package com.shiji.core.util;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/shiji/core/util/JsonSanitizer.class */
public class JsonSanitizer {
    private static final Logger log = LoggerFactory.getLogger(JsonSanitizer.class);

    private static String escapeHtml(String str) {
        return str.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;");
    }

    private static boolean containsSpecialChars(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        return str.contains("&") || str.contains("<") || str.contains(">");
    }

    private static void sanitizeJsonNode(Object obj) {
        if (!(obj instanceof JSONObject)) {
            if (obj instanceof JSONArray) {
                JSONArray jSONArray = (JSONArray) obj;
                for (int i = 0; i < jSONArray.size(); i++) {
                    sanitizeJsonNode(jSONArray.get(i));
                }
                return;
            }
            return;
        }
        JSONObject jSONObject = (JSONObject) obj;
        for (String str : jSONObject.keySet()) {
            Object obj2 = jSONObject.get(str);
            if (obj2 instanceof String) {
                String str2 = (String) obj2;
                if (containsSpecialChars(str2)) {
                    jSONObject.put(str, escapeHtml(str2));
                }
            } else {
                sanitizeJsonNode(obj2);
            }
        }
    }

    public static String sanitizeJson(String str) {
        try {
            JSONObject parseObject = JSON.parseObject(str);
            sanitizeJsonNode(parseObject);
            return parseObject.toJSONString();
        } catch (Exception e) {
            log.info(">>> 入参不是json : {}", str);
            return str;
        }
    }

    public static JSONObject sanitizeJson(JSONObject jSONObject) {
        sanitizeJsonNode(jSONObject);
        return jSONObject;
    }

    public static void main(String[] strArr) {
        long currentTimeMillis = System.currentTimeMillis();
        String sanitizeJson = sanitizeJson("{\"key1\":\"value with < and > and &\",\"key2\":{\"nestedKey\":\"nested value with < and >\"},\"key3\":[\"array value with < and >\", {\"deepNestedKey\":\"deep nested value with < and >\"}],\"key4\":{\"subKey1\":\"<div>Some HTML content</div>\",\"subKey2\":\"<script>alert('XSS');</script>\",\"subKey3\":[\"<img src='x' onerror='alert(1)'>\",\"normal value\",{\"innerKey\":\"<a href='http://example.com'>link</a> & some text\"}]},\"key5\":\"normal value\",\"key6\":[{\"complexKey\":\"Complex value with < and > and &\"}]}");
        long currentTimeMillis2 = System.currentTimeMillis();
        System.out.println("Sanitized JSON:");
        System.out.println(sanitizeJson);
        System.out.println("Time taken: " + (currentTimeMillis2 - currentTimeMillis) + "ms");
    }
}
