package com.jxd.security;

import com.jxd.security.filter.XssFilter;
import com.sdjxd.pms.platform.Event.PmsEvent;
import com.sdjxd.pms.platform.base.Global;
import com.sdjxd.pms.platform.freechart.chart.ChartType;
import com.sdjxd.pms.platform.security.dao.SecurityDao;
import com.sdjxd.pms.platform.security.model.WhiteRuleBean;
import com.sdjxd.pms.platform.security.service.SecurityService;
import com.sdjxd.pms.platform.tool.StringTool;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/jxd/security/XssHttpServletRequestWrapperWithWhiteList.class */
public class XssHttpServletRequestWrapperWithWhiteList extends HttpServletRequestWrapper {
    HttpServletRequest orgRequest;
    private static Map map = new HashMap();
    private static String referer = PmsEvent.MAIN;
    private static Logger log = Logger.getLogger(XssHttpServletRequestWrapperWithWhiteList.class);

    public XssHttpServletRequestWrapperWithWhiteList(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.orgRequest = null;
        this.orgRequest = httpServletRequest;
        referer = this.orgRequest.getHeader("Referer");
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        map = this.orgRequest.getParameterMap();
        String requestURI = this.orgRequest.getRequestURI();
        if (parameter != null && !map.containsKey("_blind")) {
            try {
                xssCheck(requestURI, str, parameter, map, referer);
            } catch (Exception e) {
                if (requestURI == null || !requestURI.endsWith("servlet/com.sdjxd.pms.platform.serviceBreak.Invoke")) {
                    setAttribute(XssFilter.ERROR_TYPE, 511);
                } else {
                    setAttribute(XssFilter.ERROR_TYPE, 512);
                }
                throw new RuntimeException(e.getMessage(), e);
            }
        }
        return parameter;
    }

    public String getHeader(String str) {
        return super.getHeader(str);
    }

    private void xssCheck(String str, String str2, String str3, Map map2, String str4) throws Exception {
        if (str != null && str.endsWith("servlet/com.sdjxd.pms.platform.serviceBreak.Invoke") && str3 != null && str3.length() > 1 && str3.startsWith("\"") && str3.endsWith("\"")) {
            str3 = str3.substring(1, str3.length() - 1);
        }
        Pattern compile = Pattern.compile(Global.getConfig("URLintercept.rule.jxd"));
        if (compile.matcher(str3).find()) {
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : map2.entrySet()) {
                String str5 = (String) entry.getKey();
                hashMap.put(str5, String.valueOf(str5) + "=" + ((String[]) entry.getValue())[0].replace("'", "''"));
            }
            String otherParam = SecurityService.getOtherParam(hashMap);
            String str6 = String.valueOf(str) + SecurityDao.connector + str2;
            if (!StringTool.isEmpty(otherParam)) {
                str6 = String.valueOf(str6) + SecurityDao.connector + otherParam;
            }
            boolean z = false;
            String str7 = PmsEvent.MAIN;
            boolean z2 = false;
            List<WhiteRuleBean> whiteRuleByKey = SecurityService.getWhiteRuleByKey(str6);
            int i = 0;
            while (true) {
                if (i >= whiteRuleByKey.size()) {
                    break;
                }
                WhiteRuleBean whiteRuleBean = whiteRuleByKey.get(i);
                str7 = whiteRuleBean.getSheetid();
                if (whiteRuleBean.getPatternValue() == null || PmsEvent.MAIN.equals(whiteRuleBean.getPatternValue())) {
                    if (!ChartType.PIE_CHART.equals(whiteRuleBean.getIsJSON()) && ChartType.BAR_CHART.equals(whiteRuleBean.getIsJSON()) && !compile.matcher(str3.replace("\"", "“")).find()) {
                        z2 = true;
                        break;
                    }
                    i++;
                } else {
                    try {
                        Matcher matcher = Pattern.compile(whiteRuleBean.getPatternValue()).matcher(str3);
                        if (!matcher.find()) {
                            continue;
                        } else {
                            if (z) {
                                z2 = true;
                                break;
                            }
                            z = true;
                            int groupCount = matcher.groupCount();
                            int i2 = 1;
                            while (true) {
                                if (i2 <= groupCount) {
                                    if (compile.matcher(matcher.group(i2)).find()) {
                                        z = false;
                                        break;
                                    }
                                    i2++;
                                }
                            }
                        }
                    } catch (Exception e) {
                        log.error(e.getMessage());
                    }
                    i++;
                }
            }
            if (z2) {
                return;
            }
            String replace = str3.replace("'", "''");
            if (z) {
                log.info("【" + str + "," + str2 + "," + replace + "】匹配白名单，记录白名单允许日志");
                SecurityService.saveWhiteLog(str, str2, replace, otherParam, str4, str7, ChartType.LINE_CHART);
                return;
            }
            log.info("【" + str + "," + str2 + "," + replace + "】请求被拦截，记录拦截实例表和拦截日志表");
            String saveReqIns = SecurityService.saveReqIns(str, str2, replace, otherParam);
            SecurityService.saveWhiteLog(str, str2, replace, otherParam, str4, PmsEvent.MAIN, ChartType.PIE_CHART);
            if ("true".equals(Global.getConfig("ISURLinterceptException"))) {
                throw new Exception("系统检测到当前请求的数据中含有恶意脚本，为了安全考虑，该请求被中止！ERRORCODE:" + saveReqIns);
            }
        }
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssHttpServletRequestWrapperWithWhiteList ? ((XssHttpServletRequestWrapperWithWhiteList) httpServletRequest).getOrgRequest() : httpServletRequest;
    }
}
