package jp.terasoluna.fw.web.thin.patch;

import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:jp/terasoluna/fw/web/thin/patch/ExtensionFilter.class */
public class ExtensionFilter implements Filter {
    public static final String EXTENSION_THRU_KEY = "EXTENSION_THRU_KEY";
    public static final String RESTRICTION_ESCAPE_KEY = "restrictionEscape";
    private static Log log;
    private static final String PROHIBITED_EXTENSION_KEY = "access.control.prohibited.extension";
    private List prohibitedExtensionList = new ArrayList();
    private List restrictionEscapePaths = new ArrayList();
    static Class class$jp$terasoluna$fw$web$thin$patch$ExtensionFilter;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(PROHIBITED_EXTENSION_KEY);
        if (initParameter == null || initParameter.trim().length() == 0) {
            log.warn("Init parameter[access.control.prohibited.extension] isn't set or is empty.");
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(initParameter, "\r\n");
        while (stringTokenizer.hasMoreTokens()) {
            String trim = stringTokenizer.nextToken().trim();
            if (trim.length() != 0) {
                if (!trim.startsWith(".")) {
                    trim = new StringBuffer().append(".").append(trim).toString();
                }
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("prohibitedExtension:").append(trim).toString());
                }
                this.prohibitedExtensionList.add(trim);
            }
        }
        String initParameter2 = filterConfig.getInitParameter(RESTRICTION_ESCAPE_KEY);
        if (initParameter2 == null || initParameter2.trim().length() == 0) {
            if (log.isDebugEnabled()) {
                log.debug("Init parameter[restrictionEscape] isn't set or is empty.");
                return;
            }
            return;
        }
        StringTokenizer stringTokenizer2 = new StringTokenizer(initParameter2, "\r\n");
        while (stringTokenizer2.hasMoreTokens()) {
            String trim2 = stringTokenizer2.nextToken().trim();
            if (trim2.length() != 0) {
                if (log.isDebugEnabled()) {
                    log.debug(new StringBuffer().append("extensionCheckEscapePath:[").append(trim2).append("]").toString());
                }
                this.restrictionEscapePaths.add(trim2);
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest.getAttribute(EXTENSION_THRU_KEY) == null) {
            servletRequest.setAttribute(EXTENSION_THRU_KEY, "true");
            for (String str : resolveAccessControlPath(servletRequest)) {
                if (!this.restrictionEscapePaths.contains(str)) {
                    if (this.prohibitedExtensionList.contains(getExtension(str))) {
                        if (log.isDebugEnabled()) {
                            log.debug(new StringBuffer().append("requestURI[").append(str).append("] has prohibited extension").toString());
                        }
                        ((HttpServletResponse) servletResponse).sendError(404);
                        return;
                    }
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    protected String getExtension(String str) {
        if (str == null) {
            return null;
        }
        int lastIndexOf = str.lastIndexOf(46);
        return lastIndexOf < 0 ? "" : str.substring(lastIndexOf);
    }

    protected Set resolveAccessControlPath(ServletRequest servletRequest) {
        HashSet hashSet = new HashSet();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String servletPath = httpServletRequest.getServletPath();
        hashSet.add(servletPath);
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo != null) {
            hashSet.add(new StringBuffer().append(servletPath).append(pathInfo).toString());
        }
        return hashSet;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$jp$terasoluna$fw$web$thin$patch$ExtensionFilter == null) {
            cls = class$("jp.terasoluna.fw.web.thin.patch.ExtensionFilter");
            class$jp$terasoluna$fw$web$thin$patch$ExtensionFilter = cls;
        } else {
            cls = class$jp$terasoluna$fw$web$thin$patch$ExtensionFilter;
        }
        log = LogFactory.getLog(cls);
    }
}
