package cn.acyou.leo.framework.xss;

import cn.acyou.leo.framework.util.StringUtil;
import com.alibaba.fastjson.JSONObject;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.Charset;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang3.StringUtils;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.safety.Whitelist;
import org.springframework.util.StreamUtils;

/* loaded from: input_file:cn/acyou/leo/framework/xss/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private static final Whitelist whitelist = createWhitelist();
    private static final Document.OutputSettings outputSettings = new Document.OutputSettings().prettyPrint(false);
    private byte[] requestBody;
    private Charset charSet;

    private static Whitelist createWhitelist() {
        return Whitelist.relaxed().removeProtocols("a", "href", new String[]{"ftp", "http", "https", "mailto"}).removeProtocols("img", "src", new String[]{"http", "https"}).addAttributes("a", new String[]{"href", "title", "target"}).addTags(new String[]{"div", "span", "embed", "object", "param"}).addAttributes(":all", new String[]{"style", "class", "id", "name"}).addAttributes("object", new String[]{"width", "height", "classid", "codebase"}).addAttributes("param", new String[]{"name", "value"}).addAttributes("embed", new String[]{"src", "quality", "width", "height", "allowFullScreen", "allowScriptAccess", "flashvars", "name", "type", "pluginspage"});
    }

    private static String[] filter(String[] strArr) {
        if (strArr != null) {
            int length = strArr.length;
            for (int i = 0; i < length; i++) {
                if (strArr[i] != null && !StringUtil.EMPTY.equals(strArr[i])) {
                    strArr[i] = Jsoup.clean(strArr[i], StringUtil.EMPTY, whitelist, outputSettings).trim();
                }
            }
        }
        return strArr;
    }

    private static String filter(String str) {
        if (str != null) {
            str = Jsoup.clean(str, StringUtil.EMPTY, whitelist, outputSettings).trim();
        }
        return str;
    }

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        try {
            String requestPostStr = getRequestPostStr(httpServletRequest);
            if (StringUtils.isNotBlank(requestPostStr)) {
                this.requestBody = JSONObject.parseObject(filter(requestPostStr)).toString().getBytes(this.charSet);
            } else {
                this.requestBody = new byte[0];
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public String getRequestPostStr(HttpServletRequest httpServletRequest) throws IOException {
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            characterEncoding = "UTF-8";
        }
        this.charSet = Charset.forName(characterEncoding);
        return StreamUtils.copyToString(httpServletRequest.getInputStream(), this.charSet);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return super.getParameterValues(str);
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = Jsoup.clean(parameterValues[i], StringUtil.EMPTY, whitelist, outputSettings).trim();
        }
        return strArr;
    }

    public ServletInputStream getInputStream() {
        if (this.requestBody == null) {
            this.requestBody = new byte[0];
        }
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.requestBody);
        return new ServletInputStream() { // from class: cn.acyou.leo.framework.xss.XssHttpServletRequestWrapper.1
            public boolean isFinished() {
                return false;
            }

            public boolean isReady() {
                return false;
            }

            public void setReadListener(ReadListener readListener) {
            }

            public int read() {
                return byteArrayInputStream.read();
            }
        };
    }
}
