package org.opencms.util;

import java.io.ByteArrayInputStream;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.opencms.cache.CmsVfsMemoryObjectCache;
import org.opencms.file.CmsObject;
import org.opencms.i18n.CmsEncoder;
import org.opencms.main.CmsException;
import org.opencms.main.CmsLog;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

/* loaded from: input_file:WEB-INF/lib/opencms.jar:org/opencms/util/CmsParameterEscaper.class */
public class CmsParameterEscaper {
    private static final Log LOG = CmsLog.getLog(CmsParameterEscaper.class);
    private Set<String> m_exceptions = new HashSet();
    private Set<String> m_cleanHtml = new HashSet();
    public static final String DEFAULT_POLICY = "antisamy-opencms.xml";
    private AntiSamy m_antiSamy;
    protected static Policy defaultPolicy;

    public static Policy readPolicy(CmsObject cmsObject, String str) {
        try {
            return Policy.getInstance(new ByteArrayInputStream(cmsObject.readFile(str).getContents()));
        } catch (CmsException e) {
            LOG.error("Could not read Antisamy policy file");
            LOG.error(e.getLocalizedMessage(), e);
            return null;
        } catch (PolicyException e2) {
            LOG.error("Invalid Antisamy policy read from " + str);
            LOG.error(e2.getLocalizedMessage(), e2);
            return null;
        }
    }

    public AntiSamy createAntiSamy(CmsObject cmsObject, String str) {
        String addSiteRoot = cmsObject.addSiteRoot(str);
        Policy policy = null;
        if (str != null) {
            Object cachedObject = CmsVfsMemoryObjectCache.getVfsMemoryObjectCache().getCachedObject(cmsObject, addSiteRoot);
            if (cachedObject == null) {
                policy = readPolicy(cmsObject, str);
                if (policy != null) {
                    CmsVfsMemoryObjectCache.getVfsMemoryObjectCache().putCachedObject(cmsObject, addSiteRoot, policy);
                }
            } else {
                policy = (Policy) cachedObject;
            }
        }
        if (policy == null) {
            policy = defaultPolicy;
        }
        if (policy != null) {
            return new AntiSamy(policy);
        }
        return null;
    }

    public void enableAntiSamy(CmsObject cmsObject, String str, Set<String> set) {
        this.m_antiSamy = createAntiSamy(cmsObject, str);
        this.m_cleanHtml = set;
    }

    public String escape(String str, String str2) {
        if (str2 == null) {
            return null;
        }
        if (this.m_exceptions.contains(str)) {
            return str2;
        }
        LOG.info("Escaping parameter '" + str + "' with value '" + str2 + "'");
        return this.m_cleanHtml.contains(str) ? filterAntiSamy(str2) : CmsEncoder.escapeXml(str2);
    }

    public String[] escape(String str, String[] strArr) {
        if (strArr == null) {
            return null;
        }
        if (this.m_exceptions.contains(str)) {
            return strArr;
        }
        boolean contains = this.m_cleanHtml.contains(str);
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            if (contains) {
                strArr2[i] = filterAntiSamy(strArr[i]);
            } else {
                strArr2[i] = CmsEncoder.escapeXml(strArr[i]);
            }
        }
        return strArr2;
    }

    public String filterAntiSamy(String str) {
        if (this.m_antiSamy == null) {
            LOG.warn("Antisamy policy invalid, using escapeXml as a fallback");
            return CmsEncoder.escapeXml(str);
        }
        try {
            CleanResults scan = this.m_antiSamy.scan(str);
            if (scan.getNumberOfErrors() > 0) {
                LOG.info("Antisamy error messages:");
                Iterator it = scan.getErrorMessages().iterator();
                while (it.hasNext()) {
                    LOG.info(it.next());
                }
            }
            return scan.getCleanHTML();
        } catch (PolicyException e) {
            LOG.error(e.getLocalizedMessage(), e);
            return CmsEncoder.escapeXml(str);
        } catch (ScanException e2) {
            LOG.error(e2.getLocalizedMessage(), e2);
            return CmsEncoder.escapeXml(str);
        }
    }

    public void setExceptions(Collection<String> collection) {
        this.m_exceptions = new HashSet(collection);
    }

    static {
        try {
            defaultPolicy = Policy.getInstance(CmsParameterEscaper.class.getClassLoader().getResourceAsStream(CmsParameterEscaper.class.getPackage().getName().replace(".", "/") + "/" + DEFAULT_POLICY));
        } catch (PolicyException e) {
            LOG.error(e.getLocalizedMessage(), e);
        }
    }
}
