package com.sat.iteach.web.common.util;

import com.sat.iteach.common.log.LoggerFactory;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter;

/* loaded from: classes.dex */
public class SystemBaseFilter extends StrutsPrepareAndExecuteFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SystemBaseFilter.class);
    private static boolean isXSSFilter = false;
    private static String errorForwardUrl = "/jsp/common/tipInfo1.jsp";
    private static String matcherForXSS = "<|>|(script)|on(keydown|keypress|keyup|mousedown|mousemove|mouseover|mouseon|mouseout|click|dblclick|blur|focus|change)";

    private boolean findXSS(String str) throws UnsupportedEncodingException {
        if (str == null || "".equals(str)) {
            return false;
        }
        return Pattern.compile(matcherForXSS, 2).matcher(URLDecoder.decode(str, ChangeCharset.UTF_8)).find();
    }

    private boolean hashXSSForPostData(Map<String, String> map) throws UnsupportedEncodingException {
        if (map == null) {
            return false;
        }
        if (log.isDebugEnabled()) {
            log.debug("post data....");
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if (log.isDebugEnabled()) {
                log.debug("key:" + ((Object) entry.getKey()));
                log.debug("value:" + ((Object) entry.getValue()));
            }
            Object value = entry.getValue();
            if (value instanceof String) {
                if (findXSS(String.valueOf(value))) {
                    log.warn("��վ�ű��Ƿ��ַ����أ�  POST������ݣ�[" + URLDecoder.decode(String.valueOf(value), ChangeCharset.UTF_8) + "]");
                    return true;
                }
            } else if (value instanceof String[]) {
                String[] strArr = (String[]) value;
                for (int i = 0; i < strArr.length; i++) {
                    if (findXSS(strArr[i])) {
                        log.warn("��վ�ű��Ƿ��ַ����أ�  POST������ݣ�[" + URLDecoder.decode(strArr[i], ChangeCharset.UTF_8) + "]");
                        return true;
                    }
                }
            } else {
                continue;
            }
        }
        return false;
    }

    private boolean sessionHijack(HttpServletRequest httpServletRequest) {
        Object attribute;
        HttpSession session = httpServletRequest.getSession(false);
        String remoteAddr = httpServletRequest.getRemoteAddr();
        if (session == null || (attribute = session.getAttribute("loginIP")) == null || remoteAddr.equals(attribute.toString())) {
            return false;
        }
        log.warn("�Ự�ٳֹ������жϴ���!������IP��[" + remoteAddr + "] ԭʼ��¼IP��" + attribute);
        return true;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String queryString = httpServletRequest.getQueryString();
        log.info("����·��:" + httpServletRequest.getRequestURI() + "?" + queryString);
        if (isXSSFilter && findXSS(queryString)) {
            log.warn("��վ�ű��Ƿ��ַ����أ�  GET������ݣ�[" + queryString + "]");
            httpServletResponse.sendRedirect(errorForwardUrl);
        } else if (sessionHijack(httpServletRequest)) {
            httpServletResponse.sendRedirect(errorForwardUrl);
        } else {
            super.doFilter(servletRequest, servletResponse, filterChain);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("matcherForXSS");
        String initParameter2 = filterConfig.getInitParameter("isXSSFilter");
        if (initParameter2 != null) {
            log.info("xss����Ƿ�����" + initParameter2);
            isXSSFilter = Boolean.valueOf(initParameter2).booleanValue();
        }
        if (initParameter != null) {
            log.info("��ʼ������xss���ַ�" + initParameter);
            matcherForXSS = initParameter;
        }
        super.init(filterConfig);
    }
}
