package com.apusic.util.filters;

import com.apusic.util.rewrite.util.HttpServletResponseCode;
import com.apusic.web.http.util.Constants;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/apusic/util/filters/AttackFilter.class */
public class AttackFilter implements Filter {
    private static final String ALL_ROOT = "allRoot";
    private boolean enableCSRFCheck;
    private boolean enableCSRFCheck_Post;
    private boolean enableCSRFCheck_URL;
    private static final String kw1 = "alert,javascript,script,expression";
    private static final String kw2 = "";
    private static String[] SERVERNAME_WHITELIST;
    private static final Pattern SCRIPT_PATTERN = Pattern.compile("<\\s*script\\s*>.*<\\s*/\\s*script\\s*>");
    private static final Pattern JAVASCRIPT_PATTERN = Pattern.compile("<\\s*javascript\\s*>.*<\\s*/\\s*javascript\\s*>");
    private static final Pattern ALERT_PATTERN = Pattern.compile("\\s*alert\\s*\\((.*)\\)\\s*");
    private static final Pattern EVAL_PATTERN = Pattern.compile("\\s*eval\\s*\\((.*)\\)\\s*");
    private static final String[] HTMLASC_X = {"&#x28;", "&#x29;", "&#x6a;", "&#x61;", "&#x76;", "&#x61;", "&#x73;", "&#x63;", "&#x72;", "&#x69;", "&#x70;", "&#x74;", "&#x3a;"};
    private static final String[] HTMLASC = {"&#40;", "&#41;", "&#106;", "&#97;", "&#118;", "&#97;", "&#115;", "&#99;", "&#114;", "&#105;", "&#112;", "&#116;", "&#58;"};
    private static final String[] HTMLCHARS = {"(", ")", "j", "a", "v", "a", "s", "c", "r", "i", "p", "t", ":"};
    private boolean enabled = false;
    private Map<String, Pattern[]> allowMap = new HashMap();
    private Map<String, Pattern[]> denyMap = new HashMap();
    private List<Pattern> FILTERS_PATTERN = new ArrayList();
    private List<String> URL_AllowsList = null;
    private List<String> URL_XSSAllowsList = null;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!checkAccess((HttpServletRequest) servletRequest)) {
            ((HttpServletResponse) servletResponse).sendError(HttpServletResponseCode.SC_FORBIDDEN);
            return;
        }
        if (this.enableCSRFCheck && !checkCSRF(servletRequest)) {
            ((HttpServletResponse) servletResponse).sendError(HttpServletResponseCode.SC_FORBIDDEN);
        } else if (!this.enabled || checkAttack(servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).sendError(HttpServletResponseCode.SC_FORBIDDEN);
        }
    }

    private boolean checkAccess(HttpServletRequest httpServletRequest) {
        String remoteAddr = httpServletRequest.getRemoteAddr();
        String contextPath = httpServletRequest.getContextPath();
        return isAllowHost(remoteAddr, contextPath) && !isDenyHost(remoteAddr, contextPath);
    }

    private boolean checkAttack(ServletRequest servletRequest) {
        return checkAttack(((HttpServletRequest) servletRequest).getRequestURI(), servletRequest.getParameterMap());
    }

    private boolean checkCSRF(ServletRequest servletRequest) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Referer");
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (SERVERNAME_WHITELIST != null && SERVERNAME_WHITELIST.length > 0) {
            String str = header;
            if (str != null) {
                int indexOf = str.indexOf("://");
                int indexOf2 = str.indexOf("/", indexOf + 3);
                int i = indexOf < 0 ? 0 : indexOf + 3;
                int length = indexOf2 < 0 ? str.length() : indexOf2;
                if (length > i) {
                    str = str.substring(i, length);
                }
            }
            for (int i2 = 0; i2 < SERVERNAME_WHITELIST.length; i2++) {
                if ((str != null && (str.equals(SERVERNAME_WHITELIST[i2]) || str.startsWith(SERVERNAME_WHITELIST[i2]))) || remoteAddr.startsWith(SERVERNAME_WHITELIST[i2])) {
                    return true;
                }
            }
        }
        if (this.enableCSRFCheck_URL) {
            if (isAllowURL(this.URL_AllowsList, httpServletRequest.getRequestURI())) {
                return true;
            }
        }
        if (this.enableCSRFCheck_Post) {
            String method = httpServletRequest.getMethod();
            if ((header == null || header.length() <= 0) && method.equals(Constants.POST)) {
                return false;
            }
        }
        return header == null || header.length() <= 0 || header.contains(servletRequest.getServerName());
    }

    protected boolean checkAttack(String str, Map<String, String[]> map) {
        if (isAllowURL(this.URL_XSSAllowsList, str)) {
            return true;
        }
        String htmlNotationtoChar = htmlNotationtoChar(str);
        if (SCRIPT_PATTERN.matcher(htmlNotationtoChar.toLowerCase()).find() || JAVASCRIPT_PATTERN.matcher(htmlNotationtoChar.toLowerCase()).find() || ALERT_PATTERN.matcher(htmlNotationtoChar.toLowerCase()).find()) {
            return false;
        }
        Iterator<String> it = map.keySet().iterator();
        while (it.hasNext()) {
            String str2 = it.next().toString();
            String[] strArr = map.get(str2);
            String htmlNotationtoChar2 = htmlNotationtoChar(str2.toLowerCase());
            if (strArr != null && strArr.length > 0) {
                for (String str3 : strArr) {
                    String htmlNotationtoChar3 = htmlNotationtoChar(str3.toLowerCase());
                    for (Pattern pattern : this.FILTERS_PATTERN) {
                        if (pattern.matcher(htmlNotationtoChar3).find() || pattern.matcher(htmlNotationtoChar2).find()) {
                            return false;
                        }
                    }
                }
            }
        }
        return true;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.enabled = parseBoolean(filterConfig.getInitParameter("enableAttackFilter"), false);
        this.enableCSRFCheck = parseBoolean(filterConfig.getInitParameter("enableCSRFCheck"), false);
        this.enableCSRFCheck_Post = parseBoolean(filterConfig.getInitParameter("enableCSRFCheck_POST"), false);
        this.enableCSRFCheck_URL = parseBoolean(filterConfig.getInitParameter("enableCSRFCheck_URL"), false);
        String initParameter = filterConfig.getInitParameter("allowHosts");
        String initParameter2 = filterConfig.getInitParameter("denyHosts");
        String initParameter3 = filterConfig.getInitParameter("filterKW1");
        String initParameter4 = filterConfig.getInitParameter("filterKW2");
        String initParameter5 = filterConfig.getInitParameter("allow_URLS");
        String initParameter6 = filterConfig.getInitParameter("allow_XSSURLS");
        String initParameter7 = filterConfig.getInitParameter("serverNameWhiteList");
        List<String> emptyList = Collections.emptyList();
        List<String> asList = initParameter3 == null ? (kw1 == 0 || kw1.equals("")) ? emptyList : Arrays.asList(kw1.split(",")) : Arrays.asList(initParameter3.split(","));
        List<String> asList2 = initParameter4 == null ? ("" == 0 || "".equals("")) ? emptyList : Arrays.asList("".split(",")) : Arrays.asList(initParameter4.split(","));
        this.URL_AllowsList = initParameter5 == null ? emptyList : Arrays.asList(initParameter5.split(","));
        this.URL_XSSAllowsList = initParameter6 == null ? emptyList : Arrays.asList(initParameter6.split(","));
        this.FILTERS_PATTERN.add(SCRIPT_PATTERN);
        this.FILTERS_PATTERN.add(JAVASCRIPT_PATTERN);
        this.FILTERS_PATTERN.add(ALERT_PATTERN);
        this.FILTERS_PATTERN.add(EVAL_PATTERN);
        Iterator<String> it = asList.iterator();
        while (it.hasNext()) {
            this.FILTERS_PATTERN.add(Pattern.compile("\\s*" + Pattern.quote(it.next()) + "\\s*\\((.*)\\)\\s*"));
        }
        Iterator<String> it2 = asList2.iterator();
        while (it2.hasNext()) {
            this.FILTERS_PATTERN.add(Pattern.compile(Pattern.quote(it2.next())));
        }
        if (initParameter7 != null && !initParameter7.trim().equals("")) {
            SERVERNAME_WHITELIST = initParameter7.trim().split(",");
        }
        if (initParameter != null && initParameter.length() > 0) {
            int indexOf = initParameter.indexOf(":");
            String str = null;
            if (indexOf > 0) {
                str = initParameter.substring(0, indexOf);
                initParameter = initParameter.substring(indexOf + 1);
            }
            String[] split = initParameter.split(",");
            Pattern[] patternArr = new Pattern[split.length];
            int i = 0;
            for (String str2 : split) {
                int i2 = i;
                i++;
                patternArr[i2] = Pattern.compile(str2.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".\\*"));
            }
            this.allowMap.put((str == null || str.equals("")) ? ALL_ROOT : str, patternArr);
        }
        if (initParameter2 == null || initParameter2.length() <= 0) {
            return;
        }
        int indexOf2 = initParameter2.indexOf(":");
        String str3 = null;
        if (indexOf2 > 0) {
            str3 = initParameter2.substring(0, indexOf2);
            initParameter2 = initParameter2.substring(indexOf2 + 1);
        }
        String[] split2 = initParameter2.split(",");
        Pattern[] patternArr2 = new Pattern[split2.length];
        int i3 = 0;
        for (String str4 : split2) {
            int i4 = i3;
            i3++;
            patternArr2[i4] = Pattern.compile(str4.replaceAll("\\.", "\\\\.").replaceAll("\\*", ".\\*"));
        }
        this.denyMap.put((str3 == null || str3.equals("")) ? ALL_ROOT : str3, patternArr2);
    }

    public boolean isAllowHost(String str, String str2) {
        if (str2 == null || str2.length() == 0 || str2.equals("/")) {
            str2 = ALL_ROOT;
        }
        Pattern[] patternArr = this.allowMap.get(str2);
        if (patternArr == null) {
            return true;
        }
        for (Pattern pattern : patternArr) {
            if (pattern.matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    public boolean isDenyHost(String str, String str2) {
        if (str2 == null || str2.length() == 0 || str2.equals("/")) {
            str2 = ALL_ROOT;
        }
        Pattern[] patternArr = this.denyMap.get(str2);
        if (patternArr == null) {
            return false;
        }
        for (Pattern pattern : patternArr) {
            if (pattern.matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    private boolean isAllowURL(List<String> list, String str) {
        if (list.isEmpty()) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (!next.startsWith("/")) {
                if (next.startsWith("*")) {
                    next = next.substring(1);
                }
                if (str.endsWith(next)) {
                    return true;
                }
            } else if (str.startsWith(next)) {
                return true;
            }
        }
        return false;
    }

    public static String htmlNotationtoChar(String str) {
        String replace = str.replace((char) 0, ' ');
        if (replace.indexOf("&#") > -1) {
            for (int i = 0; i < HTMLASC_X.length; i++) {
                replace = replace.replace(HTMLASC_X[i], HTMLCHARS[i]);
            }
        }
        if (replace.indexOf("&#") > -1) {
            for (int i2 = 0; i2 < HTMLASC.length; i2++) {
                replace = replace.replace(HTMLASC[i2], HTMLCHARS[i2]);
            }
        }
        return replace;
    }

    public void destroy() {
        this.denyMap.clear();
        this.allowMap.clear();
    }

    private static boolean parseBoolean(String str, boolean z) {
        if (str == null) {
            return z;
        }
        String trim = str.trim();
        if ("true".equalsIgnoreCase(trim)) {
            return true;
        }
        if ("false".equalsIgnoreCase(trim)) {
            return false;
        }
        return z;
    }
}
