package top.ibase4j.core.filter;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.csource.fastdfs.ProtoCommon;

/* loaded from: input_file:top/ibase4j/core/filter/XssFilter.class */
public class XssFilter implements Filter {
    private Logger logger = LogManager.getLogger();
    private List<String> excludeUrls = new ArrayList();
    private List<String> noticeUrls = new ArrayList();

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String str = httpServletRequest.getServletPath() + (httpServletRequest.getPathInfo() == null ? "" : httpServletRequest.getPathInfo());
        String requestURI = httpServletRequest.getRequestURI();
        boolean z = false;
        Iterator<String> it = this.excludeUrls.iterator();
        while (it.hasNext()) {
            if (requestURI.indexOf(it.next()) >= 0) {
                this.logger.info("该URL不作校验：" + str);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        Iterator<String> it2 = this.noticeUrls.iterator();
        while (true) {
            if (!it2.hasNext()) {
                break;
            } else if (requestURI.indexOf(it2.next()) >= 0) {
                z = true;
                break;
            }
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            String parameter = httpServletRequest.getParameter(str2);
            if (!str2.toLowerCase().contains("password")) {
                this.logger.info(str2 + "==" + parameter);
            }
            if (z) {
                parameter = xssEncode(parameter);
            }
            if (checkSQLInject(parameter, str)) {
                errorResponse(httpServletResponse, str2);
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void errorResponse(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("{\"httpCode\":\"-9998\",\"msg\":\"输入项中不能包含非法字符。\", \"fieldName\": \"" + str + "\"}");
        writer.flush();
        writer.close();
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.excludeUrls = readFile(XssFilter.class.getResource("/").getFile() + "xssWhite.txt");
    }

    /* JADX WARN: Removed duplicated region for block: B:46:0x00cc A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:66:0x0107 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.List<java.lang.String> readFile(java.lang.String r8) {
        /*
            Method dump skipped, instructions count: 291
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: top.ibase4j.core.filter.XssFilter.readFile(java.lang.String):java.util.List");
    }

    private String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str.length() + 16);
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case ProtoCommon.STORAGE_PROTO_CMD_MODIFY_FILE /* 34 */:
                    sb.append((char) 8220);
                    break;
                case '#':
                    sb.append((char) 65283);
                    break;
                case '&':
                    sb.append((char) 65286);
                    break;
                case ProtoCommon.TRACKER_QUERY_STORAGE_FETCH_BODY_LEN /* 39 */:
                    sb.append((char) 8216);
                    break;
                case '(':
                    sb.append((char) 65288);
                    break;
                case ')':
                    sb.append((char) 65289);
                    break;
                case '<':
                    sb.append((char) 65308);
                    break;
                case '>':
                    sb.append((char) 65310);
                    break;
                case ProtoCommon.TRACKER_PROTO_CMD_SERVER_LIST_STORAGE /* 92 */:
                    sb.append((char) 65340);
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private boolean checkSQLInject(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        String[] strArr = {"script", "mid", "master", "truncate", "insert", "select", "delete", "update", "declare", "iframe", "'", "onreadystatechange", "alert", "atestu", "xss", ";", "'", "\"", "<", ">", "(", ")", ",", "\\", "svg", "confirm", "prompt", "onload", "onmouseover", "onfocus", "onerror"};
        String lowerCase = str.toLowerCase();
        for (int i = 0; i < strArr.length; i++) {
            if (lowerCase.indexOf(strArr[i]) >= 0) {
                this.logger.info("xss防攻击拦截url:" + str2 + "，原因：特殊字符，传入str=" + lowerCase + ",包含特殊字符：" + strArr[i]);
                return true;
            }
        }
        return false;
    }
}
