package com.atommiddleware.cloud.core.security;

import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import org.springframework.core.io.support.ResourcePatternUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/atommiddleware/cloud/core/security/DefaultXssSecurity.class */
public class DefaultXssSecurity implements XssSecurity, InitializingBean {
    private static final Logger log = LoggerFactory.getLogger(DefaultXssSecurity.class);
    private final ResourceLoader resourceLoader;
    private final String antisamyFileLocationPattern;
    private final String DEFALUT_ANTISAMYFILEPATH = "classpath*:antisamy-ebay.xml";
    private Policy policy = null;

    public DefaultXssSecurity(ResourceLoader resourceLoader, String str) {
        this.resourceLoader = resourceLoader;
        this.antisamyFileLocationPattern = StringUtils.isEmpty(str) ? "classpath*:antisamy-ebay.xml" : str;
    }

    private String antisamyXssClean(String str) {
        try {
            return new AntiSamy().scan(str, this.policy).getCleanHTML();
        } catch (ScanException e) {
            log.error("clean html fail", e);
            return str;
        } catch (PolicyException e2) {
            log.error("clean html policy fail", e2);
            return str;
        }
    }

    @Override // com.atommiddleware.cloud.core.security.XssSecurity
    public String xssClean(String str) {
        return StringUtils.isEmpty(str) ? str : antisamyXssClean(str);
    }

    public void afterPropertiesSet() throws Exception {
        for (Resource resource : ResourcePatternUtils.getResourcePatternResolver(this.resourceLoader).getResources(this.antisamyFileLocationPattern)) {
            try {
                this.policy = Policy.getInstance(resource.getInputStream());
                if (log.isInfoEnabled()) {
                    log.info("load antisamyFile path:[{}]", resource.getURL());
                }
                break;
            } catch (PolicyException e) {
                log.error("load policy fail", e);
            }
        }
        if (null == this.policy) {
            throw new IllegalArgumentException("not find antisamy xml");
        }
    }
}
