package com.shove.f.a;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import com.umeng.message.proguard.k;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.struts2.ServletActionContext;

/* compiled from: InjectionInterceptor.java */
/* loaded from: classes.dex */
public class a implements Interceptor {
    private static final long b = 1;
    private static String[] j;
    private int k = 0;
    private HttpServletRequest l = null;
    private HttpServletResponse m = null;
    private Map<String, String[]> n = null;
    private Cookie[] o = null;
    private String p = null;
    public static Boolean a = false;
    private static List<String> c = null;
    private static final String d = "<[^>]+?style=[\\w]+?:expression\\(|\\b(alert|confirm|prompt)\\b|^\\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|/\\*.+?\\*/|<\\s*script\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|[']+?.*?(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b|\\b(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b.*?[']+?";
    private static Pattern f = Pattern.compile(d, 2);
    private static final String e = "<[^>]+?style=[\\w]+?:expression\\(|\\b(alert|confirm|prompt)\\b|^\\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|/\\*.+?\\*/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)|[']+?.*?(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b|\\b(OR|AND|[-]{2,}|UPDATE|CREATE|ALTER|DROP|TRUNCATE|SELECT|DELETE|EXEC|INSERT)\\b.*?[']+?";
    private static Pattern g = Pattern.compile(e, 2);
    private static final String h = "<img\\b[^<>]*?\\bsrc[\\s\t\r\n]*=[\\s\t\r\n]*[\"']?[\\s\t\r\n]*([^\\s\t\r\n\"'<>]*)[^<>]*?/?[\\s\t\r\n]*[/]*>";
    private static Pattern i = Pattern.compile(h, 2);

    static {
        com.shove.c.a.a aVar;
        j = null;
        try {
            aVar = new com.shove.c.a.a();
        } catch (Exception e2) {
            System.err.println(e2);
            aVar = null;
        }
        if (aVar != null) {
            String a2 = aVar.a("injectionInterceptor.referer.whitelist");
            if (StringUtils.isNotBlank(a2)) {
                j = a2.split(",");
            }
        }
    }

    private Boolean a(Pattern pattern, String str, Boolean bool) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        if (pattern.matcher(str).find()) {
            return true;
        }
        if (!bool.booleanValue()) {
            return false;
        }
        Matcher matcher = i.matcher(str);
        while (matcher.find()) {
            if (!c.contains(com.shove.c.a.b(matcher.group(1)).toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    private String a(String str) throws IOException {
        this.m.getWriter().println("InjectionInterceptorError: 系统检测到您提交的数据中存在恶意的注入型攻击数据(或 img 标签的 src 文件类型不合法)，请检查 " + str + " 数据，如果是系统误报，请联系我们处理，谢谢。给您带来了不便，十分抱歉！");
        return "InjectionInterceptorError";
    }

    private String a(Pattern pattern, Boolean bool) throws IOException {
        if (b(pattern, bool).booleanValue()) {
            return a("Cookie");
        }
        if (c(pattern, bool).booleanValue()) {
            return a(k.t);
        }
        if (d(pattern, bool).booleanValue()) {
            return a("POST、GET");
        }
        return null;
    }

    private Boolean b(Pattern pattern, Boolean bool) {
        if (this.o == null || this.o.length == 0) {
            return false;
        }
        for (Cookie cookie : this.o) {
            if (a(pattern, cookie.getValue(), bool).booleanValue()) {
                return true;
            }
        }
        return false;
    }

    private Boolean c(Pattern pattern, Boolean bool) {
        if (this.p == null || this.p.isEmpty()) {
            return false;
        }
        if (j != null) {
            for (String str : j) {
                if (this.p.startsWith(str)) {
                    return false;
                }
            }
        }
        return a(pattern, this.p, bool).booleanValue();
    }

    private Boolean d(Pattern pattern, Boolean bool) {
        if (this.n.isEmpty()) {
            return false;
        }
        Iterator<String> it = this.n.keySet().iterator();
        while (it.hasNext()) {
            for (String str : this.n.get(it.next())) {
                if (a(pattern, str, bool).booleanValue()) {
                    return true;
                }
            }
        }
        return false;
    }

    private synchronized void d() {
        if (!a.booleanValue()) {
            a = true;
            c = new ArrayList();
            c.add(".jpg");
            c.add(".jpeg");
            c.add(".png");
            c.add(".bmp");
            c.add(".gif");
            c.add(".tif");
            c.add(".tiff");
        }
    }

    private boolean e() {
        String header = this.l.getHeader("X-Requested-With");
        return header != null && "XMLHttpRequest".equals(header);
    }

    public int a() {
        return this.k;
    }

    public String a(ActionInvocation actionInvocation) throws Exception {
        this.l = ServletActionContext.getRequest();
        this.m = ServletActionContext.getResponse();
        this.n = this.l.getParameterMap();
        this.o = this.l.getCookies();
        this.p = this.l.getHeader(k.t);
        com.shove.e.a.a.a(this.l, this.m);
        if (this.n.isEmpty() && this.o == null && this.p == null) {
            return actionInvocation.invoke();
        }
        if (!a.booleanValue()) {
            d();
        }
        String a2 = this.k == 0 ? a(f, false) : this.k == 1 ? a(g, true) : null;
        if (a2 == null) {
            return actionInvocation.invoke();
        }
        if (e()) {
            return null;
        }
        return a2;
    }

    public void a(int i2) {
        this.k = i2;
    }

    public void b() {
    }

    public void c() {
    }
}
