package cn.hiboot.mcn.autoconfigure.web.filter.xss;

import cn.hiboot.mcn.autoconfigure.web.filter.FilterProperties;
import cn.hiboot.mcn.core.util.McnUtils;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:cn/hiboot/mcn/autoconfigure/web/filter/xss/XssFilter.class */
public class XssFilter implements Filter {
    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
    private final FilterProperties filterProperties;
    private final List<String> excludes;

    public XssFilter(FilterProperties filterProperties) {
        this.filterProperties = filterProperties;
        List<String> excludes = filterProperties.getExcludes();
        if (McnUtils.isNullOrEmpty(excludes)) {
            excludes = FilterProperties.DEFAULT_EXCLUDE_URL;
        } else {
            excludes.addAll(FilterProperties.DEFAULT_EXCLUDE_URL);
        }
        this.excludes = excludes;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (isExcludeURL((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest, this.filterProperties.isIncludeRichText()), servletResponse);
        }
    }

    private boolean isExcludeURL(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        Iterator<String> it = this.excludes.iterator();
        while (it.hasNext()) {
            if (this.antPathMatcher.match(it.next(), servletPath)) {
                return true;
            }
        }
        return false;
    }
}
