package com.atlassian.xwork.interceptors;

import com.atlassian.xwork.ParameterSafe;
import com.atlassian.xwork.XWorkVersionSupport;
import com.opensymphony.xwork.Action;
import com.opensymphony.xwork.ActionContext;
import com.opensymphony.xwork.ActionInvocation;
import com.opensymphony.xwork.interceptor.AroundInterceptor;
import com.opensymphony.xwork.interceptor.NoParameters;
import com.opensymphony.xwork.util.InstantiatingNullHandler;
import com.opensymphony.xwork.util.OgnlValueStack;
import com.opensymphony.xwork.util.XWorkConverter;
import com.opensymphony.xwork.util.XWorkMethodAccessor;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;
import org.springframework.beans.PropertyAccessor;

/* loaded from: input_file:META-INF/lib/atlassian-xwork-core-1.7.jar:com/atlassian/xwork/interceptors/SafeParametersInterceptor.class */
public abstract class SafeParametersInterceptor extends AroundInterceptor {
    public static final Logger log = Logger.getLogger(SafeParametersInterceptor.class);
    private static final Pattern SAFE_PARAMETER_NAME_PATTERN = Pattern.compile("[a-zA-Z0-9\\.\\]\\[_']+");
    private static final Pattern MAP_PARAMETER_PATTERN = Pattern.compile(".*\\['[a-zA-Z0-9_]+'\\]");
    private final XWorkVersionSupport versionSupport;

    /* JADX INFO: Access modifiers changed from: protected */
    public SafeParametersInterceptor(XWorkVersionSupport xWorkVersionSupport) {
        this.versionSupport = xWorkVersionSupport;
    }

    @Override // com.opensymphony.xwork.interceptor.AroundInterceptor
    protected void after(ActionInvocation actionInvocation, String str) throws Exception {
    }

    protected boolean shouldNotIntercept(ActionInvocation actionInvocation) {
        return this.versionSupport.extractAction(actionInvocation) instanceof NoParameters;
    }

    @Override // com.opensymphony.xwork.interceptor.AroundInterceptor
    protected void before(ActionInvocation actionInvocation) throws Exception {
        if (shouldNotIntercept(actionInvocation)) {
            return;
        }
        Map<String, Object> filterSafeParameters = filterSafeParameters(ActionContext.getContext().getParameters(), this.versionSupport.extractAction(actionInvocation));
        if (log.isDebugEnabled()) {
            log.debug("Setting params " + filterSafeParameters);
        }
        ActionContext invocationContext = actionInvocation.getInvocationContext();
        try {
            invocationContext.put(InstantiatingNullHandler.CREATE_NULL_OBJECTS, Boolean.TRUE);
            invocationContext.put(XWorkMethodAccessor.DENY_METHOD_EXECUTION, Boolean.TRUE);
            invocationContext.put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
            if (filterSafeParameters != null) {
                OgnlValueStack valueStack = ActionContext.getContext().getValueStack();
                for (Map.Entry<String, Object> entry : filterSafeParameters.entrySet()) {
                    valueStack.setValue(entry.getKey(), entry.getValue());
                }
            }
        } finally {
            invocationContext.put(InstantiatingNullHandler.CREATE_NULL_OBJECTS, Boolean.FALSE);
            invocationContext.put(XWorkMethodAccessor.DENY_METHOD_EXECUTION, Boolean.FALSE);
            invocationContext.put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.FALSE);
        }
    }

    private Map<String, Object> filterSafeParameters(Map<String, String> map, Action action) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (isSafeParameterName(entry.getKey(), action)) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        return hashMap;
    }

    static boolean isSafeParameterName(String str, Action action) {
        if (!SAFE_PARAMETER_NAME_PATTERN.matcher(str).matches()) {
            return false;
        }
        if (str.contains(".") || MAP_PARAMETER_PATTERN.matcher(str).matches()) {
            return isSafeComplexParameterName(str, action);
        }
        return true;
    }

    private static boolean isSafeComplexParameterName(String str, Action action) {
        try {
            String extractInitialParameterName = extractInitialParameterName(str);
            for (PropertyDescriptor propertyDescriptor : Introspector.getBeanInfo(action.getClass()).getPropertyDescriptors()) {
                if (propertyDescriptor.getName().equals(extractInitialParameterName)) {
                    if (isSafeMethod(propertyDescriptor.getReadMethod())) {
                        return true;
                    }
                    log.info("Attempt to call unsafe property setter " + str + " on " + action);
                    return false;
                }
            }
            return false;
        } catch (IntrospectionException e) {
            log.warn("Error introspecting action parameter " + str + " for action " + action + ": " + e.getMessage(), e);
            return false;
        }
    }

    private static String extractInitialParameterName(String str) {
        return (!str.contains(PropertyAccessor.PROPERTY_KEY_PREFIX) || (str.indexOf(".") > 0 && str.indexOf(PropertyAccessor.PROPERTY_KEY_PREFIX) > str.indexOf("."))) ? str.substring(0, str.indexOf(".")) : str.substring(0, str.indexOf(PropertyAccessor.PROPERTY_KEY_PREFIX));
    }

    private static boolean isSafeMethod(Method method) {
        return (method.getAnnotation(ParameterSafe.class) == null && method.getReturnType().getAnnotation(ParameterSafe.class) == null) ? false : true;
    }
}
