package io.leopard.web.security.xss;

import io.leopard.web.annotation.NoXss;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;

/* loaded from: input_file:io/leopard/web/security/xss/XssUtil.class */
public class XssUtil {
    protected static final Log logger = LogFactory.getLog(XssUtil.class);
    private static boolean enable = true;
    private static final Set<String> IGNORE_NAME_SET = new HashSet();
    protected static Pattern NAME_PATTERN;

    public static boolean isEnable() {
        return enable;
    }

    public static void setEnable(boolean z) {
        enable = z;
    }

    public static void addIgnoreName(String str) {
        IGNORE_NAME_SET.add(str);
    }

    public static boolean initXSS(HttpServletRequest httpServletRequest, Object obj) {
        if (((NoXss) ((HandlerMethod) obj).getMethodAnnotation(NoXss.class)) == null) {
            return true;
        }
        httpServletRequest.setAttribute(XssAttributeCheckUtil.IGNORE_XSS_ATTRIBUTE_NAME, true);
        return true;
    }

    public static void checkParameter(String str, String str2) {
        if (StringUtils.isEmpty(str2) || IGNORE_NAME_SET.contains(str) || !XssCheckerImpl.getInstance().check(str2)) {
            return;
        }
        logger.error("has xss name:" + str + " value:" + str2);
        if (!isValidName(str)) {
            throw new XssException("参数名称[" + str + "]和值都不合法.");
        }
        throw new XssException("参数" + str + "值不合法.");
    }

    protected static boolean isValidName(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return NAME_PATTERN.matcher(str).find();
    }

    public static void checkUrl(String str) {
        if (XssCheckerUrlImpl.getInstance().check(str)) {
            throw new XssException("非法URL参数[" + str + "]");
        }
        System.err.println("url:" + str);
        logger.info("url:" + str);
    }

    static {
        addIgnoreName("uname");
        addIgnoreName("resinIp");
        NAME_PATTERN = Pattern.compile("^[a-zA-Z0-9_]+$");
    }
}
