package cn.gtmap.estateplat.olcommon.xss;

import cn.gtmap.estateplat.register.common.entity.ResponseEntity.Main.RequestMainEntity;
import cn.gtmap.estateplat.register.common.entity.ResponseEntity.Main.ResponseMainDataEntity;
import cn.gtmap.estateplat.register.common.entity.ResponseEntity.Main.ResponseMainEntity;
import cn.gtmap.estateplat.register.common.entity.ResponseEntity.Main.ResponseMainHeadEntity;
import cn.gtmap.estateplat.register.common.util.CodeUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:WEB-INF/classes/cn/gtmap/estateplat/olcommon/xss/XssFilter.class */
public class XssFilter implements Filter {
    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        RequestMainEntity requestMainEntity;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        String method = httpServletRequest.getMethod();
        boolean z = false;
        if (requestURI.contains("/customNewsModel/uploadNewsImgs") || requestURI.contains("/customNewsModel/updateHtml")) {
            z = true;
        }
        BodyReaderHttpServletRequestWrapper bodyReaderHttpServletRequestWrapper = new BodyReaderHttpServletRequestWrapper(httpServletRequest);
        if (!z && StringUtils.equalsIgnoreCase("post", method)) {
            String bodyString = HttpHelper.getBodyString(bodyReaderHttpServletRequestWrapper);
            String contentType = httpServletRequest.getContentType();
            if ((!StringUtils.isNotBlank(contentType) || !contentType.contains("application/xml")) && StringUtils.isNotBlank(bodyString) && (requestMainEntity = (RequestMainEntity) JSON.parseObject(bodyString, RequestMainEntity.class)) != null && requestMainEntity.getData() != null) {
                Object IteratorAllParam = IteratorAllParam(requestMainEntity.getData());
                if (!StringUtils.equals("false_false", IteratorAllParam.toString()) && requestMainEntity.getHead() != null && StringUtils.isNotBlank(requestMainEntity.getHead().getOrigin()) && !StringUtils.equals("1", requestMainEntity.getHead().getOrigin()) && !StringUtils.equals("2", requestMainEntity.getHead().getOrigin()) && !StringUtils.equals("3", requestMainEntity.getHead().getOrigin()) && !StringUtils.equals("4", requestMainEntity.getHead().getOrigin())) {
                    IteratorAllParam = "false_false";
                }
                if (StringUtils.equals("false_false", IteratorAllParam.toString())) {
                    ResponseMainEntity responseMainEntity = new ResponseMainEntity();
                    ResponseMainHeadEntity responseMainHeadEntity = new ResponseMainHeadEntity();
                    responseMainHeadEntity.setCode(CodeUtil.ILLEGALCHARACTER);
                    responseMainHeadEntity.setMsg("输入值存在非法字符");
                    responseMainEntity.setHead(responseMainHeadEntity);
                    responseMainEntity.setData(new ResponseMainDataEntity());
                    httpServletResponse.setContentType("application/json;charset=UTF-8");
                    PrintWriter writer = httpServletResponse.getWriter();
                    writer.write(JSON.toJSONString(responseMainEntity));
                    writer.flush();
                    return;
                }
            }
        }
        filterChain.doFilter(bodyReaderHttpServletRequestWrapper, httpServletResponse);
    }

    public Object IteratorAllParam(Object obj) {
        if (obj != null) {
            if (obj instanceof JSONObject) {
                Iterator<String> it = ((JSONObject) obj).keySet().iterator();
                while (it.hasNext()) {
                    Object IteratorAllParam = IteratorAllParam(((JSONObject) obj).get(it.next()));
                    if (IteratorAllParam != null && StringUtils.equals("false_false", IteratorAllParam.toString())) {
                        return "false_false";
                    }
                }
            } else if (obj instanceof JSONArray) {
                if (((JSONArray) obj).size() > 0) {
                    for (int i = 0; i < ((JSONArray) obj).size(); i++) {
                        Object IteratorAllParam2 = IteratorAllParam(((JSONArray) obj).get(i));
                        if (IteratorAllParam2 != null && StringUtils.equals("false_false", IteratorAllParam2.toString())) {
                            return "false_false";
                        }
                    }
                }
            } else if (obj != null && !StringUtils.equals(XssShieldUtil.stripXss(obj.toString()), obj.toString())) {
                return "false_false";
            }
        }
        return obj;
    }

    @Override // javax.servlet.Filter
    public void destroy() {
    }
}
