                }
            }
        } else if (this.variable.startsWith(REQUEST_HEADERS)) {
            if (this.operator == 3) {
                if (interceptingHTTPServletRequest.getHeader(this.variable.substring(REQUEST_HEADERS.length())) != null) {
                    return new DoNothingAction();
                }
            } else if (this.operator != 2 && (this.operator == 0 || this.operator == 1)) {
                String substring2 = this.variable.substring(REQUEST_HEADERS.length());
                if (!substring2.contains("*") && !substring2.contains("?")) {
                    String header = interceptingHTTPServletRequest.getHeader(substring2);
                    if (header != null && RuleUtil.testValue(header, this.value, this.operator)) {
                        return new DoNothingAction();
                    }
                    log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', input='" + header + "', header='" + substring2 + "'");
                    return new DefaultAction();
                }
                Pattern compile2 = Pattern.compile(substring2.replaceAll("*", ".*"));
                Enumeration<String> headerNames = interceptingHTTPServletRequest.getHeaderNames();
                while (headerNames.hasMoreElements()) {
                    String nextElement2 = headerNames.nextElement();
                    if (compile2.matcher(nextElement2).matches()) {
                        String header2 = interceptingHTTPServletRequest.getHeader(nextElement2);
                        if (!RuleUtil.testValue(header2, this.value, this.operator)) {
                            log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', input='" + header2 + "', header='" + nextElement2 + "'");
                            return new DefaultAction();
                        }
                    }
                }
                return new DoNothingAction();
            }
        } else if (this.variable.startsWith(SESSION_ATTRIBUTES)) {
            if (interceptingHTTPServletRequest.getSession(false) == null) {
                return new DefaultAction();
            }
            String substring3 = this.variable.substring(SESSION_ATTRIBUTES.length() + 1);
            if (this.operator == 2) {
                Object attribute = interceptingHTTPServletRequest.getSession(false).getAttribute(substring3);
                if (attribute instanceof Collection) {
                    if (RuleUtil.isInList((Collection) attribute, this.value)) {
                        return new DoNothingAction();
                    }
                    log(interceptingHTTPServletRequest, "MustMatch rule failed - looking for value='" + this.value + "', in session Collection attribute '" + substring3 + "']");
                    return new DefaultAction();
                }
                if (attribute instanceof Map) {
                    if (RuleUtil.isInList((Map) attribute, this.value)) {
                        return new DoNothingAction();
                    }
                    log(interceptingHTTPServletRequest, "MustMatch rule failed - looking for value='" + this.value + "', in session Map attribute '" + substring3 + "']");
                    return new DefaultAction();
                }
                if (attribute instanceof Enumeration) {
                    if (RuleUtil.isInList((Enumeration) attribute, this.value)) {
                        return new DoNothingAction();
                    }
                    log(interceptingHTTPServletRequest, "MustMatch rule failed - looking for value='" + this.value + "', in session Enumeration attribute '" + substring3 + "']");
                    return new DefaultAction();
                }
            } else {
                if (this.operator == 3) {
                    if (interceptingHTTPServletRequest.getSession(false).getAttribute(substring3) != null) {
                        return new DoNothingAction();
                    }
                    log(interceptingHTTPServletRequest, "MustMatch rule failed - couldn't find required session attribute='" + substring3 + "'");
                    return new DefaultAction();
                }
                if (this.operator == 0 || this.operator == 1) {
                    if (!substring3.contains("*") && !substring3.contains("?")) {
                        Object attribute2 = interceptingHTTPServletRequest.getSession(false).getAttribute(substring3);
                        if (RuleUtil.testValue((String) attribute2, this.value, this.operator)) {
                            return new DoNothingAction();
                        }
                        log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', session attribute='" + substring3 + "', attribute value='" + ((String) attribute2) + "'");
                        return new DefaultAction();
                    }
                    Pattern compile3 = Pattern.compile(substring3.replaceAll("\\*", ".*"));
                    Enumeration<String> attributeNames = interceptingHTTPServletRequest.getSession(false).getAttributeNames();
                    while (attributeNames.hasMoreElements()) {
                        String nextElement3 = attributeNames.nextElement();
                        if (compile3.matcher(nextElement3).matches()) {
                            Object attribute3 = interceptingHTTPServletRequest.getSession(false).getAttribute(nextElement3);
                            if (RuleUtil.testValue((String) attribute3, this.value, this.operator)) {
                                return new DoNothingAction();
                            }
                            log(interceptingHTTPServletRequest, "MustMatch rule failed (operator=" + this.operator + "), value='" + this.value + "', session attribute='" + nextElement3 + "', attribute value='" + ((String) attribute3) + "'");
                            return new DefaultAction();
                        }
                    }
                }
            }
        } else if (this.variable.equals(REQUEST_URI)) {
            if (this.operator == 0 || this.operator == 1) {
                if (RuleUtil.testValue(interceptingHTTPServletRequest.getRequestURI(), this.value, this.operator)) {
                    return new DoNothingAction();
                }
                log(interceptingHTTPServletRequest, "MustMatch rule on request URI failed (operator=" + this.operator + "), requestURI='" + interceptingHTTPServletRequest.getRequestURI() + "', value='" + this.value + "'");
                return new DefaultAction();
            }
        } else if (this.variable.equals(REQUEST_URL) && (this.operator == 0 || this.operator == 1)) {
            if (RuleUtil.testValue(interceptingHTTPServletRequest.getRequestURL().toString(), this.value, this.operator)) {
                return new DoNothingAction();
            }
            log(interceptingHTTPServletRequest, "MustMatch rule on request URL failed (operator=" + this.operator + "), requestURL='" + ((Object) interceptingHTTPServletRequest.getRequestURL()) + "', value='" + this.value + "'");
            return new DefaultAction();
        }
        log(interceptingHTTPServletRequest, "MustMatch rule failed close on URL '" + ((Object) interceptingHTTPServletRequest.getRequestURL()) + "'");
        return new DefaultAction();
    }
}
