package cn.com.duibaboot.ext.autoconfigure.security.dpefensivepolicy;

import cn.com.duibaboot.ext.autoconfigure.core.utils.FileUtils;
import cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy;
import cn.com.duibaboot.ext.autoconfigure.security.SecurityPolicyProperties;
import cn.com.duibaboot.ext.autoconfigure.security.exception.DuibaSecurityException;
import com.google.common.base.Splitter;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.multipart.MultipartResolver;

/* loaded from: input_file:cn/com/duibaboot/ext/autoconfigure/security/dpefensivepolicy/FileUploudDefensivePolicy.class */
public class FileUploudDefensivePolicy implements DefensivePolicy {

    @Autowired
    private SecurityPolicyProperties policyProperties;
    private Set<String> whiteSuffix = Sets.newHashSet(new String[]{"jpg", "jpeg", "png", "gif", "xls", "xlsx", "csv", "pdf", "apk", "doc", "docx", "txt"});

    @Autowired
    private MultipartResolver resolver;

    @PostConstruct
    public void init() {
        String whiteSuffixs = this.policyProperties.getUpload().getWhiteSuffixs();
        if (StringUtils.isBlank(whiteSuffixs)) {
            return;
        }
        this.whiteSuffix.addAll((Collection) Splitter.on(",").omitEmptyStrings().trimResults().splitToList(whiteSuffixs).stream().map(StringUtils::lowerCase).collect(Collectors.toSet()));
    }

    @Override // cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy
    public Set<MediaType> getMediaTypes() {
        return Sets.newHashSet(new MediaType[]{MediaType.MULTIPART_FORM_DATA});
    }

    @Override // cn.com.duibaboot.ext.autoconfigure.security.DefensivePolicy
    public void doDefensive(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws DuibaSecurityException {
        if (this.resolver.isMultipart(httpServletRequest)) {
            MultipartHttpServletRequest resolveMultipart = this.resolver.resolveMultipart(httpServletRequest);
            Iterator fileNames = resolveMultipart.getFileNames();
            while (fileNames.hasNext()) {
                String originalFilename = resolveMultipart.getFile((String) fileNames.next()).getOriginalFilename();
                if (!StringUtils.isBlank(originalFilename)) {
                    String fileSuffix = FileUtils.getFileSuffix(originalFilename, false);
                    if (StringUtils.isNotBlank(fileSuffix) && !this.whiteSuffix.contains(StringUtils.lowerCase(fileSuffix))) {
                        throw new DuibaSecurityException("不允许上传" + fileSuffix + "类型的文件， 如果确实需要上传，请添加duiba.security.upload.whiteSuffixs配置，比如你希望上传html和txt文件，可以写duiba.security.upload.whiteSuffixs=html,txt");
                    }
                }
            }
        }
    }

    public Set<String> getWhiteSuffix() {
        return this.whiteSuffix;
    }

    public void setWhiteSuffix(Set<String> set) {
        this.whiteSuffix = set;
    }
}
