package org.frameworkset.util;

import com.frameworkset.util.StringUtil;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/frameworkset/util/ReferHelper.class */
public class ReferHelper {
    private String[] refererwallwhilelist;
    private boolean refererDefender = false;
    private PathMatcher pathMatcher = new AntPathMatcher();
    private String[] wallfilterrules;
    private String[] wallwhilelist;
    private static Logger logger = LoggerFactory.getLogger(ReferHelper.class);
    public static final String[] wallfilterrules_default = {"<script", "%3Cscript", "script", "<img", "%3Cimg", "alert(", "alert%28", "eval(", "eval%28", "style=", "style%3D", "javascript", "update ", "drop ", "delete ", "insert ", "create ", "select ", "truncate "};

    private boolean iswhilerefer(String str) {
        if (this.refererwallwhilelist == null || this.refererwallwhilelist.length == 0) {
            return false;
        }
        for (String str2 : this.refererwallwhilelist) {
            if (this.pathMatcher.urlContain(str2, str)) {
                return true;
            }
        }
        return false;
    }

    public boolean dorefer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String header;
        String str;
        if (!this.refererDefender || (header = httpServletRequest.getHeader("Referer")) == null) {
            return false;
        }
        String str2 = null;
        if (httpServletRequest.getContextPath().equals(AntPathMatcher.DEFAULT_PATH_SEPARATOR)) {
            if (httpServletRequest.getServerPort() != 80) {
                str = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath();
            } else {
                str = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath();
                str2 = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + httpServletRequest.getContextPath();
            }
        } else if (httpServletRequest.getServerPort() != 80) {
            str = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath() + AntPathMatcher.DEFAULT_PATH_SEPARATOR;
        } else {
            str = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath() + AntPathMatcher.DEFAULT_PATH_SEPARATOR;
            str2 = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + httpServletRequest.getContextPath() + AntPathMatcher.DEFAULT_PATH_SEPARATOR;
        }
        if (str2 == null) {
            if (header.indexOf(str) >= 0 || iswhilerefer(header)) {
                return false;
            }
            sendRedirect403(httpServletRequest, httpServletResponse);
            return true;
        }
        if (header.indexOf(str) >= 0 || header.indexOf(str2) >= 0 || iswhilerefer(header)) {
            return false;
        }
        sendRedirect403(httpServletRequest, httpServletResponse);
        return true;
    }

    public void sendRedirect403(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendError(403);
    }

    public String[] getRefererwallwhilelist() {
        return this.refererwallwhilelist;
    }

    public void setRefererwallwhilelist(String[] strArr) {
        this.refererwallwhilelist = strArr;
        if (StringUtil.isNotEmpty(this.refererwallwhilelist)) {
            for (int i = 0; i < this.refererwallwhilelist.length; i++) {
                this.refererwallwhilelist[i] = this.refererwallwhilelist[i].trim();
            }
        }
    }

    public boolean isRefererDefender() {
        return this.refererDefender;
    }

    public void setRefererDefender(boolean z) {
        this.refererDefender = z;
    }

    public String[] getWallfilterrules() {
        return this.wallfilterrules;
    }

    public void setWallfilterrules(String[] strArr) {
        this.wallfilterrules = strArr;
    }

    public String[] getWallwhilelist() {
        return this.wallwhilelist;
    }

    public void setWallwhilelist(String[] strArr) {
        this.wallwhilelist = strArr;
    }

    public boolean iswhilename(String str) {
        if (this.wallwhilelist == null || this.wallwhilelist.length == 0) {
            return true;
        }
        for (String str2 : this.wallwhilelist) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    public void wallfilter(String str, String[] strArr) {
        if (this.wallfilterrules == null || this.wallfilterrules.length == 0 || strArr == null || strArr.length == 0 || iswhilename(str)) {
            return;
        }
        int i = 0;
        for (String str2 : strArr) {
            if (str2 != null && !str2.equals("")) {
                int i2 = 0;
                while (true) {
                    if (i2 >= this.wallfilterrules.length) {
                        break;
                    }
                    if (str2.indexOf(this.wallfilterrules[i2]) >= 0) {
                        strArr[i] = null;
                        logger.warn("参数" + str + "值" + str2 + "包含敏感词:" + this.wallfilterrules[i2] + ",存在安全隐患,系统自动过滤掉参数值!");
                        break;
                    }
                    i2++;
                }
            }
            i++;
        }
    }
}
