package net.risesoft.filters;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.configuration.Y9ConfigurationProperties;
import org.apache.commons.lang3.StringUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.springframework.core.io.ClassPathResource;
import org.springframework.web.util.HtmlUtils;

/* loaded from: input_file:net/risesoft/filters/XSSHttpRequestWrapper.class */
public class XSSHttpRequestWrapper extends HttpServletRequestWrapper {
    private Policy policy;

    public XSSHttpRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        try {
            this.policy = Policy.getInstance(new ClassPathResource("antisamy-y9.xml").getInputStream());
        } catch (PolicyException | IOException e) {
            e.printStackTrace();
        }
    }

    public String getHeader(String str) {
        return cleanXss(str, super.getHeader(str));
    }

    public Enumeration<String> getHeaders(String str) {
        return super.getHeaders(str);
    }

    public String getParameter(String str) {
        return cleanXss(str, super.getParameter(str));
    }

    public String[] getParameterValues(String str) {
        return cleanXss(str, super.getParameterValues(str));
    }

    public Map<String, String[]> getParameterMap() {
        HashMap hashMap = new HashMap(super.getParameterMap());
        for (String str : hashMap.keySet()) {
            hashMap.put(str, cleanXss(str, (String[]) hashMap.get(str)));
        }
        return hashMap;
    }

    private boolean isParamIgnorable(String str) {
        Stream stream = ((Y9ConfigurationProperties) Y9Context.getBean(Y9ConfigurationProperties.class)).getFeature().getSecurity().getXss().getIgnoreParam().stream();
        str.getClass();
        return stream.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    private String cleanXss(String str, String str2) {
        if (isParamIgnorable(str) || StringUtils.isBlank(str2)) {
            return str2;
        }
        CleanResults cleanResults = null;
        try {
            cleanResults = new AntiSamy().scan(str2, this.policy);
        } catch (ScanException | PolicyException e) {
            e.printStackTrace();
        }
        return HtmlUtils.htmlEscape(cleanResults.getCleanHTML());
    }

    private String[] cleanXss(String str, String[] strArr) {
        if (isParamIgnorable(str) || strArr == null) {
            return strArr;
        }
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = cleanXss(str, strArr[i]);
        }
        return strArr2;
    }

    public static void main(String[] strArr) {
        try {
            System.out.println(new AntiSamy().scan("<script>alert(\"xss\");</script>HELLO WORD！", Policy.getInstance(new ClassPathResource("antisamy-slashdot.xml").getInputStream())).getCleanHTML());
        } catch (ScanException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        } catch (PolicyException e3) {
            e3.printStackTrace();
        }
    }
}
