package com.jxd.security;

import com.jxd.security.filter.XssFilter;
import com.sdjxd.pms.platform.Event.PmsEvent;
import com.sdjxd.pms.platform.base.Global;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/jxd/security/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest orgRequest;
    private static Map map = new HashMap();
    private static String referer = PmsEvent.MAIN;
    private static Logger log = Logger.getLogger(XssHttpServletRequestWrapper.class);

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.orgRequest = null;
        this.orgRequest = httpServletRequest;
        referer = this.orgRequest.getHeader("Referer");
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        map = this.orgRequest.getParameterMap();
        String requestURI = this.orgRequest.getRequestURI();
        if (parameter != null && !map.containsKey("_blind")) {
            try {
                xssCheck(requestURI, str, parameter, map, referer);
            } catch (Exception e) {
                if (requestURI == null || !requestURI.endsWith("servlet/com.sdjxd.pms.platform.serviceBreak.Invoke")) {
                    setAttribute(XssFilter.ERROR_TYPE, 511);
                } else {
                    setAttribute(XssFilter.ERROR_TYPE, 512);
                }
                throw new RuntimeException(e.getMessage(), e);
            }
        }
        return parameter;
    }

    public String getHeader(String str) {
        return super.getHeader(str);
    }

    private void xssCheck(String str, String str2, String str3, Map map2, String str4) throws Exception {
        if (str != null && str.endsWith("servlet/com.sdjxd.pms.platform.serviceBreak.Invoke") && str3 != null && str3.length() > 1 && str3.startsWith("\"") && str3.endsWith("\"")) {
            str3 = str3.substring(1, str3.length() - 1);
        }
        if (Pattern.compile(Global.getConfig("defenseSQLInjectionReg")).matcher(str3).find()) {
            throw new Exception("系统检测到当前请求的数据中含有恶意脚本，为了安全考虑，该请求被中止！\n\r 非法 请求" + str + "非法参数" + str2 + "非法输入" + str3);
        }
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapper ? ((XssHttpServletRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }
}
