package esa.restlight.ext.filter.xss;

import esa.commons.Checks;
import esa.httpserver.core.AsyncRequest;
import esa.httpserver.core.AsyncResponse;
import esa.httpserver.core.HttpInputStream;
import esa.restlight.server.handler.Filter;
import esa.restlight.server.handler.FilterChain;
import esa.restlight.server.util.LoggerUtils;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.codec.http.cookie.Cookie;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.regex.Pattern;

/* loaded from: input_file:esa/restlight/ext/filter/xss/XssFilter.class */
public class XssFilter implements Filter {
    private static final Pattern SCRIPT_TAGS_PATTERN = Pattern.compile("<[\r\n| ]*script[\r\n| ]*>(.*?)</[\r\n| ]*script[\r\n| ]*>", 2);
    private static final Pattern SRC_EXPRESSION_APOSTROPHE_PATTERN = Pattern.compile("src[\r\n]*=[\r\n]*'(.*?)'", 42);
    private static final Pattern SRC_EXPRESSION_QUOTA_PATTERN = Pattern.compile("src[\r\n]*=[\r\n]*\"(.*?)\"", 42);
    private static final Pattern LONESOME_SCRIPT_BACK_TAGS_PATTERN = Pattern.compile("</[\r\n| ]*script[\r\n| ]*>", 2);
    private static final Pattern LONESOME_SCRIPT_FACADE_TAGS_PATTERN = Pattern.compile("<[\r\n| ]*script(.*?)>", 42);
    private static final Pattern EVAL_EXPRESSION_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
    private static final Pattern EXP_EXPRESSION_PATTERN = Pattern.compile("e\u00adxpression\\((.*?)\\)", 42);
    private static final Pattern JAVASCRIPT_EXPRESSION_PATTERN = Pattern.compile("javascript[\r\n| ]*:[\r\n| ]*", 2);
    private static final Pattern ALTER_EXPRESSION_PATTERN = Pattern.compile("alert", 2);
    private static final Pattern ONLOAD_EXPRESSION_PATTERN = Pattern.compile("onload(.*?)=", 42);
    private static final Pattern VB_SCRIPT_EXPRESSION_PATTERN = Pattern.compile("vbscript[\r\n| ]*:[\r\n| ]*", 2);
    private final Function<AsyncRequest, AsyncRequest> wrapper;

    /* loaded from: input_file:esa/restlight/ext/filter/xss/XssFilter$BaseWrapper.class */
    static abstract class BaseWrapper implements AsyncRequest {
        Map<String, List<String>> parameterMap;
        final AsyncRequest delegate;

        BaseWrapper(AsyncRequest asyncRequest) {
            this.delegate = asyncRequest;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public Map<String, List<String>> parameterMap() {
            if (this.parameterMap == null) {
                Map parameterMap = this.delegate.parameterMap();
                if (parameterMap.isEmpty()) {
                    this.parameterMap = Collections.emptyMap();
                } else {
                    this.parameterMap = new HashMap(parameterMap.size());
                    for (Map.Entry entry : parameterMap.entrySet()) {
                        List list = (List) entry.getValue();
                        ArrayList arrayList = new ArrayList(list.size());
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            arrayList.add(handleParam((String) it.next()));
                        }
                        this.parameterMap.put(entry.getKey(), arrayList);
                    }
                }
            }
            return this.parameterMap;
        }

        abstract String handleParam(String str);

        public List<String> getParameters(String str) {
            return parameterMap().get(str);
        }

        public HttpVersion httpVersion() {
            return this.delegate.httpVersion();
        }

        public String scheme() {
            return this.delegate.scheme();
        }

        public HttpMethod method() {
            return this.delegate.method();
        }

        public HttpInputStream inputStream() {
            return this.delegate.inputStream();
        }

        public ByteBuf byteBufBody() {
            return this.delegate.byteBufBody();
        }

        public String remoteAddr() {
            return this.delegate.remoteAddr();
        }

        public String tcpSourceAddr() {
            return this.delegate.tcpSourceAddr();
        }

        public int remotePort() {
            return this.delegate.remotePort();
        }

        public String localAddr() {
            return this.delegate.localAddr();
        }

        public int localPort() {
            return this.delegate.localPort();
        }

        public String getParameter(String str) {
            List<String> parameters = getParameters(str);
            if (parameters == null || parameters.size() <= 0) {
                return null;
            }
            return parameters.get(0);
        }

        public HttpHeaders headers() {
            return this.delegate.headers();
        }

        public HttpHeaders trailers() {
            return this.delegate.trailers();
        }

        public Set<Cookie> cookies() {
            return this.delegate.cookies();
        }

        public Object getAttribute(String str) {
            return this.delegate.getAttribute(str);
        }

        public void setAttribute(String str, Object obj) {
            this.delegate.setAttribute(str, obj);
        }

        public Object removeAttribute(String str) {
            return this.delegate.removeAttribute(str);
        }

        public String[] attributeNames() {
            return this.delegate.attributeNames();
        }

        public ByteBufAllocator alloc() {
            return this.delegate.alloc();
        }
    }

    /* loaded from: input_file:esa/restlight/ext/filter/xss/XssFilter$EscapeWrapper.class */
    static class EscapeWrapper extends BaseWrapper {
        EscapeWrapper(AsyncRequest asyncRequest) {
            super(asyncRequest);
        }

        public String uri() {
            return XssFilter.htmlEscape(this.delegate.uri());
        }

        public String path() {
            return XssFilter.htmlEscape(this.delegate.path());
        }

        public String query() {
            return XssFilter.htmlEscape(this.delegate.query());
        }

        @Override // esa.restlight.ext.filter.xss.XssFilter.BaseWrapper
        String handleParam(String str) {
            return XssFilter.htmlEscape(str);
        }

        public String getHeader(CharSequence charSequence) {
            return XssFilter.htmlEscape(this.delegate.getHeader(charSequence));
        }
    }

    /* loaded from: input_file:esa/restlight/ext/filter/xss/XssFilter$FilterWrapper.class */
    static class FilterWrapper extends BaseWrapper {
        FilterWrapper(AsyncRequest asyncRequest) {
            super(asyncRequest);
        }

        public String uri() {
            return XssFilter.xssEncoder(this.delegate.uri());
        }

        public String path() {
            return XssFilter.xssEncoder(this.delegate.path());
        }

        public String query() {
            return XssFilter.xssEncoder(this.delegate.query());
        }

        public String getHeader(CharSequence charSequence) {
            return XssFilter.xssEncoder(this.delegate.getHeader(charSequence));
        }

        @Override // esa.restlight.ext.filter.xss.XssFilter.BaseWrapper
        String handleParam(String str) {
            return XssFilter.xssEncoder(str);
        }
    }

    public XssFilter(XssOptions xssOptions) {
        Checks.checkNotNull(xssOptions, "options");
        Checks.checkNotNull(xssOptions.getMode(), "XssMode");
        if (xssOptions.getMode() == XssMode.ESCAPE) {
            this.wrapper = EscapeWrapper::new;
        } else {
            this.wrapper = FilterWrapper::new;
        }
    }

    public CompletableFuture<Void> doFilter(AsyncRequest asyncRequest, AsyncResponse asyncResponse, FilterChain filterChain) {
        return filterChain.doFilter(this.wrapper.apply(asyncRequest), asyncResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String htmlEscape(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        StringBuilder sb = new StringBuilder(str.length());
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '<') {
                sb.append("&lt;");
            } else if (charAt == '>') {
                sb.append("&gt;");
            } else if (charAt == '\"') {
                sb.append("&quot;");
            } else if (charAt == '&') {
                sb.append("&amp;");
            } else {
                sb.append(charAt);
            }
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String xssEncoder(String str) {
        if (str != null && !str.isEmpty()) {
            try {
                str = URLDecoder.decode(str.replace("+", "%2B"), StandardCharsets.UTF_8.name());
            } catch (UnsupportedEncodingException e) {
                LoggerUtils.logger().error("xss url decode error", e);
            }
            str = VB_SCRIPT_EXPRESSION_PATTERN.matcher(ONLOAD_EXPRESSION_PATTERN.matcher(ALTER_EXPRESSION_PATTERN.matcher(JAVASCRIPT_EXPRESSION_PATTERN.matcher(EXP_EXPRESSION_PATTERN.matcher(EVAL_EXPRESSION_PATTERN.matcher(LONESOME_SCRIPT_FACADE_TAGS_PATTERN.matcher(LONESOME_SCRIPT_BACK_TAGS_PATTERN.matcher(SRC_EXPRESSION_QUOTA_PATTERN.matcher(SRC_EXPRESSION_APOSTROPHE_PATTERN.matcher(SCRIPT_TAGS_PATTERN.matcher(str.replaceAll("��", "")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
        }
        return str;
    }
}
