package fr.paris.lutece.portal.web.xss;

import fr.paris.lutece.portal.service.captcha.ICaptchaSecurityService;
import fr.paris.lutece.util.http.SecurityUtil;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:fr/paris/lutece/portal/web/xss/SafeRequestFilter.class */
public abstract class SafeRequestFilter implements Filter {
    private static final String PROPERTY_TITLE_REQUEST_PARAMETERS_CONTAINS_XSS_CHARACTERS = "portal.util.message.titleDefault";
    private static final String PROPERTY_REQUEST_PARAMETERS_CONTAINS_XSS_CHARACTERS = "portal.util.message.requestParametersContainsXssCharacters";
    private static final String PARAM_FILTER_XSS_CHARATERS = "xssCharacters";
    private static final String ACTIVATE_XSS_FILTER = "activateXssFilter";
    private FilterConfig _filterConfig;
    private String _strXssCharacters;
    private boolean _bActivateXssFilter = false;

    public void init(FilterConfig filterConfig) throws ServletException {
        this._filterConfig = filterConfig;
        this._strXssCharacters = this._filterConfig.getInitParameter(PARAM_FILTER_XSS_CHARATERS);
        String initParameter = this._filterConfig.getInitParameter(ACTIVATE_XSS_FILTER);
        if (initParameter != null) {
            this._bActivateXssFilter = new Boolean(initParameter).booleanValue();
        }
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this._bActivateXssFilter && this._strXssCharacters != null && !this._strXssCharacters.trim().equals(ICaptchaSecurityService.EMPTY_STRING) && !SecurityUtil.containsCleanParameters(httpServletRequest, this._strXssCharacters)) {
            servletRequest.getRequestDispatcher("/" + getMessageRelativeUrl(httpServletRequest, PROPERTY_REQUEST_PARAMETERS_CONTAINS_XSS_CHARACTERS, null, PROPERTY_TITLE_REQUEST_PARAMETERS_CONTAINS_XSS_CHARACTERS)).forward(servletRequest, servletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected abstract String getMessageRelativeUrl(HttpServletRequest httpServletRequest, String str, Object[] objArr, String str2);
}
