package com.jxdinfo.hussar.support.secure.riskprotect;

import com.jxdinfo.hussar.support.secure.riskprotect.core.utils.JsonXssSanitizer;
import com.jxdinfo.hussar.support.secure.riskprotect.core.utils.XssPattern;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private String xssLevel;
    private byte[] rawData;
    private final HttpServletRequest request;
    private final ResettableServletInputStream servletStream;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/jxdinfo/hussar/support/secure/riskprotect/XssHttpServletRequestWrapper$ResettableServletInputStream.class */
    public static class ResettableServletInputStream extends ServletInputStream {
        private ByteArrayInputStream buffer;

        private ResettableServletInputStream() {
        }

        public void setRawData(byte[] bArr) {
            this.buffer = new ByteArrayInputStream(bArr);
        }

        public int read() {
            return this.buffer.read();
        }

        public boolean isFinished() {
            return this.buffer.available() == 0;
        }

        public boolean isReady() {
            return true;
        }

        public void setReadListener(ReadListener readListener) {
            throw new UnsupportedOperationException();
        }
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, String str) {
        super(httpServletRequest);
        this.xssLevel = str;
        this.request = httpServletRequest;
        this.servletStream = new ResettableServletInputStream();
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = cleanXSS(parameterValues[i], this.xssLevel);
        }
        return strArr;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        return cleanXSS(parameter, this.xssLevel);
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header == null) {
            return null;
        }
        return cleanXSS(header, this.xssLevel);
    }

    public ServletInputStream getInputStream() throws IOException {
        if (this.rawData == null) {
            this.rawData = IOUtils.toByteArray(this.request.getInputStream());
            if (isTextContent()) {
                this.rawData = JsonXssSanitizer.sanitizeJson(new String(this.rawData, getCharset())).getBytes(getCharset());
            }
        }
        this.servletStream.setRawData(this.rawData);
        return this.servletStream;
    }

    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader((InputStream) getInputStream(), getCharset()));
    }

    private boolean isTextContent() {
        String contentType = this.request.getContentType();
        return contentType != null && (contentType.startsWith("text/") || contentType.contains("json") || contentType.contains("xml"));
    }

    private Charset getCharset() {
        String characterEncoding = this.request.getCharacterEncoding();
        return characterEncoding != null ? Charset.forName(characterEncoding) : StandardCharsets.UTF_8;
    }

    private String cleanXSS(String str, String str2) {
        String str3 = str;
        if (str3 != null) {
            str3 = "A".equals(str2) ? levelA(str3) : "C".equals(str2) ? levelC(str3) : levelB(str3);
        }
        return str3;
    }

    private String levelA(String str) {
        return str.replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replace("script", "");
    }

    private String levelB(String str) {
        return XssPattern.checkAndReplace(levelA(str));
    }

    private String levelC(String str) {
        return XssPattern.DIVINE_LEVEL_PATTERN.matcher(str).replaceAll("");
    }
}
