package com.aisec.idas.alice.web.xss;

import com.aisec.idas.alice.config.impl.ConfigMgrFactory;
import com.aisec.idas.alice.web.filter.DynamicFilter;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@DynamicFilter(sort = 10)
/* loaded from: classes2.dex */
public class CrossSiteFilter implements Filter {
    private boolean isDirtyParameters(HttpServletRequest httpServletRequest) {
        Iterator it = httpServletRequest.getParameterMap().entrySet().iterator();
        while (it.hasNext()) {
            if (CrossSiteUtils.hasDirtyString((String) ((Map.Entry) it.next()).getKey())) {
                return true;
            }
        }
        return false;
    }

    private boolean isDirtyUrl(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        return CrossSiteUtils.hasDirtyString(requestURI, queryString == null ? "" : queryString);
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String string = ConfigMgrFactory.getSimpleConfigMgr().getString("FilterRedirectUrl", "http://www.10010.com");
        if (isDirtyUrl(httpServletRequest)) {
            httpServletResponse.sendRedirect(string);
        } else if (isDirtyParameters(httpServletRequest)) {
            httpServletResponse.sendRedirect(string);
        } else {
            filterChain.doFilter(new CrossSiteWrapper(httpServletRequest), httpServletResponse);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }
}
