package com.github.kaizen4j.web.xss;

import com.github.kaizen4j.common.util.XssUtils;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.ReadListener;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/kaizen4j/web/xss/HttpServletRequestXssWrapper.class */
public final class HttpServletRequestXssWrapper extends HttpServletRequestWrapper {
    private static final Logger logger = LoggerFactory.getLogger(HttpServletRequestXssWrapper.class);
    private final String body;
    private final boolean isUploadData;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/kaizen4j/web/xss/HttpServletRequestXssWrapper$DelegateServletInputStream.class */
    public static class DelegateServletInputStream extends ServletInputStream {
        private final ByteArrayInputStream byteArrayInputStream;

        DelegateServletInputStream(ByteArrayInputStream byteArrayInputStream) {
            this.byteArrayInputStream = byteArrayInputStream;
        }

        public boolean isFinished() {
            return false;
        }

        public boolean isReady() {
            return false;
        }

        public void setReadListener(ReadListener readListener) {
        }

        public int read() {
            return this.byteArrayInputStream.read();
        }
    }

    public HttpServletRequestXssWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.isUploadData = isUploadData(httpServletRequest);
        this.body = toBody(httpServletRequest);
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        return Objects.isNull(parameterValues) ? new String[0] : (String[]) Stream.of((Object[]) parameterValues).map(this::stripXss).toArray(i -> {
            return new String[i];
        });
    }

    public String getParameter(String str) {
        return stripXss(super.getParameter(str));
    }

    public String getHeader(String str) {
        return stripXss(super.getHeader(str));
    }

    public ServletInputStream getInputStream() throws IOException {
        return this.isUploadData ? super.getInputStream() : new DelegateServletInputStream(new ByteArrayInputStream(this.body.getBytes(StandardCharsets.UTF_8)));
    }

    public BufferedReader getReader() throws IOException {
        return new BufferedReader(new InputStreamReader(getInputStream()));
    }

    public String getBody() {
        return this.body;
    }

    private boolean isUploadData(HttpServletRequest httpServletRequest) {
        return StringUtils.startsWithIgnoreCase(httpServletRequest.getContentType(), "multipart");
    }

    private String toBody(HttpServletRequest httpServletRequest) {
        try {
            return this.isUploadData ? "" : stripXss(IOUtils.toString(httpServletRequest.getInputStream(), StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private String stripXss(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        String strip = XssUtils.strip(str);
        if (logger.isDebugEnabled()) {
            logger.debug("HttpServletRequestXssWrapper strip before '{}' strip after '{}'", str, strip);
        }
        return strip;
    }
}
