package coldfusion.runtime;

import coldfusion.archivedeploy.Archive;
import coldfusion.eventgateway.EventContext;
import coldfusion.filter.ApplicationFilter;
import coldfusion.filter.FormScope;
import coldfusion.filter.FusionContext;
import coldfusion.filter.UrlScope;
import coldfusion.log.CFLogs;
import coldfusion.security.SecurityManager;
import coldfusion.security.SecurityUtils;
import coldfusion.server.DataSourceService;
import coldfusion.server.RuntimeService;
import coldfusion.server.ServiceFactory;
import coldfusion.tagext.io.cache.CacheTagHelper;
import coldfusion.tagext.io.cache.GenericCache;
import coldfusion.tagext.io.cache.GenericCacheFactory;
import coldfusion.tagext.lang.ApplicationTag;
import coldfusion.tagext.lang.InvalidClientStorageException;
import coldfusion.tagext.validation.UnnamedApplicationException;
import coldfusion.tagext.validation.UnnamedApplicationMappingNotAllowed;
import coldfusion.util.CaseInsensitiveMap;
import coldfusion.util.FastHashtable;
import coldfusion.util.IPAddressUtils;
import coldfusion.util.RB;
import coldfusion.util.URLDecoder;
import coldfusion.util.Utils;
import com.adobe.cfsetup.constants.CFSetupConstants;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.ListIterator;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.PageContext;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/runtime/AppHelper.class */
public class AppHelper {
    public static final String CFTOKEN = "CFTOKEN";
    public static final String CFID = "CFID";
    private Struct appMetaData;
    private Map m_Settings;
    private String m_cfid;
    private String m_cftoken;
    private String old_cfid;
    private String old_cftoken;
    private boolean m_IsClientIdFromUrl;
    private boolean m_IsClientIdFromForm;
    private PageContext m_PageContext;
    private int m_ApplicationTimeOut;
    private boolean m_ApplicationTimeOutSet;
    private String m_ApplicationName;
    private boolean m_ClientManagement;
    private String m_ClientStorage;
    private boolean m_SetClientCookies;
    private boolean m_SessionManagement;
    private int m_SessionTimeout;
    private boolean m_SessionTimeoutSet;
    private boolean m_SetDomainCookies;
    private String m_LoginStorage;
    private List m_ScriptProtect;
    private SessionScope m_SessionScope;
    private ApplicationScope m_ApplicationScope;
    private ClientScope m_ClientScope;
    private String m_Jsessionid;
    private boolean m_isSecureJSON;
    private String m_secureJSONPrefix;
    private boolean m_serverSideFormValidation;
    private FusionContext fContext;
    private AppEventInvoker appProxy;
    private Scope appScope;
    public static final String APP_NAME_NAME = "name";
    public static final String APP_TIMEOUT_NAME = "applicationtimeout";
    public static final String SESSION_MGMT_NAME = "sessionmanagement";
    public static final String SESSION_TIMEOUT_NAME = "sessiontimeout";
    public static final String DOMAIN_COOKIES_NAME = "setdomaincookies";
    public static final String CLIENT_MGMT_NAME = "clientmanagement";
    public static final String CLIENT_STORAGE_NAME = "clientstorage";
    public static final String CLIENT_COOKIES_NAME = "setclientcookies";
    public static final String LOGIN_STORAGE_NAME = "loginstorage";
    public static final String SCRIPT_PROTECT_NAME = "scriptprotect";
    public static final String SECURE_JSON_NAME = "securejson";
    public static final String SECURE_JSON_PREFIX_NAME = "securejsonprefix";
    public static final String SAME_NAME_FORM_FIELDS_AS_ARRAY = "sameformfieldsasarray";
    public static final boolean DefaultSessionMgmt = false;
    public static final boolean DefaultDomainCookies = false;
    public static final boolean DefaultClientMgmt = false;
    public static final boolean DefaultClientCookies = true;
    public static final String DefaultLoginStorage = "cookie";
    private static Object defaultQueryCache;
    private static final int DEFAULT_MAX_CACHED_QUERY_COUNT = 100;
    private static final String SESSIONFIXATION = "coldfusion.session.protectfixation";
    private static final String MAPPINGS = "MAPPINGS";
    public static boolean protectSessionFixation;
    private static RuntimeService runtime = ServiceFactory.getRuntimeService();
    private static ClientScopeService service = ServiceFactory.getClientScopeService();
    private static NoOperScope NoOperAppScope = new NoOperScope("application");
    private static NoOperScope NoOperSessionScope = new NoOperScope("session");
    private static NoOperScope NoOperClientScope = new NoOperClientScope(Archive.SETTINGS_VARIABLES_CLIENT);
    private static volatile Map<String, String> domainHashes = new HashMap();
    private static final boolean addDomainHashToCookie = Boolean.valueOf(System.getProperty("coldfusion.cookie.prefixdomainhash", "true")).booleanValue();

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/runtime/AppHelper$InvalidClientSettings.class */
    public static final class InvalidClientSettings extends ExpressionException {
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/runtime/AppHelper$InvalidSecureJSONSetting.class */
    public static final class InvalidSecureJSONSetting extends ExpressionException {
        public Object secureJSONSetting;

        public InvalidSecureJSONSetting(Object obj) {
            this.secureJSONSetting = obj;
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/runtime/AppHelper$InvalidServerSideFormValidationSetting.class */
    public static final class InvalidServerSideFormValidationSetting extends ExpressionException {
        public Object serverSideFormValidation;

        public InvalidServerSideFormValidationSetting(Object obj) {
            this.serverSideFormValidation = obj;
        }
    }

    /* loaded from: input_file:Disk1/InstData/Resource1.zip:$IA_PROJECT_DIR$/hotfix/dist_zg_ia_sf.jar:updates/chf20210018.jar:coldfusion/runtime/AppHelper$ScriptProtectReplaceException.class */
    public static final class ScriptProtectReplaceException extends ExpressionException {
        public String scope;

        public ScriptProtectReplaceException(String str) {
            this.scope = str;
        }
    }

    public AppHelper(PageContext pageContext, Map map, FusionContext fusionContext) {
        this.m_IsClientIdFromUrl = false;
        this.m_IsClientIdFromForm = false;
        this.m_SessionScope = null;
        this.m_ApplicationScope = null;
        this.m_ClientScope = null;
        this.fContext = null;
        this.m_PageContext = pageContext;
        if (map != null) {
            this.m_Settings = getSynchronizedSetting(map);
        }
        this.fContext = fusionContext;
        this.appMetaData = new Struct();
        setApplicationDefaults();
    }

    private Map getSynchronizedSetting(Map map) {
        if (map instanceof LocalScope) {
            return new SynchronizedLocalScope((LocalScope) map, true);
        }
        if (map instanceof FastHashtable) {
            FastHashtable fastHashtable = new FastHashtable(true, map.size());
            fastHashtable.getClass();
            map.forEach(fastHashtable::put);
            return fastHashtable;
        }
        CaseInsensitiveMap.CFConcurrentHashMap cFConcurrentHashMap = new CaseInsensitiveMap.CFConcurrentHashMap(map.size());
        cFConcurrentHashMap.getClass();
        map.forEach(cFConcurrentHashMap::put);
        return cFConcurrentHashMap;
    }

    public AppHelper(PageContext pageContext, AppEventInvoker appEventInvoker, Map map, FusionContext fusionContext) {
        this(pageContext, map, fusionContext);
        this.appProxy = appEventInvoker;
    }

    public AppEventInvoker getAppProxy() {
        return this.appProxy;
    }

    public Scope getAppScope() {
        return this.m_ApplicationScope;
    }

    protected String getDomain() {
        String str = null;
        if (this.m_SetDomainCookies) {
            String serverName = this.m_PageContext.getRequest().getServerName();
            if (IPAddressUtils.validateIPAdress(serverName)) {
                return null;
            }
            int indexOf = serverName.indexOf(46);
            int lastIndexOf = serverName.lastIndexOf(46);
            if (indexOf != -1 && lastIndexOf != serverName.length() - 1 && indexOf != 0) {
                str = indexOf == lastIndexOf ? serverName : serverName.substring(indexOf, serverName.length());
            }
        }
        return str;
    }

    private void handleClientIDs() {
        HttpServletRequest httpServletRequest = (HttpServletRequest) this.m_PageContext.getRequest();
        getClientIDs(httpServletRequest);
        if (protectSessionFixation) {
            checkIfSessionExists();
        }
        if (this.m_cfid == null || this.m_cftoken == null) {
            generateNewClientIDs(httpServletRequest);
        }
    }

    private void getClientIDs(HttpServletRequest httpServletRequest) {
        Cookie[] cookies;
        if (this.m_ApplicationName == null || !this.m_ApplicationName.equalsIgnoreCase("cfadmin")) {
            FormScope formScope = this.fContext.getFormScope();
            UrlScope urlScope = (UrlScope) this.fContext.hiddenScope.get("URL");
            if (formScope != null) {
                this.m_cfid = (String) formScope.get(CFID);
                this.m_cftoken = (String) formScope.get(CFTOKEN);
                if (this.m_cfid == null || this.m_cftoken == null) {
                    this.m_cfid = (String) formScope.get("cfid");
                    this.m_cftoken = (String) formScope.get("cftoken");
                }
            }
            this.m_IsClientIdFromForm = (this.m_cfid == null || this.m_cftoken == null) ? false : true;
            if (this.m_cfid == null && this.m_cftoken == null && urlScope != null) {
                this.m_cfid = (String) urlScope.get(CFID);
                this.m_cftoken = (String) urlScope.get(CFTOKEN);
                if (this.m_cfid == null || this.m_cftoken == null) {
                    this.m_cfid = (String) urlScope.get("cfid");
                    this.m_cftoken = (String) urlScope.get("cftoken");
                }
                if (!protectSessionFixation) {
                    checkIfOldSessionExists();
                }
            }
            this.m_IsClientIdFromUrl = (this.m_cfid == null || this.m_cftoken == null) ? false : true;
            Object findAttribute = this.m_PageContext.findAttribute("COOKIE.CFID");
            Object findAttribute2 = this.m_PageContext.findAttribute("COOKIE.CFTOKEN");
            if (!this.m_IsClientIdFromUrl) {
                if (findAttribute != null && findAttribute2 != null) {
                    this.m_cfid = findAttribute.toString();
                    this.m_cftoken = findAttribute2.toString();
                }
                if ((this.m_cfid == null || this.m_cftoken == null) && (cookies = httpServletRequest.getCookies()) != null) {
                    boolean z = false;
                    boolean z2 = false;
                    for (int i = 0; i < cookies.length && (!z || !z2); i++) {
                        if (cookies[i].getName().equalsIgnoreCase(CFID) && !z) {
                            String validateCookieValue = validateCookieValue(URLDecoder.decode(cookies[i].getValue()), true);
                            if (isValidCFID(validateCookieValue)) {
                                this.m_cfid = validateCookieValue;
                            }
                            if (this.m_cfid != null) {
                                z = true;
                            }
                        }
                        if (cookies[i].getName().equalsIgnoreCase(CFTOKEN) && !z2) {
                            String validateCookieValue2 = validateCookieValue(URLDecoder.decode(cookies[i].getValue()), true);
                            if (isValidCFTOKEN(validateCookieValue2)) {
                                this.m_cftoken = validateCookieValue2;
                            }
                            if (this.m_cftoken != null) {
                                z2 = true;
                            }
                        }
                    }
                }
            } else if (this.m_cfid != null && this.m_cfid.equals(findAttribute) && this.m_cftoken != null && this.m_cftoken.equals(findAttribute2)) {
                this.m_IsClientIdFromUrl = false;
            }
        } else {
            String cFAdminCookieSuffix = ((SecurityManager) ServiceFactory.getSecurityService()).getCFAdminCookieSuffix();
            Object findAttribute3 = this.m_PageContext.findAttribute("COOKIE.CFID" + cFAdminCookieSuffix);
            Object findAttribute4 = this.m_PageContext.findAttribute("COOKIE.CFTOKEN" + cFAdminCookieSuffix);
            if (findAttribute3 != null && findAttribute4 != null) {
                this.m_cfid = findAttribute3.toString();
                this.m_cftoken = findAttribute4.toString();
            }
        }
        if (this.m_cfid != null) {
            this.m_cfid = this.m_cfid.trim();
        }
        if (this.m_cftoken != null) {
            this.m_cftoken = this.m_cftoken.trim();
        }
        if (this.m_cfid == null || this.m_cftoken == null || validateIDs(this.m_cfid, this.m_cftoken)) {
            return;
        }
        this.m_cfid = null;
        this.m_cftoken = null;
    }

    protected String validateCookieValue(String str, boolean z) {
        String domain;
        if (!this.m_SetDomainCookies || (domain = getDomain()) == null) {
            if (str.startsWith("Z")) {
                return null;
            }
            return str;
        }
        if (addDomainHashToCookie && str.startsWith("Z") && domain != null) {
            String domainHash = getDomainHash(domain);
            int length = domainHash.length();
            if (str.startsWith(domainHash) && str.length() > length) {
                return z ? str.substring(length) : str;
            }
        }
        if (addDomainHashToCookie) {
            return null;
        }
        return str;
    }

    private String getDomainHash(String str) {
        return "Z" + getAndCreateDomainHash(str) + "-";
    }

    private static String getAndCreateDomainHash(String str) {
        String str2 = null;
        try {
            str2 = domainHashes.get(str);
            if (str2 == null) {
                synchronized (domainHashes) {
                    str2 = domainHashes.get(str);
                    if (str2 == null) {
                        str2 = Utils.toBase36(SecurityUtils.hash(str, "SHA-256", null, null));
                        domainHashes.put(str, str2);
                    }
                }
            }
        } catch (IOException e) {
        }
        return str2;
    }

    protected String prepareDomainCookie(String str, boolean z) {
        String domain;
        if (addDomainHashToCookie && StringUtils.isNotBlank(str) && (domain = getDomain()) != null) {
            String domainHash = getDomainHash(domain);
            if (!z || !str.startsWith(domainHash)) {
                return domainHash.concat(str);
            }
        }
        return str;
    }

    private static boolean validateIDs(String str, String str2) {
        return isValidCFID(str) && isValidCFTOKEN(str2);
    }

    static boolean isValidCFID(String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        for (int i = 0; i < str.length(); i++) {
            if (!Character.isDigit(str.charAt(i))) {
                return false;
            }
        }
        return true;
    }

    static boolean isValidCFTOKEN(String str) {
        if (str == null || str.length() < 8) {
            return false;
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt != '-' && charAt != '%' && !Character.isJavaIdentifierPart(charAt)) {
                return false;
            }
        }
        return true;
    }

    private void checkIfOldSessionExists() {
        if (this.m_cfid == null || this.m_cftoken == null || !this.m_SessionManagement || runtime.useJ2eeSession() || SessionTracker.getSession(this.m_ApplicationName, this.m_cfid, this.m_cftoken) != null) {
            return;
        }
        this.old_cfid = this.m_cfid;
        this.old_cftoken = this.m_cftoken;
        this.m_cfid = null;
        this.m_cftoken = null;
    }

    private void checkIfSessionExists() {
        if (this.m_cfid == null || this.m_cftoken == null || !this.m_SessionManagement || runtime.useJ2eeSession()) {
            return;
        }
        boolean z = true;
        if (this.m_IsClientIdFromForm && SessionTracker.getSession(this.m_ApplicationName, this.m_cfid, this.m_cftoken) != null) {
            z = false;
        }
        if (SessionTracker.sessionExists(this.m_ApplicationName, this.m_cfid, this.m_cftoken)) {
            z = false;
        }
        if (z) {
            this.old_cfid = this.m_cfid;
            this.old_cftoken = this.m_cftoken;
            this.m_cfid = null;
            this.m_cftoken = null;
        }
    }

    private void generateNewClientIDs(HttpServletRequest httpServletRequest) {
        this.m_cfid = Integer.toString(service.GetClientId((NeoPageContext) this.m_PageContext));
        this.m_cftoken = service.GetCFTOKEN();
        if (this.m_SetClientCookies) {
            String contextPath = httpServletRequest.getContextPath();
            if (contextPath != null && (contextPath.equals("") || !contextPath.endsWith("/"))) {
                contextPath = contextPath + "/";
            }
            String domain = getDomain();
            String str = CFID;
            String str2 = CFTOKEN;
            if (this.m_ApplicationName != null && this.m_ApplicationName.equalsIgnoreCase("cfadmin")) {
                String cFAdminCookieSuffix = ((SecurityManager) ServiceFactory.getSecurityService()).getCFAdminCookieSuffix();
                str = str + cFAdminCookieSuffix;
                str2 = str2 + cFAdminCookieSuffix;
            }
            CFCookie cFCookie = new CFCookie(str, this.m_cfid, domain);
            CFCookie cFCookie2 = new CFCookie(str2, this.m_cftoken, domain);
            String sessionCookieSamesite = FusionContext.getApplicationSettings().getSessionCookieSamesite();
            if (sessionCookieSamesite == null || sessionCookieSamesite.trim().length() == 0) {
                sessionCookieSamesite = ServiceFactory.getRuntimeService().getSessionCookieSamesite();
            }
            cFCookie.setSamesite(sessionCookieSamesite);
            cFCookie2.setSamesite(sessionCookieSamesite);
            if (contextPath != null) {
                cFCookie.setPath(contextPath);
                cFCookie2.setPath(contextPath);
            }
            this.m_PageContext.setAttribute("COOKIE." + str, cFCookie);
            this.m_PageContext.setAttribute("COOKIE." + str2, cFCookie2);
        }
    }

    public Scope connectApplication() {
        this.fContext.setApplicationName(this.m_ApplicationName);
        if (!runtime.isApplicationEnabled()) {
            FusionContext.SymTab_setApplicationScope(NoOperAppScope);
            return NoOperAppScope;
        }
        if ((this.m_ApplicationName == null || this.m_ApplicationName.trim().equals("")) && runtime.isDisableUnnamedApplication()) {
            throw new UnnamedApplicationException();
        }
        this.m_ApplicationScope = ApplicationScopeTracker.getApplicationScope(this.m_ApplicationName);
        ServletContext servletContext = FusionContext.getCurrent().getServletContext();
        if (this.m_ApplicationScope == null) {
            synchronized (ApplicationScopeTracker.class) {
                this.m_ApplicationScope = ApplicationScopeTracker.getApplicationScope(this.m_ApplicationName);
                if (this.m_ApplicationScope == null) {
                    this.m_ApplicationScope = ApplicationScopeTracker.createApplication(this.m_ApplicationName);
                }
            }
        } else if (servletContext.getAttribute(this.m_ApplicationName) == null && ((this.m_ApplicationName != null && this.m_ApplicationName.length() == 0) || ServiceFactory.getRuntimeService().isAllowAppVarInServContext())) {
            servletContext.setAttribute(this.m_ApplicationName, this.m_ApplicationScope.getAttributeMap());
        }
        FusionContext.SymTab_setApplicationScope(this.m_ApplicationScope);
        return this.m_ApplicationScope;
    }

    public void applyAppSettings(ApplicationScope applicationScope) {
        if (!this.m_LoginStorage.equalsIgnoreCase("session") && !this.m_LoginStorage.equalsIgnoreCase(DefaultLoginStorage)) {
            throw new ApplicationTag.InvalidLoginStorage(this.m_LoginStorage);
        }
        if (!this.m_SessionManagement && this.m_LoginStorage.equalsIgnoreCase("session")) {
            throw new ApplicationTag.SessionNotEnabled();
        }
        applicationScope.setApplicationSettings(this.m_Settings);
        overrideReqTimeout();
        Object obj = this.m_Settings.get("customtagpaths");
        if (obj != null && (obj instanceof String)) {
            applicationScope.setApplicationCustomTagPaths((String) obj);
        }
        applicationScope.setLastAccess();
        if (!this.m_ApplicationTimeOutSet) {
            applicationScope.SetMaxInactiveInterval(runtime.getApplicationTimeout());
        } else if (this.m_ApplicationTimeOut > runtime.getApplicationMaxTimeout()) {
            applicationScope.SetMaxInactiveInterval(runtime.getApplicationMaxTimeout());
        } else {
            applicationScope.SetMaxInactiveInterval(this.m_ApplicationTimeOut);
        }
        applicationScope.setStoreloginCredentialInSession(this.m_LoginStorage.equalsIgnoreCase("session"));
    }

    public void validateMappings() {
        if (this.m_ApplicationName == null || this.m_ApplicationName.trim().length() == 0) {
            Object obj = this.m_Settings.get(MAPPINGS);
            if ((obj instanceof Struct) && ((Struct) obj).get(CFSetupConstants.CFIDE_MAPPING) != null) {
                throw new UnnamedApplicationMappingNotAllowed();
            }
        }
    }

    public void overrideReqTimeout() {
        if (this.m_Settings.get("timeout") != null) {
            RequestMonitor.overrideRequestTimeout(Cast._long(this.m_Settings.get("timeout")));
        }
    }

    private void applyClientSettings() {
        if (this.m_ClientManagement) {
            if (this.m_ClientStorage == null) {
                this.m_ClientStorage = service.GetDefaultDSN();
            }
            if (this.m_ClientStorage == null) {
                throw new InvalidClientSettings();
            }
            if (this.m_ClientStorage.length() == 0) {
                throw new ClientStorageException();
            }
            if (this.m_ClientStorage.equalsIgnoreCase(DefaultLoginStorage) && !this.m_SetClientCookies) {
                throw new InvalidClientSettings();
            }
        }
    }

    private void applySessionSettings() {
        if (this.m_SessionManagement && !runtime.isSessionEnabled()) {
            throw new ApplicationTag.SessionScopeDisabledException();
        }
    }

    private void setApplicationDefaults() {
        Object obj = this.m_Settings.get(APP_TIMEOUT_NAME);
        this.m_ApplicationTimeOut = obj == null ? getDefaultApplicationTimeout() : Cast._int(obj);
        this.m_ApplicationTimeOutSet = obj != null;
        this.appMetaData.put("APPLICATIONTIMEOUT", new Integer(this.m_ApplicationTimeOut));
        Object obj2 = this.m_Settings.get("name");
        this.m_ApplicationName = Cast._String(obj2 == null ? "" : obj2);
        this.appMetaData.put("NAME", this.m_ApplicationName);
        Object obj3 = this.m_Settings.get(SESSION_MGMT_NAME);
        this.m_SessionManagement = obj3 == null ? false : Cast._boolean(obj3);
        this.appMetaData.put("SESSIONMANAGEMENT", new Boolean(this.m_SessionManagement));
        Object obj4 = this.m_Settings.get(SESSION_TIMEOUT_NAME);
        this.m_SessionTimeout = obj4 == null ? getDefaultSessionTimeout() : Cast._int(obj4);
        this.m_SessionTimeoutSet = obj4 != null;
        this.appMetaData.put("SESSIONTIMEOUT", new Integer(this.m_SessionTimeout));
        Object obj5 = this.m_Settings.get(DOMAIN_COOKIES_NAME);
        this.m_SetDomainCookies = obj5 == null ? false : Cast._boolean(obj5);
        this.appMetaData.put("SETDOMAINCOOKIES", new Boolean(this.m_SetDomainCookies));
        Object obj6 = this.m_Settings.get(CLIENT_MGMT_NAME);
        this.m_ClientManagement = obj6 == null ? false : Cast._boolean(obj6);
        this.appMetaData.put("CLIENTMANAGEMENT", new Boolean(this.m_ClientManagement));
        Object obj7 = this.m_Settings.get(CLIENT_STORAGE_NAME);
        this.m_ClientStorage = obj7 == null ? getDefaultClientStorage() : Cast._String(obj7);
        this.appMetaData.put("CLIENTSTORAGE", this.m_ClientStorage);
        Object obj8 = this.m_Settings.get(CLIENT_COOKIES_NAME);
        this.m_SetClientCookies = obj8 == null ? true : Cast._boolean(obj8);
        this.appMetaData.put("SETCLIENTCOOKIES", new Boolean(this.m_SetClientCookies));
        Object obj9 = this.m_Settings.get(LOGIN_STORAGE_NAME);
        this.m_LoginStorage = obj9 == null ? DefaultLoginStorage : Cast._String(obj9);
        this.appMetaData.put("LOGINSTORAGE", this.m_LoginStorage);
        Object obj10 = this.m_Settings.get("scriptprotect");
        if (obj10 != null) {
            setupScriptProtect(obj10);
        } else {
            this.m_ScriptProtect = this.fContext.getScriptProtect();
        }
        this.appMetaData.put("SCRIPTPROTECT", this.m_ScriptProtect);
        Object obj11 = this.m_Settings.get(SECURE_JSON_NAME);
        try {
            this.m_isSecureJSON = obj11 == null ? this.fContext.isSecureJSON() : Cast._boolean(obj11);
            this.fContext.setSecureJSON(this.m_isSecureJSON);
            this.appMetaData.put("SECUREJSON", new Boolean(this.m_isSecureJSON));
            Object obj12 = this.m_Settings.get(ApplicationFilter.SERVERSIDEFORMVALIDATION);
            try {
                this.m_serverSideFormValidation = obj12 == null ? this.fContext.isServerSideFormValidation() : Cast._boolean(obj12);
                this.fContext.setServerSideFormValidation(this.m_serverSideFormValidation);
                this.appMetaData.put("SERVERSIDEFORMVALIDATION", new Boolean(this.m_serverSideFormValidation));
                Object obj13 = this.m_Settings.get(SECURE_JSON_PREFIX_NAME);
                this.m_secureJSONPrefix = obj13 == null ? this.fContext.getSecureJSONPrefix() : Cast._String(obj13);
                this.fContext.setSecureJSONPrefix(this.m_secureJSONPrefix);
                this.appMetaData.put("SECUREJSONPREFIX", this.m_secureJSONPrefix);
                Object obj14 = this.m_Settings.get("compileextforinclude");
                this.appMetaData.put("COMPILEEXTFORINCLUDE", (String) (obj14 == null ? runtime.getCompileExtForInclude() : obj14));
                Object obj15 = this.m_Settings.get(ApplicationSettings.STRICTNUMBERVALIDATION);
                this.appMetaData.put(ApplicationSettings.STRICTNUMBERVALIDATION, new Boolean(obj15 == null ? true : Cast._boolean(obj15)));
                Object obj16 = this.m_Settings.get(ApplicationSettings.PASS_ARRAY_BY_REFERENCE);
                Boolean valueOf = Boolean.valueOf(obj16 == null ? false : Cast._boolean(obj16));
                this.fContext.setPassArrayByReference(valueOf.booleanValue());
                this.appMetaData.put(ApplicationSettings.PASS_ARRAY_BY_REFERENCE, valueOf);
            } catch (Exception e) {
                throw new InvalidServerSideFormValidationSetting(obj12);
            }
        } catch (Exception e2) {
            throw new InvalidSecureJSONSetting(obj11);
        }
    }

    static String getDefaultClientStorage() {
        try {
            return service.GetDefaultDSN();
        } catch (ServiceFactory.ServiceNotAvailableException e) {
            return null;
        }
    }

    static int getDefaultApplicationTimeout() {
        return (int) runtime.getApplicationTimeout();
    }

    static int getDefaultSessionTimeout() {
        return (int) runtime.getSessionTimeout();
    }

    private void setupScriptProtect(Object obj) {
        if (obj instanceof String) {
            String str = (String) obj;
            if (str.equalsIgnoreCase("all")) {
                this.m_ScriptProtect = new ArrayList(4);
                this.m_ScriptProtect.add("FORM");
                this.m_ScriptProtect.add("URL");
                this.m_ScriptProtect.add("COOKIE");
                this.m_ScriptProtect.add("CGI");
            } else if (str.equalsIgnoreCase("none")) {
                this.m_ScriptProtect = Collections.EMPTY_LIST;
            } else {
                StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
                Array array = new Array();
                while (stringTokenizer.hasMoreTokens()) {
                    String trim = stringTokenizer.nextToken().trim();
                    if (trim.equalsIgnoreCase("FORM") || trim.equalsIgnoreCase("URL") || trim.equalsIgnoreCase("COOKIE") || trim.equalsIgnoreCase("CGI")) {
                        array.add(trim);
                    }
                }
                if (array.size() == 0) {
                    this.m_ScriptProtect = Collections.EMPTY_LIST;
                } else {
                    this.m_ScriptProtect = array;
                }
            }
        }
        this.fContext.setScriptProtect(this.m_ScriptProtect);
    }

    static String getScriptProtectList() {
        return ServiceFactory.getRuntimeService().getScriptProtect();
    }

    public Scope setupClientScope() {
        ClientScope clientScope = NoOperClientScope;
        EventContext eventContext = this.fContext.getEventContext();
        if (eventContext != null) {
            this.m_cfid = eventContext.originatorID;
            this.m_cftoken = eventContext.gwType + '_' + eventContext.gwID;
        }
        if (!this.m_ClientManagement) {
            FusionContext.SymTab_setClientScope(NoOperClientScope);
        } else {
            if (this.m_ClientStorage != null && !service.IsValidDSN(this.m_ClientStorage)) {
                throw new InvalidClientStorageException(this.m_ClientStorage);
            }
            Properties properties = new Properties();
            if (this.m_ClientStorage != null) {
                properties.setProperty(CLIENT_STORAGE_NAME, this.m_ClientStorage);
            }
            if (eventContext != null || this.old_cfid == null || this.old_cftoken == null) {
                this.m_ClientScope = service.GetClientScope((NeoPageContext) this.m_PageContext, new ClientScopeKey(this.m_cfid, this.m_ApplicationName, this.m_cftoken), properties, (String) null, (String) null);
            } else {
                updateClientStore(properties);
            }
            this.m_ClientScope.setIsClientIdFromUrl(this.m_IsClientIdFromUrl);
            if (this.m_SetDomainCookies) {
                this.m_ClientScope.setUseDomainCookies(getDomain());
            }
            FusionContext.SymTab_setClientScope(this.m_ClientScope);
            clientScope = this.m_ClientScope;
        }
        return clientScope;
    }

    private void updateClientStore(Properties properties) {
        this.m_ClientScope = service.GetClientScope((NeoPageContext) this.m_PageContext, new ClientScopeKey(this.old_cfid, this.m_ApplicationName, this.old_cftoken), properties, this.m_cfid, this.m_cftoken);
        this.m_ClientScope.getKey();
        this.m_ClientScope.bind("cfid", this.m_cfid);
        this.m_ClientScope.bind("cftoken", this.m_cftoken);
        computeURLToken();
        this.m_ClientScope.markDirty();
        queueCSKeyForRemoval();
        this.old_cfid = null;
        this.old_cftoken = null;
    }

    private void queueCSKeyForRemoval() {
        try {
            boolean z = false;
            synchronized (ClientScopeService.removableClientScopeKeys) {
                ListIterator listIterator = ClientScopeService.removableClientScopeKeys.listIterator();
                while (true) {
                    if (!listIterator.hasNext()) {
                        break;
                    }
                    ClientScopeKeyWrapper clientScopeKeyWrapper = (ClientScopeKeyWrapper) listIterator.next();
                    ClientScopeKey clientScopeKey = clientScopeKeyWrapper.getClientScopeKey();
                    if (clientScopeKey.mCFID.equalsIgnoreCase(this.old_cfid) && clientScopeKey.mCFToken.equalsIgnoreCase(this.old_cftoken) && clientScopeKey.mApplicationName.equalsIgnoreCase(this.m_ApplicationName) && clientScopeKeyWrapper.getClientStorage().equalsIgnoreCase(this.m_ClientStorage)) {
                        z = true;
                        clientScopeKeyWrapper.updateTimeToLive();
                        break;
                    }
                }
            }
            if (!z) {
                ClientScopeService.removableClientScopeKeys.add(new ClientScopeKeyWrapper(new ClientScopeKey(this.old_cfid, this.m_ApplicationName, this.old_cftoken), this.m_ClientStorage));
            }
        } catch (Exception e) {
            ClientScopeService.removableClientScopeKeys.add(new ClientScopeKeyWrapper(new ClientScopeKey(this.old_cfid, this.m_ApplicationName, this.old_cftoken), this.m_ClientStorage));
        }
    }

    private void setupClassicSessionScope() {
        if (this.m_SessionTimeoutSet && this.m_SessionTimeout == 0) {
            SessionTracker.cleanUp(this.m_ApplicationName, this.m_cfid, this.m_cftoken);
            return;
        }
        if (ServiceFactory.getRuntimeService().isCommandLineCompile()) {
            return;
        }
        this.m_SessionScope = SessionTracker.getSession(this.m_ApplicationName, this.m_cfid, this.m_cftoken);
        if (this.m_SessionScope == null) {
            this.m_SessionScope = SessionTracker.createSession(this.m_ApplicationName, this.m_cfid, this.m_cftoken);
            this.m_SessionScope.setClientIp(this.m_PageContext.getRequest().getRemoteAddr());
            if (!this.m_SessionTimeoutSet) {
                this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionTimeout());
            }
            this.m_SessionScope.put("cfid", this.m_cfid);
            this.m_SessionScope.put("cftoken", this.m_cftoken);
            this.m_SessionScope.put("sessionid", this.m_ApplicationName.toUpperCase() + '_' + this.m_cfid + '_' + this.m_cftoken);
            SessionTracker.setSessionScope(this.m_ApplicationName, SessionTracker.getSessionKey(this.m_cfid, this.m_cftoken), this.m_SessionScope);
        }
        if (this.m_SessionTimeoutSet) {
            if (this.m_SessionTimeout > runtime.getSessionMaxTimeout()) {
                this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionMaxTimeout());
            } else {
                this.m_SessionScope.SetMaxInactiveInterval(this.m_SessionTimeout);
            }
        }
        this.m_SessionScope.setLastAccess();
        this.m_SessionScope.setIsIdFromURL(this.m_IsClientIdFromUrl);
        FusionContext.getCurrent().setCurrentSession(this.m_SessionScope);
    }

    private void setupJ2eeSessionScope() {
        HttpServletRequest httpServletRequest = (HttpServletRequest) this.m_PageContext.getRequest();
        HttpSession session = httpServletRequest.getSession(true);
        if (session == null) {
            setupClassicSessionScope();
            return;
        }
        if (this.m_SessionTimeoutSet && this.m_SessionTimeout == 0) {
            SessionTracker.cleanUp(session, this.m_ApplicationName);
            return;
        }
        this.m_SessionScope = SessionTracker.getSession(session, this.m_ApplicationName);
        if (this.m_SessionScope == null) {
            this.m_SessionScope = SessionTracker.createSession(session, this.m_ApplicationName);
            this.m_SessionScope.setClientIp(httpServletRequest.getRemoteAddr());
        } else if (this.m_SessionScope instanceof J2eeSessionScope) {
            this.m_SessionScope.setHttpServletSession(session);
        } else if (this.m_SessionScope instanceof NoNameJ2eeSessionScope) {
            this.m_SessionScope.setHttpServletSession(session);
        }
        if (!this.m_SessionTimeoutSet) {
            this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionTimeout());
        } else if (this.m_SessionTimeout > runtime.getSessionMaxTimeout()) {
            this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionMaxTimeout());
        } else {
            this.m_SessionScope.SetMaxInactiveInterval(this.m_SessionTimeout);
        }
        this.m_SessionScope.put("sessionid", session.getId());
        this.m_Jsessionid = session.getId();
        this.m_SessionScope.setLastAccess();
        this.m_SessionScope.setIsIdFromURL(httpServletRequest.isRequestedSessionIdFromURL());
        FusionContext.getCurrent().setCurrentSession(this.m_SessionScope);
    }

    private Scope setupEventSessionScope(EventContext eventContext) {
        String str = eventContext.sessionId;
        if (this.m_SessionManagement && str != null) {
            if (this.m_SessionTimeoutSet && this.m_SessionTimeout == 0) {
                SessionTracker.cleanUp(this.m_ApplicationName, str);
                return NoOperSessionScope;
            }
            this.m_SessionScope = SessionTracker.getSession(this.m_ApplicationName, str);
            if (this.m_SessionScope == null) {
                this.m_SessionScope = SessionTracker.createSession(this.m_ApplicationName, str);
                if (!this.m_SessionTimeoutSet) {
                    this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionTimeout());
                } else if (this.m_SessionTimeout > runtime.getSessionMaxTimeout()) {
                    this.m_SessionScope.SetMaxInactiveInterval(runtime.getSessionMaxTimeout());
                } else {
                    this.m_SessionScope.SetMaxInactiveInterval(this.m_SessionTimeout);
                }
                this.m_SessionScope.put("sessionid", this.m_ApplicationName.toUpperCase() + '_' + str);
            }
            this.m_SessionScope.setLastAccess();
            this.m_SessionScope.setIsIdFromURL(this.m_IsClientIdFromUrl);
            FusionContext.SymTab_setSessionScope(this.m_SessionScope);
        }
        return this.m_SessionScope;
    }

    public Scope setupSessionScope() {
        Scope scope = NoOperSessionScope;
        EventContext eventContext = this.fContext.getEventContext();
        if (this.fContext.isSchedulerEvent()) {
            FusionContext.SymTab_setSessionScope(NoOperSessionScope);
            return scope;
        }
        if (eventContext != null) {
            scope = setupEventSessionScope(eventContext);
        } else if (this.m_SessionManagement) {
            if (runtime.useJ2eeSession()) {
                setupJ2eeSessionScope();
            } else {
                setupClassicSessionScope();
            }
            FusionContext.SymTab_setSessionScope(this.m_SessionScope);
            scope = this.m_SessionScope;
        } else {
            FusionContext.SymTab_setSessionScope(NoOperSessionScope);
        }
        return scope;
    }

    public final void computeURLToken() {
        if (this.m_ClientManagement || this.m_SessionManagement) {
            StringBuffer stringBuffer = new StringBuffer();
            boolean z = false;
            if (this.m_cfid != null && this.m_cftoken != null) {
                z = true;
                stringBuffer.append("CFID=");
                stringBuffer.append(this.m_cfid);
                stringBuffer.append('&');
                stringBuffer.append("CFTOKEN=");
                stringBuffer.append(this.m_cftoken);
            }
            if (this.m_Jsessionid != null) {
                if (z) {
                    stringBuffer.append('&');
                }
                stringBuffer.append("jsessionid=");
                stringBuffer.append(this.m_Jsessionid);
            }
            String stringBuffer2 = stringBuffer.toString();
            if (this.m_SessionScope != null) {
                this.m_SessionScope.put("urltoken", stringBuffer2);
            }
            if (this.m_ClientScope != null) {
                this.m_ClientScope.put("urltoken", stringBuffer2);
            }
        }
    }

    public void ValidateClientAndSession() {
        if (this.m_ApplicationScope != null && this.m_ApplicationScope.getMaxInactiveInterval() == 0) {
            ApplicationScopeTracker.cleanUp(this.m_ApplicationScope);
        }
        applyClientSettings();
        applySessionSettings();
        if ((this.m_SessionManagement || this.m_ClientManagement) && this.fContext.getEventContext() == null) {
            handleClientIDs();
        }
    }

    public static Object getApplicationSetting(String str) {
        Map map = (Map) getApplicationSetting();
        if (map != null) {
            return map.get(str);
        }
        return null;
    }

    public static Object getApplicationSetting() {
        String applicationName;
        ApplicationScope applicationScope;
        FusionContext current = FusionContext.getCurrent();
        if (current == null || (applicationName = current.getApplicationName()) == null || (applicationScope = ApplicationScopeTracker.getApplicationScope(applicationName)) == null) {
            return null;
        }
        return applicationScope.getApplicationSettingsMap();
    }

    public static Object getDefaultCache(ApplicationScope applicationScope) {
        if (applicationScope != null) {
            return applicationScope.getDefaultQueryCache();
        }
        if (defaultQueryCache == null) {
            GenericCache cache = GenericCacheFactory.getCache();
            synchronized (cache) {
                defaultQueryCache = cache.createCache("QUERY", "QUERY", (String) null, (Map) null);
            }
            setMaxQueryCount(-1, true);
        }
        return defaultQueryCache;
    }

    public static boolean useInternalQueryCache(ApplicationScope applicationScope) {
        return applicationScope != null ? applicationScope.useInternalQueryCache() : isServerWideInternalQueryCacheEnabled();
    }

    public static boolean isServerWideInternalQueryCacheEnabled() {
        RuntimeService runtimeService = ServiceFactory.getRuntimeService();
        if (runtimeService != null) {
            return runtimeService.isInternalCacheForQueryEnabled();
        }
        return false;
    }

    public static void setMaxQueryCount(int i, boolean z) {
        Map map;
        String str = null;
        if (FusionContext.getCurrent() != null) {
            str = FusionContext.getCurrent().getApplicationName();
        }
        ApplicationScope applicationScope = null;
        if (str != null) {
            applicationScope = ApplicationScopeTracker.getApplicationScope(str);
        }
        if (getDefaultCache(applicationScope) == null || z) {
            if (GenericCacheFactory.getCache().isApplicationSpecificCache()) {
                if (i == -1) {
                    i = 100;
                }
                if (str != null && !str.equals("") && applicationScope != null && (map = (Map) applicationScope.getApplicationSettingsMap().get("cache")) != null) {
                    String str2 = null;
                    if (map.get(GenericCacheFactory.CACHE_QUERY_SIZE) != null) {
                        str2 = map.get(GenericCacheFactory.CACHE_QUERY_SIZE).toString();
                    }
                    if (str2 != null) {
                        try {
                            i = Integer.parseInt(str2);
                        } catch (NumberFormatException e) {
                        }
                    }
                }
            } else if (i == -1) {
                ServiceFactory.getRuntimeService();
                DataSourceService dataSourceService = ServiceFactory.getDataSourceService();
                if (dataSourceService != null) {
                    i = dataSourceService.getMaxQueryCount().intValue();
                }
            }
            if (i < 0 || getDefaultCache(applicationScope) == null) {
                return;
            }
            GenericCacheFactory.getCache().setMaxElementsInMemory(CacheTagHelper.getCacheKey("QUERY", str, "QUERY", (String) null), i);
        }
    }

    public Struct getApplicationMetaData() {
        Map map = (Map) getApplicationSetting();
        ApplicationScope applicationScope = ApplicationScopeTracker.getApplicationScope(FusionContext.getCurrent().getApplicationName());
        ApplicationSettings applicationSettings = applicationScope != null ? applicationScope.getApplicationSettings() : null;
        if (map == null) {
            return null;
        }
        for (String str : map.keySet()) {
            if (!str.equals(APP_TIMEOUT_NAME) && !str.equals(SESSION_MGMT_NAME) && !str.equals(SESSION_TIMEOUT_NAME) && !str.equals(DOMAIN_COOKIES_NAME) && !str.equals(CLIENT_MGMT_NAME) && !str.equals(CLIENT_STORAGE_NAME) && !str.equals(CLIENT_COOKIES_NAME) && !str.equals(LOGIN_STORAGE_NAME) && !str.equals("name") && !str.equals(SECURE_JSON_NAME) && !str.equals(SECURE_JSON_PREFIX_NAME) && !str.equals(ApplicationFilter.SERVERSIDEFORMVALIDATION)) {
                if (str.equalsIgnoreCase(ApplicationSettings.INMEMORY_FILESYSTEM)) {
                    Map map2 = (Map) map.get(str);
                    if (applicationSettings != null) {
                        map2.put("enabled", new Boolean(applicationSettings.isInMemoryEnabled()));
                        map2.put("size", new Integer(applicationSettings.getInMemorySize()));
                    }
                    this.appMetaData.put(str, map2);
                } else if (str.equalsIgnoreCase(ApplicationSettings.SESSION_COOKIE)) {
                    if (applicationSettings != null) {
                        Struct struct = new Struct();
                        struct.put((Struct) ApplicationSettings.HTTPONLY, (String) new Boolean(applicationSettings.isHttpOnlySessionCookie()));
                        struct.put((Struct) ApplicationSettings.SECURE, (String) new Boolean(applicationSettings.isSecureSessionCookie()));
                        struct.put((Struct) ApplicationSettings.TIMEOUT, (String) new Integer(applicationSettings.getSessionCookieTimeout()));
                        String sessionCookieDomain = applicationSettings.getSessionCookieDomain();
                        if (sessionCookieDomain != null && !"".equalsIgnoreCase(sessionCookieDomain)) {
                            struct.put((Struct) ApplicationSettings.DOMAIN, sessionCookieDomain);
                        }
                        struct.put((Struct) ApplicationSettings.DISABLEUPDATE, (String) new Boolean(applicationSettings.isSessionCookieUpdateDisabled()));
                        this.appMetaData.put(str, struct);
                    }
                } else if (str.equalsIgnoreCase(ApplicationSettings.AUTH_COOKIE)) {
                    if (applicationSettings != null) {
                        Struct struct2 = new Struct();
                        struct2.put((Struct) ApplicationSettings.TIMEOUT, (String) new Integer(applicationSettings.getAuthCookieTimeout()));
                        struct2.put((Struct) ApplicationSettings.DISABLEUPDATE, (String) new Boolean(applicationSettings.isAuthCookieUpdateDisabled()));
                        this.appMetaData.put(str, struct2);
                    }
                } else if (str.equalsIgnoreCase("scriptprotect")) {
                    Object obj = this.appMetaData.get(str);
                    if (obj == null || obj.equals(Collections.EMPTY_LIST)) {
                        obj = "none";
                    }
                    this.appMetaData.put(str, obj);
                } else {
                    Object obj2 = map.get(str);
                    boolean z = false;
                    if (MAPPINGS.equalsIgnoreCase(str)) {
                        Object obj3 = this.appMetaData.get(MAPPINGS);
                        if (obj3 != null && (obj3 instanceof Struct) && !((Struct) obj3).isEmpty()) {
                            z = true;
                            map.put(str, obj3);
                        }
                        if ((obj2 instanceof Struct) && MAPPINGS.equalsIgnoreCase(str) && !z) {
                            obj2 = ((Struct) obj2).clone();
                        }
                    }
                    if (!(obj2 instanceof UDFMethod) && !z) {
                        this.appMetaData.put(str, obj2);
                    }
                }
            }
        }
        if (this.appMetaData != null) {
            if (this.appMetaData.get(ApplicationSettings.ENABLE_NULL_SUPPORT) == null) {
                this.appMetaData.put((Object) ApplicationSettings.ENABLE_NULL_SUPPORT, (Object) false);
            } else {
                Boolean enableNullSupport = applicationSettings.getEnableNullSupport();
                if (enableNullSupport == null) {
                    enableNullSupport = false;
                }
                this.appMetaData.put(ApplicationSettings.ENABLE_NULL_SUPPORT, enableNullSupport);
            }
            if (this.appMetaData.get(ApplicationSettings.SEARCH_IMPLICIT_SCOPES) == null) {
                this.appMetaData.put(ApplicationSettings.SEARCH_IMPLICIT_SCOPES, Boolean.valueOf(ApplicationSettings.DEFAULT_SEARCH_IMPLICIT_SCOPES));
            } else {
                this.appMetaData.put(ApplicationSettings.SEARCH_IMPLICIT_SCOPES, new Boolean(applicationSettings.isSearchImplicitScope()));
            }
            if (this.appMetaData.get(ApplicationSettings.SAMEFORMFIELDSASARRAY) == null) {
                this.appMetaData.put((Object) ApplicationSettings.SAMEFORMFIELDSASARRAY, (Object) false);
            } else {
                Boolean sameFormFieldsArray = applicationSettings.getSameFormFieldsArray();
                if (sameFormFieldsArray == null) {
                    sameFormFieldsArray = false;
                }
                this.appMetaData.put(ApplicationSettings.SAMEFORMFIELDSASARRAY, sameFormFieldsArray);
            }
        }
        return this.appMetaData;
    }

    public Struct getApplicationMappings() {
        return (Struct) this.appMetaData.get(MAPPINGS);
    }

    public static void protectScopes(FusionContext fusionContext) {
        List scriptProtect = fusionContext.getScriptProtect();
        if (scriptProtect != null) {
            for (int i = 0; i < scriptProtect.size(); i++) {
                try {
                    Scope scope = (Scope) fusionContext.pageContext.SymTab_findBuiltinScope(((String) scriptProtect.get(i)).toUpperCase());
                    if (scope != null && !(scope instanceof CgiScope)) {
                        for (Object obj : scope.keySet()) {
                            Object obj2 = scope.get(obj);
                            if (obj2 instanceof String) {
                                String str = (String) obj2;
                                String crossSiteProtectString = ServiceFactory.getSecurityService().crossSiteProtectString(str);
                                if (!str.equals(crossSiteProtectString)) {
                                    scope.put(obj, crossSiteProtectString.toString());
                                }
                            }
                        }
                    }
                } catch (UnsupportedOperationException e) {
                    throw new ScriptProtectReplaceException(scriptProtect.get(i).toString());
                }
            }
        }
    }

    public void sessionRotate() {
        if (this.fContext.getEventContext() != null) {
            CFLogs.APPLICATION_LOG.info(RB.getString(this, "SessionRotateNoOp"));
            return;
        }
        if (!this.m_SessionManagement) {
            CFLogs.APPLICATION_LOG.info(RB.getString(this, "SessionRotateFailure"));
            throw new SecurityUtils.SessionManipulationException();
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) this.m_PageContext.getRequest();
        SessionScope sessionScope = null;
        boolean useJ2eeSession = runtime.useJ2eeSession();
        String str = "";
        String str2 = "";
        if (this.m_cfid != null && this.m_cftoken != null) {
            this.old_cfid = this.m_cfid;
            this.old_cftoken = this.m_cftoken;
            this.m_cfid = null;
            this.m_cftoken = null;
            generateNewClientIDs(httpServletRequest);
        }
        if (useJ2eeSession) {
            sessionScope = SessionTracker.getSession(httpServletRequest.getSession(false), this.m_ApplicationName);
            if (sessionScope != null) {
                str2 = sessionScope.getTrackerSessionId();
                HashMap sessionData = sessionScope.getSessionData();
                sessionScope.CleanUp();
                HttpSession session = httpServletRequest.getSession(true);
                sessionScope.setSessionData(session, sessionData);
                str = SessionTracker.getSessionTrackerId(this.m_ApplicationName, session.getId());
            }
        } else {
            if (SessionTracker.isExternalSessionStorage) {
                sessionScope = FusionContext.getCurrent().getCurrentSession();
            }
            if (sessionScope == null) {
                sessionScope = SessionTracker.getSession(this.m_ApplicationName, this.old_cfid, this.old_cftoken);
            }
            if (sessionScope != null) {
                str2 = sessionScope.getTrackerSessionId();
                if (!this.m_SessionTimeoutSet) {
                    sessionScope.SetMaxInactiveInterval(runtime.getSessionTimeout());
                }
                sessionScope.put("cfid", this.m_cfid);
                sessionScope.put("cftoken", this.m_cftoken);
                sessionScope.put("sessionid", this.m_ApplicationName.toUpperCase() + '_' + this.m_cfid + '_' + this.m_cftoken);
                str = SessionTracker.getSessionTrackerId(this.m_ApplicationName, this.m_cfid, this.m_cftoken);
            }
        }
        finishSessionRotate(httpServletRequest, sessionScope, str2, str);
        CFLogs.APPLICATION_LOG.info(RB.getString(this, "SessionRotateSuccess"));
    }

    private void finishSessionRotate(HttpServletRequest httpServletRequest, SessionScope sessionScope, String str, String str2) {
        if (sessionScope != null) {
            sessionScope.setTrackerSessionId(str2);
            sessionScope.setIsNew(true);
            sessionScope.setClientIp(httpServletRequest.getRemoteAddr());
            SessionTracker.updateSessionScope(sessionScope.getAppName(), str, str2, this.m_cfid, this.m_cftoken, sessionScope);
            setupClientScope();
            setupSessionScope();
            computeURLToken();
        }
    }

    protected boolean isSetDomainCookies() {
        return this.m_SetDomainCookies;
    }

    public int getSessionTimeout() {
        return this.m_SessionTimeout;
    }

    public static void resetDefaultQueryCache() {
        defaultQueryCache = null;
    }

    public boolean isSessionManagmentEnabled() {
        return this.m_SessionManagement;
    }

    static {
        protectSessionFixation = true;
        String property = System.getProperty(SESSIONFIXATION);
        if (property == null || property.length() <= 0) {
            return;
        }
        protectSessionFixation = Boolean.parseBoolean(property);
    }
}
