package org.apache.catalina.filters;

import java.io.IOException;
import java.io.PrintWriter;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.LogFacade;
import org.apache.catalina.servlets.WebdavStatus;
import org.apache.catalina.util.XssDetector;

/* loaded from: input_file:org/apache/catalina/filters/XssFilter.class */
public class XssFilter implements Filter {
    private static Logger logger = LogFacade.getLogger();
    private Set<String> ignoreUrls = new HashSet();

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("ignoreUrls");
        if (null != initParameter) {
            for (String str : initParameter.split(",")) {
                if (null != str && str.trim().length() > 0) {
                    this.ignoreUrls.add(str.trim());
                }
            }
        }
    }

    private boolean ignore(String str) {
        Iterator<String> it = this.ignoreUrls.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next())) {
                return true;
            }
        }
        return false;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("Content-Security-Policy", "script-src 'self' 'unsafe-inline' 'unsafe-eval';");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        if (ignore(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String queryString = httpServletRequest.getQueryString();
        if (null != XssDetector.isXssAttack(queryString, true)) {
            logger.log(Level.WARNING, "参数" + queryString + "中包含非法字符");
            httpServletResponse.setStatus(WebdavStatus.SC_BAD_REQUEST);
            out(httpServletRequest, httpServletResponse, "\\u53c2\\u6570\\u5305\\u542b\\u975e\\u6cd5\\u5b57\\u7b26");
            return;
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = httpServletRequest.getParameter(str);
            if (null != parameter && parameter.trim().length() > 0 && null != XssDetector.isXssAttack(parameter)) {
                logger.log(Level.WARNING, "参数" + str + "包含非法字符： " + parameter + CorsFilter.DEFAULT_EXPOSED_HEADERS);
                httpServletResponse.setStatus(WebdavStatus.SC_BAD_REQUEST);
                out(httpServletRequest, httpServletResponse, "\\u53c2\\u6570\\u5305\\u542b\\u975e\\u6cd5\\u5b57\\u7b26");
                return;
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    public static String getBasePath(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getContextPath().replaceAll("/+$", CorsFilter.DEFAULT_EXPOSED_HEADERS);
    }

    public static String getPath(HttpServletRequest httpServletRequest, String str) {
        if (httpServletRequest == null || str == null) {
            return CorsFilter.DEFAULT_EXPOSED_HEADERS;
        }
        String replaceAll = str.replaceAll("/{2,}", "/");
        StringBuilder sb = new StringBuilder();
        sb.append(getBasePath(httpServletRequest));
        if (!replaceAll.startsWith("/")) {
            sb.append("/");
        }
        sb.append(replaceAll);
        return sb.toString();
    }

    protected void out(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setIntHeader("javascript", 1);
        httpServletResponse.setContentType("text/html;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        writer.print("<script>");
        writer.print("alert(\"" + str + "\");");
        writer.print("</script>");
        writer.flush();
        writer.close();
    }

    public void destroy() {
    }
}
