package net.risesoft.filters;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import lombok.Generated;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.configuration.feature.security.Y9SecurityProperties;
import org.apache.commons.lang3.StringUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.web.util.HtmlUtils;

/* loaded from: input_file:net/risesoft/filters/XssHttpRequestWrapper.class */
public class XssHttpRequestWrapper extends HttpServletRequestWrapper {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(XssHttpRequestWrapper.class);
    private static Policy policy;

    public static void main(String[] strArr) {
        try {
            System.out.println(new AntiSamy().scan("<script>alert(\"xss\");</script>HELLO WORD！", Policy.getInstance(new ClassPathResource("antisamy-slashdot.xml").getInputStream())).getCleanHTML());
        } catch (IOException e) {
            LOGGER.warn(e.getMessage(), e);
        } catch (ScanException e2) {
            LOGGER.warn(e2.getMessage(), e2);
        } catch (PolicyException e3) {
            LOGGER.warn(e3.getMessage(), e3);
        }
    }

    public XssHttpRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    private String cleanXss(String str, String str2) {
        if (isParamIgnorable(str) || StringUtils.isBlank(str2)) {
            return str2;
        }
        CleanResults cleanResults = null;
        try {
            cleanResults = new AntiSamy().scan(str2, policy);
        } catch (ScanException | PolicyException e) {
            LOGGER.warn(e.getMessage(), e);
        }
        return HtmlUtils.htmlEscape(cleanResults.getCleanHTML());
    }

    private String[] cleanXss(String str, String[] strArr) {
        if (isParamIgnorable(str) || strArr == null) {
            return strArr;
        }
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = cleanXss(str, strArr[i]);
        }
        return strArr2;
    }

    public String getHeader(String str) {
        return cleanXss(str, super.getHeader(str));
    }

    public Enumeration<String> getHeaders(String str) {
        return super.getHeaders(str);
    }

    public String getParameter(String str) {
        return cleanXss(str, super.getParameter(str));
    }

    public Map<String, String[]> getParameterMap() {
        HashMap hashMap = new HashMap(super.getParameterMap());
        for (String str : hashMap.keySet()) {
            hashMap.put(str, cleanXss(str, (String[]) hashMap.get(str)));
        }
        return hashMap;
    }

    public String[] getParameterValues(String str) {
        return cleanXss(str, super.getParameterValues(str));
    }

    private boolean isParamIgnorable(String str) {
        Stream<String> stream = ((Y9SecurityProperties) Y9Context.getBean(Y9SecurityProperties.class)).getXss().getIgnoreParam().stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }

    static {
        try {
            policy = Policy.getInstance(new ClassPathResource("antisamy-y9.xml").getInputStream());
        } catch (PolicyException | IOException e) {
            LOGGER.warn(e.getMessage(), e);
        }
    }
}
