package cn.lili.common.security.filter;

import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.http.HtmlUtil;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.owasp.html.HtmlPolicyBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/lili/common/security/filter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private static final Logger log = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
    private static final String[] allowedTags = {"h1", "h2", "h3", "h4", "h5", "h6", "span", "strong", "em", "img", "video", "source", "iframe", "code", "blockquote", "p", "div", "font", "ul", "ol", "li", "hr", "table", "thead", "caption", "tbody", "tr", "th", "td", "br", "a"};
    private static final String[] needTransformTags = {"article", "aside", "command", "datalist", "details", "figcaption", "figure", "footer", "header", "hgroup", "section", "summary", "font"};
    private static final String[] linkTags = {"img", "video", "source", "a", "iframe", "p"};
    private static final String[] allowAttributes = {"style", "src", "href", "target", "width", "height", "color", "font"};

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return new String[0];
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = filterXss(str, parameterValues[i]);
        }
        return strArr;
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        return filterXss(str, parameter);
    }

    public Object getAttribute(String str) {
        Object attribute = super.getAttribute(str);
        if (attribute instanceof String) {
            attribute = filterXss(str, (String) attribute);
        }
        return attribute;
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header == null) {
            return null;
        }
        return filterXss(str, header);
    }

    public Map<String, String[]> getParameterMap() {
        Map parameterMap = super.getParameterMap();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (parameterMap != null) {
            for (Map.Entry entry : parameterMap.entrySet()) {
                String[] strArr = (String[]) entry.getValue();
                for (int i = 0; i < strArr.length; i++) {
                    strArr[i] = filterXss((String) entry.getKey(), strArr[i]);
                }
                linkedHashMap.put((String) entry.getKey(), strArr);
            }
        }
        return linkedHashMap;
    }

    public ServletInputStream getInputStream() {
        try {
            ServletInputStream inputStream = super.getInputStream();
            try {
                InputStreamReader inputStreamReader = new InputStreamReader((InputStream) inputStream, StandardCharsets.UTF_8);
                try {
                    BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
                    try {
                        StringBuilder sb = new StringBuilder();
                        for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                            sb.append(readLine);
                        }
                        if (!CharSequenceUtil.isNotEmpty(sb) || !Boolean.TRUE.equals(Boolean.valueOf(JSONUtil.isJsonObj(sb.toString())))) {
                            final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(sb.toString().getBytes());
                            ServletInputStream servletInputStream = new ServletInputStream() { // from class: cn.lili.common.security.filter.XssHttpServletRequestWrapper.2
                                public boolean isFinished() {
                                    return false;
                                }

                                public boolean isReady() {
                                    return false;
                                }

                                public void setReadListener(ReadListener readListener) {
                                }

                                public int read() {
                                    return byteArrayInputStream.read();
                                }
                            };
                            bufferedReader.close();
                            inputStreamReader.close();
                            if (inputStream != null) {
                                inputStream.close();
                            }
                            return servletInputStream;
                        }
                        JSONObject parseObj = JSONUtil.parseObj(sb.toString());
                        HashMap hashMap = new HashMap(parseObj.size());
                        for (Map.Entry entry : parseObj.entrySet()) {
                            if (parseObj.get(entry.getKey()) instanceof String) {
                                hashMap.put((String) entry.getKey(), filterXss((String) entry.getKey(), entry.getValue().toString()));
                            } else {
                                hashMap.put((String) entry.getKey(), entry.getValue());
                            }
                        }
                        final ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(JSONUtil.toJsonStr(hashMap).getBytes());
                        ServletInputStream servletInputStream2 = new ServletInputStream() { // from class: cn.lili.common.security.filter.XssHttpServletRequestWrapper.1
                            public boolean isFinished() {
                                return false;
                            }

                            public boolean isReady() {
                                return false;
                            }

                            public void setReadListener(ReadListener readListener) {
                            }

                            public int read() {
                                return byteArrayInputStream2.read();
                            }
                        };
                        bufferedReader.close();
                        inputStreamReader.close();
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        return servletInputStream2;
                    } catch (Throwable th) {
                        try {
                            bufferedReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        inputStreamReader.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            log.error("get request inputStream error", e);
            return null;
        }
    }

    private String cleanXSS(String str) {
        if (str != null) {
            str = new HtmlPolicyBuilder().allowStandardUrlProtocols().allowElements(allowedTags).allowElements((str2, list) -> {
                return "div";
            }, needTransformTags).allowAttributes(allowAttributes).onElements(linkTags).allowStyling().toFactory().sanitize(str);
        }
        return HtmlUtil.unescape(str);
    }

    private String filterXss(String str, String str2) {
        return cleanXSS(str2);
    }
}
