package net.risesoft.filters;

import java.io.IOException;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/risesoft/filters/XSSSecurityFilter.class */
public class XSSSecurityFilter implements Filter {
    private static Logger logger = LoggerFactory.getLogger(XSSSecurityFilter.class);

    public void destroy() {
        logger.info("XSSSecurityFilter destroy() begin");
        XSSSecurityManager.destroy();
        logger.info("XSSSecurityFilter destroy() end");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        checkRequestResponse(servletRequest, servletResponse);
        filterChain.doFilter(new XSSHttpRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        logger.info("XSSSecurityFilter init ……");
        XSSSecurityManager.init(filterConfig);
    }

    private void checkRequestResponse(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException("Can only process HttpServletRequest");
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException("Can only process HttpServletResponse");
        }
    }

    public boolean validateReferer(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("Referer");
        boolean z = false;
        if (StringUtils.isNotBlank(header)) {
            Iterator<String> it = XSSSecurityConfig.referer.iterator();
            while (it.hasNext()) {
                if (header.contains(it.next())) {
                    z = true;
                }
            }
        } else {
            z = true;
        }
        return z;
    }
}
