package com.mbap.core.ct;

import com.mbap.util.lang.StringUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.collections.CollectionUtils;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Element;
import org.jsoup.safety.Whitelist;

/* loaded from: input_file:com/mbap/core/ct/CommonUtil.class */
public class CommonUtil {
    public static final HashMap<String, String> regxMap = new HashMap<>();

    public static String getSqlStr(int i) {
        StringBuilder sb = new StringBuilder();
        for (int i2 = 0; i2 < i; i2++) {
            sb.append("?,");
        }
        return sb.length() > 1 ? sb.substring(0, sb.length() - 1) : sb.toString();
    }

    public static String getSqlStr(String str) {
        String[] split = str.split(",");
        return (split == null || split.length <= 0) ? str : getSqlStr(split.length);
    }

    public static String transOrSQL(String str, int i) {
        StringBuilder sb = new StringBuilder();
        sb.append("1=2");
        for (int i2 = 0; i2 < i; i2++) {
            sb.append(" or " + str + " = ? ");
        }
        return sb.toString();
    }

    public static List<Object> convertSql(String str, String str2, List<Object> list) {
        ArrayList arrayList = new ArrayList();
        WhereStatementWrapper parseWhere2Wrapper = CTProcesser.parseWhere2Wrapper(str, str2, new Object[0]);
        arrayList.add(parseWhere2Wrapper.getStatement());
        Object[] params = parseWhere2Wrapper.getParams();
        if (CollectionUtils.isEmpty(list)) {
            arrayList.add(params);
        } else {
            for (Object obj : params) {
                list.add(obj);
            }
            arrayList.add(list.toArray());
        }
        return arrayList;
    }

    public static String preventAttack(String[] strArr, String str) {
        for (int i = 0; i < strArr.length; i++) {
            if (str.indexOf(strArr[i]) >= 0 && Pattern.compile("\\S" + strArr[i] + "\\S||\\S" + strArr[i] + "||" + strArr[i] + "\\S", 32).matcher(str).find()) {
                str = str.replace(strArr[i], " " + strArr[i] + " ");
            }
        }
        return str;
    }

    public static String preventAttackScript(String str) {
        String str2 = "====\" alert(\"1\");\"====aabcc alert()";
        Matcher matcher = Pattern.compile("alert[(]{1}((?!\\)).)*[)]{1}", 32).matcher(str2);
        while (matcher.find()) {
            int groupCount = matcher.groupCount();
            for (int i = 0; i < groupCount; i++) {
                str2 = str2.replace(matcher.group(i), "");
            }
        }
        return str2;
    }

    public static String cleanScript(String str) {
        Iterator<String> it = regxMap.values().iterator();
        while (it.hasNext()) {
            str = preventAttackWithRegx(it.next(), str);
        }
        return str;
    }

    public static String preventAttackWithRegx(String str, String str2) {
        Matcher matcher = Pattern.compile(str, 32).matcher(str2);
        while (matcher.find()) {
            int groupCount = matcher.groupCount();
            for (int i = 0; i < groupCount; i++) {
                str2 = str2.replace(matcher.group(i), "");
            }
        }
        return str2;
    }

    public static void main(String[] strArr) {
        System.out.println("<p STYLE=\"background-image:url(javascript:alert('XSS'))\">");
        System.out.println(cleanScript("<p STYLE=\"background-image:url(javascript:alert('XSS'))\">"));
    }

    public static String cleanForCms(String str) {
        try {
            if (!StringUtil.isNotEmpty(str)) {
                return str;
            }
            boolean z = str.indexOf("<body") >= 0;
            boolean z2 = str.indexOf("<html") >= 0;
            boolean z3 = str.indexOf("<head") >= 0;
            Document parse = Jsoup.parse(str);
            Iterator it = parse.getAllElements().iterator();
            while (it.hasNext()) {
                Element element = (Element) it.next();
                if ("script".equals(element.tagName()) || "button".equals(element.tagName()) || "iframe".equals(element.tagName())) {
                    element.remove();
                }
                element.removeAttr("onClick");
                element.removeAttr("ondblclick");
                element.removeAttr("onfocus");
                element.removeAttr("onblur");
                element.removeAttr("onmousedown");
                element.removeAttr("onmouseup");
                element.removeAttr("onmouseover");
                element.removeAttr("onmousemove");
                element.removeAttr("onmouseout");
                element.removeAttr("onkeypress");
                element.removeAttr("onkeydown");
                element.removeAttr("onkeyup");
                element.removeAttr("onunload");
                element.removeAttr("onload");
                element.removeAttr("onerror");
                element.removeAttr("class");
                element.removeAttr("id");
            }
            String html = parse.html();
            if (!z2) {
                html = html.replaceAll("<html>", "").replaceAll("</html>", "");
            }
            if (!z3) {
                html = html.replaceAll("<head>", "").replaceAll("</head>", "");
            }
            if (!z) {
                html = parse.body().html();
            }
            return cleanScript(html);
        } catch (Exception e) {
            return "";
        }
    }

    public static String JsoupClean(String str) {
        if (!StringUtil.isNotEmpty(str)) {
            return str;
        }
        Whitelist relaxed = Whitelist.relaxed();
        relaxed.addTags(new String[]{"embed"});
        relaxed.addAttributes(":all", new String[]{"style"});
        relaxed.addAttributes(":all", new String[]{"class"});
        relaxed.removeAttributes(":all", new String[]{"onClick"});
        relaxed.removeAttributes(":all", new String[]{"ondblclick"});
        relaxed.removeAttributes(":all", new String[]{"onfocus"});
        relaxed.removeAttributes(":all", new String[]{"onblur"});
        relaxed.removeAttributes(":all", new String[]{"onmousedown"});
        relaxed.removeAttributes(":all", new String[]{"onmouseup"});
        relaxed.removeAttributes(":all", new String[]{"onmouseover"});
        relaxed.removeAttributes(":all", new String[]{"onmousemove"});
        relaxed.removeAttributes(":all", new String[]{"onmouseout"});
        relaxed.removeAttributes(":all", new String[]{"onkeypress"});
        relaxed.removeAttributes(":all", new String[]{"onkeydown"});
        relaxed.removeAttributes(":all", new String[]{"onkeyup"});
        relaxed.removeAttributes(":all", new String[]{"onunload"});
        relaxed.removeAttributes(":all", new String[]{"onload"});
        relaxed.removeAttributes(":all", new String[]{"onerror"});
        return Jsoup.clean(str, relaxed);
    }

    public static String escape(String str) {
        if (StringUtil.isEmpty(str)) {
            return str;
        }
        String str2 = str;
        if (Pattern.compile("<||>||\\s||\"").matcher(str).find()) {
            str2 = str2.replaceAll("<", "&lt;").replaceAll(">", "&gt;");
        }
        return str2.replaceAll("&#65279", " ");
    }

    public static String trimAll(String str) {
        return str != null ? Pattern.compile("\\s*|\t|\r|\n").matcher(str).replaceAll("") : "";
    }

    public static <T> List<T> parseArrToList(T[] tArr) {
        return new ArrayList(Arrays.asList(tArr));
    }

    static {
        regxMap.put("alert", "alert[(]{1}((?!\\)).)*[)]{1}");
        regxMap.put("eval", "eval[(]{1}((?!\\)&&?!\\().)*[)]{1}");
        regxMap.put("style", "style=.+:expression[(]{1}(.)+[)]{1}\\s{0,100}[\"']{1}");
    }
}
