package org.owasp.esapi.waf.internal;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
import org.owasp.esapi.waf.rules.AddSecureFlagRule;
import org.owasp.esapi.waf.rules.Rule;
import org.springframework.http.HttpHeaders;

/* loaded from: input_file:lib/esapi-2.0.1.jar:org/owasp/esapi/waf/internal/InterceptingHTTPServletResponse.class */
public class InterceptingHTTPServletResponse extends HttpServletResponseWrapper {
    private InterceptingPrintWriter ipw;
    private InterceptingServletOutputStream isos;
    private String contentType;
    private List<AddSecureFlagRule> addSecureFlagRules;
    private List<AddHTTPOnlyFlagRule> addHTTPOnlyFlagRules;
    private boolean alreadyCalledWriter;
    private boolean alreadyCalledOutputStream;

    public InterceptingHTTPServletResponse(HttpServletResponse httpServletResponse, boolean z, List<Rule> list) throws IOException {
        super(httpServletResponse);
        this.addSecureFlagRules = null;
        this.addHTTPOnlyFlagRules = null;
        this.alreadyCalledWriter = false;
        this.alreadyCalledOutputStream = false;
        this.contentType = httpServletResponse.getContentType();
        this.isos = new InterceptingServletOutputStream(httpServletResponse.getOutputStream(), z);
        this.ipw = new InterceptingPrintWriter(new PrintWriter(this.isos));
        this.addSecureFlagRules = new ArrayList();
        this.addHTTPOnlyFlagRules = new ArrayList();
        for (int i = 0; i < list.size(); i++) {
            Rule rule = list.get(i);
            if (rule instanceof AddSecureFlagRule) {
                this.addSecureFlagRules.add((AddSecureFlagRule) rule);
            } else if (rule instanceof AddHTTPOnlyFlagRule) {
                this.addHTTPOnlyFlagRules.add((AddHTTPOnlyFlagRule) rule);
            }
        }
    }

    public boolean isUsingWriter() {
        return this.alreadyCalledWriter;
    }

    public InterceptingServletOutputStream getInterceptingServletOutputStream() {
        return this.isos;
    }

    @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
    public ServletOutputStream getOutputStream() throws IllegalStateException, IOException {
        if (this.alreadyCalledWriter) {
            throw new IllegalStateException();
        }
        this.alreadyCalledOutputStream = true;
        return this.isos;
    }

    @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
    public PrintWriter getWriter() throws IOException {
        if (this.alreadyCalledOutputStream) {
            throw new IllegalStateException();
        }
        this.alreadyCalledWriter = true;
        return this.ipw;
    }

    public String getContentType() {
        return this.contentType;
    }

    @Override // javax.servlet.ServletResponseWrapper, javax.servlet.ServletResponse
    public void setContentType(String str) {
        this.contentType = str;
    }

    public void flush() {
        this.ipw.flush();
    }

    public void commit() throws IOException {
        if (this.alreadyCalledWriter) {
            this.ipw.flush();
        }
        this.isos.commit();
    }

    @Override // javax.servlet.http.HttpServletResponseWrapper, javax.servlet.http.HttpServletResponse
    public void addCookie(Cookie cookie) {
        addCookie(cookie, cookie.getMaxAge() <= 0);
    }

    public void addCookie(Cookie cookie, boolean z) {
        boolean secure = cookie.getSecure();
        boolean z2 = false;
        if (!cookie.getSecure() && this.addSecureFlagRules != null) {
            for (int i = 0; i < this.addSecureFlagRules.size(); i++) {
                if (this.addSecureFlagRules.get(i).doesCookieMatch(cookie.getName())) {
                    secure = true;
                }
            }
        }
        if (this.addHTTPOnlyFlagRules != null) {
            for (int i2 = 0; i2 < this.addHTTPOnlyFlagRules.size(); i2++) {
                if (this.addHTTPOnlyFlagRules.get(i2).doesCookieMatch(cookie.getName())) {
                    z2 = true;
                }
            }
        }
        addHeader(HttpHeaders.SET_COOKIE, createCookieHeader(cookie.getName(), cookie.getValue(), cookie.getMaxAge(), cookie.getDomain(), cookie.getPath(), secure, z2, z));
    }

    private String createCookieHeader(String str, String str2, int i, String str3, String str4, boolean z, boolean z2, boolean z3) {
        String str5 = str + "=" + str2;
        if (!z3) {
            str5 = str5 + "; Max-Age=" + i;
        }
        if (str3 != null) {
            str5 = str5 + "; Domain=" + str3;
        }
        if (str4 != null) {
            str5 = str5 + "; Path=" + str4;
        }
        if (z) {
            str5 = str5 + "; Secure";
        }
        if (z2) {
            str5 = str5 + "; HttpOnly";
        }
        return str5;
    }
}
