package com.esen.util.security;

import com.esen.util.FileFunc;
import com.esen.util.StrFunc;
import com.esen.util.StringMap;
import com.esen.util.exp.ExpUtil;
import com.esen.util.i18n.I18N;
import com.esen.util.macro.impl.MacroResolveImpl;
import java.io.File;
import java.io.StringWriter;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:com/esen/util/security/SecurityFunc.class */
public class SecurityFunc {
    public static final String PER_NUM = "^-?((0|[1-9]\\d*)\\.)?\\d+%$";
    public static final String PIX_NUM = "^-?((0|[1-9]\\d*)\\.)?\\d+px$";
    public static final Pattern IDENTIFIER = Pattern.compile("[-.\\w]+");
    public static final Pattern MULTIIDENTIFIER = Pattern.compile("[-\\w,;\\.\\{\\}\\[\\]]+");
    public static final Pattern BI_IDENTIFIER = Pattern.compile("[\\w]+");
    public static final Pattern SCRIPT_XSS = Pattern.compile(".*?((<|\\%3c).*(script.*?(>|\\%3e))|((<|\\%3c)((img)|(frame)|(a))[^\\w]+.*?[\\/]?(>|\\%3e))|(javascript)|(/\\.source)|((style).*(:|%3a).*?(expression)|(\\/\\*.*\\*\\/))|((content-type(:|(\\%3a)).*(;|(\\%3b)))+)|((<|\\%3c)\\/.*(script.*?(>|\\%3e)))).*?", 34);
    public static final Pattern SCRIPT_SQLINJ = Pattern.compile("[\\s\\S]*(([\"'=><!]|(\\%27)|(\\%uFF07)|(%22))|(\\s+(?-i:union|having|join|from|select|update|delete|where|or|and|not|between|like|is)+\\s+))[\\s\\S]*");
    public static final Pattern INTEGER = Pattern.compile("[+-]?\\d+");
    public static final Pattern NUMBER = Pattern.compile("[+-]?\\d+(\\.\\d+[E|e]?\\d+)?");
    public static final Pattern URLPATH = Pattern.compile("(../)*([\\w]+(/))*([\\w]+(.(\\w)+)?)");
    public static Pattern RESID = Pattern.compile("[\\wࠀ-龥~/$\\-( |&#xA0;)\\.,，\\{\\}\\(\\)（）@]+");
    public static Pattern MULTIRESID = Pattern.compile("[\\wࠀ-龥~/$\\-( |&#xA0;)\\.,\\{\\}\\(\\)（）;\\[\\]]+");
    public static Pattern TABLENAME = Pattern.compile("[\\w$]+(.\\w*[A-Za-z0-9$]+)?");
    public static Pattern InJS = Pattern.compile("[\\s\\S]*(\"|'|`)+[\\s\\S]*(;|\\+|\\(|\\)|\\=|\\*|\\-|/|\\<|\\>)+?[\\s\\S]*");
    public static Pattern[] _patlist = {Pattern.compile("[\\S\\s]*(([^a-z]+onabort)|onabort[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onactivate)|onactivate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onafterprint)|onafterprint[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onafterupdate)|onafterupdate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforeactivate)|onbeforeactivate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforecopy)|onbeforecopy[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforecut)|onbeforecut[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforeeditfocus)|onbeforeeditfocus[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforepaste)|onbeforepaste[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforeprint)|onbeforeprint[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforeunload)|onbeforeunload[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbeforeupdate)|onbeforeupdate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onblur)|onblur[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onbounce)|onbounce[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+oncellchange)|oncellchange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onchange)|onchange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onclick)|onclick[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+oncontextmenu)|oncontextmenu[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+oncontrolselect)|oncontrolselect[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+oncopy)|oncopy[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+oncut)|oncut[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondataavailable)|ondataavailable[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondataavailable)|ondataavailable[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondatasetchanged)|ondatasetchanged[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondatasetcomplete)|ondatasetcomplete[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondblclick)|ondblclick[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondeactivate)|ondeactivate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondrag)|ondrag[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondragend)|ondragend[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondragenter)|ondragenter[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondragleave)|ondragleave[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondragover)|ondragover[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondragstart)|ondragstart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ondrop)|ondrop[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onerror)|onerror[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onerrorupdate)|onerrorupdate[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onfilterchange)|onfilterchange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onfinish)|onfinish[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onfocus)|onfocus[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onfocusin)|onfocusin[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onfocusout)|onfocusout[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onhelp)|onhelp[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onkeydown)|onkeydown[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onkeypress)|onkeypress[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onkeyup)|onkeyup[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onlayoutcomplete)|onlayoutcomplete[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onload)|onload[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onlosecapture)|onlosecapture[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmousedown)|onmousedown[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmouseenter)|onmouseenter[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmouseleave)|onmouseleave[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmousemove)|onmousemove[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmouseout)|onmouseout[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmouseover)|onmouseover[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmouseup)|onmouseup[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmousewheel)|onmousewheel[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmove)|onmove[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmoveend)|onmoveend[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmovestart)|onmovestart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onpaste)|onpaste[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onpropertychange)|onpropertychange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onreadystatechange)|onreadystatechange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onreset)|onreset[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onresize)|onresize[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onresizeend)|onresizeend[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onresizestart)|onresizestart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onrowenter)|onrowenter[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onrowexit)|onrowexit[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onrowsdelete)|onrowsdelete[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onrowsinserted)|onrowsinserted[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onscroll)|onscroll[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onselect)|onselect[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onselectionchange)|onselectionchange[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onselectstart)|onselectstart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onstart)|onstart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onpaste)|onpaste[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onmovestart)|onmovestart[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onstop)|onstop[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onsubmit)|onsubmit[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+onunload)|onunload[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+ontoggle)|ontoggle[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+prompt)|prompt[^a-z\\.]+)[\\S\\s]*", 2), Pattern.compile("[\\S\\s]*(([^a-z]+alert)|alert[^a-z\\.]+)[\\S\\s]*", 2)};
    public static final Pattern HEADSPLITTER = Pattern.compile("((?!(%0d|%0a)).)*", 2);
    public static final Pattern SCRIPT_LOGDESC = Pattern.compile("((?!(\\[info\\]|\\[debug\\]|\\[emerg\\]|\\[alert\\]|\\[crit\\]|\\[error\\]|\\[warn\\]|\\[notice\\]))[\\S\\s])*", 2);
    public static final Pattern XForwardedFor = Pattern.compile("[\\d]{1,3}.[\\d]{1,3}.[\\d]{1,3}.[\\d]{1,3}");
    public static final String JAVA_TEMP = getTempPath();

    public static String checkTableName(String str) throws IllegalArgumentException {
        return checkParam(null, str, TABLENAME);
    }

    public static String checkResID(String str) throws IllegalArgumentException {
        return checkParam(null, str, RESID);
    }

    public static final String checkInt(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, INTEGER);
    }

    public static final String checkNum(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, NUMBER);
    }

    public static String checkUrl(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkUrlValue(httpServletRequest, httpServletRequest.getParameter(str));
    }

    public static String checkUrlValue(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        if (null == str) {
            return null;
        }
        if (StrFunc.isNull(str)) {
            return "";
        }
        int indexOf = str.indexOf("?");
        if (indexOf != -1) {
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            checkParam(null, substring, URLPATH, false);
            str = substring + "?" + new StringMap(substring2, "&", MacroResolveImpl.EXP_MACRO_ASSIGN).toUrlParams();
        } else {
            checkParam(null, str, URLPATH, false);
        }
        String replaceAll = httpServletRequest.getRequestURI().replaceAll("/+", "/");
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath != null) {
            int charCount = StrFunc.charCount(replaceAll, '/');
            if ("".equals(contextPath)) {
                limitSubStrCount(str, "../", charCount);
            } else if (contextPath.startsWith("/")) {
                limitSubStrCount(str, "../", charCount - 1);
            }
        }
        return str;
    }

    private static void limitSubStrCount(String str, String str2, int i) {
        int indexOf;
        int i2 = 0;
        int i3 = 0;
        int length = str2.length();
        while (i2 != -1 && (indexOf = str.indexOf(str2, i2)) != -1) {
            i3++;
            i2 = indexOf + length;
        }
        if (i3 >= i) {
            throw new IllegalArgumentException("URL值'" + str + "'不合法。");
        }
    }

    public static void checkSQLParam(String[] strArr) throws IllegalArgumentException {
        for (String str : strArr) {
            checkSQLParam(str);
        }
    }

    public static String checkSQLParam(String str) throws IllegalArgumentException {
        return checkSQLParam(null, str);
    }

    public static String checkSQLParam(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, SCRIPT_SQLINJ, true);
    }

    public static String checkIdentifier(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, IDENTIFIER, false);
    }

    public static String checkXSSParam(String str) throws IllegalArgumentException {
        return checkXSSParam((HttpServletRequest) null, str);
    }

    public static String checkXSSParam(String str, boolean z) throws IllegalArgumentException {
        return checkXSSParam(null, str, z);
    }

    public static String checkXSSAndSQLParam(String str) throws IllegalArgumentException {
        return checkSQLParam(null, checkXSSParam((HttpServletRequest) null, str));
    }

    public static String checkXSSParam(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, SCRIPT_XSS, true, true);
    }

    public static String checkXSSParam(HttpServletRequest httpServletRequest, String str, boolean z) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, SCRIPT_XSS, true, !z);
    }

    public static String checkParam(HttpServletRequest httpServletRequest, String str, Pattern pattern) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, pattern, false);
    }

    public static String checkParam(HttpServletRequest httpServletRequest, String str, Pattern pattern, boolean z) {
        return checkParam(httpServletRequest, str, pattern, z, true);
    }

    public static String checkParam(HttpServletRequest httpServletRequest, String str, Pattern pattern, boolean z, boolean z2) throws IllegalArgumentException {
        String parameter = httpServletRequest != null ? httpServletRequest.getParameter(str) : str;
        if (StrFunc.isNull(parameter)) {
            return parameter;
        }
        String format2HtmlStr = StrFunc.format2HtmlStr(str);
        if (!(z ^ pattern.matcher(parameter).matches())) {
            throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", format2HtmlStr));
        }
        String format2HtmlStr2 = StrFunc.format2HtmlStr(parameter);
        if (!StrFunc.isNull(format2HtmlStr2) && !(z ^ pattern.matcher(format2HtmlStr2).matches())) {
            throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", format2HtmlStr));
        }
        if (pattern.equals(SCRIPT_XSS)) {
            checkScript(parameter, format2HtmlStr, z2);
        }
        return parameter;
    }

    private static void checkScript(String str, String str2, boolean z) {
        if (z && !isJsonArray(str) && !isJsonObject(str)) {
            checkSemicolon(str);
        }
        if (str.indexOf("\"") > -1 || str.indexOf(";") > -1 || str.indexOf("<") > -1) {
            checkPatlist(str, str2);
        }
    }

    private static void checkPatlist(String str, String str2) {
        for (int i = 0; i < _patlist.length; i++) {
            if (_patlist[i].matcher(str).matches()) {
                throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", str2));
            }
        }
    }

    public static String checkXForwarded(String str) {
        if (!StrFunc.isNull(str) && !XForwardedFor.matcher(str).matches()) {
            throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", StrFunc.format2HtmlStr(str)));
        }
        return str;
    }

    public static String checkSemicolon(String str) {
        if (StrFunc.isNull(str)) {
            return str;
        }
        try {
            str = StrFunc.unescape(str);
        } catch (Exception e) {
        }
        if (InJS.matcher(str).matches()) {
            throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", StrFunc.format2HtmlStr(str)));
        }
        return str;
    }

    public static String checkNum(String str) throws IllegalArgumentException {
        return checkParam(null, str, NUMBER);
    }

    public static String checkExttype(String str) throws IllegalArgumentException {
        return checkXSSParam(str);
    }

    public static String checkBoolean(String str) throws IllegalArgumentException {
        if (StrFunc.isNull(str) || ExpUtil.VALUE_TRUE_LOWER.equals(str) || ExpUtil.VALUE_FALSE_LOWER.equals(str)) {
            return str;
        }
        throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.1", "参数“{0}”含有非法字符", StrFunc.format2HtmlStr(str)));
    }

    public static String filter(String str) {
        if (str == null) {
            return null;
        }
        if ("".equals(str)) {
            return "";
        }
        StringWriter stringWriter = new StringWriter(str.length());
        stringWriter.getBuffer().append(str);
        return stringWriter.toString();
    }

    public static String filterSQL(String str) {
        return filter(str);
    }

    public static String filterUrl(String str) {
        return filter(str);
    }

    public static String filterFilePath(String str) {
        return filter(str);
    }

    public static String checkLogDesc(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, SCRIPT_LOGDESC, false);
    }

    public static String getAddress() throws UnknownHostException {
        return InetAddress.getLocalHost().getHostAddress();
    }

    public static String checkHttpHeader(HttpServletRequest httpServletRequest, String str) throws IllegalArgumentException {
        return checkParam(httpServletRequest, str, HEADSPLITTER, false);
    }

    public static File checkFile(String str, String str2, String str3) throws IllegalAccessException {
        int lastIndexOf;
        String format2HtmlStr = StrFunc.format2HtmlStr("路径值'" + str + "'不合法。");
        String filter = filter(str);
        String filter2 = filter(str2);
        File file = new File(filter);
        if (file != null && file.exists()) {
            if (!StrFunc.isNull(filter2) && !file.getAbsolutePath().startsWith(filter2)) {
                throw new IllegalAccessException(format2HtmlStr);
            }
            if (!StrFunc.isNull(str3) && (lastIndexOf = file.getName().lastIndexOf(ExpUtil.SYMBOL_DOT)) > -1) {
                if (!Pattern.compile(str3).matcher(file.getName().substring(lastIndexOf + 1)).matches()) {
                    throw new IllegalAccessException(format2HtmlStr);
                }
            }
        }
        return file;
    }

    public static String checkLength(String str) {
        if (!StrFunc.isNull(str) && str.length() >= 200) {
            throw new IllegalArgumentException(I18N.getString("com.esen.util.security.SecurityFunc.java.2", "参数“{0}”长度过长", StrFunc.format2HtmlStr(str)));
        }
        return str;
    }

    public static boolean isJsonObject(String str) {
        return !StrFunc.isNull(str) && str.charAt(0) == '{' && str.charAt(str.length() - 1) == '}';
    }

    public static boolean isJsonArray(String str) {
        return !StrFunc.isNull(str) && str.charAt(0) == '[' && str.charAt(str.length() - 1) == ']' && str.contains("{") && str.contains("}");
    }

    public static boolean isJSONArrayAlike(String str) {
        int length;
        return !StrFunc.isNull(str) && (length = str.length()) > 2 && str.charAt(0) == '[' && str.charAt(length - 1) == ']';
    }

    public static boolean isPerNum(String str) {
        return !StrFunc.isNull(str) && str.matches(PER_NUM);
    }

    public static boolean isPixNum(String str) {
        return !StrFunc.isNull(str) && str.matches(PIX_NUM);
    }

    private static String getTempPath() {
        return getSystemProperty("java.io.tmpdir");
    }

    public static String getSystemProperty(String str, String str2) {
        return filter(System.getProperty(str, str2));
    }

    public static String getSystemProperty(String str) {
        return filter(System.getProperty(str));
    }

    public static String checkFileName(String str) {
        if (FileFunc.isValidFileName(str)) {
            return str;
        }
        throw new IllegalArgumentException(I18N.getString("com.esen.util.security.securityfunc.illfilename", "“{0}”不是一个合法文件名", StrFunc.format2HtmlStr(str)));
    }
}
