package com.atlassian.confluence.web.filter.validateparam;

import com.atlassian.core.filters.AbstractHttpFilter;
import com.atlassian.spring.container.ContainerManager;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/web/filter/validateparam/RequestParamValidationFilter.class */
public class RequestParamValidationFilter extends AbstractHttpFilter {
    private static final Logger log = LoggerFactory.getLogger(RequestParamValidationFilter.class);
    private static final String ALREADY_FILTERED = RequestParamValidationFilter.class.getName() + "_already_filtered";
    private String whitelistStrategyBeanName;
    private RequestParamCleaningWhitelistStrategy whitelistStrategy;

    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.whitelistStrategyBeanName = filterConfig.getInitParameter("whitelistStrategy");
    }

    protected void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (httpServletRequest.getAttribute(ALREADY_FILTERED) != null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletRequest.setAttribute(ALREADY_FILTERED, Boolean.TRUE);
        try {
            validateParams(httpServletRequest.getServletPath(), httpServletRequest.getParameterMap());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (UnsupportedEncodingException e) {
            httpServletResponse.sendError(400, "Invalid parameter encoding");
        }
    }

    private void validateParams(String str, Map<String, String[]> map) throws UnsupportedEncodingException {
        if (map != null) {
            for (Map.Entry<String, String[]> entry : map.entrySet()) {
                validateParam(str, entry.getKey(), entry.getValue());
            }
        }
    }

    private void validateParam(String str, String str2, String[] strArr) throws UnsupportedEncodingException {
        RequestParamCleaningWhitelistStrategy whitelistStrategy = getWhitelistStrategy(str, str2);
        if ((whitelistStrategy == null || !whitelistStrategy.isWhiteListed(str, str2)) && strArr != null) {
            for (String str3 : strArr) {
                if (str3 != null && str3.contains("��")) {
                    log.warn("Potential attempt by user to send null data in parameter. [path={};paramName={}]", str, str2);
                    throw new InvalidParameterEncodingException(str2, str3);
                }
            }
        }
    }

    private RequestParamCleaningWhitelistStrategy getWhitelistStrategy(String str, String str2) {
        if (this.whitelistStrategyBeanName != null && this.whitelistStrategy == null) {
            if (ContainerManager.isContainerSetup()) {
                this.whitelistStrategy = (RequestParamCleaningWhitelistStrategy) ContainerManager.getComponent(this.whitelistStrategyBeanName);
            } else {
                log.debug("Spring container is not ready - no white listing being used. [path={};paramName={}]", str, str2);
            }
        }
        return this.whitelistStrategy;
    }
}
