package cn.myapps.runtime.security;

import cn.myapps.common.util.PropertyUtil;
import cn.myapps.common.util.StringUtil;
import com.KGitextpdf.text.pdf.PdfObject;
import com.KGitextpdf.text.pdf.codec.JBIG2SegmentReader;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringUtils;
import org.kg.bouncycastle.asn1.eac.EACTags;

/* loaded from: input_file:cn/myapps/runtime/security/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest orgRequest;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.orgRequest = null;
        this.orgRequest = httpServletRequest;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(xssEncode(str));
        if (parameter != null) {
            parameter = xssEncode(parameter);
        }
        return parameter;
    }

    public Enumeration<String> getParameterNames() {
        return super.getParameterNames();
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = xssEncode(parameterValues[i]);
        }
        return strArr;
    }

    public Map<String, String[]> getParameterMap() {
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : parameterMap.entrySet()) {
            String[] strArr = (String[]) entry.getValue();
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i] instanceof String) {
                    strArr[i] = xssEncode(strArr[i]);
                }
            }
            hashMap.put(entry.getKey(), strArr);
        }
        return hashMap;
    }

    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    public String escape(String str) {
        String[] strArr = new String[0];
        String str2 = PropertyUtil.get("SecurityFilter.firewall.interceptor.keyword.ignoreEscapeURL");
        if (!StringUtil.isBlank(str2)) {
            strArr = str2.split("\\|");
        }
        String requestURI = this.orgRequest.getRequestURI();
        for (String str3 : strArr) {
            if (!StringUtils.isBlank(str3) && requestURI.trim().toLowerCase().contains(str3.trim().toLowerCase())) {
                return str;
            }
        }
        StringBuilder sb = new StringBuilder(str.length() + 16);
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append((char) 8220);
                    break;
                case '%':
                    sb.append((char) 65285);
                    break;
                case JBIG2SegmentReader.IMMEDIATE_LOSSLESS_GENERIC_REGION /* 39 */:
                    sb.append((char) 8216);
                    break;
                case '(':
                    sb.append((char) 65288);
                    break;
                case ')':
                    sb.append((char) 65289);
                    break;
                case '<':
                    sb.append((char) 65308);
                    break;
                case '>':
                    sb.append((char) 65310);
                    break;
                case EACTags.TAG_LIST /* 92 */:
                    sb.append((char) 65340);
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    public String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        String stripXSS = stripXSS(str);
        if (null != stripXSS) {
            stripXSS = escape(stripXSS);
        }
        return stripXSS;
    }

    private String stripXSS(String str) {
        if (str != null) {
            str = Pattern.compile("<iframe(.*?)>", 42).matcher(Pattern.compile("</iframe>", 2).matcher(Pattern.compile("<iframe>(.*?)</iframe>", 2).matcher(Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript:", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("expression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<script(.*?)>", 42).matcher(Pattern.compile("</script>", 2).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42).matcher(Pattern.compile("<script>(.*?)</script>", 2).matcher(str.replaceAll(PdfObject.NOTHING, PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING)).replaceAll(PdfObject.NOTHING);
        }
        return str;
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }
}
