package com.els.filter;

import com.els.framework.poi.util.PoiElUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/els/filter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest orgRequest;
    private static final HTMLFilter HTML_FILTER = new HTMLFilter();

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.orgRequest = httpServletRequest;
    }

    public ServletInputStream getInputStream() throws IOException {
        if (!"application/json;charset=UTF-8".equalsIgnoreCase(super.getHeader("Content-Type"))) {
            return super.getInputStream();
        }
        String iOUtils = IOUtils.toString(super.getInputStream(), "utf-8");
        if (StringUtils.isBlank(iOUtils)) {
            return super.getInputStream();
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(xssEncode(iOUtils).getBytes("utf-8"));
        return new ServletInputStream() { // from class: com.els.filter.XssHttpServletRequestWrapper.1
            public boolean isFinished() {
                return true;
            }

            public boolean isReady() {
                return true;
            }

            public void setReadListener(ReadListener readListener) {
            }

            public int read() throws IOException {
                return byteArrayInputStream.read();
            }
        };
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(xssEncode(str));
        if (StringUtils.isNotBlank(parameter)) {
            parameter = xssEncode(parameter);
        }
        return parameter;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null || parameterValues.length == 0) {
            return null;
        }
        for (int i = 0; i < parameterValues.length; i++) {
            parameterValues[i] = xssEncode(parameterValues[i]);
        }
        return parameterValues;
    }

    public Map<String, String[]> getParameterMap() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Map parameterMap = super.getParameterMap();
        for (String str : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str);
            for (int i = 0; i < strArr.length; i++) {
                strArr[i] = xssEncode(strArr[i]);
            }
            linkedHashMap.put(str, strArr);
        }
        return linkedHashMap;
    }

    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (StringUtils.isNotBlank(header)) {
            header = xssEncode(header);
        }
        return header;
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }

    private String xssEncode(String str) {
        return (str == null || str.isEmpty()) ? str : stripXSSAndSql(str);
    }

    public void processUrlEncoder(StringBuilder sb, String str, int i) {
        if (str.length() >= i + 2) {
            if (str.charAt(i + 1) == '3' && (str.charAt(i + 2) == 'c' || str.charAt(i + 2) == 'C')) {
                sb.append((char) 65308);
                return;
            }
            if (str.charAt(i + 1) == '6' && str.charAt(i + 2) == '0') {
                sb.append((char) 65308);
                return;
            }
            if (str.charAt(i + 1) == '3' && (str.charAt(i + 2) == 'e' || str.charAt(i + 2) == 'E')) {
                sb.append((char) 65310);
                return;
            } else if (str.charAt(i + 1) == '6' && str.charAt(i + 2) == '2') {
                sb.append((char) 65310);
                return;
            }
        }
        sb.append(str.charAt(i));
    }

    public static String stripXSSAndSql(String str) {
        if (str != null) {
            str = Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2).matcher(Pattern.compile("e-xpression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<[\r\n| | ]*script(.*?)>", 42).matcher(Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(Pattern.compile("src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\'](.*?)[\\\"|\\']", 42).matcher(Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2).matcher(str).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY)).replaceAll(PoiElUtil.EMPTY);
        }
        return str;
    }
}
