package com.els.web.filter;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/els/web/filter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    XSSSecurityConfig xssSecurityConfig;
    XSSSecurityManager xssSecurityManager;
    private static final Logger logger = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
    HttpServletRequest orgRequest;
    boolean isUpData;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.xssSecurityConfig = new XSSSecurityConfig();
        this.xssSecurityManager = new XSSSecurityManager();
        this.orgRequest = null;
        this.isUpData = false;
        this.orgRequest = httpServletRequest;
        String contentType = httpServletRequest.getContentType();
        if (contentType != null) {
            this.isUpData = contentType.startsWith("multipart");
        }
    }

    public String getQueryString() {
        return xssEncode(super.getQueryString());
    }

    public Object getAttribute(String str) {
        Object attribute = super.getAttribute(str);
        if (attribute != null && (attribute instanceof String)) {
            attribute = xssEncode((String) attribute);
        }
        return attribute;
    }

    public ServletInputStream getInputStream() throws IOException {
        if (this.isUpData) {
            return super.getInputStream();
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(inputHandlers(super.getInputStream()).getBytes("utf-8"));
        return new ServletInputStream() { // from class: com.els.web.filter.XssHttpServletRequestWrapper.1
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }

            public boolean isFinished() {
                return false;
            }

            public boolean isReady() {
                return false;
            }

            public void setReadListener(ReadListener readListener) {
            }
        };
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return super.getParameterValues(str);
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = xssEncode(parameterValues[i]);
        }
        return strArr;
    }

    public String inputHandlers(ServletInputStream servletInputStream) {
        StringBuilder sb = new StringBuilder();
        BufferedReader bufferedReader = null;
        try {
            try {
                bufferedReader = new BufferedReader(new InputStreamReader((InputStream) servletInputStream, Charset.forName("UTF-8")));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    sb.append(readLine);
                }
                if (servletInputStream != null) {
                    try {
                        servletInputStream.close();
                    } catch (IOException e) {
                        logger.error(e.getMessage());
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e2) {
                        logger.error(e2.getMessage());
                    }
                }
            } catch (IOException e3) {
                logger.error(e3.getMessage());
                if (servletInputStream != null) {
                    try {
                        servletInputStream.close();
                    } catch (IOException e4) {
                        logger.error(e4.getMessage());
                    }
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e5) {
                        logger.error(e5.getMessage());
                    }
                }
            }
            return xssEncode(sb.toString());
        } catch (Throwable th) {
            if (servletInputStream != null) {
                try {
                    servletInputStream.close();
                } catch (IOException e6) {
                    logger.error(e6.getMessage());
                }
            }
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e7) {
                    logger.error(e7.getMessage());
                }
            }
            throw th;
        }
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter != null) {
            parameter = xssEncode(parameter);
        }
        return parameter;
    }

    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    private String xssEncode(String str) {
        if (this.xssSecurityConfig.REPLACE) {
            str = this.xssSecurityManager.securityReplace(str);
        }
        return str;
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }

    public static void main(String[] strArr) {
        System.out.println("[{\"a\":\"<div>111</div>\"}]".replaceAll("^.*[A|a][L|l][E|e][R|r][T|t]\\s*\\(.*\\).*|.*[W|w][I|i][N|n][D|d][O|o][W|w]\\.[L|l][O|o][C|c][A|a][T|t][I|i][O|o][N|n]\\s*=.*|.*[S|s][T|t][Y|y][L|l][E|e]\\s*=.*[X|x]:[E|e][X|x].*[P|p][R|r][E|e][S|s]{1,2}[I|i][O|o][N|n]\\s*\\(.*\\).*|.*[D|d][O|o][C|c][U|u][M|m][E|e][N|n][T|t]\\.[C|c][O|o]{2}[K|k][I|i][E|e].*|.*[E|e][V|v][A|a][L|l]\\s*\\(.*\\).*|.*[U|u][N|n][E|e][S|s][C|c][A|a][P|p][E|e]\\s*\\(.*\\).*|.*[E|e][X|x][E|e][C|c][S|s][C|c][R|r][I|i][P|p][T|t]\\s*\\(.*\\).*|.*[M|m][S|s][G|g][B|b][O|o][X|x]\\s*\\(.*\\).*|.*[C|c][O|o][N|n][F|f][I|i][R|r][M|m]\\s*\\(.*\\).*|.*[P|p][R|r][O|o][M|m][P|p][T|t]\\s*\\(.*\\).*|.*<[S|s][C|c][R|r][I|i][P|p][T|t]>.*</[S|s][C|c][R|r][I|i][P|p][T|t]>.*|[[.&[^a]]|[|a|\\n|\\r\\n|\\r|\\u0085|\\u2028|\\u2029]]*<[S|s][C|c][R|r][I|i][P|p][T|t]>.*</[S|s][C|c][R|r][I|i][P|p][T|t]>[[.&[^a]]|[|a|\\n|\\r\\n|\\r|\\u0085|\\u2028|\\u2029]]*$", XSSSecurityCon.REPLACEMENT));
    }
}
