package net.risesoft.filters;

import java.io.BufferedReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.configuration.feature.security.Y9SecurityProperties;
import net.risesoft.y9.json.Y9JsonUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;

/* loaded from: input_file:net/risesoft/filters/SqlInjectionFilter.class */
public class SqlInjectionFilter implements Filter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SqlInjectionFilter.class);
    private static final String SQL_REGX = ".*(\\b(select|update|and|or|delete|insert|trancate|char|into|substr|ascii|declare|exec|count|master|drop|execute)\\b).*";
    private String[] skip;

    public static String getBodyString(BufferedReader bufferedReader) {
        String str = "";
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                str = str + readLine;
            } catch (IOException e) {
                System.out.println("IOException: " + e);
            }
        }
        bufferedReader.close();
        return str;
    }

    public void destroy() {
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v48, types: [java.util.Map] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Object value;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (isSkip(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        SqlInjectionRequestWrapper sqlInjectionRequestWrapper = new SqlInjectionRequestWrapper(httpServletRequest);
        HashMap hashMap = new HashMap();
        if ("POST".equalsIgnoreCase(httpServletRequest.getMethod())) {
            hashMap = (Map) Y9JsonUtil.readValue(sqlInjectionRequestWrapper.getBody(), HashMap.class);
        } else {
            for (Map.Entry<String, String[]> entry : sqlInjectionRequestWrapper.getParameterMap().entrySet()) {
                hashMap.put(entry.getKey(), entry.getValue()[0]);
            }
        }
        for (Map.Entry entry2 : hashMap.entrySet()) {
            if (!isParamIgnorable(entry2.getKey().toString()) && (value = entry2.getValue()) != null && !checkSqlInject(value.toString(), servletResponse)) {
                return;
            }
        }
        try {
            filterChain.doFilter(sqlInjectionRequestWrapper, servletResponse);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private Object[] getParameterValues(Map map) {
        ArrayList arrayList = new ArrayList();
        for (Object obj : map.values()) {
            if (obj instanceof String[]) {
                Collections.addAll(arrayList, (String[]) obj);
            } else {
                arrayList.add(obj);
            }
        }
        return arrayList.toArray();
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.skip = filterConfig.getInitParameter("skip").split(",");
    }

    private boolean isSkip(String str) {
        for (int i = 0; i < this.skip.length; i++) {
            if (str.endsWith(this.skip[i])) {
                return true;
            }
        }
        return false;
    }

    private boolean checkSqlInject(String str, ServletResponse servletResponse) throws IOException {
        if (null == str || !str.matches(SQL_REGX)) {
            return true;
        }
        LOGGER.error("您输入的参数有非法字符，请输入正确的参数");
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HashMap hashMap = new HashMap();
        hashMap.put("code", HttpStatus.BAD_REQUEST.value());
        hashMap.put("message", "您输入的参数有非法字符，请输入正确的参数！");
        httpServletResponse.setStatus(HttpStatus.BAD_REQUEST.value());
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.getWriter().write(Y9JsonUtil.writeValueAsString(hashMap));
        httpServletResponse.getWriter().flush();
        httpServletResponse.getWriter().close();
        return false;
    }

    private boolean isParamIgnorable(String str) {
        Stream stream = ((Y9SecurityProperties) Y9Context.getBean(Y9SecurityProperties.class)).getSqlIn().getIgnoreParam().stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.equals(v1);
        });
    }
}
