package com.centit.framework.filter;

import com.centit.framework.common.WebOptUtils;
import com.centit.framework.core.common.JsonResultUtils;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/framework-core-4.0.0-SNAPSHOT.jar:com/centit/framework/filter/XSSSecurityFilter.class
 */
/* loaded from: input_file:WEB-INF/lib/framework-core-4.0.0-20170804.071340-63.jar:com/centit/framework/filter/XSSSecurityFilter.class */
public class XSSSecurityFilter implements Filter {
    private static Logger logger = LoggerFactory.getLogger(XSSSecurityFilter.class);

    @Override // javax.servlet.Filter
    public void destroy() {
        logger.info("XSSSecurityFilter destroy() begin");
        XSSSecurityManager.destroy();
        logger.info("XSSSecurityFilter destroy() end");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        checkRequestResponse(servletRequest, servletResponse);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        XSSHttpRequestWrapper xSSHttpRequestWrapper = new XSSHttpRequestWrapper(httpServletRequest);
        XSSSecurityConfig config = XSSSecurityConfig.getConfig();
        if (xSSHttpRequestWrapper.validateParameter(httpServletResponse)) {
            if (config.isLog()) {
                logger.error("XSS IP:" + servletRequest.getRemoteAddr() + " URL:" + httpServletRequest.getRequestURI());
            }
            if (WebOptUtils.isAjax(httpServletRequest)) {
                JsonResultUtils.writeAjaxErrorMessage(406, "XSS IP:" + servletRequest.getRemoteAddr() + " URL:" + httpServletRequest.getRequestURI(), httpServletResponse);
                return;
            } else if (config.isChain()) {
                httpServletRequest.getRequestDispatcher(XSSSecurityConfig.FILTER_ERROR_PAGE).forward(httpServletRequest, httpServletResponse);
                return;
            }
        }
        httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        filterChain.doFilter(xSSHttpRequestWrapper, httpServletResponse);
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        XSSSecurityManager.init(filterConfig);
    }

    private void checkRequestResponse(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (!httpServletRequest.getMethod().equals("POST") && !httpServletRequest.getMethod().equals("GET")) {
            throw new ServletException("Can only process POST or GET Method");
        }
    }
}
