package cn.gtmap.estateplat.bank.filter;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/classes/cn/gtmap/estateplat/bank/filter/CSRFFilter.class */
public class CSRFFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        boolean z = true;
        httpServletResponse.setHeader(HttpHeaders.CONTENT_SECURITY_POLICY, "default-src 'self'; script-src 'self'; frame-ancestors 'self'; object-src 'self'");
        httpServletResponse.setHeader(HttpHeaders.X_CONTENT_TYPE_OPTIONS, "nosniff");
        httpServletResponse.setHeader("X-Xss-Protection", "1; mode=block");
        Map parameterMap = httpServletRequest.getParameterMap();
        if (parameterMap != null) {
            for (Object obj : parameterMap.entrySet()) {
                String str = (String) parameterMap.get(obj);
                if (str != null && (str.contains("./") || str.contains("%"))) {
                    z = false;
                    System.out.println("请求参数不合法, 参数 { " + obj + " : " + str + " }");
                }
            }
        }
        String header = httpServletRequest.getHeader("Referer");
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (StringUtils.isAnyBlank(header, stringBuffer)) {
            z = false;
            System.out.println("非银行系统请求！请求url：" + stringBuffer);
        } else {
            String[] split = stringBuffer.split("/");
            if (!header.contains(split[0] + "//" + split[2])) {
                z = false;
                System.out.println("非银行系统请求！请求url：" + stringBuffer + ", referer:" + header);
            }
        }
        if (z) {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
