package club.gclmit.gear4j.safe.core;

import club.gclmit.gear4j.core.utils.ArrayUtils;
import club.gclmit.gear4j.core.utils.IoUtils;
import club.gclmit.gear4j.safe.Gear4jSafeException;
import cn.hutool.core.util.CharsetUtil;
import com.alibaba.fastjson.JSONObject;
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.springframework.web.servlet.HandlerMapping;

/* loaded from: input_file:club/gclmit/gear4j/safe/core/SafeHttpServletRequestWrapper.class */
public class SafeHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public SafeHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    public String getHeader(String str) {
        return validaHandler(super.getHeader(str));
    }

    public String getParameter(String str) {
        return validaHandler(super.getParameter(str));
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (ArrayUtils.isNotEmpty(parameterValues) && SafeRules.isInjection(List.of((Object[]) parameterValues))) {
            throw new Gear4jSafeException("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!");
        }
        return super.getParameterValues(str);
    }

    public Object getAttribute(String str) {
        if (HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE.equals(str)) {
            Object attribute = super.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
            if (Objects.isNull(attribute)) {
                return attribute;
            }
            if (SafeRules.isInjection(JSONObject.toJSONString(attribute))) {
                throw new Gear4jSafeException("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!");
            }
        }
        return super.getAttribute(str);
    }

    public ServletInputStream getInputStream() throws IOException {
        if (SafeRules.isInjection(IoUtils.read(super.getInputStream(), CharsetUtil.CHARSET_UTF_8))) {
            throw new Gear4jSafeException("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!");
        }
        return super.getInputStream();
    }

    private String validaHandler(String str) {
        if (SafeRules.isInjection(str)) {
            throw new Gear4jSafeException("您所访问的页面请求中有违反安全规则元素存在，拒绝访问!");
        }
        return str;
    }
}
