package org.owasp.esapi.waf.rules;

import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.owasp.esapi.waf.actions.Action;
import org.owasp.esapi.waf.actions.DefaultAction;
import org.owasp.esapi.waf.actions.DoNothingAction;
import org.owasp.esapi.waf.actions.RedirectAction;
import org.owasp.esapi.waf.internal.InterceptingHTTPServletResponse;

/* loaded from: input_file:web.war:WEB-INF/lib/esapi-2.1.0.1.jar:org/owasp/esapi/waf/rules/EnforceHTTPSRule.class */
public class EnforceHTTPSRule extends Rule {
    private Pattern path;
    private List<Object> exceptions;
    private String action;

    public EnforceHTTPSRule(String str, Pattern pattern, List<Object> list, String str2) {
        this.path = pattern;
        this.exceptions = list;
        this.action = str2;
        setId(str);
    }

    @Override // org.owasp.esapi.waf.rules.Rule
    public Action check(HttpServletRequest httpServletRequest, InterceptingHTTPServletResponse interceptingHTTPServletResponse, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.isSecure() || !this.path.matcher(httpServletRequest.getRequestURI()).matches()) {
            return new DoNothingAction();
        }
        for (Object obj : this.exceptions) {
            if (obj instanceof String) {
                if (((String) obj).equalsIgnoreCase(httpServletRequest.getRequestURI())) {
                    return new DoNothingAction();
                }
            } else if ((obj instanceof Pattern) && ((Pattern) obj).matcher(httpServletRequest.getRequestURI()).matches()) {
                return new DoNothingAction();
            }
        }
        log(httpServletRequest, "Insecure request to resource detected in URL: '" + ((Object) httpServletRequest.getRequestURL()) + "'");
        if (!"redirect".equals(this.action)) {
            return new DefaultAction();
        }
        RedirectAction redirectAction = new RedirectAction();
        redirectAction.setRedirectURL(httpServletRequest.getRequestURL().toString().replaceFirst("http", "https"));
        return redirectAction;
    }
}
