package com.opensymphony.webwork.views.util;

import com.opensymphony.webwork.components.Component;
import com.opensymphony.webwork.components.Form;
import com.opensymphony.xwork.util.OgnlUtil;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.logging.Log;

/* loaded from: input_file:com/opensymphony/webwork/views/util/SecurityUtil.class */
public class SecurityUtil {
    public static final String OGNL_UNSAFE = "OgnlUnsafe";

    private SecurityUtil() {
    }

    public static Map<String, Object> getUnescapedParameters(Log log, Component component, Map<String, Object> map) {
        if (map == null) {
            return null;
        }
        Map<String, Object> hashMap = map instanceof HashMap ? new HashMap<>() : new TreeMap<>();
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String key = entry.getKey();
            if (!key.endsWith(OGNL_UNSAFE)) {
                Object value = entry.getValue();
                Object unescapedValue = getUnescapedValue(map, key);
                if (unescapedValue instanceof String) {
                    String wrapAsOgnlExpression = wrapAsOgnlExpression(OgnlUtil.escapeLiteral((String) unescapedValue).toString());
                    if (wrapAsOgnlExpression.equals(value)) {
                        hashMap.put(key, unescapedValue);
                    } else {
                        hashMap.put(key, value);
                        boolean equals = unescapedValue.equals(value);
                        if (log != null && !equals && !(component instanceof Form)) {
                            log.debug(key + " was overridden from " + wrapAsOgnlExpression + " to " + value + " by " + (component != null ? component.getClass().getCanonicalName() : "unknown"));
                        }
                    }
                } else {
                    hashMap.put(key, value);
                }
            }
        }
        return hashMap;
    }

    public static String wrapAsOgnlExpression(String str) {
        return "%{" + str + "}";
    }

    public static boolean hasUnescapedValue(Map map, String str) {
        return map.containsKey(getNameOfUnEscapedParameter(str));
    }

    private static Object getUnescapedValue(Map<String, Object> map, String str) {
        return map.get(getNameOfUnEscapedParameter(str));
    }

    private static String getNameOfUnEscapedParameter(String str) {
        return str + OGNL_UNSAFE;
    }
}
