package com.kanq.extend.servlet.security.xss;

import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StringUtil;
import com.kanq.extend.servlet.OncePerRequestFilter;
import com.kanq.support.constant.BaseConstants;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/kanq/extend/servlet/security/xss/XssFilter.class */
public class XssFilter extends OncePerRequestFilter {
    public static final String PARAM_NAME_EXCLUDED_PAGES = "excludedPages";
    public static final String PARAM_NAME_ALLOW = "allow";
    public static final String PARAM_NAME_DENY = "deny";
    private String[] excludedPages;
    private String[] keyWordsDeny;
    private String[] keyWordsAllow;

    @Override // com.kanq.extend.servlet.OncePerRequestFilter
    public void initFilterBean() {
        init_excludedPages(getFilterConfig());
        init_allow(getFilterConfig());
        init_deny(getFilterConfig());
    }

    @Override // com.kanq.extend.servlet.OncePerRequestFilter
    protected void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (ArrayUtil.indexOf(this.excludedPages, httpServletRequest.getRequestURI()) > -1) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(constructXssHttpServletRequest(httpServletRequest), servletResponse);
        }
    }

    private void init_excludedPages(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(PARAM_NAME_EXCLUDED_PAGES);
        if (StringUtil.isEmpty(initParameter)) {
            this.excludedPages = new String[0];
        } else {
            this.excludedPages = StringUtil.tokenizeToStringArray(initParameter, BaseConstants.DELIMITERS_CONFIG);
        }
    }

    private void init_allow(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(PARAM_NAME_ALLOW);
        if (StringUtil.isEmpty(initParameter)) {
            this.keyWordsAllow = new String[0];
        } else {
            this.keyWordsAllow = StringUtil.tokenizeToStringArray(initParameter, BaseConstants.DELIMITERS_CONFIG);
        }
    }

    private void init_deny(FilterConfig filterConfig) {
        String initParameter = filterConfig.getInitParameter(PARAM_NAME_DENY);
        if (StringUtil.isEmpty(initParameter)) {
            this.keyWordsDeny = new String[0];
        } else {
            this.keyWordsDeny = StringUtil.tokenizeToStringArray(initParameter, BaseConstants.DELIMITERS_CONFIG);
        }
    }

    private ServletRequest constructXssHttpServletRequest(HttpServletRequest httpServletRequest) {
        XssHttpServletRequestWrapper xssHttpServletRequestWrapper = new XssHttpServletRequestWrapper(httpServletRequest);
        xssHttpServletRequestWrapper.init(this.keyWordsAllow, this.keyWordsDeny);
        return xssHttpServletRequestWrapper;
    }
}
