package com.jxd.security.filter;

import com.jxd.security.XssHttpServletRequestWrapper;
import com.sdjxd.pms.platform.base.Global;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/jxd/security/filter/XssFilter.class */
public class XssFilter implements Filter {
    private String ISURLintercept;
    public static final String ERROR_TYPE = "ERROR_TYPE";
    public static final String ERROR_MSG = "ERROR_MSG";
    private Logger log = Logger.getLogger(XssFilter.class);

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setCharacterEncoding("GBK");
        servletResponse.setCharacterEncoding("GBK");
        HttpSession session = ((HttpServletRequest) servletRequest).getSession();
        Object attribute = session.getAttribute("isIni");
        if (attribute == null || !((Boolean) attribute).booleanValue()) {
            session.setAttribute("isIni", true);
            ((HttpServletResponse) servletResponse).setHeader("Set-Cookie", "JSESSIONID=" + session.getId() + ";Path=" + ((HttpServletRequest) servletRequest).getContextPath() + ";HttpOnly");
        }
        if (!"true".equalsIgnoreCase(this.ISURLintercept)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        if (requestURI != null && requestURI.endsWith("/servlet/com.sdjxd.pms.platform.webapp.InterFace")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        XssHttpServletRequestWrapper xssHttpServletRequestWrapper = new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest);
        try {
            filterChain.doFilter(xssHttpServletRequestWrapper, servletResponse);
        } catch (Exception e) {
            if (servletResponse instanceof HttpServletResponse) {
                Integer num = (Integer) xssHttpServletRequestWrapper.getAttribute(ERROR_TYPE);
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                String message = e.getMessage();
                Throwable cause = e.getCause();
                String message2 = cause == null ? "" : cause.getMessage();
                if (message != null && message.indexOf("Exception") != -1) {
                    message = message2;
                }
                if (message != null && message.indexOf("Exception") != -1) {
                    message = "";
                }
                xssHttpServletRequestWrapper.setAttribute(ERROR_MSG, (message == null || "".equals(message)) ? "应用程序错误！" : message);
                httpServletResponse.sendError((num == null || num.intValue() == 0) ? 511 : num.intValue());
                this.log.warn(message, e);
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.ISURLintercept = Global.getConfig("defenseSQLInjection");
    }
}
