package org.gbif.ws.server.filter;

import com.google.inject.Singleton;
import java.io.IOException;
import java.util.Enumeration;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.gbif.api.model.common.messaging.Response;
import org.gbif.ws.util.XSSUtil;

@Singleton
/* loaded from: input_file:WEB-INF/lib/gbif-common-ws-0.41.jar:org/gbif/ws/server/filter/XSSFilter.class */
public class XSSFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            checkParams(httpServletRequest.getHeaderNames(), httpServletRequest, servletResponse);
            if (XSSUtil.containsXSS(httpServletRequest.getQueryString())) {
                respondBadRequest(servletResponse);
            }
            checkParams(httpServletRequest.getParameterNames(), httpServletRequest, servletResponse);
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private static void checkParams(Enumeration<String> enumeration, HttpServletRequest httpServletRequest, ServletResponse servletResponse) throws IOException {
        while (enumeration.hasMoreElements()) {
            if (XSSUtil.containsXSS(httpServletRequest.getParameter(enumeration.nextElement()))) {
                respondBadRequest(servletResponse);
            }
        }
    }

    private static void respondBadRequest(ServletResponse servletResponse) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendError(Response.StatusCode.BAD_REQUEST.getCode().intValue());
    }
}
