package cn.xjbpm.ultron.web.filter;

import cn.xjbpm.ultron.web.properties.UltronMvcProperties;
import java.io.IOException;
import java.util.Iterator;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:cn/xjbpm/ultron/web/filter/XssHttpServletRequestFilter.class */
public class XssHttpServletRequestFilter implements Filter {
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
    private final UltronMvcProperties.Xss xssProperties;

    public XssHttpServletRequestFilter(UltronMvcProperties ultronMvcProperties) {
        this.xssProperties = ultronMvcProperties.getXss();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (handleExcludeURL((HttpServletRequest) servletRequest) || RequestMethod.OPTIONS.name().equals(((HttpServletRequest) servletRequest).getMethod())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(new XssHttpServletRequestWrapper((HttpServletRequest) servletRequest), servletResponse);
        }
    }

    private boolean handleExcludeURL(HttpServletRequest httpServletRequest) {
        if (!this.xssProperties.isEnabled()) {
            return true;
        }
        String requestURI = httpServletRequest.getRequestURI();
        Iterator<String> it = this.xssProperties.getExcludes().iterator();
        while (it.hasNext()) {
            if (ANT_PATH_MATCHER.match(it.next(), requestURI)) {
                return true;
            }
        }
        return false;
    }
}
