package com.ajaxjs.security;

import com.ajaxjs.util.CommonUtil;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;

/* loaded from: input_file:com/ajaxjs/security/SecurityResponse.class */
public class SecurityResponse extends HttpServletResponseWrapper {
    public static ListControl delegate = new ListControl();
    private static final int MAX_COOKIE_SIZE = 4096;

    public SecurityResponse(HttpServletResponse httpServletResponse) {
        super(httpServletResponse);
    }

    public void addCookie(Cookie cookie) {
        String name = cookie.getName();
        String value = cookie.getValue();
        if (containCLRF(name)) {
            throw new SecurityException("Cookie 名称不能包含 CLRF 字符，该 cookie 是 ：" + name);
        }
        Cookie cookie2 = new Cookie(name, filterCLRF(value));
        cookie2.setComment(cookie.getComment());
        if (cookie.getDomain() != null) {
            cookie2.setDomain(cookie.getDomain());
        }
        cookie2.setHttpOnly(cookie.isHttpOnly());
        cookie2.setMaxAge(cookie.getMaxAge());
        cookie2.setPath(cookie.getPath());
        cookie2.setSecure(cookie.getSecure());
        cookie2.setVersion(cookie.getVersion());
        if (cookie.getValue().length() > MAX_COOKIE_SIZE) {
            throw new SecurityException("超出 Cookie 允许容量：4096");
        }
        if (!delegate.isInWhiteList(cookie.getName())) {
            throw new SecurityException("cookie: " + cookie.getName() + " 不在白名单中，添加无效！");
        }
        super.addCookie(cookie2);
    }

    public void setDateHeader(String str, long j) {
        super.setDateHeader(filterCLRF(str), j);
    }

    public void setIntHeader(String str, int i) {
        super.setIntHeader(filterCLRF(str), i);
    }

    public void addHeader(String str, String str2) {
        super.addHeader(filterCLRF(str), filterCLRF(XssChecker.clean(str2)));
    }

    public void setHeader(String str, String str2) {
        super.setHeader(filterCLRF(str), filterCLRF(XssChecker.clean(str2)));
    }

    private static String filterCLRF(String str) {
        if (CommonUtil.isEmptyString(str)) {
            return str;
        }
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) != '\r' && str.charAt(i) != '\n') {
                sb.append(str.charAt(i));
            }
        }
        return sb.toString();
    }

    private static boolean containCLRF(String str) {
        if (CommonUtil.isEmptyString(str)) {
            return false;
        }
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) == '\r' || str.charAt(i) == '\n') {
                return true;
            }
        }
        return false;
    }

    public void setStatus(int i, String str) {
        super.setStatus(i, XssChecker.clean(str));
    }
}
