package org.exist.http.filter;

import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Enumeration;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:WEB-INF/lib/exist-optional.jar:org/exist/http/filter/PathFilter.class */
public class PathFilter implements Filter {
    private static final Logger LOG = LogManager.getLogger((Class<?>) PathFilter.class);
    private FilterConfig filterConfig;
    private static final String TEST_REST = "HTTP GET /rest/";
    private static final String TEST_GET_QUERY = "HTTP GET ?_query=";
    private static final String TEST_POST_XUPDATE = "HTTP POST XUpdate";
    private static final String TEST_POST_QUERY = "HTTP POST Query Document";
    private static final String TEST_DELETE = "HTTP DELETE";
    private static final String TEST_PUT = "HTTP PUT";
    private boolean allowFirst = false;
    private HashSet<String> allows = new HashSet<>();
    private HashSet<String> denys = new HashSet<>();
    private HashSet<String> filterNames = new HashSet<>();

    public void init(FilterConfig filterConfig) throws ServletException {
        setFilterConfig(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.filterConfig == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        boolean z = false;
        String queryString = httpServletRequest.getQueryString();
        String requestURI = httpServletRequest.getRequestURI();
        LOG.info("requestURI = [" + requestURI + "]");
        LOG.info("queryString = [" + queryString + "]");
        LOG.info("method = [" + httpServletRequest.getMethod() + "]");
        if (queryString != null && queryString.indexOf("_query=") >= 0 && this.filterNames.contains(TEST_GET_QUERY)) {
            LOG.info("HTTP GET ?_query= met");
            z = true;
        } else if (requestURI != null && requestURI.indexOf("/rest/") >= 0 && this.filterNames.contains(TEST_REST)) {
            z = true;
            LOG.info("HTTP GET /rest/ met");
        } else if (httpServletRequest.getMethod().equalsIgnoreCase("PUT") && this.filterNames.contains(TEST_PUT)) {
            z = true;
            LOG.info("HTTP PUT met");
        } else if (httpServletRequest.getMethod().equalsIgnoreCase("DELETE") && this.filterNames.contains(TEST_DELETE)) {
            z = true;
            LOG.info("HTTP DELETE met");
        } else if (httpServletRequest.getMethod().equalsIgnoreCase(HttpPost.METHOD_NAME)) {
        }
        if (!z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.allowFirst) {
            if (allowMatch(httpServletRequest)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        } else if (denyMatch(httpServletRequest)) {
            httpServletResponse.sendError(403);
        } else if (allowMatch(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
        httpServletResponse.sendError(403);
    }

    private String validName(ServletRequest servletRequest) {
        String remoteHost = servletRequest.getRemoteHost();
        String remoteAddr = servletRequest.getRemoteAddr();
        if (remoteHost.equalsIgnoreCase(remoteAddr)) {
            try {
                remoteHost = InetAddress.getByName(remoteAddr).getCanonicalHostName();
            } catch (UnknownHostException e) {
                remoteHost = null;
            }
        }
        return remoteHost;
    }

    private boolean denyMatch(ServletRequest servletRequest) {
        return this.denys.contains(servletRequest.getRemoteAddr()) || this.denys.contains(validName(servletRequest));
    }

    private boolean allowMatch(ServletRequest servletRequest) {
        return this.allows.contains(servletRequest.getRemoteAddr()) || this.allows.contains(validName(servletRequest));
    }

    public void destroy() {
        this.allows = null;
        this.denys = null;
        this.filterNames = null;
        this.filterConfig = null;
    }

    public FilterConfig getFilterConfig() {
        return this.filterConfig;
    }

    public void setFilterConfig(FilterConfig filterConfig) {
        this.filterConfig = filterConfig;
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        if (initParameterNames != null) {
            this.allows.clear();
            this.denys.clear();
            this.filterNames.clear();
            while (initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                String initParameter = filterConfig.getInitParameter(str);
                LOG.info("Parameter [" + str + "][" + initParameter + "]");
                if (str.startsWith("exclude")) {
                    this.denys.add(initParameter);
                } else if (str.startsWith("include")) {
                    this.allows.add(initParameter);
                } else if (str.startsWith("type")) {
                    this.filterNames.add(initParameter);
                } else if (str.equalsIgnoreCase("order")) {
                    this.allowFirst = initParameter.equalsIgnoreCase("allow,deny");
                }
            }
        }
    }
}
