package com.lombardisoftware.servlet.xss;

import com.lombardisoftware.core.StringEscapeUtilities;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:lib/svrcoreclnt.jar:com/lombardisoftware/servlet/xss/CrossSiteScriptingRequestWrapper.class */
public class CrossSiteScriptingRequestWrapper extends HttpServletRequestWrapper {
    public static final String COPYRIGHT = "\n\n(C) Copyright IBM Corporation 2007, 2012.\n\n";
    private Set<String> exclusions;

    public CrossSiteScriptingRequestWrapper(HttpServletRequest httpServletRequest, String[] strArr) {
        super(httpServletRequest);
        this.exclusions = new HashSet();
        this.exclusions.addAll(Arrays.asList(strArr));
    }

    private String processParam(String str, String str2) {
        return (this.exclusions.contains(str) || (str != null && str.startsWith("tw#local#"))) ? str2 : processContent(processCRLF(str2));
    }

    private String processCRLF(String str) {
        if (str == null) {
            return null;
        }
        boolean z = false;
        int length = str.length();
        for (int i = 0; i < length && !z; i++) {
            switch (str.charAt(i)) {
                case '\n':
                case '\r':
                    z = true;
                    break;
            }
        }
        if (!z) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str.length());
        for (int i2 = 0; i2 < length; i2++) {
            char charAt = str.charAt(i2);
            switch (charAt) {
                case '\n':
                case '\r':
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private String processContent(String str) {
        if (str == null) {
            return null;
        }
        return StringEscapeUtilities.xssEscapeString(str);
    }

    public String getParameter(String str) {
        return processParam(str, super.getParameter(str));
    }

    public Map getParameterMap() {
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = null;
        if (parameterMap != null) {
            hashMap = new HashMap(parameterMap.size());
            for (String str : parameterMap.keySet()) {
                String[] parameterValues = getParameterValues(str);
                if (parameterValues != null) {
                    hashMap.put(str, parameterValues);
                }
            }
        }
        return hashMap;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues != null) {
            String[] strArr = new String[parameterValues.length];
            for (int i = 0; i < parameterValues.length; i++) {
                strArr[i] = processParam(str, parameterValues[i]);
            }
            parameterValues = strArr;
        }
        return parameterValues;
    }
}
