package org.apache.shiro.web.filter;

import com.baomidou.mybatisplus.core.toolkit.StringPool;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.util.WebUtils;

/* loaded from: input_file:BOOT-INF/lib/shiro-web-1.11.0.jar:org/apache/shiro/web/filter/InvalidRequestFilter.class */
public class InvalidRequestFilter extends AccessControlFilter {
    private static final List<String> SEMICOLON = Collections.unmodifiableList(Arrays.asList(";", "%3b", "%3B"));
    private static final List<String> BACKSLASH = Collections.unmodifiableList(Arrays.asList(StringPool.BACK_SLASH, "%5c", "%5C"));
    private boolean blockSemicolon = true;
    private boolean blockBackslash;
    private boolean blockNonAscii;

    public InvalidRequestFilter() {
        this.blockBackslash = !Boolean.getBoolean(WebUtils.ALLOW_BACKSLASH);
        this.blockNonAscii = true;
    }

    @Override // org.apache.shiro.web.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        return isValid(http.getRequestURI()) && isValid(http.getServletPath()) && isValid(http.getPathInfo());
    }

    private boolean isValid(String str) {
        return (StringUtils.hasText(str) && (containsSemicolon(str) || containsBackslash(str) || containsNonAsciiCharacters(str))) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.shiro.web.filter.AccessControlFilter
    public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        WebUtils.toHttp(servletResponse).sendError(400, "Invalid request");
        return false;
    }

    private boolean containsSemicolon(String str) {
        if (!isBlockSemicolon()) {
            return false;
        }
        Stream<String> stream = SEMICOLON.stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    private boolean containsBackslash(String str) {
        if (!isBlockBackslash()) {
            return false;
        }
        Stream<String> stream = BACKSLASH.stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    private boolean containsNonAsciiCharacters(String str) {
        return isBlockNonAscii() && !containsOnlyPrintableAsciiCharacters(str);
    }

    private static boolean containsOnlyPrintableAsciiCharacters(String str) {
        int length = str.length();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt < ' ' || charAt > '~') {
                return false;
            }
        }
        return true;
    }

    public boolean isBlockSemicolon() {
        return this.blockSemicolon;
    }

    public void setBlockSemicolon(boolean z) {
        this.blockSemicolon = z;
    }

    public boolean isBlockBackslash() {
        return this.blockBackslash;
    }

    public void setBlockBackslash(boolean z) {
        this.blockBackslash = z;
    }

    public boolean isBlockNonAscii() {
        return this.blockNonAscii;
    }

    public void setBlockNonAscii(boolean z) {
        this.blockNonAscii = z;
    }
}
