package com.ofpay.rex.security;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.ofpay.rex.control.helper.Rijndael;
import com.ofpay.rex.security.validation.ValidationException;
import com.ofpay.rex.security.validation.ValidationPattern;
import com.ofpay.rex.util.HTMLEscapeUtil;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletInputStream;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/ofpay/rex/security/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private static final Logger logger = LoggerFactory.getLogger(XssHttpServletRequestWrapper.class);
    private ObjectMapper objectMapper;
    private byte[] rawData;
    private int paramNameSize;
    private int paramValueSize;
    private boolean stripPath;
    private boolean stripJsonStream;
    private String streamCharset;
    private Map<String, String> cacheMap;
    private String[] excludeFields;
    private String[] rtfNames;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, String[] strArr, String[] strArr2, boolean z, boolean z2, String str) {
        super(httpServletRequest);
        this.objectMapper = null;
        this.paramNameSize = 200;
        this.paramValueSize = 2000;
        this.stripPath = false;
        this.stripJsonStream = false;
        this.streamCharset = "UTF-8";
        this.excludeFields = strArr;
        this.rtfNames = strArr2;
        this.stripPath = z;
        this.stripJsonStream = z2;
        if (this.stripPath) {
            this.cacheMap = new HashMap();
        }
        this.stripJsonStream = z2;
        this.streamCharset = str;
        if (this.stripJsonStream) {
            this.objectMapper = new ObjectMapper();
            this.objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
            this.objectMapper.configure(SerializationFeature.ORDER_MAP_ENTRIES_BY_KEYS, true);
        }
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest, String[] strArr, String[] strArr2, Integer num, Integer num2, boolean z, boolean z2, String str) {
        super(httpServletRequest);
        this.objectMapper = null;
        this.paramNameSize = 200;
        this.paramValueSize = 2000;
        this.stripPath = false;
        this.stripJsonStream = false;
        this.streamCharset = "UTF-8";
        this.excludeFields = strArr;
        this.rtfNames = strArr2;
        if (null != num) {
            this.paramNameSize = num.intValue();
        }
        if (null != num2) {
            this.paramValueSize = num2.intValue();
        }
        this.stripPath = z;
        if (this.stripPath) {
            this.cacheMap = new HashMap();
        }
        this.stripJsonStream = z2;
        this.streamCharset = str;
        if (this.stripJsonStream) {
            this.objectMapper = new ObjectMapper();
            this.objectMapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
            this.objectMapper.configure(SerializationFeature.ORDER_MAP_ENTRIES_BY_KEYS, true);
        }
    }

    public String getContextPath() {
        String contextPath = super.getContextPath();
        if (contextPath == null || "".equals(contextPath.trim())) {
            return "";
        }
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP context path: " + contextPath, contextPath, "HTTPContextPath", 300, false);
        } catch (ValidationException e) {
            logger.warn("Skipping bad ContextPath", e);
        }
        return str;
    }

    public Cookie[] getCookies() {
        Cookie[] cookies = super.getCookies();
        if (cookies == null) {
            return new Cookie[0];
        }
        ArrayList arrayList = new ArrayList();
        for (Cookie cookie : cookies) {
            try {
                String validInput = ValidationPattern.getValidInput("Cookie name: " + cookie.getName(), cookie.getName(), "HTTPCookieName", 300, true);
                String validInput2 = ValidationPattern.getValidInput("Cookie value: " + cookie.getValue(), cookie.getValue(), "HTTPCookieValue", 1000, true);
                int maxAge = cookie.getMaxAge();
                String domain = cookie.getDomain();
                String path = cookie.getPath();
                Cookie cookie2 = new Cookie(validInput, validInput2);
                cookie2.setMaxAge(maxAge);
                if (domain != null) {
                    cookie2.setDomain(ValidationPattern.getValidInput("Cookie domain: " + domain, domain, "HTTPHeaderValue", 200, false));
                }
                if (path != null) {
                    cookie2.setPath(ValidationPattern.getValidInput("Cookie path: " + path, path, "HTTPHeaderValue", 300, false));
                }
                arrayList.add(cookie2);
            } catch (ValidationException e) {
                logger.warn("Skipping bad cookie: {}={}", new Object[]{cookie.getName(), cookie.getValue(), e});
            }
        }
        return (Cookie[]) arrayList.toArray(new Cookie[arrayList.size()]);
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        String str2 = "";
        try {
            str2 = ValidationPattern.getValidInput("HTTP header value: " + header, header, "HTTPHeaderValue", 2000, true);
        } catch (ValidationException e) {
            logger.warn("Skipping bad Header", e);
        }
        return str2;
    }

    public Enumeration getHeaderNames() {
        Vector vector = new Vector();
        Enumeration headerNames = super.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            try {
                String str = (String) headerNames.nextElement();
                vector.add(ValidationPattern.getValidInput("HTTP header name: " + str, str, "HTTPHeaderName", 150, true));
            } catch (ValidationException e) {
                logger.warn("Skipping bad HeaderNames.i", e);
            }
        }
        return vector.elements();
    }

    public Enumeration getHeaders(String str) {
        Vector vector = new Vector();
        Enumeration headers = super.getHeaders(str);
        while (headers.hasMoreElements()) {
            try {
                String str2 = (String) headers.nextElement();
                vector.add(HTMLEscapeUtil.escape(ValidationPattern.getValidInput("HTTP header value (" + str + "): " + str2, str2, "HTTPHeaderValue", 2000, true)));
            } catch (ValidationException e) {
                logger.warn("Skipping bad Headers.i", e);
            }
        }
        return vector.elements();
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        String str2 = null;
        try {
            str2 = ArrayUtils.contains(this.excludeFields, str) ? parameter : ArrayUtils.contains(this.rtfNames, str) ? ValidationPattern.rtfXSS(parameter) : ValidationPattern.stripXSS(ValidationPattern.getValidInput("HTTP parameter name: " + str, parameter, "HTTPParameterValue", this.paramValueSize, true));
        } catch (ValidationException e) {
            logger.warn("Skipping bad parameter", e);
        }
        return str2;
    }

    public Map getParameterMap() {
        Map parameterMap = super.getParameterMap();
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : parameterMap.entrySet()) {
            try {
                String str = (String) entry.getKey();
                String[] strArr = (String[]) entry.getValue();
                if (ArrayUtils.contains(this.excludeFields, str)) {
                    hashMap.put(str, strArr);
                } else if (ArrayUtils.contains(this.rtfNames, str)) {
                    String validInput = ValidationPattern.getValidInput("HTTP parameter name: " + str, str, "HTTPParameterName", this.paramNameSize, true);
                    String[] strArr2 = new String[strArr.length];
                    for (int i = 0; i < strArr.length; i++) {
                        strArr2[i] = ValidationPattern.rtfXSS(strArr[i]);
                    }
                    hashMap.put(validInput, strArr2);
                } else {
                    String validInput2 = ValidationPattern.getValidInput("HTTP parameter name: " + str, str, "HTTPParameterName", this.paramNameSize, true);
                    String[] strArr3 = new String[strArr.length];
                    for (int i2 = 0; i2 < strArr.length; i2++) {
                        strArr3[i2] = ValidationPattern.stripXSS(ValidationPattern.getValidInput("HTTP parameter value: " + strArr[i2], strArr[i2], "HTTPParameterValue", this.paramValueSize, true));
                    }
                    hashMap.put(validInput2, strArr3);
                }
            } catch (ValidationException e) {
                logger.warn("Skipping bad ParameterMap.i", e);
            }
        }
        return hashMap;
    }

    public Enumeration getParameterNames() {
        Vector vector = new Vector();
        Enumeration parameterNames = super.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            try {
                String str = (String) parameterNames.nextElement();
                if (ArrayUtils.contains(this.excludeFields, str)) {
                    vector.add(str);
                } else {
                    vector.add(ValidationPattern.getValidInput("HTTP parameter name: " + str, str, "HTTPParameterName", this.paramNameSize, true));
                }
            } catch (ValidationException e) {
                logger.warn("Skipping bad ParameterNames.i", e);
            }
        }
        return vector.elements();
    }

    public String[] getParameterValues(String str) {
        if (ArrayUtils.contains(this.excludeFields, str)) {
            return super.getParameterValues(str);
        }
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        boolean z = ArrayUtils.contains(this.rtfNames, str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : parameterValues) {
            String str3 = str2;
            if (!z) {
                try {
                    str3 = ValidationPattern.getValidInput("HTTP parameter value: " + str2, str2, "HTTPParameterValue", this.paramValueSize, true);
                } catch (ValidationException e) {
                    logger.warn("Skipping bad ParameterValues.i", e);
                }
            }
            arrayList.add(z ? ValidationPattern.rtfXSS(str3) : ValidationPattern.stripXSS(str3));
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public String getPathInfo() {
        String pathInfo = super.getPathInfo();
        if (pathInfo == null) {
            return null;
        }
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP path: " + pathInfo, pathInfo, "HTTPPath", 150, true);
        } catch (ValidationException e) {
            logger.warn("Skipping bad PathInfo", e);
        }
        return str;
    }

    public String getQueryString() {
        String queryString = super.getQueryString();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP query string: " + queryString, queryString, "HTTPQueryString", 2000, true);
        } catch (ValidationException e) {
            logger.warn("Skipping bad QueryString", e);
        }
        return str;
    }

    public String getRequestedSessionId() {
        String requestedSessionId = super.getRequestedSessionId();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("Requested cookie: " + requestedSessionId, requestedSessionId, "HTTPJSESSIONID", Rijndael.BLOCK_BITS, true);
        } catch (ValidationException e) {
            logger.warn("Skipping bad RequestedSessionId", e);
        }
        return str;
    }

    public String getRequestURI() {
        String requestURI = super.getRequestURI();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP URI: " + requestURI, requestURI, "HTTPURI", 2000, false);
        } catch (ValidationException e) {
            logger.warn("Skipping bad RequestURI", e);
        }
        return str;
    }

    public StringBuffer getRequestURL() {
        String stringBuffer = super.getRequestURL().toString();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP URL: " + stringBuffer, stringBuffer, "HTTPURL", 2000, false);
        } catch (ValidationException e) {
            logger.warn("Skipping bad RequestURL", e);
        }
        return new StringBuffer(str);
    }

    public String getScheme() {
        String scheme = super.getScheme();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP scheme: " + scheme, scheme, "HTTPScheme", 10, false);
        } catch (ValidationException e) {
            logger.warn("Skipping bad Scheme", e);
        }
        return str;
    }

    public String getServerName() {
        String serverName = super.getServerName();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP server name: " + serverName, serverName, "HTTPServerName", 100, false);
        } catch (ValidationException e) {
            logger.warn("Skipping bad ServerName", e);
        }
        return str;
    }

    public int getServerPort() {
        int serverPort = super.getServerPort();
        if (serverPort < 0 || serverPort > 65535) {
            logger.warn("HTTP server port out of range: " + serverPort);
            serverPort = 0;
        }
        return serverPort;
    }

    public String getServletPath() {
        String servletPath = super.getServletPath();
        String str = "";
        try {
            str = ValidationPattern.getValidInput("HTTP servlet path: " + servletPath, servletPath, "HTTPServletPath", 200, false);
            if (this.stripPath) {
                str = this.cacheMap.containsKey(str) ? this.cacheMap.get(str) : ValidationPattern.stripURIXSS(str);
            }
        } catch (ValidationException e) {
            logger.warn("Skipping bad ServletPath", e);
        }
        return str;
    }

    public ServletInputStream getInputStream() throws IOException {
        if (!this.stripJsonStream || (getRequest().getContentType() != null && getRequest().getContentType().contains("multipart/form-data"))) {
            return super.getInputStream();
        }
        if (this.rawData == null) {
            try {
                String iOUtils = IOUtils.toString(super.getInputStream(), this.streamCharset);
                if (StringUtils.isNotBlank(iOUtils)) {
                    if (iOUtils.startsWith("[")) {
                        iOUtils = this.objectMapper.writeValueAsString(ValidationPattern.stripJsonList((List) this.objectMapper.readValue(iOUtils, new TypeReference<List<Object>>() { // from class: com.ofpay.rex.security.XssHttpServletRequestWrapper.1
                        }), this.excludeFields, this.rtfNames));
                    } else {
                        iOUtils = this.objectMapper.writeValueAsString(ValidationPattern.stripJsonMap((Map) this.objectMapper.readValue(iOUtils, new TypeReference<Map<Object, Object>>() { // from class: com.ofpay.rex.security.XssHttpServletRequestWrapper.2
                        }), this.excludeFields, this.rtfNames));
                    }
                }
                this.rawData = iOUtils.getBytes(this.streamCharset);
            } catch (Exception e) {
                e.printStackTrace();
                logger.warn("Parse json request fail  err:" + e.getMessage());
                return super.getInputStream();
            }
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.rawData);
        return new ServletInputStream() { // from class: com.ofpay.rex.security.XssHttpServletRequestWrapper.3
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }
        };
    }

    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }
}
