package org.owasp.validator.html;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.validator.Var;
import org.owasp.validator.html.model.AntiSamyPattern;
import org.owasp.validator.html.model.Attribute;
import org.owasp.validator.html.model.Property;
import org.owasp.validator.html.model.Tag;
import org.owasp.validator.html.scan.Constants;
import org.owasp.validator.html.util.URIUtils;
import org.owasp.validator.html.util.XMLUtil;
import org.springframework.web.servlet.mvc.multiaction.ParameterMethodNameResolver;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/classes/stash-bundled-plugins.zip:atlassian-markup-plugin-0.5.1.jar:org/owasp/validator/html/Policy.class */
public class Policy {
    private static final String DEFAULT_POLICY_URI = "resources/antisamy.xml";
    private static final String DEFAULT_ONINVALID = "removeAttribute";
    public static final int DEFAULT_MAX_INPUT_SIZE = 100000;
    public static final int DEFAULT_MAX_STYLESHEET_IMPORTS = 1;
    public static final String OMIT_XML_DECLARATION = "omitXmlDeclaration";
    public static final String OMIT_DOCTYPE_DECLARATION = "omitDoctypeDeclaration";
    public static final String MAX_INPUT_SIZE = "maxInputSize";
    public static final String USE_XHTML = "useXHTML";
    public static final String FORMAT_OUTPUT = "formatOutput";
    public static final String EMBED_STYLESHEETS = "embedStyleSheets";
    public static final String CONNECTION_TIMEOUT = "connectionTimeout";
    public static final String ANCHORS_NOFOLLOW = "nofollowAnchors";
    public static final String VALIDATE_PARAM_AS_EMBED = "validateParamAsEmbed";
    public static final String PRESERVE_SPACE = "preserveSpace";
    public static final String PRESERVE_COMMENTS = "preserveComments";
    public static final String BLOCKS_TO_ISOLATE = "blocksToIsolate";
    public static final String OVERRIDE_XERCES_SERIALISATION_BUG = "fixXercesSerialisationBug";
    public static final String ENCODE_TAGS = "onUnknownTag";
    public static final String ACTION_VALIDATE = "validate";
    public static final String ACTION_FILTER = "filter";
    public static final String ACTION_TRUNCATE = "truncate";
    private HashMap commonRegularExpressions = new HashMap();
    private HashMap commonAttributes = new HashMap();
    private HashMap tagRules = new HashMap();
    private HashMap cssRules = new HashMap();
    private HashMap directives = new HashMap();
    private HashMap globalAttributes = new HashMap();
    private Set encodeTags = new HashSet();
    private ArrayList tagNames;
    public static final Pattern ANYTHING_REGEXP = Pattern.compile(".*");
    private static char REGEXP_BEGIN = '^';
    private static char REGEXP_END = '$';
    private static URL baseUrl = null;

    public boolean isTagInListToEncode(String str) {
        return this.encodeTags.contains(str);
    }

    public Tag getTagByName(String str) {
        return (Tag) this.tagRules.get(str.toLowerCase());
    }

    public Property getPropertyByName(String str) {
        return (Property) this.cssRules.get(str.toLowerCase());
    }

    public static Policy getInstance() throws PolicyException {
        return getInstance(DEFAULT_POLICY_URI);
    }

    public static Policy getInstance(String str) throws PolicyException {
        return getInstance(new File(str));
    }

    public static Policy getInstance(File file) throws PolicyException {
        try {
            return getInstance(file.toURI().toURL());
        } catch (IOException e) {
            throw new PolicyException(e);
        }
    }

    public static Policy getInstance(URL url) throws PolicyException {
        if (baseUrl == null) {
            setBaseURL(url);
        }
        return new Policy(url);
    }

    public static Policy getInstance(InputStream inputStream) throws PolicyException {
        return new Policy(inputStream);
    }

    private Policy(URL url) throws PolicyException {
        try {
            InputSource resolveEntity = resolveEntity(null, url.toExternalForm());
            if (resolveEntity == null) {
                resolveEntity = new InputSource(url.toExternalForm());
                resolveEntity.setByteStream(url.openStream());
            } else {
                resolveEntity.setSystemId(url.toExternalForm());
            }
            Element documentElement = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(resolveEntity).getDocumentElement();
            NodeList elementsByTagName = documentElement.getElementsByTagName("include");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                parsePolicy(getPolicy(XMLUtil.getAttributeValue((Element) elementsByTagName.item(i), "href")));
            }
            parsePolicy(documentElement);
        } catch (IOException e) {
            throw new PolicyException(e);
        } catch (ParserConfigurationException e2) {
            throw new PolicyException(e2);
        } catch (SAXException e3) {
            throw new PolicyException(e3);
        }
    }

    private Policy(InputStream inputStream) throws PolicyException {
        try {
            parsePolicy(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputStream).getDocumentElement());
        } catch (IOException e) {
            throw new PolicyException(e);
        } catch (ParserConfigurationException e2) {
            throw new PolicyException(e2);
        } catch (SAXException e3) {
            throw new PolicyException(e3);
        }
    }

    private void parsePolicy(Element element) throws PolicyException {
        if (element == null) {
            return;
        }
        parseCommonRegExps((Element) element.getElementsByTagName("common-regexps").item(0));
        parseDirectives((Element) element.getElementsByTagName("directives").item(0));
        parseCommonAttributes((Element) element.getElementsByTagName("common-attributes").item(0));
        parseGlobalAttributes((Element) element.getElementsByTagName("global-tag-attributes").item(0));
        NodeList elementsByTagName = element.getElementsByTagName("tags-to-encode");
        if (elementsByTagName != null && elementsByTagName.getLength() != 0) {
            parseTagsToEncode((Element) elementsByTagName.item(0));
        }
        parseTagRules((Element) element.getElementsByTagName("tag-rules").item(0));
        parseCSSRules((Element) element.getElementsByTagName("css-rules").item(0));
    }

    private Element getPolicy(String str) throws IOException, SAXException, ParserConfigurationException {
        InputSource inputSource = null;
        if (str != null && baseUrl != null) {
            try {
                inputSource = new InputSource(new URL(baseUrl, str).openStream());
                inputSource.setSystemId(str);
            } catch (FileNotFoundException e) {
                try {
                    inputSource = new InputSource(new URL(URIUtils.resolveAsString(str, baseUrl.toString())).openStream());
                    inputSource.setSystemId(str);
                } catch (MalformedURLException e2) {
                }
            } catch (MalformedURLException e3) {
                try {
                    inputSource = new InputSource(new URL(URIUtils.resolveAsString(str, baseUrl.toString())).openStream());
                    inputSource.setSystemId(str);
                } catch (MalformedURLException e4) {
                }
            }
        }
        DocumentBuilder newDocumentBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
        if (inputSource != null) {
            return newDocumentBuilder.parse(inputSource).getDocumentElement();
        }
        return null;
    }

    private void parseDirectives(Element element) {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName("directive");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            this.directives.put(XMLUtil.getAttributeValue(element2, "name"), XMLUtil.getAttributeValue(element2, "value"));
        }
    }

    private void parseTagsToEncode(Element element) throws PolicyException {
        NodeList elementsByTagName;
        if (element == null || (elementsByTagName = element.getElementsByTagName("tag")) == null) {
            return;
        }
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            if (element2.getFirstChild() != null && element2.getFirstChild().getNodeType() == 3) {
                this.encodeTags.add(element2.getFirstChild().getNodeValue());
            }
        }
    }

    private void parseGlobalAttributes(Element element) throws PolicyException {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName("attribute");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            String attributeValue = XMLUtil.getAttributeValue((Element) elementsByTagName.item(i), "name");
            Attribute commonAttributeByName = getCommonAttributeByName(attributeValue);
            if (commonAttributeByName == null) {
                throw new PolicyException("Global attribute '" + attributeValue + "' was not defined in <common-attributes>");
            }
            this.globalAttributes.put(attributeValue.toLowerCase(), commonAttributeByName);
        }
    }

    private void parseCommonRegExps(Element element) {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName(Var.JSTYPE_REGEXP);
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            String attributeValue = XMLUtil.getAttributeValue(element2, "name");
            this.commonRegularExpressions.put(attributeValue, new AntiSamyPattern(attributeValue, Pattern.compile(XMLUtil.getAttributeValue(element2, "value"))));
        }
    }

    private void parseCommonAttributes(Element element) {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName("attribute");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            String attributeValue = XMLUtil.getAttributeValue(element2, "onInvalid");
            String attributeValue2 = XMLUtil.getAttributeValue(element2, "name");
            Attribute attribute = new Attribute(XMLUtil.getAttributeValue(element2, "name"));
            attribute.setDescription(XMLUtil.getAttributeValue(element2, "description"));
            if (attributeValue == null || attributeValue.length() <= 0) {
                attribute.setOnInvalid(DEFAULT_ONINVALID);
            } else {
                attribute.setOnInvalid(attributeValue);
            }
            Element element3 = (Element) element2.getElementsByTagName("regexp-list").item(0);
            if (element3 != null) {
                NodeList elementsByTagName2 = element3.getElementsByTagName(Var.JSTYPE_REGEXP);
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    Element element4 = (Element) elementsByTagName2.item(i2);
                    String attributeValue3 = XMLUtil.getAttributeValue(element4, "name");
                    String attributeValue4 = XMLUtil.getAttributeValue(element4, "value");
                    if (attributeValue3 == null || attributeValue3.length() <= 0) {
                        attribute.addAllowedRegExp(Pattern.compile(REGEXP_BEGIN + attributeValue4 + REGEXP_END));
                    } else {
                        attribute.addAllowedRegExp(getRegularExpression(attributeValue3).getPattern());
                    }
                }
            }
            Element element5 = (Element) element2.getElementsByTagName("literal-list").item(0);
            if (element5 != null) {
                NodeList elementsByTagName3 = element5.getElementsByTagName("literal");
                for (int i3 = 0; i3 < elementsByTagName3.getLength(); i3++) {
                    Element element6 = (Element) elementsByTagName3.item(i3);
                    String attributeValue5 = XMLUtil.getAttributeValue(element6, "value");
                    if (attributeValue5 != null && attributeValue5.length() > 0) {
                        attribute.addAllowedValue(attributeValue5);
                    } else if (element6.getNodeValue() != null) {
                        attribute.addAllowedValue(element6.getNodeValue());
                    }
                }
            }
            this.commonAttributes.put(attributeValue2.toLowerCase(), attribute);
        }
    }

    private void parseTagRules(Element element) throws PolicyException {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName("tag");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            String attributeValue = XMLUtil.getAttributeValue(element2, "name");
            String attributeValue2 = XMLUtil.getAttributeValue(element2, ParameterMethodNameResolver.DEFAULT_PARAM_NAME);
            String attributeValue3 = XMLUtil.getAttributeValue(element2, "allowEmpty");
            String attributeValue4 = XMLUtil.getAttributeValue(element2, "allowCData");
            Tag tag = new Tag(attributeValue);
            if (this.tagNames == null) {
                this.tagNames = new ArrayList();
            }
            this.tagNames.add(attributeValue);
            tag.setAction(attributeValue2);
            if (attributeValue3 != null && attributeValue3.length() != 0) {
                tag.setAllowEmpty(Boolean.valueOf(attributeValue3).booleanValue());
            } else if (Constants.defaultAllowedEmptyTags.contains(attributeValue)) {
                tag.setAllowEmpty(true);
            }
            if ("true".equalsIgnoreCase(attributeValue4)) {
                tag.setAllowCData(true);
            } else {
                tag.setAllowCData(false);
            }
            NodeList elementsByTagName2 = element2.getElementsByTagName("attribute");
            for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                Element element3 = (Element) elementsByTagName2.item(i2);
                if (element3.hasChildNodes()) {
                    Attribute attribute = new Attribute(XMLUtil.getAttributeValue(element3, "name"));
                    attribute.setOnInvalid(XMLUtil.getAttributeValue(element3, "onInvalid"));
                    attribute.setDescription(XMLUtil.getAttributeValue(element3, "description"));
                    Element element4 = (Element) element3.getElementsByTagName("regexp-list").item(0);
                    if (element4 != null) {
                        NodeList elementsByTagName3 = element4.getElementsByTagName(Var.JSTYPE_REGEXP);
                        for (int i3 = 0; i3 < elementsByTagName3.getLength(); i3++) {
                            Element element5 = (Element) elementsByTagName3.item(i3);
                            String attributeValue5 = XMLUtil.getAttributeValue(element5, "name");
                            String attributeValue6 = XMLUtil.getAttributeValue(element5, "value");
                            if (attributeValue5 != null && attributeValue5.length() > 0) {
                                AntiSamyPattern regularExpression = getRegularExpression(attributeValue5);
                                if (regularExpression == null) {
                                    throw new PolicyException("Regular expression '" + attributeValue5 + "' was referenced as a common regexp in definition of '" + tag.getName() + "', but does not exist in <common-regexp>");
                                }
                                attribute.addAllowedRegExp(regularExpression.getPattern());
                            } else if (attributeValue6 != null && attributeValue6.length() > 0) {
                                attribute.addAllowedRegExp(Pattern.compile(REGEXP_BEGIN + attributeValue6 + REGEXP_END));
                            }
                        }
                    }
                    Element element6 = (Element) element3.getElementsByTagName("literal-list").item(0);
                    if (element6 != null) {
                        NodeList elementsByTagName4 = element6.getElementsByTagName("literal");
                        for (int i4 = 0; i4 < elementsByTagName4.getLength(); i4++) {
                            Element element7 = (Element) elementsByTagName4.item(i4);
                            String attributeValue7 = XMLUtil.getAttributeValue(element7, "value");
                            if (attributeValue7 != null && attributeValue7.length() > 0) {
                                attribute.addAllowedValue(attributeValue7);
                            } else if (element7.getNodeValue() != null) {
                                attribute.addAllowedValue(element7.getNodeValue());
                            }
                        }
                    }
                    tag.addAttribute(attribute);
                } else {
                    Attribute commonAttributeByName = getCommonAttributeByName(XMLUtil.getAttributeValue(element3, "name"));
                    if (commonAttributeByName == null) {
                        throw new PolicyException("Attribute '" + XMLUtil.getAttributeValue(element3, "name") + "' was referenced as a common attribute in definition of '" + tag.getName() + "', but does not exist in <common-attributes>");
                    }
                    String attributeValue8 = XMLUtil.getAttributeValue(element3, "onInvalid");
                    String attributeValue9 = XMLUtil.getAttributeValue(element3, "description");
                    if (attributeValue8 != null && attributeValue8.length() != 0) {
                        commonAttributeByName.setOnInvalid(attributeValue8);
                    }
                    if (attributeValue9 != null && attributeValue9.length() != 0) {
                        commonAttributeByName.setDescription(attributeValue9);
                    }
                    tag.addAttribute((Attribute) commonAttributeByName.clone());
                }
            }
            this.tagRules.put(attributeValue.toLowerCase(), tag);
        }
    }

    private void parseCSSRules(Element element) throws PolicyException {
        if (element == null) {
            return;
        }
        NodeList elementsByTagName = element.getElementsByTagName("property");
        for (int i = 0; i < elementsByTagName.getLength(); i++) {
            Element element2 = (Element) elementsByTagName.item(i);
            String attributeValue = XMLUtil.getAttributeValue(element2, "name");
            String attributeValue2 = XMLUtil.getAttributeValue(element2, "description");
            Property property = new Property(attributeValue);
            property.setDescription(attributeValue2);
            String attributeValue3 = XMLUtil.getAttributeValue(element2, "onInvalid");
            if (attributeValue3 == null || attributeValue3.length() <= 0) {
                property.setOnInvalid(DEFAULT_ONINVALID);
            } else {
                property.setOnInvalid(attributeValue3);
            }
            Element element3 = (Element) element2.getElementsByTagName("regexp-list").item(0);
            if (element3 != null) {
                NodeList elementsByTagName2 = element3.getElementsByTagName(Var.JSTYPE_REGEXP);
                for (int i2 = 0; i2 < elementsByTagName2.getLength(); i2++) {
                    Element element4 = (Element) elementsByTagName2.item(i2);
                    String attributeValue4 = XMLUtil.getAttributeValue(element4, "name");
                    String attributeValue5 = XMLUtil.getAttributeValue(element4, "value");
                    AntiSamyPattern regularExpression = getRegularExpression(attributeValue4);
                    if (regularExpression != null) {
                        property.addAllowedRegExp(regularExpression.getPattern());
                    } else {
                        if (attributeValue5 == null) {
                            throw new PolicyException("Regular expression '" + attributeValue4 + "' was referenced as a common regexp in definition of '" + property.getName() + "', but does not exist in <common-regexp>");
                        }
                        property.addAllowedRegExp(Pattern.compile(REGEXP_BEGIN + attributeValue5 + REGEXP_END));
                    }
                }
            }
            Element element5 = (Element) element2.getElementsByTagName("literal-list").item(0);
            if (element5 != null) {
                NodeList elementsByTagName3 = element5.getElementsByTagName("literal");
                for (int i3 = 0; i3 < elementsByTagName3.getLength(); i3++) {
                    property.addAllowedValue(XMLUtil.getAttributeValue((Element) elementsByTagName3.item(i3), "value"));
                }
            }
            Element element6 = (Element) element2.getElementsByTagName("shorthand-list").item(0);
            if (element6 != null) {
                NodeList elementsByTagName4 = element6.getElementsByTagName("shorthand");
                for (int i4 = 0; i4 < elementsByTagName4.getLength(); i4++) {
                    property.addShorthandRef(XMLUtil.getAttributeValue((Element) elementsByTagName4.item(i4), "name"));
                }
            }
            this.cssRules.put(attributeValue.toLowerCase(), property);
        }
    }

    public AntiSamyPattern getRegularExpression(String str) {
        return (AntiSamyPattern) this.commonRegularExpressions.get(str);
    }

    public Attribute getGlobalAttributeByName(String str) {
        return (Attribute) this.globalAttributes.get(str.toLowerCase());
    }

    private Attribute getCommonAttributeByName(String str) {
        return (Attribute) this.commonAttributes.get(str.toLowerCase());
    }

    public String[] getTags() {
        return (String[]) this.tagNames.toArray(new String[1]);
    }

    public String getDirective(String str) {
        return (String) this.directives.get(str);
    }

    public void setDirective(String str, String str2) {
        this.directives.put(str, str2);
    }

    public int getMaxInputSize() {
        int i = 100000;
        try {
            i = Integer.parseInt(getDirective(MAX_INPUT_SIZE));
        } catch (NumberFormatException e) {
        }
        return i;
    }

    public Set<String> getBlocksToIsolate() {
        String directive = getDirective(BLOCKS_TO_ISOLATE);
        return StringUtils.isBlank(directive) ? Collections.emptySet() : new HashSet(Arrays.asList(StringUtils.split(directive, ',')));
    }

    public static void setBaseURL(URL url) {
        baseUrl = url;
    }

    public InputSource resolveEntity(String str, String str2) throws IOException, SAXException {
        if (str2 == null || baseUrl == null) {
            return null;
        }
        try {
            InputSource inputSource = new InputSource(new URL(baseUrl, str2).openStream());
            inputSource.setSystemId(str2);
            return inputSource;
        } catch (FileNotFoundException e) {
            try {
                InputSource inputSource2 = new InputSource(new URL(URIUtils.resolveAsString(str2, baseUrl.toString())).openStream());
                inputSource2.setSystemId(str2);
                return inputSource2;
            } catch (MalformedURLException e2) {
                return null;
            }
        } catch (MalformedURLException e3) {
            try {
                InputSource inputSource3 = new InputSource(new URL(URIUtils.resolveAsString(str2, baseUrl.toString())).openStream());
                inputSource3.setSystemId(str2);
                return inputSource3;
            } catch (MalformedURLException e4) {
                return null;
            }
        }
    }
}
