package com.apache.portal.filter;

import com.apache.cache.util.Validator;
import com.apache.tools.StrUtil;
import java.io.IOException;
import java.util.Enumeration;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/apache/portal/filter/CharacterEncodingFilter.class */
public class CharacterEncodingFilter implements Filter {
    protected String encoding = null;
    private Logger log = Logger.getLogger(CharacterEncodingFilter.class);
    private String[] inj_str = {"select ", "(select", "insert ", "drop ", "union ", "delete ", "update ", "+and+", " and ", "+or+", " or ", "<script", "confirm(", "prompt(", "eval(", "function(", ":alert", "alert(", "ltrim(", "[window[", "<iframe", "<a href", "<input ", "<img", "<audio", "onerror\\=", "ltrim(", "{tostring:", "</script", "</style", "/../"};
    private String errorPage;
    private String writeStr;
    private static Pattern p;
    private static Matcher m;

    public void destroy() {
        this.encoding = null;
        this.errorPage = null;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.setCharacterEncoding(this.encoding);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.toLowerCase().contains("/owa_util.signature") || requestURI.toLowerCase().contains("/sqlnet.trc")) {
            this.log.warn("当前请求没有通过系统安会过滤");
            return;
        }
        if (filterPath(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if ("post".equalsIgnoreCase(httpServletRequest.getMethod()) && Validator.isNotNull(servletRequest.getParameter("formToken"))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String queryString = httpServletRequest.getQueryString();
        if (StrUtil.isNull(queryString)) {
            Enumeration parameterNames = httpServletRequest.getParameterNames();
            while (parameterNames.hasMoreElements()) {
                for (String str : servletRequest.getParameterValues((String) parameterNames.nextElement())) {
                    queryString = queryString + str;
                }
            }
        }
        if (StrUtil.isNotNull(queryString) && sql_inj(queryString)) {
            this.log.warn("当前请求没有通过系统安会过滤,请求参数(param):" + queryString);
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + this.errorPage);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.encoding = filterConfig.getInitParameter("encoding");
        if (StrUtil.isNull(this.encoding)) {
            this.encoding = "UTF-8";
        }
        this.errorPage = StrUtil.doNull(filterConfig.getInitParameter("errorPage"), "/common/error.jsp");
        this.writeStr = filterConfig.getInitParameter("writeStr");
    }

    private boolean filterPath(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.contains(".css") || requestURI.contains("/js") || requestURI.contains("/images") || requestURI.contains("/web/CheckRandCode") || requestURI.contains("/weixin") || "to=error".equals(httpServletRequest.getQueryString())) {
            return true;
        }
        if (null == this.writeStr) {
            return false;
        }
        for (String str : this.writeStr.split(",")) {
            if (requestURI.indexOf(str) != -1) {
                return true;
            }
        }
        return false;
    }

    private boolean sql_inj(String str) {
        String replace = str.toLowerCase().replace("%28", "(").replace("%2b", "+").replace("%3c", "<").replace("%27", "'").replace("%5b", "[").replace("%5d", "]").replace("%3d", "=").replace("%7c", "|").replace("%7b", "{").replace("%3a", ":").replace("%2f", "/").replace("%2e", ".");
        for (int i = 0; i < this.inj_str.length; i++) {
            if (replace.indexOf(this.inj_str[i]) >= 0) {
                return true;
            }
        }
        return isEqualString(replace);
    }

    private boolean isEqualString(String str) {
        p = Pattern.compile("(<[a-zA-Z].*?>)|(<[\\/][a-zA-Z].*?>)");
        m = p.matcher(str);
        return m.matches();
    }
}
