package com.supwisdom.eams.infras.shiro;

import com.alibaba.fastjson.JSONObject;
import com.google.common.collect.Lists;
import com.supwisdom.eams.infras.application.Message;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.filters.RequestFilter;
import org.apache.log4j.Logger;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.FlashMap;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.support.RequestContextUtils;

@Component
/* loaded from: input_file:com/supwisdom/eams/infras/shiro/RequestInterceptor.class */
public class RequestInterceptor implements HandlerInterceptor {
    private static Logger logger = Logger.getLogger(RequestFilter.class);

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        String checkInjectPass = checkInjectPass(httpServletRequest, httpServletResponse);
        if (checkInjectPass == null) {
            return true;
        }
        String parameter = httpServletRequest.getParameter("REDIRECT_URL");
        if (parameter == null) {
            httpServletResponse.getWriter().append((CharSequence) JSONObject.toJSONString(new Message(false, "error", checkInjectPass)));
            httpServletResponse.getWriter().flush();
            httpServletResponse.getWriter().close();
            return false;
        }
        FlashMap flashMap = new FlashMap();
        flashMap.put("_msg_error_list_", Lists.newArrayList(new String[]{checkInjectPass}));
        RequestContextUtils.getFlashMapManager(httpServletRequest).saveOutputFlashMap(flashMap, httpServletRequest, httpServletResponse);
        httpServletResponse.sendRedirect(httpServletRequest.getServletContext().getContextPath() + parameter);
        return false;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
    }

    private String checkInjectPass(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!"REDIRECT_URL".equals(str)) {
                String parameter = httpServletRequest.getParameter(str);
                String[] split = "(function(,script,iframe,select,javascript,window.open,insert,delete,update,declare,expression,XSS,alert,scanner,onerror,prompt,atestu,../,./,/,<!--,-->,CR,LF,0x0d,0x0a,%0d%0a".split(",");
                String lowerCase = parameter.toLowerCase();
                for (String str2 : split) {
                    if (lowerCase.contains(str2)) {
                        String str3 = "\n".equals(str2) ? "回车符" : "\r".equals(str2) ? "换行符" : str2;
                        logger.info(lowerCase + "包含非法字符==" + str2 + "非法字符");
                        httpServletResponse.setCharacterEncoding("UTF-8");
                        httpServletResponse.setContentType("application/json; charset=utf-8");
                        return "输入项中不能包含非法字符:" + str3;
                    }
                }
            }
        }
        return null;
    }
}
