package filters;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.regex.Pattern;
import javax.servlet.FilterConfig;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.DefaultResourceLoader;

/* loaded from: input_file:filters/XSSSecurityManager.class */
public class XSSSecurityManager {
    private static Logger logger = LoggerFactory.getLogger(XSSSecurityManager.class);
    public static String REGEX;
    private static Pattern XSS_PATTERN;

    private XSSSecurityManager() {
    }

    public static void init(FilterConfig filterConfig) {
        logger.info("XSSSecurityManager init(FilterConfig config) begin");
        try {
            if (initConfig(filterConfig.getInitParameter("securityconfig"))) {
                XSS_PATTERN = Pattern.compile(REGEX);
            }
        } catch (DocumentException | IOException e) {
            logger.error("安全过滤配置文件xss_security_config.xml加载异常", e);
        }
        logger.info("XSSSecurityManager init(FilterConfig config) end");
    }

    public static boolean initConfig(String str) throws DocumentException, IOException {
        logger.info("XSSSecurityManager.initConfig(String path) begin");
        Element rootElement = new SAXReader().read(new DefaultResourceLoader().getResource(str).getInputStream()).getRootElement();
        XSSSecurityConfig.IS_CHECK_HEADER = Boolean.parseBoolean(getEleValue(rootElement, XSSSecurityCon.IS_CHECK_HEADER));
        XSSSecurityConfig.IS_CHECK_PARAMETER = Boolean.parseBoolean(getEleValue(rootElement, XSSSecurityCon.IS_CHECK_PARAMETER));
        XSSSecurityConfig.IS_LOG = Boolean.parseBoolean(getEleValue(rootElement, XSSSecurityCon.IS_LOG));
        XSSSecurityConfig.IS_CHAIN = Boolean.parseBoolean(getEleValue(rootElement, XSSSecurityCon.IS_CHAIN));
        XSSSecurityConfig.REPLACE = Boolean.parseBoolean(getEleValue(rootElement, XSSSecurityCon.REPLACE));
        Element element = rootElement.element(XSSSecurityCon.REGEX_LIST);
        if (element == null) {
            logger.error("安全过滤配置文件中没有 " + XSSSecurityCon.REGEX_LIST + " 属性");
            return false;
        }
        Iterator elementIterator = element.elementIterator();
        StringBuffer stringBuffer = new StringBuffer("^");
        while (elementIterator.hasNext()) {
            stringBuffer.append(((Element) elementIterator.next()).getText());
            stringBuffer.append("|");
        }
        if (stringBuffer.charAt(stringBuffer.length() - 1) != '|') {
            logger.error("安全过滤配置文件加载失败:正则表达式异常 " + stringBuffer.toString());
            return false;
        }
        REGEX = stringBuffer.substring(0, stringBuffer.length() - 1) + "$";
        logger.info("安全匹配规则" + REGEX);
        logger.info("XSSSecurityManager.initConfig(String path) end");
        return true;
    }

    private static String getEleValue(Element element, String str) {
        if (isNullStr(element.elementText(str))) {
            logger.error("安全过滤配置文件中没有 " + XSSSecurityCon.REGEX_LIST + " 属性");
        }
        return element.elementText(str);
    }

    public static String securityReplace(String str) {
        return isNullStr(str) ? str : str.replaceAll(REGEX, XSSSecurityCon.REPLACEMENT);
    }

    public static boolean matches(String str) {
        if (str == null) {
            return false;
        }
        return XSS_PATTERN.matcher(str).matches();
    }

    public static void destroy() {
        logger.info("XSSSecurityManager.destroy() begin");
        XSS_PATTERN = null;
        REGEX = null;
        logger.info("XSSSecurityManager.destroy() end");
    }

    public static boolean isNullStr(String str) {
        return str == null || str.trim().equals("");
    }

    public static void main(String[] strArr) {
        REGEX = "^.*<[S|s][C|c][R|r][I|i][P|p][T|t]>.*</[S|s][C|c][R|r][I|i][P|p][T|t]>.*";
        try {
            String decode = URLDecoder.decode("0%22%3e%3csCrIpT%3ealert(58758)%3c%2fsCrIpT%3e", "GB2312");
            System.out.println(decode);
            XSS_PATTERN = Pattern.compile(REGEX);
            System.out.println(XSS_PATTERN.matcher(decode).matches());
            System.out.println(decode);
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
    }
}
