package cn.gtmap.estateplat.olcommon.xss;

import cn.gtmap.estateplat.register.common.util.PublicUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:WEB-INF/classes/cn/gtmap/estateplat/olcommon/xss/XssHttpWrapper.class */
public class XssHttpWrapper extends HttpServletRequestWrapper {
    private final String body;
    static Logger logger = Logger.getLogger(XssHttpWrapper.class);

    public XssHttpWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        StringBuilder sb = new StringBuilder();
        InputStream inputStream = null;
        BufferedReader bufferedReader = null;
        try {
            try {
                ServletInputStream inputStream2 = httpServletRequest.getInputStream();
                if (inputStream2 != null) {
                    bufferedReader = new BufferedReader(new InputStreamReader(inputStream2, "UTF-8"));
                    char[] cArr = new char[128];
                    while (true) {
                        int read = bufferedReader.read(cArr);
                        if (read <= 0) {
                            break;
                        } else {
                            sb.append(cArr, 0, read);
                        }
                    }
                } else {
                    sb.append("");
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                        logger.error("流关闭异常：" + e.getMessage());
                    }
                }
                if (inputStream2 != null) {
                    inputStream2.close();
                }
            } catch (IOException e2) {
                logger.error(e2.getMessage());
                if (0 != 0) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                        logger.error("流关闭异常：" + e3.getMessage());
                    }
                }
                if (0 != 0) {
                    inputStream.close();
                }
            }
            this.body = sb.toString();
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                    logger.error("流关闭异常：" + e4.getMessage());
                    throw th;
                }
            }
            if (0 != 0) {
                inputStream.close();
            }
            throw th;
        }
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public ServletInputStream getInputStream() throws IOException {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(xssEncode(this.body).getBytes("UTF-8"));
        return new ServletInputStream() { // from class: cn.gtmap.estateplat.olcommon.xss.XssHttpWrapper.1
            @Override // java.io.InputStream
            public int read() throws IOException {
                return byteArrayInputStream.read();
            }

            @Override // javax.servlet.ServletInputStream
            public boolean isFinished() {
                return false;
            }

            @Override // javax.servlet.ServletInputStream
            public boolean isReady() {
                return false;
            }

            @Override // javax.servlet.ServletInputStream
            public void setReadListener(ReadListener readListener) {
            }
        };
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter != null) {
            parameter = xssEncode(parameter);
        }
        return parameter;
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    private String xssEncode(String str) {
        if (str == null || str.equals("")) {
            return str;
        }
        if (!PublicUtil.isJson(str)) {
            return StringEscapeUtils.escapeHtml4(str);
        }
        HashMap<String, Object> hashMap = (HashMap) PublicUtil.getBeanByJsonObj(str, HashMap.class);
        foreachMap(hashMap);
        return JSON.toJSONString(hashMap);
    }

    private void foreachMap(HashMap<String, Object> hashMap) {
        if (hashMap != null) {
            for (Map.Entry<String, Object> entry : hashMap.entrySet()) {
                Object value = entry.getValue();
                if (value instanceof String) {
                    entry.setValue(StringEscapeUtils.escapeHtml4((String) value));
                } else if (value instanceof JSONObject) {
                    for (Map.Entry<String, Object> entry2 : ((JSONObject) value).entrySet()) {
                        if (!(entry2.getValue() instanceof JSONArray)) {
                            entry2.setValue(StringEscapeUtils.escapeHtml4(entry2.getValue().toString()));
                        }
                    }
                }
            }
        }
    }
}
