package cn.myapps.runtime.security;

import cn.myapps.common.util.PropertyUtil;
import cn.myapps.common.util.StringUtil;
import com.KGitextpdf.text.pdf.PdfObject;
import com.KGitextpdf.text.xml.xmp.XmpWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;

/* loaded from: input_file:cn/myapps/runtime/security/Firewall.class */
public class Firewall {
    private boolean startFirewall;
    private boolean stopCSRF;
    private boolean validKeyword;
    private boolean strongMode;
    private String[] excludeChars;
    private Set<Pattern> excludePatterns;
    private String[] excludeHostAddress;
    private String[] ignoreURL;
    private Pattern cp = Pattern.compile("\\s*");
    private static Firewall instance = null;
    private static Policy policy = null;

    private Firewall(boolean z, boolean z2, String[] strArr, Set<Pattern> set, boolean z3, String[] strArr2, String[] strArr3, boolean z4) {
        this.startFirewall = false;
        this.stopCSRF = false;
        this.validKeyword = false;
        this.strongMode = false;
        this.excludeChars = new String[0];
        this.excludePatterns = new HashSet();
        this.excludeHostAddress = null;
        this.ignoreURL = new String[0];
        this.startFirewall = z;
        this.validKeyword = z2;
        this.excludeChars = strArr;
        this.excludePatterns = set;
        this.stopCSRF = z3;
        this.excludeHostAddress = strArr2;
        this.ignoreURL = strArr3;
        this.strongMode = z4;
    }

    public static Firewall getInstance() {
        if (instance == null) {
            init();
        }
        return instance;
    }

    private static synchronized void init() {
        boolean z = false;
        String[] strArr = new String[0];
        HashSet hashSet = new HashSet();
        String[] strArr2 = new String[0];
        String str = PropertyUtil.get("SecurityFilter.firewall.startFirewall");
        String str2 = PropertyUtil.get("SecurityFilter.firewall.interceptor.keyword");
        String str3 = PropertyUtil.get("SecurityFilter.firewall.interceptor.CSRF");
        String str4 = PropertyUtil.get("SecurityFilter.firewall.interceptor.keyword.excludeChars");
        String str5 = PropertyUtil.get("SecurityFilter.firewall.interceptor.keyword.excludePatterns");
        String str6 = PropertyUtil.get("SecurityFilter.firewall.interceptor.CSRF.excludeHostAddress");
        String str7 = PropertyUtil.get("SecurityFilter.firewall.interceptor.keyword.ignoreURL");
        String str8 = PropertyUtil.get("SecurityFilter.firewall.strongMode");
        boolean parseBoolean = StringUtil.isBlank(str) ? false : Boolean.parseBoolean(str);
        if (!StringUtil.isBlank(str8)) {
            z = Boolean.parseBoolean(str8);
            if (z) {
                str4 = str4 + "|alert|'| and ";
            }
        }
        boolean parseBoolean2 = StringUtil.isBlank(str2) ? false : Boolean.parseBoolean(str2);
        boolean parseBoolean3 = StringUtil.isBlank(str3) ? false : Boolean.parseBoolean(str3);
        if (!StringUtil.isBlank(str4)) {
            strArr = str4.split("\\|");
        }
        if (!StringUtil.isBlank(str7)) {
            strArr2 = str7.split("\\|");
        }
        if (!StringUtil.isBlank(str5)) {
            for (String str9 : str5.split("\\|")) {
                hashSet.add(Pattern.compile(StringEscapeUtils.unescapeJava(str9)));
            }
        }
        String[] split = StringUtil.isBlank(str6) ? null : str6.split("\\|");
        if (policy == null) {
            try {
                policy = Policy.getInstance(Firewall.class.getClassLoader().getResourceAsStream("antisamy.xml"));
            } catch (PolicyException e) {
                e.printStackTrace();
            }
        }
        instance = new Firewall(parseBoolean, parseBoolean2, strArr, hashSet, parseBoolean3, split, strArr2, z);
    }

    public boolean excute(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (!this.startFirewall) {
            return true;
        }
        String lowerCase = httpServletRequest.getRequestURI().toLowerCase();
        if (lowerCase.contains("viewsource.jsp")) {
            httpServletResponse.setStatus(403);
            httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.getWriter().write("非法操作，viewsource.jsp错误！");
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return false;
        }
        String lowerCase2 = httpServletRequest.getQueryString() != null ? httpServletRequest.getQueryString().toLowerCase() : PdfObject.NOTHING;
        if (lowerCase2.indexOf("password=") == 0 || lowerCase2.indexOf("&password=") > 0) {
            httpServletResponse.setStatus(403);
            httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.getWriter().write("非法操作，密码不能通过get请求传输！");
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return false;
        }
        String parameter = httpServletRequest.getParameter("password");
        if (parameter != null && parameter.trim().length() <= 6) {
            httpServletResponse.setStatus(403);
            httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.getWriter().write("非法操作，密码必须通过加密方式传输！");
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return false;
        }
        String upperCase = httpServletRequest.getMethod().toUpperCase();
        if (!upperCase.equals("GET") && !upperCase.equals("POST") && !upperCase.equals("PUT") && !upperCase.equals("DELETE") && !upperCase.equals("PATCH")) {
            httpServletResponse.setStatus(403);
            httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
            httpServletResponse.setContentType("text/html; charset=UTF-8");
            httpServletResponse.getWriter().write("非法操作，不合法的请求方式！requestMethod");
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return false;
        }
        if (this.stopCSRF) {
            String header = httpServletRequest.getHeader("REFERER");
            boolean z = true;
            if (header != null) {
                if (header.startsWith((httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort()).trim())) {
                    z = false;
                } else if (this.excludeHostAddress != null) {
                    for (String str : this.excludeHostAddress) {
                        if (str == null || header.startsWith(str.trim())) {
                            z = false;
                            break;
                        }
                    }
                }
            } else if (lowerCase.contains("login.jsp") || lowerCase.contains("/phone/main.jsp") || lowerCase.contains("/pm/wap/index.jsp") || lowerCase.contains("/qm/wap/center.jsp") || lowerCase.contains("/wap/pendlist.jsp") || lowerCase.contains("/attendance/sign.jsp") || lowerCase.contains("/attendance/wap/record.jsp") || lowerCase.contains("/contacts/index.jsp") || lowerCase.contains("/km/wap/index.jsp") || lowerCase.contains("/runtime/app/") || (!lowerCase.contains(".jsp") && !lowerCase.contains(".action"))) {
                z = false;
            }
            if (z) {
                httpServletResponse.setStatus(403);
                httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
                httpServletResponse.setContentType("text/html; charset=UTF-8");
                httpServletResponse.getWriter().write("非法操作，出于安全考虑系统不允许跨域请求！(security.properties中的防火墙配置文件)");
                httpServletResponse.getWriter().flush();
                httpServletResponse.getWriter().close();
                return false;
            }
        }
        if (!this.validKeyword || isIgnoreUri(lowerCase)) {
            return true;
        }
        Map parameterMap = httpServletRequest.getParameterMap();
        StringBuffer stringBuffer = new StringBuffer();
        for (String str2 : parameterMap.keySet()) {
            for (String str3 : (String[]) parameterMap.get(str2)) {
                stringBuffer.append(str2 + "=" + str3 + "&");
            }
        }
        if (stringBuffer.length() > 1) {
            stringBuffer.setLength(stringBuffer.length() - 1);
        }
        if (checkParametersLegal(lowerCase + "?" + stringBuffer.toString())) {
            return true;
        }
        httpServletResponse.setStatus(403);
        httpServletResponse.setCharacterEncoding(XmpWriter.UTF8);
        httpServletResponse.setContentType("text/html; charset=UTF-8");
        httpServletResponse.getWriter().write("你提交或打开的链接里可能存在非法字符,请不要在参数中包含非法字符尝试注入攻击！");
        httpServletResponse.getWriter().flush();
        httpServletResponse.getWriter().close();
        return false;
    }

    public boolean isIgnoreUri(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        for (int i = 0; i < this.ignoreURL.length; i++) {
            if (!StringUtil.isBlank(this.ignoreURL[i]) && (str.contains(this.ignoreURL[i].toLowerCase().trim()) || str.contains("import"))) {
                return true;
            }
        }
        return false;
    }

    private boolean checkParametersLegal(String str) {
        if (StringUtil.isBlank(str)) {
            return true;
        }
        String trim = str.toLowerCase().trim();
        String replaceAll = this.cp.matcher(trim).replaceAll(PdfObject.NOTHING);
        try {
            replaceAll = URLDecoder.decode(replaceAll, "utf-8");
        } catch (Exception e) {
        }
        try {
            if (!new AntiSamy().scan(replaceAll, policy).getErrorMessages().isEmpty()) {
                return false;
            }
        } catch (Exception e2) {
        }
        Iterator<Pattern> it = this.excludePatterns.iterator();
        while (it.hasNext()) {
            if (it.next().matcher(replaceAll).find()) {
                return false;
            }
        }
        try {
            trim = URLDecoder.decode(trim, "utf-8");
        } catch (UnsupportedEncodingException e3) {
        }
        for (int i = 0; i < this.excludeChars.length; i++) {
            String str2 = this.excludeChars[i];
            if (!StringUtil.isBlank(str2) && trim.contains(str2)) {
                return false;
            }
        }
        return true;
    }

    private String getServerHost(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        sb.append(httpServletRequest.getScheme()).append("://").append(httpServletRequest.getServerName());
        if (httpServletRequest.getServerPort() != 80) {
            sb.append(":").append(httpServletRequest.getServerPort());
        }
        return sb.toString();
    }

    public boolean isStartFirewall() {
        return this.startFirewall;
    }

    public boolean isStopCSRF() {
        return this.stopCSRF;
    }

    public boolean isStrongMode() {
        return this.strongMode;
    }
}
