package com.huawei.hadoop.adapter.sso;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLDecoder;
import java.util.Locale;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.io.IOUtils;
import org.eclipse.jetty.http.BadMessageException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/huawei/hadoop/adapter/sso/XSSFilter.class */
public class XSSFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(XSSFilter.class);
    private static final String REG_EXP = "((https?|ftp|gopher|telnet|file):((//)|(\\\\))+[\\[\\]\\w\\u4e00-\\u9eff!\\d:#@%/;\\$\\^()~_?\\+-=\\\\\\.&\\*]*)";
    private static final Pattern REG_PATTERN = Pattern.compile(REG_EXP);

    public void init(FilterConfig filterConfig) throws ServletException {
        LOG.info("Inside URLValidationFilter");
    }

    public void destroy() {
        LOG.info("Destroying URLValidationFilter");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            LOG.error("Not a valid request");
            return;
        }
        if (!(servletResponse instanceof HttpServletResponse)) {
            LOG.error("Not a valid response type");
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("X-Frame-Options", "SAMEORIGIN");
        httpServletResponse.setHeader("X-XSS-Protection", "1; mode=block");
        httpServletResponse.setHeader("X-Content-Type-Options", "nosniff");
        httpServletResponse.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload");
        httpServletResponse.setHeader("Cache-Control", "no-cache, no-store");
        httpServletResponse.setHeader("Server", "FusionInsight");
        String str = httpServletRequest.getRequestURL().toString() + '?' + httpServletRequest.getQueryString();
        try {
            String lowerCase = URLDecoder.decode(str, "UTF-8").toLowerCase(Locale.getDefault());
            if (!validateURL(str) || lowerCase.contains("<script") || lowerCase.contains("<iframe") || lowerCase.contains("<frame") || lowerCase.contains("javascript:")) {
                LOG.error("Requested URL is not supported");
                return;
            }
            if (!StringUtils.startsWith(new URL(str).getPath().toLowerCase(Locale.getDefault()), "/logs")) {
                if (XXSProcessor.isXSSpossible(str)) {
                    LOG.error("Requested URL is not supported");
                    return;
                }
                try {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                } catch (BadMessageException e) {
                    LOG.error("Failed to access {}", str, e);
                    httpServletResponse.sendError(e.getCode(), e.getMessage());
                    return;
                } catch (Exception e2) {
                    LOG.error("Failed to access {}", str, e2);
                    httpServletResponse.sendError(500, e2.getMessage());
                    return;
                }
            }
            LOG.error("Requested log URL is not supported");
            httpServletResponse.setHeader("content-type", "text/html;charset=UTF-8");
            ServletOutputStream outputStream = httpServletResponse.getOutputStream();
            try {
                try {
                    outputStream.write("<h1><font color=\"#FF0000\";><br></font></h1><p style=\"font-size:20px;color:black;font-family:Geneva, sans-serif, Microsoft YaHei, Verdana\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Could not access logs page! </p>".getBytes("UTF-8"));
                    IOUtils.closeStream(outputStream);
                } catch (IOException e3) {
                    IOException iOException = new IOException(e3.getCause());
                    iOException.setStackTrace(e3.getStackTrace());
                    LOG.error("Exception occured while write logs response HTML.", iOException);
                    IOUtils.closeStream(outputStream);
                }
            } catch (Throwable th) {
                IOUtils.closeStream(outputStream);
                throw th;
            }
        } catch (UnsupportedEncodingException e4) {
            LOG.error("Requested URL is not supported");
        }
    }

    private boolean validateURL(String str) {
        return REG_PATTERN.matcher(str).matches();
    }
}
