package org.sakaiproject.util;

import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.lang3.math.NumberUtils;
import org.sakaiproject.cluster.api.ClusterNode;
import org.sakaiproject.cluster.api.ClusterService;
import org.sakaiproject.component.api.ServerConfigurationService;
import org.sakaiproject.component.cover.ComponentManager;
import org.sakaiproject.content.api.ResourceToolAction;
import org.sakaiproject.entity.api.Entity;
import org.sakaiproject.event.api.EventTrackingService;
import org.sakaiproject.event.api.UsageSession;
import org.sakaiproject.event.api.UsageSessionService;
import org.sakaiproject.site.api.SiteService;
import org.sakaiproject.thread_local.api.ThreadLocalManager;
import org.sakaiproject.tool.api.ClosingException;
import org.sakaiproject.tool.api.RebuildBreakdownService;
import org.sakaiproject.tool.api.Session;
import org.sakaiproject.tool.api.SessionManager;
import org.sakaiproject.tool.api.Tool;
import org.sakaiproject.tool.api.ToolSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/sakaiproject/util/RequestFilter.class */
public class RequestFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(RequestFilter.class);
    public static final String ATTR_SESSION = "sakai.session";
    public static final String ATTR_SET_COOKIE = "sakai.set.cookie";
    public static final String ATTR_FILTERED = "sakai.filtered";
    public static final String ATTR_UPLOADS_DONE = "sakai.uploads.done";
    public static final String ATTR_CHARACTER_ENCODING_DONE = "sakai.character.encoding.done";
    public static final String ATTR_REDIRECT = "sakai.redirect";
    public static final String PARAM_AUTO = "auto";
    public static final String CONFIG_SESSION = "http.session";
    public static final String CONFIG_SESSION_AUTH = "sakai.session.auth";
    public static final String CONFIG_REMOTE_USER = "remote.user";
    public static final String CONFIG_TOOL_PLACEMENT = "tool.placement";
    public static final String CONFIG_CHARACTER_ENCODING_ENABLED = "encoding.enabled";
    public static final String CONFIG_CHARACTER_ENCODING = "encoding";
    public static final String CONFIG_UPLOAD_ENABLED = "upload.enabled";
    public static final String CONFIG_UPLOAD_MAX = "upload.max";
    public static final String SYSTEM_UPLOAD_MAX = "sakai.content.upload.max";
    public static final String SYSTEM_UPLOAD_CEILING = "sakai.content.upload.ceiling";
    public static final String CONFIG_UPLOAD_THRESHOLD = "upload.threshold";
    public static final String CONFIG_UPLOAD_DIR = "upload.dir";
    public static final String SYSTEM_UPLOAD_DIR = "sakai.content.upload.dir";
    public static final String CONFIG_CONTEXT = "context";
    public static final String CURRENT_HTTP_REQUEST = "org.sakaiproject.util.RequestFilter.http_request";
    public static final String CURRENT_HTTP_RESPONSE = "org.sakaiproject.util.RequestFilter.http_response";
    public static final String CURRENT_SERVLET_CONTEXT = "org.sakaiproject.util.RequestFilter.servlet_context";
    protected static final String CONFIG_CONTINUE = "upload.continueOverMax";
    protected static final String CONFIG_MAX_PER_FILE = "upload.maxPerFile";
    protected static final int CONTAINER_SESSION = 0;
    protected static final int SAKAI_SESSION = 1;
    protected static final int CONTEXT_SESSION = 2;
    protected static final int TOOL_SESSION = 3;
    protected static final String CURRENT_REMOTE_USER = "org.sakaiproject.util.RequestFilter.remote_user";
    protected static final String CURRENT_HTTP_SESSION = "org.sakaiproject.util.RequestFilter.http_session";
    protected static final String CURRENT_CONTEXT = "org.sakaiproject.util.RequestFilter.context";
    protected static final String DOT = ".";
    protected static final String SAKAI_SERVERID = "sakai.serverId";
    protected static final String SAKAI_COOKIE_NAME = "sakai.cookieName";
    protected static final String SAKAI_COOKIE_DOMAIN = "sakai.cookieDomain";
    protected static final String SAKAI_COOKIE_HTTP_ONLY = "sakai.cookieHttpOnly";
    protected static final String SAKAI_COOKIE_SAME_SITE = "sakai.cookieSameSite";
    protected static final String SAKAI_UA_COMPATIBLE = "sakai.X-UA-Compatible";
    protected static final String SAKAI_SESSION_PARAM_ALLOW = "session.parameter.allow";
    protected static final String SAKAI_SESSION_PARAM_ALLOW_BYPASS = "session.parameter.allow.bypass";
    protected static final String SAKAI_SESSION_PARAM_ALLOW_BYPASS_DEFAULT = "sakai\\.basiclti\\.admin\\.helper\\.helper";
    protected static final String SAKAI_BLTI_PROVIDER_TOOLS = "basiclti.provider.allowedtools";
    protected static final String SAKAI_CLUSTER_REDIRECT_RANDOM = "cluster.redirect.random.node";
    private String chsDomain;
    private String appUrl;
    private String chsUrl;
    private boolean useContentHostingDomain;
    private String[] contentPaths;
    private String[] loginPaths;
    private String[] contentExceptions;
    protected int m_sakaiHttpSession = 3;
    protected boolean m_sakaiRemoteUser = true;
    protected boolean m_toolPlacement = true;
    protected String m_contextId = null;
    protected String m_characterEncoding = "UTF-8";
    protected boolean m_characterEncodingEnabled = true;
    protected boolean m_uploadEnabled = true;
    protected boolean m_checkPrincipal = false;
    protected long m_uploadMaxSize = 1048576;
    protected long m_uploadCeiling = 1048576;
    protected int m_uploadThreshold = 1024;
    protected String m_uploadTempDir = null;
    protected boolean m_displayModJkWarning = true;
    protected boolean m_redirectRandomNode = true;
    protected boolean m_uploadContinue = false;
    protected boolean m_uploadMaxPerFile = false;
    protected ServletContext m_servletContext = null;
    protected boolean TERRACOTTA_CLUSTER = false;
    protected boolean m_sessionParamAllow = false;
    protected Pattern m_sessionParamRegex = null;
    protected String cookieName = "JSESSIONID";
    protected String cookieDomain = null;
    protected boolean m_cookieHttpOnly = true;
    protected String m_cookieSameSite = "lax";
    protected String m_UACompatible = null;
    protected boolean isLTIProviderAllowed = false;
    private ThreadLocalManager threadLocalManager = (ThreadLocalManager) ComponentManager.get(ThreadLocalManager.class);
    private SessionManager sessionManager = (SessionManager) ComponentManager.get(SessionManager.class);
    private ServerConfigurationService serverConfigurationService = (ServerConfigurationService) ComponentManager.get(ServerConfigurationService.class);
    private RebuildBreakdownService rebuildBreakdownService = (RebuildBreakdownService) ComponentManager.get(RebuildBreakdownService.class);

    /* loaded from: input_file:org/sakaiproject/util/RequestFilter$WrappedRequest.class */
    public class WrappedRequest extends HttpServletRequestWrapper {
        protected Session m_session;
        protected String m_contextId;

        public WrappedRequest(Session session, String str, HttpServletRequest httpServletRequest) {
            super(httpServletRequest);
            this.m_session = null;
            this.m_contextId = null;
            this.m_session = session;
            this.m_contextId = str;
            if (RequestFilter.this.m_toolPlacement) {
                extractPlacementFromParams();
            }
        }

        public String getRemoteUser() {
            return (!((Boolean) RequestFilter.this.threadLocalManager.get(RequestFilter.CURRENT_REMOTE_USER)).booleanValue() || this.m_session == null || this.m_session.getUserEid() == null) ? super.getRemoteUser() : this.m_session.getUserEid();
        }

        public HttpSession getSession() {
            return getSession(true);
        }

        public HttpSession getSession(boolean z) {
            HttpSession httpSession = null;
            int intValue = ((Integer) RequestFilter.this.threadLocalManager.get(RequestFilter.CURRENT_HTTP_SESSION)).intValue();
            String str = (String) RequestFilter.this.threadLocalManager.get(RequestFilter.CURRENT_CONTEXT);
            switch (intValue) {
                case 0:
                    httpSession = super.getSession(z);
                    break;
                case 1:
                    httpSession = (HttpSession) this.m_session;
                    break;
                case 2:
                    httpSession = (HttpSession) this.m_session.getContextSession(str);
                    break;
                case 3:
                    httpSession = (HttpSession) RequestFilter.this.sessionManager.getCurrentToolSession();
                    if (httpSession == null) {
                        httpSession = (HttpSession) this.m_session.getContextSession(str);
                        break;
                    }
                    break;
            }
            return httpSession;
        }

        protected void extractPlacementFromParams() {
            String parameter = getParameter(Tool.PLACEMENT_ID);
            if (parameter != null) {
                setAttribute(Tool.PLACEMENT_ID, parameter);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/sakaiproject/util/RequestFilter$WrappedRequestFileUpload.class */
    public static class WrappedRequestFileUpload extends HttpServletRequestWrapper {
        private Map map;

        public WrappedRequestFileUpload(HttpServletRequest httpServletRequest, Map map) {
            super(httpServletRequest);
            this.map = map;
        }

        public Map getParameterMap() {
            return this.map;
        }

        public String[] getParameterValues(String str) {
            return (String[]) getParameterMap().get(str);
        }

        public String getParameter(String str) {
            String[] parameterValues = getParameterValues(str);
            if (parameterValues == null) {
                return null;
            }
            return parameterValues[0];
        }

        public Enumeration getParameterNames() {
            return Collections.enumeration(getParameterMap().keySet());
        }
    }

    /* loaded from: input_file:org/sakaiproject/util/RequestFilter$WrappedResponse.class */
    public class WrappedResponse extends HttpServletResponseWrapper {
        protected HttpServletRequest m_req;
        protected HttpServletResponse m_res;

        public WrappedResponse(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            super(httpServletResponse);
            this.m_req = null;
            this.m_res = null;
            this.m_req = httpServletRequest;
            this.m_res = httpServletResponse;
        }

        public String encodeRedirectUrl(String str) {
            return rewriteURL(str);
        }

        public String encodeRedirectURL(String str) {
            return rewriteURL(str);
        }

        public String encodeUrl(String str) {
            return rewriteURL(str);
        }

        public String encodeURL(String str) {
            return rewriteURL(str);
        }

        public void sendRedirect(String str) throws IOException {
            String rewriteURL = rewriteURL(str);
            this.m_req.setAttribute(RequestFilter.ATTR_REDIRECT, rewriteURL);
            super.sendRedirect(rewriteURL);
        }

        protected String rewriteURL(String str) {
            String str2;
            if (RequestFilter.this.m_toolPlacement && (str2 = (String) this.m_req.getAttribute(Tool.PLACEMENT_ID)) != null) {
                StringBuilder sb = new StringBuilder();
                sb.append(this.m_req.getScheme());
                sb.append("://");
                sb.append(this.m_req.getServerName());
                if ((this.m_req.getServerPort() != 80 && !this.m_req.isSecure()) || (this.m_req.getServerPort() != 443 && this.m_req.isSecure())) {
                    sb.append(ResourceToolAction.ACTION_DELIMITER);
                    sb.append(this.m_req.getServerPort());
                }
                StringBuilder sb2 = new StringBuilder();
                sb2.append(this.m_req.getContextPath());
                sb.append(sb2.toString());
                if (str.startsWith(sb.toString()) || str.startsWith(sb2.toString())) {
                    StringBuilder sb3 = new StringBuilder(str);
                    if (str.indexOf(63) != -1) {
                        sb3.append('&');
                    } else {
                        sb3.append('?');
                    }
                    sb3.append(Tool.PLACEMENT_ID);
                    sb3.append("=");
                    sb3.append(str2);
                    str = sb3.toString();
                }
            }
            if (this.m_res != null) {
                str = this.m_res.encodeURL(str);
            }
            return str;
        }
    }

    public static String serverUrl(HttpServletRequest httpServletRequest) {
        String scheme;
        int serverPort;
        boolean isSecure;
        int i = NumberUtils.toInt(System.getProperty("sakai.force.url.secure"));
        if (i <= 0 || i > 65535) {
            scheme = httpServletRequest.getScheme();
            serverPort = httpServletRequest.getServerPort();
            isSecure = httpServletRequest.isSecure();
        } else {
            scheme = "https";
            serverPort = i;
            isSecure = true;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(scheme);
        sb.append("://");
        sb.append(httpServletRequest.getServerName());
        if ((serverPort != 80 && !isSecure) || (serverPort != 443 && isSecure)) {
            sb.append(ResourceToolAction.ACTION_DELIMITER);
            sb.append(serverPort);
        }
        return sb.toString();
    }

    public void destroy() {
    }

    private boolean startsWithAny(String str, String[] strArr) {
        for (String str2 : strArr) {
            if (str.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    /* JADX WARN: Finally extract failed */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        long currentTimeMillis = System.currentTimeMillis();
        Boolean bool = (Boolean) this.threadLocalManager.get(CURRENT_REMOTE_USER);
        Integer num = (Integer) this.threadLocalManager.get(CURRENT_HTTP_SESSION);
        String str = (String) this.threadLocalManager.get(CURRENT_CONTEXT);
        ServletRequest servletRequest2 = (ServletRequest) this.threadLocalManager.get("org.sakaiproject.util.RequestFilter.http_request");
        ServletResponse servletResponse2 = (ServletResponse) this.threadLocalManager.get(CURRENT_HTTP_RESPONSE);
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        try {
            this.threadLocalManager.set(CURRENT_REMOTE_USER, Boolean.valueOf(this.m_sakaiRemoteUser));
            this.threadLocalManager.set(CURRENT_HTTP_SESSION, Integer.valueOf(this.m_sakaiHttpSession));
            this.threadLocalManager.set(CURRENT_CONTEXT, this.m_contextId);
            this.threadLocalManager.set(CURRENT_SERVLET_CONTEXT, this.m_servletContext);
            if (!(servletRequest instanceof HttpServletRequest) || !(servletResponse instanceof HttpServletResponse)) {
                filterChain.doFilter(servletRequest, servletResponse);
                if (0 == 0) {
                    this.threadLocalManager.set(CURRENT_REMOTE_USER, bool);
                    this.threadLocalManager.set(CURRENT_HTTP_SESSION, num);
                    this.threadLocalManager.set(CURRENT_CONTEXT, str);
                    this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", servletRequest2);
                    this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, servletResponse2);
                }
                deleteTempFiles(arrayList);
                if (!log.isDebugEnabled() || 0 == 0) {
                    return;
                }
                log.debug("request timing (ms): " + (System.currentTimeMillis() - currentTimeMillis) + " for " + ((Object) null));
                return;
            }
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (this.useContentHostingDomain) {
                String requestURI = httpServletRequest.getRequestURI();
                if (httpServletRequest.getQueryString() != null) {
                    requestURI = requestURI + EventTrackingService.UNKNOWN_USER + httpServletRequest.getQueryString();
                }
                if (startsWithAny(requestURI, this.contentPaths) && "GET".equalsIgnoreCase(httpServletRequest.getMethod())) {
                    if (!httpServletRequest.getServerName().equals(this.chsDomain) && !startsWithAny(requestURI, this.contentExceptions)) {
                        httpServletResponse.sendRedirect(this.chsUrl + requestURI);
                        if (0 == 0) {
                            this.threadLocalManager.set(CURRENT_REMOTE_USER, bool);
                            this.threadLocalManager.set(CURRENT_HTTP_SESSION, num);
                            this.threadLocalManager.set(CURRENT_CONTEXT, str);
                            this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", servletRequest2);
                            this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, servletResponse2);
                        }
                        deleteTempFiles(arrayList);
                        if (!log.isDebugEnabled() || 0 == 0) {
                            return;
                        }
                        log.debug("request timing (ms): " + (System.currentTimeMillis() - currentTimeMillis) + " for " + ((Object) null));
                        return;
                    }
                } else if (httpServletRequest.getServerName().equals(this.chsDomain) && ((!startsWithAny(requestURI, this.contentPaths) || "GET".equalsIgnoreCase(httpServletRequest.getMethod())) && !startsWithAny(requestURI, this.loginPaths))) {
                    httpServletResponse.sendRedirect(this.appUrl + requestURI);
                    if (0 == 0) {
                        this.threadLocalManager.set(CURRENT_REMOTE_USER, bool);
                        this.threadLocalManager.set(CURRENT_HTTP_SESSION, num);
                        this.threadLocalManager.set(CURRENT_CONTEXT, str);
                        this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", servletRequest2);
                        this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, servletResponse2);
                    }
                    deleteTempFiles(arrayList);
                    if (!log.isDebugEnabled() || 0 == 0) {
                        return;
                    }
                    log.debug("request timing (ms): " + (System.currentTimeMillis() - currentTimeMillis) + " for " + ((Object) null));
                    return;
                }
            }
            handleCharacterEncoding(httpServletRequest, httpServletResponse);
            HttpServletRequest handleFileUpload = handleFileUpload(httpServletRequest, httpServletResponse, arrayList);
            if (handleFileUpload.getAttribute(ATTR_FILTERED) != null) {
                this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", handleFileUpload);
                this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, httpServletResponse);
                filterChain.doFilter(handleFileUpload, httpServletResponse);
            } else {
                log.debug("http-request: {} {}?{}", new Object[]{handleFileUpload.getMethod(), handleFileUpload.getRequestURL(), handleFileUpload.getQueryString()});
                try {
                    try {
                        handleFileUpload.setAttribute(ATTR_FILTERED, ATTR_FILTERED);
                        this.threadLocalManager.set("sakai:request.server.url", serverUrl(handleFileUpload));
                        Session assureSession = assureSession(handleFileUpload, httpServletResponse);
                        HttpServletRequest preProcessRequest = preProcessRequest(assureSession, handleFileUpload);
                        detectToolPlacement(assureSession, preProcessRequest);
                        HttpServletResponse preProcessResponse = preProcessResponse(assureSession, preProcessRequest, httpServletResponse);
                        this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", preProcessRequest);
                        this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, preProcessResponse);
                        if (this.m_contextId != null && this.m_contextId.length() > 0) {
                            this.threadLocalManager.set("sakai:request.portal.path", Entity.SEPARATOR + this.m_contextId);
                        }
                        if (this.TERRACOTTA_CLUSTER) {
                            synchronized (assureSession) {
                                filterChain.doFilter(preProcessRequest, preProcessResponse);
                                postProcessResponse(assureSession, preProcessRequest, preProcessResponse);
                            }
                        } else {
                            filterChain.doFilter(preProcessRequest, preProcessResponse);
                            postProcessResponse(assureSession, preProcessRequest, preProcessResponse);
                        }
                        if (assureSession != null && preProcessRequest.getAttribute(ATTR_SET_COOKIE) != null) {
                            String cookieSuffix = getCookieSuffix();
                            Cookie findCookie = findCookie(preProcessRequest, this.cookieName, cookieSuffix);
                            String str2 = assureSession.getId() + DOT + cookieSuffix;
                            if (findCookie == null || !findCookie.getValue().equals(str2)) {
                                Cookie cookie = new Cookie(this.cookieName, str2);
                                cookie.setPath(Entity.SEPARATOR);
                                cookie.setMaxAge(-1);
                                if (this.cookieDomain != null) {
                                    cookie.setDomain(this.cookieDomain);
                                }
                                if (preProcessRequest.isSecure()) {
                                    cookie.setSecure(true);
                                }
                                addCookie(preProcessResponse, cookie);
                            }
                        }
                        this.threadLocalManager.clear();
                        z = true;
                    } catch (Throwable th) {
                        this.threadLocalManager.clear();
                        throw th;
                    }
                } catch (ClosingException e) {
                    closingRedirect(handleFileUpload, httpServletResponse);
                    this.threadLocalManager.clear();
                    z = true;
                } catch (ServletException e2) {
                    log.error(e2.getMessage(), e2);
                    throw e2;
                } catch (IOException e3) {
                    log.error("", e3);
                    throw e3;
                } catch (RuntimeException e4) {
                    log.error("", e4);
                    throw e4;
                }
            }
            z = z;
        } finally {
            if (0 == 0) {
                this.threadLocalManager.set(CURRENT_REMOTE_USER, bool);
                this.threadLocalManager.set(CURRENT_HTTP_SESSION, num);
                this.threadLocalManager.set(CURRENT_CONTEXT, str);
                this.threadLocalManager.set("org.sakaiproject.util.RequestFilter.http_request", servletRequest2);
                this.threadLocalManager.set(CURRENT_HTTP_RESPONSE, servletResponse2);
            }
            deleteTempFiles(arrayList);
            if (log.isDebugEnabled() && 0 != 0) {
                log.debug("request timing (ms): " + (System.currentTimeMillis() - currentTimeMillis) + " for " + ((Object) null));
            }
        }
    }

    protected void closingRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!"GET".equals(httpServletRequest.getMethod())) {
            log.warn("Non GET request for " + httpServletRequest.getPathInfo());
        }
        Cookie cookie = new Cookie(this.cookieName, getRedirectNode());
        cookie.setPath(Entity.SEPARATOR);
        cookie.setMaxAge(0);
        if (this.cookieDomain != null) {
            cookie.setDomain(this.cookieDomain);
        }
        if (httpServletRequest.isSecure()) {
            cookie.setSecure(true);
        }
        addCookie(httpServletResponse, cookie);
        StringBuilder sb = new StringBuilder(httpServletRequest.getRequestURI());
        if (httpServletRequest.getQueryString() != null) {
            sb.append(EventTrackingService.UNKNOWN_USER).append(httpServletRequest.getQueryString());
        }
        httpServletResponse.sendRedirect(sb.toString());
    }

    protected String getRedirectNode() {
        if (!this.m_redirectRandomNode) {
            return "";
        }
        Map<String, ClusterNode> serverStatus = ((ClusterService) ComponentManager.get(ClusterService.class)).getServerStatus();
        HashMap hashMap = new HashMap();
        for (ClusterNode clusterNode : serverStatus.values()) {
            ClusterNode clusterNode2 = (ClusterNode) hashMap.get(clusterNode.getServerId());
            if (clusterNode2 == null || clusterNode2.getUpdated().after(clusterNode.getUpdated())) {
                hashMap.put(clusterNode.getServerId(), clusterNode);
            }
        }
        hashMap.remove(System.getProperty(SAKAI_SERVERID));
        ArrayList arrayList = new ArrayList(hashMap.size());
        for (ClusterNode clusterNode3 : hashMap.values()) {
            if (ClusterService.Status.RUNNING.equals(clusterNode3.getStatus())) {
                arrayList.add(clusterNode3.getServerId());
            }
        }
        if (arrayList.isEmpty()) {
            return "";
        }
        return DOT + ((String) arrayList.get(new Random().nextInt(arrayList.size())));
    }

    protected void deleteTempFiles(List<FileItem> list) {
        Iterator<FileItem> it = list.iterator();
        while (it.hasNext()) {
            it.next().delete();
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.appUrl = this.serverConfigurationService.getString("serverUrl", (String) null);
        this.chsDomain = this.serverConfigurationService.getString("content.chs.serverName", (String) null);
        this.chsUrl = this.serverConfigurationService.getString("content.chs.serverUrl", (String) null);
        this.useContentHostingDomain = this.serverConfigurationService.getBoolean("content.separateDomains", false);
        this.contentPaths = this.serverConfigurationService.getStrings("content.chs.urlprefixes");
        if (this.contentPaths == null) {
            this.contentPaths = new String[]{"/access/", "/web/"};
        }
        this.loginPaths = this.serverConfigurationService.getStrings("content.login.urlprefixes");
        if (this.loginPaths == null) {
            this.loginPaths = new String[]{"/access/login", "/sakai-login-tool", "/access/require", "/access/accept"};
        }
        this.contentExceptions = this.serverConfigurationService.getStrings("content.chsexception.urlprefixes");
        if (this.contentExceptions == null) {
            this.contentExceptions = new String[]{"/access/calendar/", "/access/citation/export_ris_sel/", "/access/citation/export_ris_all/"};
        }
        this.m_servletContext = filterConfig.getServletContext();
        if (filterConfig.getInitParameter(CONFIG_SESSION) != null) {
            String initParameter = filterConfig.getInitParameter(CONFIG_SESSION);
            if ("container".equalsIgnoreCase(initParameter)) {
                this.m_sakaiHttpSession = 0;
            } else if ("sakai".equalsIgnoreCase(initParameter)) {
                this.m_sakaiHttpSession = 1;
            } else if (CONFIG_CONTEXT.equalsIgnoreCase(initParameter)) {
                this.m_sakaiHttpSession = 2;
            } else if (SiteService.TOOL_SUBTYPE.equalsIgnoreCase(initParameter)) {
                this.m_sakaiHttpSession = 3;
            } else {
                log.warn("invalid http.session setting (" + initParameter + "): not one of container, sakai, context, tool");
            }
        }
        if (filterConfig.getInitParameter(CONFIG_REMOTE_USER) != null) {
            this.m_sakaiRemoteUser = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_REMOTE_USER)).booleanValue();
        }
        if (filterConfig.getInitParameter(CONFIG_SESSION_AUTH) != null) {
            this.m_checkPrincipal = "basic".equals(filterConfig.getInitParameter(CONFIG_SESSION_AUTH));
        }
        if (filterConfig.getInitParameter(CONFIG_TOOL_PLACEMENT) != null) {
            this.m_toolPlacement = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_TOOL_PLACEMENT)).booleanValue();
        }
        if (filterConfig.getInitParameter(CONFIG_CONTEXT) != null) {
            this.m_contextId = filterConfig.getInitParameter(CONFIG_CONTEXT);
        } else {
            this.m_contextId = this.m_servletContext.getServletContextName();
            if (this.m_contextId == null) {
                this.m_contextId = toString();
            }
        }
        if (filterConfig.getInitParameter("encoding") != null) {
            this.m_characterEncoding = filterConfig.getInitParameter("encoding");
        }
        if (filterConfig.getInitParameter(CONFIG_CHARACTER_ENCODING_ENABLED) != null) {
            this.m_characterEncodingEnabled = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_CHARACTER_ENCODING_ENABLED)).booleanValue();
        }
        if (filterConfig.getInitParameter(CONFIG_UPLOAD_ENABLED) != null) {
            this.m_uploadEnabled = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_UPLOAD_ENABLED)).booleanValue();
        }
        if (System.getProperty(SYSTEM_UPLOAD_MAX) != null) {
            this.m_uploadMaxSize = Long.valueOf(System.getProperty(SYSTEM_UPLOAD_MAX).trim()).longValue() * 1024 * 1024;
            this.m_uploadCeiling = this.m_uploadMaxSize;
        }
        if (filterConfig.getInitParameter(CONFIG_UPLOAD_MAX) != null) {
            this.m_uploadMaxSize = Long.valueOf(filterConfig.getInitParameter(CONFIG_UPLOAD_MAX).trim()).longValue() * 1024 * 1024;
        }
        if (System.getProperty(SYSTEM_UPLOAD_CEILING) != null) {
            this.m_uploadCeiling = Long.valueOf(System.getProperty(SYSTEM_UPLOAD_CEILING).trim()).longValue() * 1024 * 1024;
        }
        if (System.getProperty(SYSTEM_UPLOAD_DIR) != null) {
            this.m_uploadTempDir = System.getProperty(SYSTEM_UPLOAD_DIR);
        }
        if (filterConfig.getInitParameter(CONFIG_UPLOAD_DIR) != null) {
            this.m_uploadTempDir = filterConfig.getInitParameter(CONFIG_UPLOAD_DIR);
        }
        if (filterConfig.getInitParameter(CONFIG_UPLOAD_THRESHOLD) != null) {
            this.m_uploadThreshold = Integer.valueOf(filterConfig.getInitParameter(CONFIG_UPLOAD_THRESHOLD)).intValue();
        }
        if (filterConfig.getInitParameter(CONFIG_CONTINUE) != null) {
            this.m_uploadContinue = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_CONTINUE)).booleanValue();
        }
        if (filterConfig.getInitParameter(CONFIG_MAX_PER_FILE) != null) {
            this.m_uploadMaxPerFile = Boolean.valueOf(filterConfig.getInitParameter(CONFIG_MAX_PER_FILE)).booleanValue();
        }
        if (this.m_uploadContinue && !this.m_uploadMaxPerFile) {
            log.warn("overridding upload.maxPerFile setting: must be 'true' with upload.continueOverMax ='true'");
            this.m_uploadMaxPerFile = true;
        }
        this.TERRACOTTA_CLUSTER = "true".equals(System.getProperty("sakai.cluster.terracotta"));
        if (System.getProperty(SAKAI_COOKIE_NAME) != null) {
            this.cookieName = System.getProperty(SAKAI_COOKIE_NAME);
        }
        if (System.getProperty(SAKAI_COOKIE_DOMAIN) != null) {
            this.cookieDomain = System.getProperty(SAKAI_COOKIE_DOMAIN);
        }
        this.m_sessionParamAllow = this.serverConfigurationService.getBoolean(SAKAI_SESSION_PARAM_ALLOW, false);
        String string = this.serverConfigurationService.getString(SAKAI_SESSION_PARAM_ALLOW_BYPASS, SAKAI_SESSION_PARAM_ALLOW_BYPASS_DEFAULT);
        if (!"none".equals(string)) {
            try {
                this.m_sessionParamRegex = Pattern.compile(string);
            } catch (Exception e) {
                log.warn("Unable to compile session.parameter.allow=" + string);
                this.m_sessionParamRegex = null;
            }
        }
        this.m_cookieHttpOnly = this.serverConfigurationService.getBoolean(SAKAI_COOKIE_HTTP_ONLY, true);
        this.m_cookieSameSite = this.serverConfigurationService.getString(SAKAI_COOKIE_SAME_SITE, "lax");
        this.m_UACompatible = this.serverConfigurationService.getString(SAKAI_UA_COMPATIBLE, (String) null);
        this.isLTIProviderAllowed = this.serverConfigurationService.getString(SAKAI_BLTI_PROVIDER_TOOLS, (String) null) != null;
        this.m_redirectRandomNode = this.serverConfigurationService.getBoolean(SAKAI_CLUSTER_REDIRECT_RANDOM, true);
    }

    protected void handleCharacterEncoding(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnsupportedEncodingException {
        if (this.m_characterEncodingEnabled && httpServletRequest.getCharacterEncoding() == null && this.m_characterEncoding != null && this.m_characterEncoding.length() > 0 && httpServletRequest.getAttribute(ATTR_CHARACTER_ENCODING_DONE) == null) {
            httpServletRequest.setAttribute(ATTR_CHARACTER_ENCODING_DONE, ATTR_CHARACTER_ENCODING_DONE);
            httpServletRequest.setCharacterEncoding(this.m_characterEncoding);
        }
    }

    protected HttpServletRequest handleFileUpload(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, List<FileItem> list) throws ServletException, UnsupportedEncodingException {
        if (!this.m_uploadEnabled || !ServletFileUpload.isMultipartContent(httpServletRequest) || httpServletRequest.getAttribute(ATTR_UPLOADS_DONE) != null) {
            return httpServletRequest;
        }
        httpServletRequest.setAttribute(ATTR_UPLOADS_DONE, ATTR_UPLOADS_DONE);
        HashMap hashMap = new HashMap();
        DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
        if (this.m_uploadTempDir != null) {
            diskFileItemFactory.setRepository(new File(this.m_uploadTempDir));
        }
        if (this.m_uploadThreshold > 0) {
            diskFileItemFactory.setSizeThreshold(this.m_uploadThreshold);
        }
        ServletFileUpload servletFileUpload = new ServletFileUpload(diskFileItemFactory);
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding != null && characterEncoding.length() > 0) {
            servletFileUpload.setHeaderEncoding(characterEncoding);
        }
        long j = this.m_uploadMaxSize > 0 ? this.m_uploadMaxSize : -1L;
        String parameter = httpServletRequest.getParameter(CONFIG_UPLOAD_MAX);
        if (parameter != null) {
            try {
                j = Long.parseLong(parameter) * 1024 * 1024;
            } catch (NumberFormatException e) {
                log.warn("upload.max set to non-numeric: " + parameter);
            }
        }
        if (j > this.m_uploadCeiling) {
            log.debug("Upload size exceeds ceiling: " + ((j / 1024) / 1024) + " > " + ((this.m_uploadCeiling / 1024) / 1024) + " megs");
            j = this.m_uploadCeiling;
        }
        if (!this.m_uploadContinue) {
            servletFileUpload.setSizeMax(j);
        }
        try {
            boolean z = true;
            List parseRequest = servletFileUpload.parseRequest(httpServletRequest);
            for (int i = 0; i < parseRequest.size(); i++) {
                FileItem fileItem = (FileItem) parseRequest.get(i);
                if (fileItem.isFormField()) {
                    String string = fileItem.getString(characterEncoding);
                    Object obj = hashMap.get(fileItem.getFieldName());
                    if (obj == null) {
                        hashMap.put(fileItem.getFieldName(), new String[]{string});
                    } else if (obj instanceof String[]) {
                        String[] strArr = (String[]) obj;
                        String[] strArr2 = new String[strArr.length + 1];
                        for (int i2 = 0; i2 < strArr.length; i2++) {
                            strArr2[i2] = strArr[i2];
                        }
                        strArr2[strArr2.length - 1] = string;
                        hashMap.put(fileItem.getFieldName(), strArr2);
                    } else if (obj instanceof String) {
                        hashMap.put(fileItem.getFieldName(), new String[]{(String) obj, string});
                    }
                } else {
                    list.add(fileItem);
                    if (!this.m_uploadContinue || fileItem.getSize() <= j) {
                        httpServletRequest.setAttribute(fileItem.getFieldName(), fileItem);
                    } else {
                        z = false;
                        log.info("Upload size limit exceeded: " + ((j / 1024) / 1024));
                        httpServletRequest.setAttribute("upload.status", "size_limit_exceeded");
                        httpServletRequest.setAttribute("upload.exception", new FileUploadBase.SizeLimitExceededException("", fileItem.getSize(), j));
                        httpServletRequest.setAttribute("upload.limit", Long.valueOf((j / 1024) / 1024));
                    }
                }
            }
            if (z) {
                httpServletRequest.setAttribute("upload.status", "ok");
            }
        } catch (FileUploadException e2) {
            log.info("Unexpected exception in upload parsing", e2);
            httpServletRequest.setAttribute("upload.status", "exception");
            httpServletRequest.setAttribute("upload.exception", e2);
        } catch (FileUploadBase.SizeLimitExceededException e3) {
            log.info("Upload size limit exceeded: " + ((servletFileUpload.getSizeMax() / 1024) / 1024));
            httpServletRequest.setAttribute("upload.status", "size_limit_exceeded");
            httpServletRequest.setAttribute("upload.exception", e3);
            httpServletRequest.setAttribute("upload.limit", Long.valueOf((servletFileUpload.getSizeMax() / 1024) / 1024));
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            hashMap.put(str, httpServletRequest.getParameterValues(str));
        }
        return new WrappedRequestFileUpload(httpServletRequest, hashMap);
    }

    protected Session assureSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String serverIdInstance;
        Session session = null;
        String str = null;
        boolean z = true;
        Cookie cookie = null;
        boolean z2 = httpServletRequest.getParameter(PARAM_AUTO) != null;
        boolean z3 = false;
        if (this.m_sessionParamRegex != null) {
            z3 = this.m_sessionParamRegex.matcher(httpServletRequest.getRequestURI().toLowerCase()).find();
        }
        boolean z4 = (z3 || this.m_sessionParamAllow) && httpServletRequest.getParameter(ATTR_SESSION) != null;
        String cookieSuffix = getCookieSuffix();
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (this.m_checkPrincipal && userPrincipal != null && userPrincipal.getName() != null) {
            str = this.sessionManager.makeSessionId(httpServletRequest, userPrincipal);
            z = false;
            session = this.sessionManager.getSession(str);
            if (session == null) {
                session = this.sessionManager.startSession(str);
            }
            session.setMaxInactiveInterval(600);
        }
        if (str == null || session == null) {
            if (z3 || this.m_sessionParamAllow) {
                str = httpServletRequest.getParameter(ATTR_SESSION);
            }
            cookie = findCookie(httpServletRequest, this.cookieName, cookieSuffix);
            if (str == null && cookie != null) {
                str = cookie.getValue();
            }
            if (str != null) {
                int indexOf = str.indexOf(DOT);
                if (indexOf > -1) {
                    str = str.substring(0, indexOf);
                }
                if (log.isDebugEnabled()) {
                    log.debug("assureSession found sessionId in cookie: " + str);
                }
                session = this.sessionManager.getSession(str);
            }
            if (z4 && session != null && session.getUserId() == null) {
                session = null;
            }
        }
        if (session != null && !z2) {
            synchronized (session) {
                session.setActive();
            }
        }
        if (session == null && str != null && this.rebuildBreakdownService != null) {
            session = this.sessionManager.startSession(str);
            if (!this.rebuildBreakdownService.rebuildSession(session)) {
                session.invalidate();
                session = null;
            }
        }
        if (session == null) {
            session = this.sessionManager.startSession();
            if (cookie != null) {
                this.threadLocalManager.set("sakai:session.was.invalid", "sakai:session.was.invalid");
            }
        }
        httpServletRequest.setAttribute(ATTR_SESSION, session);
        this.sessionManager.setCurrentSession(session);
        synchronized (session) {
            UsageSession usageSession = (UsageSession) session.getAttribute(UsageSessionService.USAGE_SESSION_KEY);
            if (usageSession != null && (serverIdInstance = this.serverConfigurationService.getServerIdInstance()) != null && !serverIdInstance.equals(usageSession.getServer())) {
                log.info("UsageSession: Server change detected: Old Server=" + usageSession.getServer() + "    New Server=" + serverIdInstance);
                usageSession.setServer(serverIdInstance);
            }
        }
        if (session == null && cookie != null) {
            cookie = new Cookie(this.cookieName, "");
            cookie.setPath(Entity.SEPARATOR);
            cookie.setMaxAge(0);
            if (this.cookieDomain != null) {
                cookie.setDomain(this.cookieDomain);
            }
            addCookie(httpServletResponse, cookie);
        }
        if (session != null && z) {
            String str2 = session.getId() + DOT + cookieSuffix;
            if (cookie == null || !cookie.getValue().equals(str2)) {
                Cookie cookie2 = new Cookie(this.cookieName, str2);
                cookie2.setPath(Entity.SEPARATOR);
                cookie2.setMaxAge(-1);
                if (this.cookieDomain != null) {
                    cookie2.setDomain(this.cookieDomain);
                }
                if (httpServletRequest.isSecure()) {
                    cookie2.setSecure(true);
                }
                addCookie(httpServletResponse, cookie2);
            }
        }
        return session;
    }

    protected ToolSession detectToolPlacement(Session session, HttpServletRequest httpServletRequest) {
        if (!this.m_toolPlacement) {
            return null;
        }
        ToolSession toolSession = null;
        String parameter = httpServletRequest.getParameter(Tool.PLACEMENT_ID);
        if (parameter != null) {
            toolSession = session.getToolSession(parameter);
            httpServletRequest.setAttribute(Tool.TOOL_SESSION, toolSession);
            this.sessionManager.setCurrentToolSession(toolSession);
            httpServletRequest.setAttribute(Tool.PLACEMENT_ID, parameter);
        }
        return toolSession;
    }

    protected HttpServletRequest preProcessRequest(Session session, HttpServletRequest httpServletRequest) {
        return new WrappedRequest(session, this.m_contextId, httpServletRequest);
    }

    protected HttpServletResponse preProcessResponse(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WrappedResponse wrappedResponse = new WrappedResponse(session, httpServletRequest, httpServletResponse);
        if (this.m_UACompatible != null) {
            wrappedResponse.setHeader("X-UA-Compatible", this.m_UACompatible);
        }
        if (!this.isLTIProviderAllowed && (!this.useContentHostingDomain || !httpServletRequest.getServerName().equals(this.chsDomain))) {
            wrappedResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        }
        UsageSession usageSession = (UsageSession) session.getAttribute(UsageSessionService.USAGE_SESSION_KEY);
        if (usageSession != null) {
            wrappedResponse.setHeader("X-Sakai-Session", usageSession.getId());
        }
        return wrappedResponse;
    }

    protected void postProcessResponse(Session session, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (this.rebuildBreakdownService != null) {
            this.rebuildBreakdownService.storeSession(session, httpServletRequest);
        }
    }

    private boolean isSessionClusteringEnabled() {
        return this.TERRACOTTA_CLUSTER || (this.rebuildBreakdownService != null && this.rebuildBreakdownService.isSessionHandlingEnabled());
    }

    protected Cookie findCookie(HttpServletRequest httpServletRequest, String str, String str2) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equals(str) && (isSessionClusteringEnabled() || str2 == null || cookies[i].getValue().endsWith(str2))) {
                return cookies[i];
            }
        }
        return null;
    }

    private String getCookieSuffix() {
        String property = System.getProperty(SAKAI_SERVERID);
        if (property == null || property.length() == 0) {
            if (this.m_displayModJkWarning) {
                log.warn("no sakai.serverId system property set - mod_jk load balancing will not function properly");
            }
            this.m_displayModJkWarning = false;
            property = "sakai";
        }
        return property;
    }

    protected void addCookie(HttpServletResponse httpServletResponse, Cookie cookie) {
        if (!this.m_cookieHttpOnly) {
            httpServletResponse.addCookie(cookie);
            return;
        }
        StringBuffer stringBuffer = new StringBuffer();
        ServerCookie.appendCookieValue(stringBuffer, cookie.getVersion(), cookie.getName(), cookie.getValue(), cookie.getPath(), cookie.getDomain(), cookie.getComment(), cookie.getMaxAge(), cookie.getSecure(), this.m_cookieHttpOnly, this.m_cookieSameSite);
        httpServletResponse.addHeader("Set-Cookie", stringBuffer.toString());
    }
}
