package de.bos_bremen.gov2.server.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/bos_bremen/gov2/server/filter/ServiceFilter.class */
public class ServiceFilter implements Filter {
    private static final Log LOG = LogFactory.getLog(ServiceFilter.class);
    private boolean checkSwitchedOff = false;
    private HandlerParams handlerParams;

    /* loaded from: input_file:de/bos_bremen/gov2/server/filter/ServiceFilter$HandlerParams.class */
    static class HandlerParams {
        List<String> requireSignedElements = new ArrayList();
        List<String> searchSignatureIn = new ArrayList();
        boolean rejectSignedUnsigendQName = true;

        HandlerParams() {
        }
    }

    public void destroy() {
        LOG.debug("destroy()");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.checkSwitchedOff) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        XMLAttackFinder xMLAttackFinder = new XMLAttackFinder();
        Iterator<String> it = this.handlerParams.requireSignedElements.iterator();
        while (it.hasNext()) {
            xMLAttackFinder.addRequiredSignedElement(it.next());
        }
        if (this.handlerParams.searchSignatureIn.isEmpty()) {
            xMLAttackFinder.addXpathSearchedForSignature("/Envelope/Header[1]/Security[1]");
        } else {
            Iterator<String> it2 = this.handlerParams.searchSignatureIn.iterator();
            while (it2.hasNext()) {
                xMLAttackFinder.addXpathSearchedForSignature(it2.next());
            }
        }
        xMLAttackFinder.setRejectDuplicateQNames(this.handlerParams.rejectSignedUnsigendQName);
        LOG.debug("Filtering request with parameters: rejectSignedUnsigned=" + this.handlerParams.rejectSignedUnsigendQName + ", requireSigned=" + this.handlerParams.requireSignedElements + ", searchSignatureIn=" + this.handlerParams.searchSignatureIn);
        filterChain.doFilter(new RequestWrapper((HttpServletRequest) servletRequest, xMLAttackFinder), servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.handlerParams = new HandlerParams();
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            if (str.matches("requireSignedElement[0-9]*")) {
                this.handlerParams.requireSignedElements.add(filterConfig.getInitParameter(str));
            }
            if (str.matches("searchSignatureIn[0-9]*")) {
                this.handlerParams.searchSignatureIn.add(filterConfig.getInitParameter(str));
            }
        }
        String initParameter = filterConfig.getInitParameter("rejectSignedUnsignedQName");
        this.handlerParams.rejectSignedUnsigendQName = !"false".equalsIgnoreCase(initParameter);
        this.checkSwitchedOff = Boolean.getBoolean("governikus.xmlfilter.switchOff");
    }
}
