package com.ard.security.filter.xss;

import com.ard.security.config.SafeConfig;
import com.ard.security.utils.StringUtils;
import com.ard.security.utils.date.DateHelper;
import com.ard.security.utils.ip.IpUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/ard/security/filter/xss/AntiSamyFilter.class */
public class AntiSamyFilter {
    public static final int FLAG_START = 1;
    public static final int FLAG_CLOSE = 0;
    private static final String ANTISAMY_SLASHDOT = "antisamy-slashdot.xml";
    private static final String ANTISAMY_EBAY = "security/antisamy-ebay.xml";
    private static final String ANTISAMY_MYSPACE = "antisamy-myspace.xml";
    private static final String ANTISAMY_ANYTHINGGOES = "antisamy-anythinggoes.xml";
    private static final String ANTISAMY_TINYMCE = "antisamy-tinymce.xml";
    private static final String ANTISAMY_DEFAULT = "antisamy.xml";
    public static String requestUrl;
    private static Policy policy;
    private static final int Max_rounds = 200;
    private static final Logger log = LoggerFactory.getLogger(AntiSamyFilter.class);
    private static String[] jsEvents = {"onabort", "onblur", "onchange", "onclick", "ondblclick", "onerror", "onfocus", "onkeydown", "onkeypress", "onkeyup", "onload", "onmousedown", "onmousemove", "onmouseout", "onmouseover", "onmouseup", "onreset", "onresize", "onselect", "onsubmit", "onunload"};
    private static String jsEventsRegex = "";

    private static String xssReplace(String str) {
        try {
            str = Pattern.compile(";").matcher(Pattern.compile("--").matcher(Pattern.compile("vbscript:", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("e\u00adxpression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("－－")).replaceAll("；");
            if (Pattern.compile(".*on(.*?)=", 42).matcher(str).lookingAt()) {
                str = Pattern.compile(jsEventsRegex, 42).matcher(str).replaceAll("");
            }
            return str;
        } catch (Exception e) {
            log.error("正则处理xss 异常,错误信息：{}", e.getMessage());
            return str;
        }
    }

    public static String cleanXss(String str, HttpServletRequest httpServletRequest, int i) {
        if (!SafeConfig.XSS_SWITCH || StringUtils.isEmpty(str)) {
            return str;
        }
        String str2 = str;
        try {
            String unescapeHtml = StringEscapeUtils.unescapeHtml(str2);
            String replaceAll = unescapeHtml.replaceAll("\\s", "");
            str2 = StringEscapeUtils.unescapeHtml(new AntiSamy().scan(xssReplace(unescapeHtml), policy).getCleanHTML()).replaceAll("\n", " ").trim();
            if (!replaceAll.equals(str2.replaceAll("\\s", ""))) {
                int i2 = i + 1;
                if (i2 < 200) {
                    str2 = cleanXss(str2, httpServletRequest, i2);
                }
                log.error("XSS攻击信息==> 攻击者者IP：{}\r\n攻击时间：{}\r\n过滤前内容长度：{}\r\n过滤后内容长度：{}", new Object[]{StringUtils.isNull(httpServletRequest) ? "未获取request" : IpUtils.getIpAddr(httpServletRequest), DateHelper.getCurrentDateTime(), Integer.valueOf(str.length()), Integer.valueOf(str2.length())});
            }
        } catch (ScanException | PolicyException e) {
            log.error("xssClean Exception==>：{}", e.getMessage());
        }
        return str2;
    }

    static {
        int length = jsEvents.length;
        for (int i = 0; i < length; i++) {
            if (i == length - 1) {
                jsEventsRegex += ".*" + jsEvents[i] + "(.*?)=";
            } else {
                jsEventsRegex += ".*" + jsEvents[i] + "(.*?)=|";
            }
        }
        InputStream resourceAsStream = AntiSamyFilter.class.getClassLoader().getResourceAsStream("security/antisamy-ebay.xml");
        if (null != resourceAsStream) {
            try {
                try {
                    policy = Policy.getInstance(resourceAsStream);
                } catch (PolicyException e) {
                    log.error("XssFilter - static policy instance error. PolicyException==>");
                    if (resourceAsStream != null) {
                        try {
                            resourceAsStream.close();
                            return;
                        } catch (IOException e2) {
                            log.error(e2.getLocalizedMessage());
                            return;
                        }
                    }
                    return;
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e3) {
                        log.error(e3.getLocalizedMessage());
                    }
                }
                throw th;
            }
        }
        if (resourceAsStream != null) {
            try {
                resourceAsStream.close();
            } catch (IOException e4) {
                log.error(e4.getLocalizedMessage());
            }
        }
    }
}
