package jvc.web.filter;

import com.dodonew.miposboss.util.HttpUtils;
import com.umeng.commonsdk.proguard.d;
import com.xiaomi.mipush.sdk.Constants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import jvc.pri.AppUtils;
import jvc.pri.NetUtils;
import jvc.util.CheckUtils;
import jvc.util.RequestUtils;
import jvc.util.StringUtils;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.fileupload.FileUploadBase;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
import org.apache.commons.io.IOUtils;

/* loaded from: classes2.dex */
public class SafeFilter implements Filter {
    private static final long MAXCOUNT = 100;
    private static final long PAGETIMEOUT = 43200000;
    private static Map<String, Long> pool = new ConcurrentHashMap();
    private static Map<String, Long> poolSend = new ConcurrentHashMap();
    private static Map<String, Long> poolCount = new ConcurrentHashMap();
    private static Map<String, Map<String, Long>> userIpCount = new ConcurrentHashMap();
    private static String[] blacklist = {"memberdetail.jsp"};
    private static String[] whitelist = {"activemember.jsp", "activemembersum.jsp"};
    public static Map<String, Long> IpMap = new HashMap();
    private static Properties Psys = new Properties();
    static String AlertUrl = AppUtils.getString("SafeFilter.AlertUrl");
    static String UserWhiteList = AppUtils.getString("SafeFilter.UserWhiteList");
    static long lastTimer = System.currentTimeMillis();

    static {
        String string = AppUtils.getString("SafeFilter.AlertIps");
        if (StringUtils.isNotBlank(string)) {
            System.out.println("AlertIps=" + string);
            for (String str : string.split(",")) {
                System.out.println("AlertIp=" + str);
                IpMap.put(str, 0L);
            }
        }
    }

    private boolean checkParamInject(ServletRequest servletRequest) {
        Enumeration parameterNames = servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            if (!str.equals("d") && !str.equals(d.M)) {
                String[] parameterValues = servletRequest.getParameterValues(str);
                for (int i = 0; i < parameterValues.length; i++) {
                    if (checkSqlInject(parameterValues[i])) {
                        System.out.println(String.valueOf(RequestUtils.getIp(servletRequest)) + " not safe param  " + str + HttpUtils.EQUAL_SIGN + parameterValues[i]);
                        PrintStream printStream = System.out;
                        StringBuilder sb = new StringBuilder("uri:");
                        sb.append(((HttpServletRequest) servletRequest).getRequestURI());
                        printStream.println(sb.toString());
                        return false;
                    }
                    if (checkScriptInject(parameterValues[i])) {
                        System.out.println(String.valueOf(RequestUtils.getIp(servletRequest)) + " not safe param  " + str + HttpUtils.EQUAL_SIGN + parameterValues[i]);
                        PrintStream printStream2 = System.out;
                        StringBuilder sb2 = new StringBuilder("uri:");
                        sb2.append(((HttpServletRequest) servletRequest).getRequestURI());
                        printStream2.println(sb2.toString());
                        return false;
                    }
                }
            }
        }
        return true;
    }

    private boolean checkScriptInject(String str) {
        for (String str2 : new String[]{"<script", "/etc/", "<iframe", "/passwd"}) {
            if (str.toLowerCase().indexOf(str2) != -1) {
                return true;
            }
        }
        return false;
    }

    private boolean checkSqlInject(String str) {
        if (str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        int i = 0;
        for (String str2 : new String[]{"show ", "union ", "union(", "alter ", " * from", "drop ", "='", "and ", "and(", "exec ", "insert ", "select ", "select(", "sleep(", " table ", "list ", "delete ", "update ", "count(", " * ", "chr(", " mid(", " master", "truncate ", " char", "declare ", "or ", "or(", "into ", "having ", "databases", "tables", "dump", "use ", "where ", "where(", "table_name", "information_schema", "xor ", "xor(", "or(", "case ", "case(", "when ", "when("}) {
            if (lowerCase.indexOf(str2) != -1) {
                i++;
            }
            if (i > 2) {
                return true;
            }
        }
        return false;
    }

    private void checkTimer() {
        if (System.currentTimeMillis() < lastTimer + Constants.ASSEMBLE_PUSH_NETWORK_INTERVAL) {
            return;
        }
        AppUtils.reset();
        UserWhiteList = AppUtils.getString("SafeFilter.UserWhiteList");
    }

    private boolean checkUnSafeUpload(ServletRequest servletRequest) {
        String contentType = servletRequest.getContentType();
        if (contentType == null || !contentType.startsWith(FileUploadBase.MULTIPART_FORM_DATA)) {
            return true;
        }
        DiskFileItemFactory diskFileItemFactory = new DiskFileItemFactory();
        diskFileItemFactory.setSizeThreshold(1048576);
        File file = new File(String.valueOf(AppUtils.AppPath) + "/uploadtemp/");
        if (!file.exists()) {
            file.mkdir();
        }
        diskFileItemFactory.setRepository(file);
        ServletFileUpload servletFileUpload = new ServletFileUpload(diskFileItemFactory);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        try {
            List<FileItem> parseRequest = servletFileUpload.parseRequest(httpServletRequest);
            servletRequest.setAttribute("jvc.upload.items", parseRequest);
            for (FileItem fileItem : parseRequest) {
                if (!fileItem.isFormField()) {
                    String name = fileItem.getName();
                    if (!CheckUtils.isVisibleString(name) || name.toLowerCase().endsWith("jsp") || name.toLowerCase().endsWith("jspx")) {
                        System.out.println(String.valueOf(RequestUtils.getIp(httpServletRequest)) + " upload file " + name);
                        System.out.println("uri:" + ((HttpServletRequest) servletRequest).getRequestURI());
                        return false;
                    }
                }
            }
            return true;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    private static boolean filterAddress(HttpServletRequest httpServletRequest) {
        String string = AppUtils.getString("SafeFilter.Address");
        if (StringUtils.isBlank(string)) {
            return false;
        }
        RequestUtils.getIp(httpServletRequest);
        for (int i = 0; i < string.split(",").length; i++) {
        }
        return true;
    }

    private String getUserId(HttpServletRequest httpServletRequest) {
        try {
            Object attribute = httpServletRequest.getSession().getAttribute("user");
            return attribute == null ? "" : (String) attribute.getClass().getDeclaredMethod("getUserId", null).invoke(attribute, null);
        } catch (Exception e) {
            e.printStackTrace();
            return "";
        }
    }

    private boolean isIpTimeout(HttpServletRequest httpServletRequest, String str, String str2) {
        Long l = pool.get(str);
        Long l2 = poolCount.get(str);
        if (l2 == null) {
            l2 = 0L;
        }
        if (l == null) {
            return false;
        }
        Long l3 = poolSend.get(str);
        if (l3 == null) {
            l3 = 0L;
        }
        if (System.currentTimeMillis() - l3.longValue() > PAGETIMEOUT) {
            poolSend.put(str, Long.valueOf(System.currentTimeMillis()));
            l2 = 0L;
        }
        Long valueOf = Long.valueOf(l2.longValue() + 1);
        poolCount.put(str, valueOf);
        if (valueOf.longValue() <= MAXCOUNT) {
            return System.currentTimeMillis() - l.longValue() <= 800;
        }
        if (valueOf.longValue() > MAXCOUNT && valueOf.longValue() < 103) {
            sendToDingDing(httpServletRequest, str, str2, "too frequently");
        }
        return true;
    }

    public static void main(String[] strArr) {
        Map<String, Long> map = userIpCount.get("123");
        if (map == null) {
            map = new HashMap<>();
            userIpCount.put("123", map);
        }
        map.put("1", Long.valueOf(System.currentTimeMillis()));
        map.put("2", Long.valueOf(System.currentTimeMillis()));
        map.put("3", Long.valueOf(System.currentTimeMillis()));
        map.put("4", Long.valueOf(System.currentTimeMillis()));
        map.put("5", Long.valueOf(System.currentTimeMillis() - 3660000));
        map.put("6", 1L);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Long> entry : map.entrySet()) {
            if (System.currentTimeMillis() - entry.getValue().longValue() > 3600000) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            map.remove(((Map.Entry) it.next()).getKey());
        }
        System.out.println(map.size());
    }

    private void pageAlert(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getSession().getAttribute("jvc_last_page");
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.indexOf("netbar") == -1) {
            return;
        }
        if (str == null || !str.equalsIgnoreCase(requestURI)) {
            httpServletRequest.getSession().setAttribute("jvc_last_page", requestURI);
            httpServletRequest.getSession().setAttribute("jvc_last_page_count", 1);
            return;
        }
        if (requestURI.toLowerCase().endsWith(".jsp") && !isWhitePage(requestURI)) {
            Integer num = (Integer) httpServletRequest.getSession().getAttribute("jvc_last_page_count");
            if (num == null) {
                num = 0;
            }
            Integer valueOf = Integer.valueOf(num.intValue() + 1);
            httpServletRequest.getSession().setAttribute("jvc_last_page_count", valueOf);
            if (valueOf.intValue() <= 100 || valueOf.intValue() >= 104) {
                return;
            }
            sendToDingDing(httpServletRequest, RequestUtils.getIp(httpServletRequest), requestURI, "same page alert");
        }
    }

    private void sendToDingDing(HttpServletRequest httpServletRequest, String str, String str2, String str3) {
        String str4 = String.valueOf(String.valueOf(String.valueOf("\r\nip:" + str) + "\r\nuri:" + str2) + "\r\nuser:" + getUserId(httpServletRequest)) + IOUtils.LINE_SEPARATOR_WINDOWS + str3;
        StringBuilder sb = new StringBuilder(String.valueOf(AlertUrl));
        sb.append(StringUtils.urlEncode(str4));
        NetUtils.getHtmlSource2(sb.toString());
    }

    private void stopUser(String str) {
        try {
            File file = new File(String.valueOf(AppUtils.AppPath) + "/config/stop_netbar.properties");
            if (!file.exists()) {
                file.createNewFile();
            }
            Psys.load(new FileInputStream(file));
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            Psys.put(str, "1");
            Psys.store(fileOutputStream, "utf-8");
            fileOutputStream.close();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static int toInt(String str) {
        if (str == null) {
            return 0;
        }
        try {
            return Integer.parseInt(str);
        } catch (Exception unused) {
            return 0;
        }
    }

    public void destroy() {
    }

    public void doAlertIp(ServletRequest servletRequest) {
        String ip = RequestUtils.getIp(servletRequest);
        if (IpMap.containsKey(ip)) {
            System.out.println("AlertIP:" + ip);
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String requestURI = httpServletRequest.getRequestURI();
            String str = String.valueOf("\r\nip:" + ip) + "\r\nuri:" + requestURI;
            System.out.println("uri:" + requestURI);
            boolean z = false;
            if (requestURI.toLowerCase().endsWith("login.jsp")) {
                if (servletRequest.getParameter("userid") != null) {
                    str = String.valueOf(str) + "\r\nuserid:" + servletRequest.getParameter("userid");
                }
                if (servletRequest.getParameter("userId") != null) {
                    str = String.valueOf(str) + "\r\nuserId:" + servletRequest.getParameter("userId");
                }
                z = true;
            }
            String str2 = String.valueOf(str) + "\r\nuser:" + getUserId(httpServletRequest);
            if (System.currentTimeMillis() - IpMap.get(ip).longValue() >= Constants.ASSEMBLE_PUSH_NETWORK_INTERVAL || z) {
                IpMap.put(ip, Long.valueOf(System.currentTimeMillis()));
                String str3 = String.valueOf(AlertUrl) + StringUtils.urlEncode(str2);
                System.out.println(" AlertUrl:" + str3);
                if (AlertUrl == null) {
                    return;
                }
                String htmlSource2 = NetUtils.getHtmlSource2(str3);
                if (htmlSource2 == null) {
                    htmlSource2 = "发送失败!";
                }
                System.out.println(htmlSource2);
            }
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        servletRequest.getParameter("abc");
        MyRequestWrapper myRequestWrapper = new MyRequestWrapper((HttpServletRequest) servletRequest);
        pageAlert(myRequestWrapper);
        doAlertIp(myRequestWrapper);
        if (doTimeout(myRequestWrapper)) {
            servletResponse.getWriter().print("");
            return;
        }
        if (!isAllowUserIpCount(myRequestWrapper)) {
            servletResponse.getWriter().print("");
            return;
        }
        if (!checkParamInject(myRequestWrapper)) {
            servletResponse.getWriter().print("not safe param");
        } else if (checkUnSafeUpload(myRequestWrapper)) {
            filterChain.doFilter(myRequestWrapper, servletResponse);
        } else {
            servletResponse.getWriter().print("not safe upload");
        }
    }

    public boolean doTimeout(ServletRequest servletRequest) {
        HttpServletRequest httpServletRequest;
        String requestURI;
        try {
            httpServletRequest = (HttpServletRequest) servletRequest;
            requestURI = httpServletRequest.getRequestURI();
        } catch (Exception unused) {
        }
        if (!isBlackPage(requestURI)) {
            return false;
        }
        String ip = RequestUtils.getIp(servletRequest);
        if (!isIpTimeout(httpServletRequest, ip, requestURI)) {
            pool.put(ip, Long.valueOf(System.currentTimeMillis()));
            return false;
        }
        return true;
    }

    public void init(FilterConfig filterConfig) {
    }

    public boolean isAllowUserIpCount(ServletRequest servletRequest) {
        String userId;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        if (!isBlackPage(requestURI) || (userId = getUserId(httpServletRequest)) == null) {
            return true;
        }
        Map<String, Long> map = userIpCount.get(userId);
        if (map == null) {
            map = new HashMap<>();
            userIpCount.put(userId, map);
        }
        String ip = RequestUtils.getIp(servletRequest);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Long> entry : map.entrySet()) {
            if (System.currentTimeMillis() - entry.getValue().longValue() > PAGETIMEOUT) {
                hashMap.put(entry.getKey(), entry.getValue());
            }
        }
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            map.remove(((Map.Entry) it.next()).getKey());
        }
        if (map.containsKey(ip)) {
            map.put(ip, Long.valueOf(System.currentTimeMillis()));
            return true;
        }
        if (map.size() < 3) {
            map.put(ip, Long.valueOf(System.currentTimeMillis()));
            return true;
        }
        boolean z = AppUtils.getInt("safefilter_close_too_many_ip") == 1;
        StringBuilder sb = new StringBuilder("user:");
        sb.append(userId);
        sb.append(" too many ip");
        sb.append(z ? "!" : "");
        sendToDingDing(httpServletRequest, ip, requestURI, sb.toString());
        return z;
    }

    public boolean isBlackPage(String str) {
        int i = 0;
        while (true) {
            String[] strArr = blacklist;
            if (i >= strArr.length) {
                return false;
            }
            if (str.indexOf(strArr[i]) != -1) {
                return true;
            }
            i++;
        }
    }

    public boolean isWhitePage(String str) {
        int i = 0;
        while (true) {
            String[] strArr = whitelist;
            if (i >= strArr.length) {
                return false;
            }
            if (str.indexOf(strArr[i]) != -1) {
                return true;
            }
            i++;
        }
    }
}
