package com.networknt.sanitizer;

import com.networknt.config.Config;
import com.networknt.handler.Handler;
import com.networknt.handler.MiddlewareHandler;
import com.networknt.httpstring.AttachmentConstants;
import com.networknt.utility.ModuleRegistry;
import io.undertow.Handlers;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HeaderMap;
import io.undertow.util.HeaderValues;
import java.util.Iterator;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import org.owasp.encoder.EncoderWrapper;
import org.owasp.encoder.Encoders;

/* loaded from: input_file:com/networknt/sanitizer/SanitizerHandler.class */
public class SanitizerHandler implements MiddlewareHandler {
    static SanitizerConfig config;
    EncoderWrapper bodyEncoder;
    EncoderWrapper headerEncoder;
    private volatile HttpHandler next;

    public SanitizerHandler() {
        config = SanitizerConfig.load();
        this.bodyEncoder = new EncoderWrapper(Encoders.forName(config.getBodyEncoder()), config.getBodyAttributesToIgnore(), config.getBodyAttributesToEncode());
        this.headerEncoder = new EncoderWrapper(Encoders.forName(config.getHeaderEncoder()), config.getHeaderAttributesToIgnore(), config.getHeaderAttributesToEncode());
    }

    @Deprecated
    public SanitizerHandler(String str) {
        config = SanitizerConfig.load(str);
        this.bodyEncoder = new EncoderWrapper(Encoders.forName(config.getBodyEncoder()), config.getBodyAttributesToIgnore(), config.getBodyAttributesToEncode());
        this.headerEncoder = new EncoderWrapper(Encoders.forName(config.getHeaderEncoder()), config.getHeaderAttributesToIgnore(), config.getHeaderAttributesToEncode());
    }

    @Override // io.undertow.server.HttpHandler
    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        Object attachment;
        HeaderMap requestHeaders;
        if (logger.isDebugEnabled()) {
            logger.trace("SanitizerHandler.handleRequest starts.");
        }
        String httpString = httpServerExchange.getRequestMethod().toString();
        if (config.isHeaderEnabled() && (requestHeaders = httpServerExchange.getRequestHeaders()) != null) {
            Iterator<HeaderValues> it = requestHeaders.iterator();
            while (it.hasNext()) {
                HeaderValues next = it.next();
                if (next != null) {
                    if (config.getHeaderAttributesToIgnore() == null || !config.getHeaderAttributesToIgnore().contains(next.getHeaderName().toString())) {
                        if (config.getHeaderAttributesToEncode() == null) {
                            if (logger.isTraceEnabled()) {
                                logger.trace("Encode header " + next.getHeaderName().toString() + " as it is not in the ignore list and the encode list is null.");
                            }
                            ListIterator<String> listIterator = next.listIterator();
                            while (listIterator.hasNext()) {
                                listIterator.set(this.headerEncoder.applyEncoding(listIterator.next()));
                            }
                        } else if (config.getHeaderAttributesToEncode().contains(next.getHeaderName().toString())) {
                            if (logger.isTraceEnabled()) {
                                logger.trace("Encode header " + next.getHeaderName().toString() + " as it is not in the ignore list and it is in the encode list.");
                            }
                            ListIterator<String> listIterator2 = next.listIterator();
                            while (listIterator2.hasNext()) {
                                listIterator2.set(this.headerEncoder.applyEncoding(listIterator2.next()));
                            }
                        }
                    } else if (logger.isTraceEnabled()) {
                        logger.trace("Ignore header " + next.getHeaderName().toString() + " as it is in the ignore list.");
                    }
                }
            }
        }
        if (config.isBodyEnabled() && (("POST".equalsIgnoreCase(httpString) || "PUT".equalsIgnoreCase(httpString) || "PATCH".equalsIgnoreCase(httpString)) && (attachment = httpServerExchange.getAttachment(AttachmentConstants.REQUEST_BODY)) != null)) {
            if (attachment instanceof List) {
                this.bodyEncoder.encodeList((List) attachment);
            } else if (attachment instanceof Map) {
                this.bodyEncoder.encodeNode((Map) attachment);
            }
        }
        if (logger.isDebugEnabled()) {
            logger.trace("SanitizerHandler.handleRequest ends.");
        }
        Handler.next(httpServerExchange, this.next);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public HttpHandler getNext() {
        return this.next;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public MiddlewareHandler setNext(HttpHandler httpHandler) {
        Handlers.handlerNotNull(httpHandler);
        this.next = httpHandler;
        return this;
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public boolean isEnabled() {
        return config.isEnabled();
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void register() {
        ModuleRegistry.registerModule(SanitizerHandler.class.getName(), Config.getInstance().getJsonMapConfigNoCache(SanitizerConfig.CONFIG_NAME), null);
    }

    @Override // com.networknt.handler.MiddlewareHandler
    public void reload() {
        config = SanitizerConfig.load();
    }
}
