package com.kanq.extend.security.xss;

import cn.hutool.core.collection.ListUtil;
import cn.hutool.core.lang.Predicate;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.StringUtil;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/kanq/extend/security/xss/XssHttpServletRequestWrapper.class */
class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    private static final String[] KEYWORDS_DENY_DEFAULT = {"'", "\"", "..", ">", "<", "eval", "and", "exec", "insert", "select", "update", "delete", "count", "*", "%", "chr", "mid", "master", "truncate", "char", "declare", "script", "frame", ";", "or", "-", "+", ",", ")", "etc", "style", "javascrpit", "script", "frame", "onmouseover", "alert", "<img", "create", "truncate", "declare", "expression"};
    private final List<String> KEYWORDS_DENY_ACTUAL;

    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.KEYWORDS_DENY_ACTUAL = Arrays.asList(KEYWORDS_DENY_DEFAULT);
    }

    public void init(String[] strArr, String[] strArr2) {
        receiveDenyKeyWords(strArr2);
        receiveAllowKeyWords(strArr);
    }

    private void receiveDenyKeyWords(String[] strArr) {
        if (strArr.length <= 0) {
            return;
        }
        this.KEYWORDS_DENY_ACTUAL.addAll(Arrays.asList(strArr));
    }

    private void receiveAllowKeyWords(final String[] strArr) {
        if (strArr.length <= 0) {
            return;
        }
        ListUtil.remove(this.KEYWORDS_DENY_ACTUAL, new Predicate<String>() { // from class: com.kanq.extend.security.xss.XssHttpServletRequestWrapper.1
            public boolean apply(String str) {
                return ArrayUtil.indexOf(strArr, str) > -1;
            }
        });
    }

    public String getParameter(String str) {
        String parameter = super.getParameter(str);
        if (parameter == null) {
            return null;
        }
        if (str.equals("type") && StringUtil.isNotEmpty(parameter) && !Pattern.compile("(\\w+)|((\\w+\\-*)*)").matcher(parameter).matches()) {
            return null;
        }
        return cleanXSS(parameter);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = cleanXSS(parameterValues[i]);
        }
        return strArr;
    }

    public Map<String, String[]> getParameterMap() {
        String[] strArr;
        HashMap hashMap = new HashMap();
        for (Map.Entry entry : super.getParameterMap().entrySet()) {
            String cleanXSS = cleanXSS((String) entry.getKey());
            if (!StringUtils.isEmpty(cleanXSS) && (strArr = (String[]) entry.getValue()) != null && strArr.length > 0) {
                String[] strArr2 = new String[strArr.length];
                int i = 0;
                for (String str : strArr) {
                    strArr2[i] = cleanXSS(str);
                    i++;
                }
                hashMap.put(cleanXSS, strArr2);
            }
        }
        return hashMap;
    }

    public String getHeader(String str) {
        String header = super.getHeader(str);
        if (header == null) {
            return null;
        }
        return cleanXSS(header);
    }

    String cleanXSS(String str) {
        Iterator<String> it = this.KEYWORDS_DENY_ACTUAL.iterator();
        while (it.hasNext()) {
            str = str.replaceAll(it.next(), "");
        }
        return str;
    }

    public static void main(String[] strArr) {
        System.out.println(Pattern.compile("(\\w+\\-*)*").matcher("801df740-0bc7-40f6-843a-1a3e58964667").matches());
        System.out.println("801df740-0bc7-40f6-843a-1a3e58964667".matches("(\\w+\\-*)*"));
    }
}
