package net.rgielen.struts1.filter;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:net/rgielen/struts1/filter/ParamWrapperFilter.class */
public class ParamWrapperFilter implements Filter {
    private static final Log LOG;
    private static final String DEFAULT_BLACKLIST_PATTERN = "(.*\\.|^|.*|\\[('|\"))(c|C)lass(\\.|('|\")]|\\[).*";
    private static final String INIT_PARAM_NAME = "excludeParams";
    private Pattern pattern;
    static Class class$net$rgielen$struts1$filter$ParamWrapperFilter;

    /* loaded from: input_file:net/rgielen/struts1/filter/ParamWrapperFilter$ParamFilteredRequest.class */
    static class ParamFilteredRequest extends HttpServletRequestWrapper {
        private static final int BUFFER_SIZE = 128;
        private final String body;
        private final Pattern pattern;
        private final List requestParameterNames;
        private boolean read_stream;

        public ParamFilteredRequest(ServletRequest servletRequest, Pattern pattern) {
            super((HttpServletRequest) servletRequest);
            this.read_stream = false;
            this.pattern = pattern;
            StringBuilder sb = new StringBuilder();
            BufferedReader bufferedReader = null;
            this.requestParameterNames = Collections.list(super.getParameterNames());
            try {
                try {
                    ServletInputStream inputStream = servletRequest.getInputStream();
                    if (inputStream != null) {
                        bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
                        char[] cArr = new char[BUFFER_SIZE];
                        while (true) {
                            int read = bufferedReader.read(cArr);
                            if (read <= 0) {
                                break;
                            } else {
                                sb.append(cArr, 0, read);
                            }
                        }
                    } else {
                        sb.append("");
                    }
                    if (bufferedReader != null) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                            logCatchedException(e);
                        }
                    }
                } catch (IOException e2) {
                    logCatchedException(e2);
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e3) {
                            logCatchedException(e3);
                        }
                    }
                }
                this.body = sb.toString();
            } catch (Throwable th) {
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e4) {
                        logCatchedException(e4);
                    }
                }
                throw th;
            }
        }

        public Enumeration getParameterNames() {
            ArrayList arrayList = new ArrayList();
            for (String str : Collections.list(super.getParameterNames())) {
                if (!this.pattern.matcher(str).matches()) {
                    arrayList.add(str);
                }
            }
            return Collections.enumeration(arrayList);
        }

        public ServletInputStream getInputStream() throws IOException {
            ByteArrayInputStream byteArrayInputStream;
            if (ParamWrapperFilter.LOG.isTraceEnabled()) {
                ParamWrapperFilter.LOG.trace(this.body);
            }
            if (this.pattern.matcher(this.body).matches()) {
                if (ParamWrapperFilter.LOG.isWarnEnabled()) {
                    ParamWrapperFilter.LOG.warn("[getInputStream]: found body to match blacklisted parameter pattern");
                }
                byteArrayInputStream = new ByteArrayInputStream("".getBytes());
            } else if (this.read_stream) {
                byteArrayInputStream = new ByteArrayInputStream("".getBytes());
            } else {
                if (ParamWrapperFilter.LOG.isDebugEnabled()) {
                    ParamWrapperFilter.LOG.debug("[getInputStream]: OK - body does not match blacklisted parameter pattern");
                }
                byteArrayInputStream = new ByteArrayInputStream(this.body.getBytes());
                this.read_stream = true;
            }
            return new ServletInputStream(this, byteArrayInputStream) { // from class: net.rgielen.struts1.filter.ParamWrapperFilter.ParamFilteredRequest.1
                private final ByteArrayInputStream val$byteArrayInputStream;
                private final ParamFilteredRequest this$0;

                {
                    this.this$0 = this;
                    this.val$byteArrayInputStream = byteArrayInputStream;
                }

                public int read() throws IOException {
                    return this.val$byteArrayInputStream.read();
                }
            };
        }

        private void logCatchedException(IOException iOException) {
            ParamWrapperFilter.LOG.error("[ParamFilteredRequest]: Exception catched: ", iOException);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(INIT_PARAM_NAME);
        this.pattern = Pattern.compile((initParameter == null || initParameter.trim().length() <= 0) ? DEFAULT_BLACKLIST_PATTERN : initParameter, 32);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        filterChain.doFilter(new ParamFilteredRequest(servletRequest, this.pattern), servletResponse);
    }

    public void destroy() {
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$rgielen$struts1$filter$ParamWrapperFilter == null) {
            cls = class$("net.rgielen.struts1.filter.ParamWrapperFilter");
            class$net$rgielen$struts1$filter$ParamWrapperFilter = cls;
        } else {
            cls = class$net$rgielen$struts1$filter$ParamWrapperFilter;
        }
        LOG = LogFactory.getLog(cls);
    }
}
