package com.adobe.idp.um.auth.filter;

import com.adobe.livecycle.design.client.ApplicationConstants;
import com.adobe.logging.AdobeLogger;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/adobe/idp/um/auth/filter/ParameterFilter.class */
public class ParameterFilter implements Filter {
    private static AdobeLogger logger = AdobeLogger.getAdobeLogger(ParameterFilter.class.getName());
    public static final String CLASS_ACCESS_PATTERN = "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
    public static final String PROP_EXCLUDED_PATTERN = "com.adobe.idp.um.filter.excludedParamsPattern";
    public static final String ENABLE_PARAMETER_FILTER = "com.adobe.idp.um.enableParamsFilter";
    private static final String CHARACTER_ENCODING = "UTF8";
    private List<Pattern> excludedPatterList = Collections.emptyList();
    private boolean isFilterEnabled = true;

    /* loaded from: input_file:com/adobe/idp/um/auth/filter/ParameterFilter$ParamFilteredRequest.class */
    private class ParamFilteredRequest extends HttpServletRequestWrapper {
        public ParamFilteredRequest(ServletRequest servletRequest) {
            super((HttpServletRequest) servletRequest);
        }

        public Enumeration<String> getParameterNames() {
            ArrayList<String> list = Collections.list(super.getParameterNames());
            ArrayList arrayList = new ArrayList();
            for (String str : list) {
                if (!isExcludedParam(str)) {
                    arrayList.add(str);
                }
            }
            return Collections.enumeration(arrayList);
        }

        private boolean isExcludedParam(String str) {
            Iterator it = ParameterFilter.this.excludedPatterList.iterator();
            while (it.hasNext()) {
                if (((Pattern) it.next()).matcher(str).matches()) {
                    return true;
                }
            }
            return false;
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.isFilterEnabled = isEnabled();
        if (!this.isFilterEnabled) {
            logger.info("Parameter filter has been disabled.");
            return;
        }
        this.excludedPatterList = new ArrayList();
        this.excludedPatterList.add(Pattern.compile(CLASS_ACCESS_PATTERN, 2));
        addConfiguredExcludedPattern(filterConfig);
    }

    private void addConfiguredExcludedPattern(FilterConfig filterConfig) {
        String property = System.getProperty(PROP_EXCLUDED_PATTERN);
        if (property != null) {
            logger.info("Configured parameter patterns to be excluded are : " + property);
            for (String str : property.split(ApplicationConstants.REFERENCES_DELIMIETER)) {
                try {
                    this.excludedPatterList.add(Pattern.compile(str, 2));
                } catch (PatternSyntaxException e) {
                    logger.log(Level.WARNING, "Unable to Parse pattern : " + str + "  Skipping it.", (Throwable) e);
                }
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this.isFilterEnabled) {
            httpServletRequest.setCharacterEncoding("UTF8");
            httpServletRequest = new ParamFilteredRequest(servletRequest);
        }
        filterChain.doFilter(httpServletRequest, servletResponse);
    }

    public boolean isEnabled() {
        return Boolean.valueOf(System.getProperty(ENABLE_PARAMETER_FILTER, "true")).booleanValue();
    }

    public void destroy() {
        this.excludedPatterList = null;
    }
}
