package com.aisec.idas.alice.security.interceptor;

import com.aisec.idas.alice.config.impl.ConfigMgrFactory;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: classes2.dex */
public class XssInterceptor extends AbstractInterceptor {
    private static final long serialVersionUID = -374803404527649448L;

    private boolean isDirtyParameters(HttpServletRequest httpServletRequest) {
        Iterator it = httpServletRequest.getParameterMap().entrySet().iterator();
        while (it.hasNext()) {
            if (CrossSiteUtils.hasDirtyString((String) ((Map.Entry) it.next()).getKey())) {
                return true;
            }
        }
        return false;
    }

    private boolean isDirtyUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        return CrossSiteUtils.hasDirtyString(requestURI, queryString == null ? "" : queryString);
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        ActionContext invocationContext = actionInvocation.getInvocationContext();
        HttpServletRequest httpServletRequest = (HttpServletRequest) invocationContext.get("com.opensymphony.xwork2.dispatcher.HttpServletRequest");
        HttpServletResponse httpServletResponse = (HttpServletResponse) invocationContext.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse");
        String string = ConfigMgrFactory.getSimpleConfigMgr().getString("FilterRedirectUrl", "http://www.10086.cn");
        if (isDirtyUrl(httpServletRequest)) {
            httpServletResponse.sendRedirect(string);
            return "none";
        }
        if (isDirtyParameters(httpServletRequest)) {
            httpServletResponse.sendRedirect(string);
            return "none";
        }
        Map parameters = actionInvocation.getInvocationContext().getParameters();
        for (String str : parameters.keySet()) {
            if (CrossSiteUtils.hasDirtyString(str)) {
                parameters.remove(str);
            } else {
                Object obj = parameters.get(str);
                if (obj instanceof String[]) {
                    String[] strArr = (String[]) obj;
                    CrossSiteUtils.replaceValues(strArr);
                    parameters.put(str, strArr);
                }
            }
        }
        return actionInvocation.invoke();
    }
}
