package org.directwebremoting.dwrp;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.directwebremoting.extend.Call;
import org.directwebremoting.extend.Calls;
import org.directwebremoting.extend.InboundContext;
import org.directwebremoting.extend.ServerException;
import org.directwebremoting.util.LocalUtil;
import org.directwebremoting.util.Logger;
import org.directwebremoting.util.Messages;

/* loaded from: input_file:prorateWebEjb.war:WEB-INF/lib/dwr.jar:org/directwebremoting/dwrp/Batch.class */
public class Batch {
    private String scriptSessionId;
    private String httpSessionId;
    private String page;
    private Calls calls;
    protected static final Logger log;
    static Class class$org$directwebremoting$dwrp$Batch;
    private List inboundContexts = new ArrayList();
    private Map allParameters = new HashMap();
    private Map spareParameters = new HashMap();

    public Batch(HttpServletRequest httpServletRequest, boolean z, boolean z2, String str) throws ServerException {
        boolean equals = httpServletRequest.getMethod().equals("GET");
        if (equals) {
            setAllParameters(ParseUtil.parseGet(httpServletRequest));
        } else {
            setAllParameters(ParseUtil.parsePost(httpServletRequest));
        }
        parseParameters();
        if (!z2 && equals) {
            log.error("GET is disallowed because it makes request forgery easier. See http://getahead.org/dwr/security/allowGetForSafariButMakeForgeryEasier for more details.");
            throw new SecurityException("GET Disalowed");
        }
        if (z) {
            checkNotCsrfAttack(httpServletRequest, str);
        }
    }

    public Map getAllParameters() {
        return new HashMap(this.allParameters);
    }

    public void setAllParameters(Map map) {
        this.allParameters = map;
    }

    public List getInboundContexts() {
        return this.inboundContexts;
    }

    public void setInboundContexts(List list) {
        this.inboundContexts = list;
    }

    public Map getSpareParameters() {
        return this.spareParameters;
    }

    public void setSpareParameters(Map map) {
        this.spareParameters = map;
    }

    public String getPage() {
        return this.page;
    }

    public void setPage(String str) {
        this.page = str;
    }

    public String getScriptSessionId() {
        return this.scriptSessionId;
    }

    public void setScriptSessionId(String str) {
        this.scriptSessionId = str;
    }

    public String getHttpSessionId() {
        return this.httpSessionId;
    }

    public void setHttpSessionId(String str) {
        this.httpSessionId = str;
    }

    public Calls getCalls() {
        return this.calls;
    }

    public void setCalls(Calls calls) {
        this.calls = calls;
    }

    private void checkNotCsrfAttack(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest.isRequestedSessionIdValid() && httpServletRequest.isRequestedSessionIdFromCookie()) {
            String requestedSessionId = httpServletRequest.getRequestedSessionId();
            if (requestedSessionId.length() > 0) {
                String httpSessionId = getHttpSessionId();
                if (requestedSessionId.equals(httpSessionId)) {
                    return;
                }
                for (Cookie cookie : httpServletRequest.getCookies()) {
                    if (cookie.getName().equals(str) && cookie.getValue().equals(httpSessionId)) {
                        return;
                    }
                }
                log.error("A request has been denied as a potential CSRF attack.");
                throw new SecurityException("Session Error");
            }
        }
    }

    protected void parseParameters() throws ServerException {
        Map allParameters = getAllParameters();
        this.calls = new Calls();
        try {
            int parseInt = Integer.parseInt((String) allParameters.remove(ProtocolConstants.INBOUND_CALL_COUNT));
            for (int i = 0; i < parseInt; i++) {
                Call call = new Call();
                this.calls.addCall(call);
                InboundContext inboundContext = new InboundContext();
                this.inboundContexts.add(inboundContext);
                String stringBuffer = new StringBuffer().append("c").append(i).append("-").toString();
                String str = (String) allParameters.remove(new StringBuffer().append(stringBuffer).append(ProtocolConstants.INBOUND_KEY_ID).toString());
                call.setCallId(str);
                if (!LocalUtil.isLetterOrDigitOrUnderline(str)) {
                    throw new SecurityException("Call IDs may only contain Java Identifiers");
                }
                String str2 = (String) allParameters.remove(new StringBuffer().append(stringBuffer).append(ProtocolConstants.INBOUND_KEY_SCRIPTNAME).toString());
                call.setScriptName(str2);
                if (!LocalUtil.isLetterOrDigitOrUnderline(str2)) {
                    throw new SecurityException("Script names may only contain Java Identifiers");
                }
                String str3 = (String) allParameters.remove(new StringBuffer().append(stringBuffer).append(ProtocolConstants.INBOUND_KEY_METHODNAME).toString());
                call.setMethodName(str3);
                if (!LocalUtil.isLetterOrDigitOrUnderline(str3)) {
                    throw new SecurityException("Method names may only contain Java Identifiers");
                }
                Iterator it = allParameters.entrySet().iterator();
                while (it.hasNext()) {
                    Map.Entry entry = (Map.Entry) it.next();
                    String str4 = (String) entry.getKey();
                    if (str4.startsWith(stringBuffer)) {
                        String[] splitInbound = ParseUtil.splitInbound((String) entry.getValue());
                        inboundContext.createInboundVariable(i, str4, splitInbound[0], splitInbound[1]);
                        it.remove();
                    }
                }
            }
            String str5 = (String) allParameters.remove(ProtocolConstants.INBOUND_KEY_BATCHID);
            this.calls.setBatchId(str5);
            if (!LocalUtil.isLetterOrDigitOrUnderline(str5)) {
                throw new SecurityException("Batch IDs may only contain Java Identifiers");
            }
            this.httpSessionId = (String) allParameters.remove(ProtocolConstants.INBOUND_KEY_HTTP_SESSIONID);
            this.scriptSessionId = (String) allParameters.remove(ProtocolConstants.INBOUND_KEY_SCRIPT_SESSIONID);
            this.page = (String) allParameters.remove("page");
            for (Map.Entry entry2 : allParameters.entrySet()) {
                String str6 = (String) entry2.getKey();
                String str7 = (String) entry2.getValue();
                if (str6.startsWith(ProtocolConstants.INBOUND_KEY_METADATA)) {
                    this.spareParameters.put(str6.substring(ProtocolConstants.INBOUND_KEY_METADATA.length()), str7);
                }
            }
        } catch (NumberFormatException e) {
            throw new ServerException(Messages.getString("BaseCallMarshaller.BadCallCount"));
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$directwebremoting$dwrp$Batch == null) {
            cls = class$("org.directwebremoting.dwrp.Batch");
            class$org$directwebremoting$dwrp$Batch = cls;
        } else {
            cls = class$org$directwebremoting$dwrp$Batch;
        }
        log = Logger.getLogger(cls);
    }
}
