package com.sinosoftgz.starter.custom.security.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/sinosoftgz/starter/custom/security/filter/InjectionAttackFilter.class */
public class InjectionAttackFilter implements Filter {
    private static final String X_FRAME_VALUE = "SAMEORIGIN";
    private static final String X_FRAME_HEADER = "X-FRAME-OPTIONS";
    public static final String FILTER_XSS_PARAM_NAME = "filter_xss";
    public static final String FILTER_SQL_INJECTION_PARAM_NAME = "filter_sql_injection";
    public static final String CLICK_JACKING_HEADER = "click_jacking_header";
    boolean filterXSS = true;
    boolean filterSQL = true;
    boolean clickJacking = true;

    public void setFilterXSS(boolean z) {
        this.filterXSS = z;
    }

    public void setFilterSQL(boolean z) {
        this.filterSQL = z;
    }

    public void setClickJacking(boolean z) {
        this.clickJacking = z;
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        InjectionAttackWrapper injectionAttackWrapper = new InjectionAttackWrapper((HttpServletRequest) servletRequest, this.filterXSS, this.filterSQL);
        filterClickJack(servletResponse);
        filterChain.doFilter(injectionAttackWrapper, servletResponse);
    }

    private void filterClickJack(ServletResponse servletResponse) {
        if (this.clickJacking && (servletResponse instanceof HttpServletResponse)) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (httpServletResponse.containsHeader(X_FRAME_HEADER)) {
                return;
            }
            httpServletResponse.addHeader(X_FRAME_HEADER, X_FRAME_VALUE);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(FILTER_XSS_PARAM_NAME);
        String initParameter2 = filterConfig.getInitParameter(FILTER_SQL_INJECTION_PARAM_NAME);
        String initParameter3 = filterConfig.getInitParameter(CLICK_JACKING_HEADER);
        if (StringUtils.hasText(initParameter)) {
            this.filterXSS = new Boolean(initParameter).booleanValue();
        }
        if (StringUtils.hasText(initParameter2)) {
            this.filterSQL = new Boolean(initParameter2).booleanValue();
        }
        if (StringUtils.hasText(initParameter3)) {
            this.clickJacking = new Boolean(initParameter3).booleanValue();
        }
    }
}
