package net.mingsoft.basic.filter;

import cn.hutool.cache.CacheUtil;
import cn.hutool.cache.impl.TimedCache;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.io.FastByteArrayOutputStream;
import cn.hutool.core.io.IoUtil;
import cn.hutool.json.JSONUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import net.mingsoft.base.exception.BusinessException;
import net.mingsoft.basic.util.BasicUtil;
import net.mingsoft.basic.util.JsoupUtil;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:net/mingsoft/basic/filter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private HttpServletRequest request;
    private List<String> excludesFiled;
    public static TimedCache<String, Integer> TIMED_XSS_CACHE = CacheUtil.newTimedCache(1800000);
    public static TimedCache<String, Boolean> TIMED_REQ_CACHE = CacheUtil.newTimedCache(1800000);

    /* loaded from: input_file:net/mingsoft/basic/filter/XssHttpServletRequestWrapper$WrappedServletInputStream.class */
    private class WrappedServletInputStream extends ServletInputStream {
        private InputStream stream;

        public void setStream(InputStream inputStream) {
            this.stream = inputStream;
        }

        public WrappedServletInputStream(InputStream inputStream) {
            this.stream = inputStream;
        }

        public int read() throws IOException {
            return this.stream.read();
        }

        public boolean isFinished() {
            return true;
        }

        public boolean isReady() {
            return true;
        }

        public void setReadListener(ReadListener readListener) {
        }
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.request = null;
        this.excludesFiled = new ArrayList();
        this.request = httpServletRequest;
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, List<String> list) {
        super(httpServletRequest);
        this.request = null;
        this.excludesFiled = new ArrayList();
        this.request = httpServletRequest;
        if (CollectionUtil.isNotEmpty(list)) {
            this.excludesFiled.addAll(list);
        }
    }

    private void xssCountAdd(String str) {
        if (TIMED_XSS_CACHE.containsKey(str)) {
            TIMED_XSS_CACHE.put(str, Integer.valueOf(((Integer) TIMED_XSS_CACHE.get(str)).intValue() + 1));
        } else {
            TIMED_XSS_CACHE.put(str, 1);
        }
    }

    public ServletInputStream getInputStream() throws IOException {
        FastByteArrayOutputStream read = IoUtil.read(this.request.getInputStream());
        String fastByteArrayOutputStream = read.toString();
        if (JSONUtil.isTypeJSON(fastByteArrayOutputStream)) {
            try {
                if (JSONUtil.isTypeJSONArray(fastByteArrayOutputStream)) {
                    JSONUtil.toList(fastByteArrayOutputStream, Map.class).forEach(map -> {
                        Iterator it = map.keySet().iterator();
                        while (it.hasNext()) {
                            String obj = it.next().toString();
                            JsoupUtil.cleanOrSqlInjection(obj);
                            if ((map.get(obj) instanceof String) && !this.excludesFiled.contains(obj)) {
                                JsoupUtil.cleanOrSqlInjection(String.valueOf(map.get(obj)));
                            }
                        }
                    });
                } else {
                    Map map2 = (Map) JSONUtil.toBean(fastByteArrayOutputStream, Map.class);
                    Iterator it = map2.keySet().iterator();
                    while (it.hasNext()) {
                        String obj = it.next().toString();
                        JsoupUtil.cleanOrSqlInjection(obj);
                        if ((map2.get(obj) instanceof String) && !this.excludesFiled.contains(obj)) {
                            JsoupUtil.cleanOrSqlInjection(String.valueOf(map2.get(obj)));
                        }
                    }
                }
                TIMED_REQ_CACHE.put(BasicUtil.getIp(), false);
            } catch (BusinessException e) {
                xssCountAdd(BasicUtil.getIp());
                TIMED_REQ_CACHE.put(BasicUtil.getIp(), true);
                throw new BusinessException(e.getMsg());
            }
        }
        if (!JsoupUtil.hasXSS(fastByteArrayOutputStream)) {
            TIMED_REQ_CACHE.put(BasicUtil.getIp(), false);
            return new WrappedServletInputStream(new ByteArrayInputStream(read.toByteArray()));
        }
        xssCountAdd(BasicUtil.getIp());
        TIMED_REQ_CACHE.put(BasicUtil.getIp(), true);
        throw new BusinessException("上传文件存在xss攻击");
    }

    public String getParameter(String str) {
        try {
            String cleanOrSqlInjection = JsoupUtil.cleanOrSqlInjection(str);
            String parameter = super.getParameter(cleanOrSqlInjection);
            if (StringUtils.isNotBlank(parameter) && !this.excludesFiled.contains(cleanOrSqlInjection)) {
                parameter = JsoupUtil.cleanOrSqlInjection(parameter);
            }
            return parameter;
        } catch (BusinessException e) {
            xssCountAdd(BasicUtil.getIp());
            throw new BusinessException(e.getMsg());
        }
    }

    public Map getParameterMap() {
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap();
        String str = "";
        for (Map.Entry entry : parameterMap.entrySet()) {
            String str2 = (String) entry.getKey();
            Object value = entry.getValue();
            if (null == value) {
                str = "";
            } else if (value instanceof String[]) {
                for (String str3 : (String[]) value) {
                    str = str3 + ",";
                }
                str = str.substring(0, str.length() - 1);
            } else {
                str = value.toString();
            }
            if (this.excludesFiled.contains(str2)) {
                hashMap.put(str2, str.trim());
            } else {
                try {
                    hashMap.put(JsoupUtil.cleanOrSqlInjection(str2), JsoupUtil.cleanOrSqlInjection(str).trim());
                } catch (BusinessException e) {
                    if (0 == 0) {
                        xssCountAdd(BasicUtil.getIp());
                    }
                    TIMED_REQ_CACHE.put(BasicUtil.getIp(), true);
                    throw new BusinessException(e.getMsg());
                }
            }
        }
        TIMED_REQ_CACHE.put(BasicUtil.getIp(), false);
        return hashMap;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues != null) {
            for (int i = 0; i < parameterValues.length; i++) {
                if (!this.excludesFiled.contains(str)) {
                    try {
                        parameterValues[i] = JsoupUtil.cleanOrSqlInjection(parameterValues[i]);
                    } catch (BusinessException e) {
                        if (0 == 0) {
                            xssCountAdd(BasicUtil.getIp());
                        }
                        throw new BusinessException(e.getMsg());
                    }
                }
            }
            if (0 != 0) {
                TIMED_REQ_CACHE.put(BasicUtil.getIp(), true);
            } else {
                TIMED_REQ_CACHE.put(BasicUtil.getIp(), false);
            }
        }
        return parameterValues;
    }

    public String getHeader(String str) {
        try {
            String cleanOrSqlInjection = JsoupUtil.cleanOrSqlInjection(str);
            String header = super.getHeader(cleanOrSqlInjection);
            if (StringUtils.isNotBlank(header) && !this.excludesFiled.contains(cleanOrSqlInjection)) {
                header = JsoupUtil.cleanOrSqlInjection(header);
            }
            return header;
        } catch (BusinessException e) {
            xssCountAdd(BasicUtil.getIp());
            throw new BusinessException(e.getMsg());
        }
    }

    /* renamed from: getRequest, reason: merged with bridge method [inline-methods] */
    public HttpServletRequest m16getRequest() {
        return this.request;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).m16getRequest() : httpServletRequest;
    }
}
