package com.asiainfo.pageframe.srv.channel;

import com.ai.appframe2.common.AIConfigManager;
import com.ai.appframe2.common.SessionManager;
import com.ai.appframe2.complex.util.EscapeURLDecoder;
import com.ai.appframe2.util.locale.AppframeLocaleFactory;
import com.asiainfo.pageframe.data.RequestChannelParameter;
import com.asiainfo.pageframe.data.SessionData;
import com.asiainfo.tools.sermgr.ITask;
import com.asiainfo.tools.sermgr.SerParameters;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/asiainfo/pageframe/srv/channel/URLSecurityCheck.class */
public class URLSecurityCheck implements ITask {
    private static transient Log log = LogFactory.getLog(URLSecurityCheck.class);
    private static String DEFAULT_ILLEGAL_CHAR_CHECK = "document.cookie|href|script|select |select/|select\\(|select\\*|insert |insert/|insert\\(|insert\\*|update |update/|update\\(|update\\*|delete |delete/|delete\\(|delete\\*|truncate |truncate/|truncate\\(|truncate\\*|exec |exec/|exec\\(|exec\\*|drop |drop/|drop\\(|drop\\*";
    private static Pattern PATTERN;

    static {
        PATTERN = Pattern.compile(DEFAULT_ILLEGAL_CHAR_CHECK);
        try {
            String configItem = AIConfigManager.getConfigItem("ILLEGAL_CHAR_CHECK");
            if (StringUtils.isBlank(configItem)) {
                log.error(AppframeLocaleFactory.getResource("com.ai.appframe2.web.filter.LoginFilter.use_default", new String[]{DEFAULT_ILLEGAL_CHAR_CHECK}));
            } else {
                try {
                    PATTERN = Pattern.compile(configItem);
                    log.error(AppframeLocaleFactory.getResource("com.ai.appframe2.web.filter.LoginFilter.use_error", new String[]{configItem}));
                } catch (Exception e) {
                    PATTERN = Pattern.compile(DEFAULT_ILLEGAL_CHAR_CHECK);
                    log.error(AppframeLocaleFactory.getResource("com.ai.appframe2.web.filter.LoginFilter.use_error_default", new String[]{configItem, DEFAULT_ILLEGAL_CHAR_CHECK}), e);
                }
            }
        } catch (Exception e2) {
            log.error(e2);
        }
    }

    @Override // com.asiainfo.tools.sermgr.ITask
    public void doTask(SerParameters serParameters) throws Exception {
        SessionData sessionData;
        RequestChannelParameter requestChannelParameter = (RequestChannelParameter) serParameters;
        if (SessionManager.getUser() == null && requestChannelParameter.getRequest().getSession() != null && requestChannelParameter.getRequest().getSession().getAttribute("sessionData") != null && (sessionData = (SessionData) requestChannelParameter.getRequest().getSession().getAttribute("sessionData")) != null && sessionData.getUserInfo() != null) {
            SessionManager.setUser(sessionData.getUserInfo());
        }
        String queryString = requestChannelParameter.getRequest().getQueryString();
        if (!StringUtils.isBlank(queryString) && PATTERN.matcher(EscapeURLDecoder.decode(queryString.toLowerCase())).find()) {
            throw new Exception(AppframeLocaleFactory.getResource("com.ai.appframe2.web.filter.char_error"));
        }
    }
}
