package cn.gtmap.gtc.starter.gscas.config.handler;

import java.io.IOException;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:cn/gtmap/gtc/starter/gscas/config/handler/XssTimeFilter.class */
public class XssTimeFilter extends OncePerRequestFilter {
    private RedisTemplate redisTemplate;

    public XssTimeFilter(RedisTemplate redisTemplate) {
        this.redisTemplate = redisTemplate;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Map parameterMap = httpServletRequest.getParameterMap();
        if (!CollectionUtils.isEmpty(parameterMap) && this.redisTemplate != null) {
            StringBuilder sb = new StringBuilder();
            for (String str : parameterMap.keySet()) {
                if (str.startsWith("_") && parameterMap.get(str) != null && ((String[]) parameterMap.get(str)).length > 0) {
                    sb.append(((String[]) parameterMap.get(str))[0]);
                }
            }
            if (sb.length() > 1) {
                String sb2 = sb.toString();
                StringBuilder sb3 = new StringBuilder();
                String header = httpServletRequest.getHeader("Referer");
                sb3.append(header);
                Cookie[] cookies = httpServletRequest.getCookies();
                if (cookies != null) {
                    for (Cookie cookie : cookies) {
                        if (!StringUtils.isEmpty(cookie.getValue())) {
                            sb3.append(header);
                        }
                    }
                }
                String sb4 = sb3.toString();
                if (!StringUtils.isEmpty(sb4)) {
                    String str2 = "csrf:" + sb4.hashCode();
                    Object obj = this.redisTemplate.opsForValue().get(str2);
                    if (StringUtils.isEmpty(obj)) {
                        this.redisTemplate.opsForValue().set(str2, sb2, 60L, TimeUnit.SECONDS);
                    } else if (!sb2.equals(obj.toString())) {
                        throw new IllegalArgumentException("不支持的跨站请求");
                    }
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
