package net.mingsoft.basic.filter;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import net.mingsoft.base.util.SqlInjectionUtil;
import net.mingsoft.basic.exception.BusinessException;
import net.mingsoft.basic.util.SpringUtil;
import org.apache.commons.lang3.StringUtils;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.parser.Parser;
import org.jsoup.safety.Whitelist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/mingsoft/basic/filter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private HttpServletRequest request;
    private static final Logger LOGGER = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
    private static final Whitelist whitelist = new Whitelist();
    private static final Document.OutputSettings outputSettings = new Document.OutputSettings().prettyPrint(false);

    /* loaded from: input_file:net/mingsoft/basic/filter/XssHttpServletRequestWrapper$WrappedServletInputStream.class */
    private class WrappedServletInputStream extends ServletInputStream {
        private InputStream stream;

        public void setStream(InputStream inputStream) {
            this.stream = inputStream;
        }

        public WrappedServletInputStream(InputStream inputStream) {
            this.stream = inputStream;
        }

        public int read() throws IOException {
            return this.stream.read();
        }

        public boolean isFinished() {
            return true;
        }

        public boolean isReady() {
            return true;
        }

        public void setReadListener(ReadListener readListener) {
        }
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.request = null;
        this.request = httpServletRequest;
    }

    public ServletInputStream getInputStream() throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.request.getInputStream()));
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                return new WrappedServletInputStream(new ByteArrayInputStream(clean(stringBuffer.toString()).getBytes()));
            }
            stringBuffer.append(readLine);
        }
    }

    public String getParameter(String str) {
        if ("content".equals(str) || str.endsWith("WithHtml")) {
            return super.getParameter(str);
        }
        String parameter = super.getParameter(clean(str));
        if (StringUtils.isNotBlank(parameter)) {
            parameter = clean(parameter);
        }
        return parameter;
    }

    public Map getParameterMap() {
        String obj;
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap();
        String str = "";
        for (Map.Entry entry : parameterMap.entrySet()) {
            String str2 = (String) entry.getKey();
            Object value = entry.getValue();
            if (null == value) {
                obj = "";
            } else if (value instanceof String[]) {
                for (String str3 : (String[]) value) {
                    str = str3 + ",";
                }
                obj = str.substring(0, str.length() - 1);
            } else {
                obj = value.toString();
            }
            str = obj;
            hashMap.put(str2, clean(str2, str).trim());
        }
        return hashMap;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues != null) {
            for (int i = 0; i < parameterValues.length; i++) {
                parameterValues[i] = clean(parameterValues[i]);
            }
        }
        return parameterValues;
    }

    public String getHeader(String str) {
        String header = super.getHeader(clean(str));
        if (StringUtils.isNotBlank(header)) {
            header = clean(header);
        }
        return header;
    }

    /* renamed from: getRequest, reason: merged with bridge method [inline-methods] */
    public HttpServletRequest m15getRequest() {
        return this.request;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).m15getRequest() : httpServletRequest;
    }

    public String clean(String str) {
        if (str.equals(Parser.unescapeEntities(Jsoup.clean(str, "", whitelist, outputSettings), true))) {
            return str;
        }
        String requestURI = SpringUtil.getRequest().getRequestURI();
        LOGGER.debug("接口{}的参数不符合XSS规则{}", requestURI, str);
        throw new BusinessException("参数异常,url:" + requestURI);
    }

    public String clean(String str, String str2) {
        if (str2.equals(Parser.unescapeEntities(Jsoup.clean(str2, "", whitelist, outputSettings), true)) && SqlInjectionUtil.isSqlValid(str2)) {
            return str2;
        }
        String requestURI = SpringUtil.getRequest().getRequestURI();
        LOGGER.debug("接口不符合XSS规则:{}", requestURI);
        LOGGER.debug("参数名:{} 参数值:{}", str, str2);
        throw new BusinessException("参数异常,url:" + requestURI);
    }
}
