package cn.xphsc.web.boot.xss;

import cn.xphsc.web.boot.xss.exception.XssException;
import cn.xphsc.web.common.enums.ExceptionEnum;
import cn.xphsc.web.common.servlet.HttpServletRequestWrapperBuilder;
import cn.xphsc.web.common.servlet.MyServletInputStream;
import cn.xphsc.web.common.validator.Validator;
import cn.xphsc.web.utils.IoUtils;
import cn.xphsc.web.utils.JacksonUtils;
import cn.xphsc.web.utils.StringUtils;
import cn.xphsc.web.utils.XssUtils;
import jakarta.servlet.ServletInputStream;
import jakarta.servlet.http.HttpServletRequest;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Map;

/* loaded from: input_file:cn/xphsc/web/boot/xss/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapperBuilder {
    private boolean parameterEabled;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, boolean z) {
        super(httpServletRequest);
        this.parameterEabled = z;
    }

    public ServletInputStream getInputStream() throws IOException {
        String ioUtils = IoUtils.toString(getStreamBody());
        if (StringUtils.isEmpty(ioUtils)) {
            return super.getInputStream();
        }
        if (ioUtils.startsWith("[")) {
            return new MyServletInputStream(new ByteArrayInputStream(getStreamBody()));
        }
        Map<String, Object> jsonStringToMap = jsonStringToMap(ioUtils);
        filterOfvalue(jsonStringToMap);
        return new MyServletInputStream(new ByteArrayInputStream(JacksonUtils.toJSONString(jsonStringToMap).getBytes("utf-8")));
    }

    public String getHeader(String str) {
        String header = super.getHeader(XssUtils.clean(str));
        if (StringUtils.isNotBlank(header)) {
            header = XssUtils.clean(header);
        }
        return header;
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues != null && parameterValues.length > 0) {
            for (int i = 0; i < parameterValues.length; i++) {
                parameterValues[i] = XssUtils.clean(parameterValues[i]);
            }
        }
        return parameterValues;
    }

    public Object getAttribute(String str) {
        Object attributeOf = attributeOf(str);
        if (attributeOf instanceof Map) {
            attributeOf = filterOfvalue((Map) attributeOf(str));
        }
        return attributeOf;
    }

    public String getParameter(String str) {
        if (("content".equals(str) || str.endsWith("WithHtml")) && !this.parameterEabled) {
            return super.getParameter(str);
        }
        String parameter = super.getParameter(XssUtils.clean(str));
        if (StringUtils.isNotBlank(parameter)) {
            parameter = XssUtils.clean(parameter);
        }
        return parameter;
    }

    private void checkFilterXssException(String str) {
        if (StringUtils.isNotBlank(str) && !XssUtils.valid(str)) {
            throw new XssException(ExceptionEnum.XSS_EXCEPTION.getCode(), ExceptionEnum.XSS_EXCEPTION.getName());
        }
    }

    private Map<String, Object> filterOfvalue(Map<String, Object> map) {
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            if (this.parameterEabled) {
                if (Validator.containString(entry.getValue())) {
                    map.put(entry.getKey(), XssUtils.clean(String.valueOf(entry.getValue())));
                }
            } else if (Validator.containString(entry.getValue())) {
                checkFilterXssException(String.valueOf(entry.getValue()));
            }
        }
        return map;
    }
}
