package com.ibm.ws.console.core.servlet;

import com.ibm.ws.console.core.WSCDefines;
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import org.apache.struts.upload.MultipartRequestWrapper;

/* loaded from: input_file:com/ibm/ws/console/core/servlet/CSRFUtils.class */
public class CSRFUtils {
    public static final String CONSOLE_CSRF_SYS_PROP = "adminconsole.csrf.check";
    public static final String CONSOLE_JAVASCRIPTTOSESSION_PROP = "adminconsole.csrfjsp.check";

    public static boolean verifyCSRFTokenInRequest(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null || httpServletRequest.getSession() == null) {
            return true;
        }
        String requestURI = httpServletRequest.getRequestURI();
        String property = System.getProperty(CONSOLE_JAVASCRIPTTOSESSION_PROP, "true");
        if (property == null || !(property.equalsIgnoreCase("true") || property.equalsIgnoreCase("on"))) {
            if (!requestURI.contains(".do") || (httpServletRequest instanceof MultipartRequestWrapper)) {
                return true;
            }
        } else if ((!requestURI.contains(".do") && !requestURI.contains("javascriptToSession.jsp")) || (httpServletRequest instanceof MultipartRequestWrapper)) {
            return true;
        }
        String property2 = System.getProperty(CONSOLE_CSRF_SYS_PROP, "true");
        if (property2 == null) {
            return true;
        }
        if (!property2.equalsIgnoreCase("true") && !property2.equalsIgnoreCase("on")) {
            return true;
        }
        String id = httpServletRequest.getSession().getId();
        String parameter = httpServletRequest.getParameter("csrfid");
        if (parameter == null || parameter.equals("")) {
            parameter = httpServletRequest.getHeader("csrfid");
        }
        if (parameter != null && (parameter.equals(httpServletRequest.getSession().getAttribute("com.ibm.ws.console.CSRFToken")) || parameter.equals(id))) {
            return true;
        }
        System.out.println(httpServletRequest.getQueryString());
        Thread.dumpStack();
        return false;
    }

    public static String addCSRFtoURLs(String str, String str2) {
        if (str == null) {
            return null;
        }
        return str.length() == 0 ? str : addCSRFtoURLs_helper(addCSRFtoURLs_helper(addCSRFtoURLs_helper(addCSRFtoURLs_helper(str, "<a", "href", ">", str2), "<A", "HREF", ">", str2), "<a", "HREF", ">", str2), "<A", "href", ">", str2);
    }

    private static String addCSRFtoURLs_helper(String str, String str2, String str3, String str4, String str5) {
        int i;
        StringBuffer stringBuffer = new StringBuffer(str);
        String str6 = "csrfid=" + str5 + WSCDefines.PARAM_SEPARATOR;
        String str7 = "?csrfid=" + str5;
        int length = str3.length();
        int i2 = -1;
        do {
            i2 = stringBuffer.indexOf(str2, i2 + 1);
            if (i2 != -1) {
                int indexOf = stringBuffer.indexOf(str4, i2);
                int indexOf2 = stringBuffer.indexOf(str3, i2);
                if (indexOf2 == -1) {
                    break;
                }
                if (indexOf2 <= indexOf && indexOf2 > -1) {
                    int indexOf3 = stringBuffer.indexOf("'", indexOf2 + length);
                    int indexOf4 = stringBuffer.indexOf("\"", indexOf2 + length);
                    boolean z = false;
                    if (indexOf3 <= -1 || indexOf4 <= -1) {
                        if (indexOf3 > -1) {
                            i = indexOf3;
                            z = true;
                        } else {
                            i = indexOf4;
                        }
                    } else if (indexOf3 < indexOf4) {
                        i = indexOf3;
                        z = true;
                    } else {
                        i = indexOf4;
                    }
                    if (i > -1 && indexOf > i && stringBuffer.substring(indexOf2 + length, i).trim().equals(WSCDefines.KEY_VAL_SEPARATOR)) {
                        int indexOf5 = z ? stringBuffer.indexOf("'", i + 1) : stringBuffer.indexOf("\"", i + 1);
                        if (indexOf5 > -1 && indexOf > indexOf5) {
                            String substring = stringBuffer.substring(i + 1, indexOf5);
                            if (!substring.contains("csrfid") && !substring.startsWith("javascript")) {
                                int indexOf6 = substring.indexOf(".do?");
                                if (indexOf6 > -1) {
                                    stringBuffer.insert(i + 1 + indexOf6 + 4, str6);
                                } else if (substring.endsWith(".do") && !substring.contains("?")) {
                                    stringBuffer.insert(indexOf5, str7);
                                }
                            }
                        }
                    }
                }
                if (i2 <= -1) {
                    break;
                }
            } else {
                break;
            }
        } while (0 < 1000);
        return stringBuffer.toString();
    }

    public static String addCSRFtoURL(String str, String str2) {
        if (str == null || str2 == null || str.startsWith("javascript")) {
            return str;
        }
        if (str.indexOf("csrfid=") > -1) {
            return str;
        }
        String replace = str.replace(".do?", ".do?csrfid=" + str2 + WSCDefines.PARAM_SEPARATOR);
        if (replace.endsWith(".do")) {
            replace = replace + "?csrfid=" + str2;
        }
        return replace;
    }

    public static void main(String[] strArr) {
        String str = "http://www.test.com/test.do?testvalue=1";
        try {
            str = readFileAsString("C:/output.txt");
        } catch (IOException e) {
            e.printStackTrace();
        }
        long currentTimeMillis = System.currentTimeMillis();
        System.out.println(addCSRFtoURL(str, "123456"));
        System.out.println("Total elapsed time in execution of is :" + (System.currentTimeMillis() - currentTimeMillis));
    }

    private static String readFileAsString(String str) throws IOException {
        StringBuffer stringBuffer = new StringBuffer(1000);
        BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
        char[] cArr = new char[1024];
        while (true) {
            int read = bufferedReader.read(cArr);
            if (read == -1) {
                bufferedReader.close();
                return stringBuffer.toString();
            }
            stringBuffer.append(String.valueOf(cArr, 0, read));
            cArr = new char[1024];
        }
    }
}
