package com.jxdinfo.hussar.common.firewall.xss;

import com.jxdinfo.hussar.core.filter.HussarPathMatcher;
import com.jxdinfo.hussar.core.filter.PatternMatcher;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/jxdinfo/hussar/common/firewall/xss/XssFilter.class */
public class XssFilter implements Filter {
    public static final String PARAM_NAME_EXCLUSIONS = "exclusions";
    public static final String PARAM_NAME_PATHCHECKS = "pathChecks";
    private String xssLevel;
    private Set<String> excludesPattern;
    private Set<String> pathCheck;
    protected String contextPath;
    FilterConfig filterConfig = null;
    protected PatternMatcher pathMatcher = HussarPathMatcher.getInstance();

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("exclusions");
        String initParameter2 = filterConfig.getInitParameter(PARAM_NAME_PATHCHECKS);
        if (initParameter != null && initParameter.trim().length() != 0) {
            this.excludesPattern = new HashSet(Arrays.asList(initParameter.split("\\s*,\\s*")));
            this.pathCheck = new HashSet(Arrays.asList(initParameter2.split("\\s*,\\s*")));
        }
        this.filterConfig = filterConfig;
        this.contextPath = getContextPath(filterConfig.getServletContext());
    }

    private String getContextPath(ServletContext servletContext) {
        String contextPath = servletContext.getContextPath();
        if (contextPath == null || contextPath.length() == 0) {
            contextPath = "/";
        }
        return contextPath;
    }

    public void destroy() {
        this.filterConfig = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
        Iterator<String> it = this.pathCheck.iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.matches(it.next(), requestURI)) {
                servletRequest.getRequestDispatcher("/exception/500").forward(servletRequest, servletResponse);
                return;
            }
        }
        if (isExclusion(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest, getXssLevel()), servletResponse);
        }
    }

    public String getXssLevel() {
        return this.xssLevel;
    }

    public void setXssLevel(String str) {
        this.xssLevel = str;
    }

    private boolean isExclusion(String str) {
        if (this.excludesPattern == null || str == null) {
            return false;
        }
        if (this.contextPath != null && str.startsWith(this.contextPath)) {
            str = str.substring(this.contextPath.length());
            if (!str.startsWith("/")) {
                str = "/" + str;
            }
        }
        Iterator<String> it = this.excludesPattern.iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.matches(it.next(), str)) {
                return true;
            }
        }
        return false;
    }
}
