package fr.paris.lutece.util.http;

import fr.paris.lutece.util.string.StringUtil;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;

/* loaded from: input_file:fr/paris/lutece/util/http/SecurityUtil.class */
public final class SecurityUtil {
    private static final String LOGGER_NAME = "lutece.security.http";
    private static final String PATTERN_CLEAN_PARAMETER = "^[\\w/]+$+";

    private SecurityUtil() {
    }

    public static boolean containsCleanParameters(HttpServletRequest httpServletRequest) {
        return containsCleanParameters(httpServletRequest, null);
    }

    public static boolean containsCleanParameters(HttpServletRequest httpServletRequest, String str) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            for (String str2 : httpServletRequest.getParameterValues((String) parameterNames.nextElement())) {
                if (containsXssCharacters(httpServletRequest, str2, str)) {
                    Logger.getLogger(LOGGER_NAME).warn("SECURITY WARNING : INVALID REQUEST PARAMETERS" + dumpRequest(httpServletRequest));
                    return false;
                }
            }
        }
        return true;
    }

    public static boolean containsXssCharacters(HttpServletRequest httpServletRequest, String str) {
        return containsXssCharacters(httpServletRequest, str, null);
    }

    public static boolean containsXssCharacters(HttpServletRequest httpServletRequest, String str, String str2) {
        boolean containsXssCharacters = str2 == null ? StringUtil.containsXssCharacters(str) : StringUtil.containsXssCharacters(str, str2);
        if (containsXssCharacters) {
            Logger.getLogger(LOGGER_NAME).warn("SECURITY WARNING : XSS CHARACTERS DETECTED" + dumpRequest(httpServletRequest));
        }
        return containsXssCharacters;
    }

    public static String dumpRequest(HttpServletRequest httpServletRequest) {
        StringBuffer stringBuffer = new StringBuffer("\r\n Request Dump : \r\n");
        dumpTitle(stringBuffer, "Request variables");
        dumpVariables(stringBuffer, httpServletRequest);
        dumpTitle(stringBuffer, "Request parameters");
        dumpParameters(stringBuffer, httpServletRequest);
        dumpTitle(stringBuffer, "Request headers");
        dumpHeaders(stringBuffer, httpServletRequest);
        return stringBuffer.toString();
    }

    private static void dumpTitle(StringBuffer stringBuffer, String str) {
        stringBuffer.append("** ");
        stringBuffer.append(str);
        stringBuffer.append("  **\r\n");
    }

    private static void dumpVariables(StringBuffer stringBuffer, HttpServletRequest httpServletRequest) {
        dumpVariable(stringBuffer, "AUTH_TYPE", httpServletRequest.getAuthType());
        dumpVariable(stringBuffer, "REQUEST_METHOD", httpServletRequest.getMethod());
        dumpVariable(stringBuffer, "PATH_INFO", httpServletRequest.getPathInfo());
        dumpVariable(stringBuffer, "PATH_TRANSLATED", httpServletRequest.getPathTranslated());
        dumpVariable(stringBuffer, "QUERY_STRING", httpServletRequest.getQueryString());
        dumpVariable(stringBuffer, "REQUEST_URI", httpServletRequest.getRequestURI());
        dumpVariable(stringBuffer, "SCRIPT_NAME", httpServletRequest.getServletPath());
        dumpVariable(stringBuffer, "LOCAL_ADDR", httpServletRequest.getLocalAddr());
        dumpVariable(stringBuffer, "SERVER_PROTOCOL", httpServletRequest.getProtocol());
        dumpVariable(stringBuffer, "REMOTE_ADDR", httpServletRequest.getRemoteAddr());
        dumpVariable(stringBuffer, "REMOTE_HOST", httpServletRequest.getRemoteHost());
        dumpVariable(stringBuffer, "HTTPS", httpServletRequest.getScheme());
        dumpVariable(stringBuffer, "SERVER_NAME", httpServletRequest.getServerName());
        dumpVariable(stringBuffer, "SERVER_PORT", String.valueOf(httpServletRequest.getServerPort()));
    }

    private static void dumpHeaders(StringBuffer stringBuffer, HttpServletRequest httpServletRequest) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                dumpVariable(stringBuffer, str, (String) headers.nextElement());
            }
        }
    }

    private static void dumpParameters(StringBuffer stringBuffer, HttpServletRequest httpServletRequest) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            for (String str2 : httpServletRequest.getParameterValues(str)) {
                dumpVariable(stringBuffer, str, str2);
            }
        }
    }

    private static void dumpVariable(StringBuffer stringBuffer, String str, String str2) {
        stringBuffer.append(str);
        stringBuffer.append(" : \"");
        stringBuffer.append(str2);
        stringBuffer.append("\"\r\n");
    }
}
