package com.centit.framework.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:WEB-INF/lib/framework-core-4.0.0-SNAPSHOT.jar:com/centit/framework/filter/XSSHttpRequestWrapper.class */
public class XSSHttpRequestWrapper extends HttpServletRequestWrapper {
    private final String[] ignoreUrls;

    public XSSHttpRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.ignoreUrls = new String[]{"login", "publicinfo", "index.do", "showMain.do", "init.jsp", "download", "listSelectOrg", "selectList"};
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (XSSSecurityConfig.getConfig().isReplace()) {
            XSSSecurityManager.securityReplace(str);
        }
        return header;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (XSSSecurityConfig.getConfig().isReplace()) {
            XSSSecurityManager.securityReplace(str);
        }
        return parameter;
    }

    private boolean checkHeader() {
        Enumeration headerNames = getHeaderNames();
        String str = getScheme() + "://" + getServerName() + ("80".equals(Integer.valueOf(getServerPort())) ? "" : ":" + getServerPort()) + getContextPath();
        String str2 = null;
        while (headerNames.hasMoreElements()) {
            String str3 = (String) headerNames.nextElement();
            String header = getHeader(str3);
            if (XSSSecurityManager.matches(header)) {
                return true;
            }
            if ("referer".equals(str3)) {
                str2 = header;
            }
        }
        XSSSecurityConfig config = XSSSecurityConfig.getConfig();
        if (str2 != null || allowRefererEmpty()) {
            return (str2 == null || str2.contains(str) || str2.contains(config.getRefererAllowUrlExtra())) ? false : true;
        }
        return true;
    }

    private boolean allowRefererEmpty() {
        Object principal;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || (principal = authentication.getPrincipal()) == null || !(principal instanceof UserDetails)) {
            return true;
        }
        String servletPath = getServletPath();
        for (String str : this.ignoreUrls) {
            if (servletPath.indexOf(str) > -1) {
                return true;
            }
        }
        return false;
    }

    private boolean checkParameter() {
        Map parameterMap = getParameterMap();
        if (parameterMap == null) {
            return false;
        }
        Iterator it = parameterMap.entrySet().iterator();
        while (it.hasNext()) {
            for (String str : (String[]) ((Map.Entry) it.next()).getValue()) {
                if (XSSSecurityManager.matches(str)) {
                    return true;
                }
            }
        }
        return false;
    }

    public boolean validateParameter(HttpServletResponse httpServletResponse) throws ServletException, IOException {
        XSSSecurityConfig config = XSSSecurityConfig.getConfig();
        if (config.isCheckHeader() && checkHeader()) {
            return true;
        }
        return config.isCheckParameter() && checkParameter();
    }
}
