package cn.gtmap.estateplat.filter;

import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.datasource.init.ScriptUtils;

/* loaded from: input_file:lib/estateplat-common-1.2.4-SNAPSHOT.jar:cn/gtmap/estateplat/filter/SqlInjectFilter.class */
public class SqlInjectFilter implements Filter {
    private Logger logger = LoggerFactory.getLogger(getClass());
    private String sqlInjectStrList = new String();
    private String invalidPage = "/common/404.ftl";
    private Map<String, String> whitePageList = new HashMap();

    @Override // javax.servlet.Filter
    public void destroy() {
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        if (MapUtils.isNotEmpty(this.whitePageList)) {
            Iterator<String> it = this.whitePageList.keySet().iterator();
            while (it.hasNext()) {
                if (StringUtils.indexOf(requestURI, it.next()) > -1) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        String str = "";
        while (parameterNames.hasMoreElements()) {
            for (String str2 : httpServletRequest.getParameterValues(parameterNames.nextElement().toString())) {
                str = str + str2;
            }
        }
        if (!sqlValidate(str, this.sqlInjectStrList)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.invalidPage);
            this.logger.error(httpServletRequest.getRequestURI() + ":" + str + "存在非法字符字符，请检查！");
        }
    }

    @Override // javax.servlet.Filter
    public void init(FilterConfig filterConfig) throws ServletException {
        this.sqlInjectStrList = filterConfig.getInitParameter("sqlInjectStrList");
        String initParameter = filterConfig.getInitParameter("WhitePageList");
        if (StringUtils.isNotBlank(initParameter)) {
            String[] split = initParameter.split(ScriptUtils.DEFAULT_STATEMENT_SEPARATOR);
            if (ArrayUtils.isNotEmpty(split)) {
                for (String str : split) {
                    this.whitePageList.put(str, (String) null);
                }
            }
        }
    }

    protected static boolean sqlValidate(String str, String str2) {
        String lowerCase = str.toLowerCase();
        for (String str3 : str2.split("\\|")) {
            if (lowerCase.indexOf(str3) >= 0) {
                return true;
            }
        }
        return false;
    }
}
