package org.owasp.esapi.reference.validation;

import java.io.IOException;
import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Logger;
import org.owasp.esapi.PropNames;
import org.owasp.esapi.SecurityConfiguration;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.errors.ConfigurationException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

/* loaded from: input_file:WEB-INF/lib/esapi-2.5.5.0-jakarta.jar:org/owasp/esapi/reference/validation/HTMLValidationRule.class */
public class HTMLValidationRule extends StringValidationRule {
    private static Policy antiSamyPolicy = null;
    private static final Logger LOGGER = ESAPI.getLogger("HTMLValidationRule");
    private static final String ANTISAMYPOLICY_FILENAME = "antisamy-esapi.xml";

    static InputStream getResourceStreamFromClassLoader(String str, ClassLoader classLoader, String str2, List<String> list) {
        InputStream inputStream = null;
        Iterator<String> it = list.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            inputStream = classLoader.getResourceAsStream(next + str2);
            if (inputStream != null) {
                LOGGER.info(Logger.EVENT_SUCCESS, "SUCCESSFULLY LOADED " + str2 + " via the CLASSPATH from '" + next + "' using " + str + "!");
                break;
            }
        }
        return inputStream;
    }

    static InputStream getResourceStreamFromClasspath(String str) {
        LOGGER.info(Logger.EVENT_FAILURE, "Loading " + str + " from classpaths");
        List asList = Arrays.asList(PropNames.DefaultSearchPath.ROOT.value(), PropNames.DefaultSearchPath.RESOURCE_DIRECTORY.value(), PropNames.DefaultSearchPath.DOT_ESAPI.value(), PropNames.DefaultSearchPath.ESAPI.value(), PropNames.DefaultSearchPath.RESOURCES.value(), PropNames.DefaultSearchPath.SRC_MAIN_RESOURCES.value());
        InputStream resourceStreamFromClassLoader = getResourceStreamFromClassLoader("current thread context class loader", Thread.currentThread().getContextClassLoader(), str, asList);
        InputStream resourceStreamFromClassLoader2 = resourceStreamFromClassLoader != null ? resourceStreamFromClassLoader : getResourceStreamFromClassLoader("system class loader", ClassLoader.getSystemClassLoader(), str, asList);
        return resourceStreamFromClassLoader2 != null ? resourceStreamFromClassLoader2 : getResourceStreamFromClassLoader("class loader for DefaultSecurityConfiguration class", ESAPI.securityConfiguration().getClass().getClassLoader(), str, asList);
    }

    static Policy loadAntisamyPolicy(String str) throws IOException, PolicyException {
        SecurityConfiguration securityConfiguration = ESAPI.securityConfiguration();
        InputStream resourceStreamFromClasspath = securityConfiguration.getResourceFile(str) == null ? getResourceStreamFromClasspath(str) : securityConfiguration.getResourceStream(str);
        if (resourceStreamFromClasspath == null) {
            return null;
        }
        return Policy.getInstance(resourceStreamFromClasspath);
    }

    static String resolveAntisamyFilename() {
        String str = ANTISAMYPOLICY_FILENAME;
        try {
            str = ESAPI.securityConfiguration().getStringProp("Validator.HtmlValidationConfigurationFile");
        } catch (ConfigurationException e) {
            LOGGER.info(Logger.EVENT_FAILURE, "ESAPI property Validator.HtmlValidationConfigurationFile not set, using default value: antisamy-esapi.xml");
        }
        return str;
    }

    static void configureInstance() {
        String resolveAntisamyFilename = resolveAntisamyFilename();
        try {
            antiSamyPolicy = loadAntisamyPolicy(resolveAntisamyFilename);
            if (antiSamyPolicy == null) {
                throw new ConfigurationException("Couldn't find " + resolveAntisamyFilename);
            }
        } catch (IOException e) {
            throw new ConfigurationException("Failed to load file from SecurityConfiguration context: " + resolveAntisamyFilename, e);
        } catch (PolicyException e2) {
            throw new ConfigurationException("Couldn't parse " + resolveAntisamyFilename, e2);
        }
    }

    public HTMLValidationRule(String str) {
        super(str);
    }

    public HTMLValidationRule(String str, Encoder encoder) {
        super(str, encoder);
    }

    public HTMLValidationRule(String str, Encoder encoder, String str2) {
        super(str, encoder, str2);
    }

    @Override // org.owasp.esapi.reference.validation.StringValidationRule, org.owasp.esapi.ValidationRule
    public String getValid(String str, String str2) throws ValidationException {
        return invokeAntiSamy(str, str2);
    }

    @Override // org.owasp.esapi.reference.validation.StringValidationRule, org.owasp.esapi.reference.validation.BaseValidationRule
    public String sanitize(String str, String str2) {
        String str3 = "";
        try {
            str3 = invokeAntiSamy(str, str2);
        } catch (ValidationException e) {
        }
        return str3;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:12:0x0055. Please report as an issue. */
    private boolean legacyHtmlValidation() {
        boolean z = true;
        try {
            String stringProp = ESAPI.securityConfiguration().getStringProp("Validator.HtmlValidationAction");
            String lowerCase = stringProp.toLowerCase();
            boolean z2 = -1;
            switch (lowerCase.hashCode()) {
                case 94746185:
                    if (lowerCase.equals("clean")) {
                        z2 = true;
                        break;
                    }
                    break;
                case 110339814:
                    if (lowerCase.equals("throw")) {
                        z2 = false;
                        break;
                    }
                    break;
            }
            switch (z2) {
                case false:
                    z = false;
                    break;
                case true:
                    z = true;
                    break;
                default:
                    LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property Validator.HtmlValidationAction was set to \"" + stringProp + "\".  Must be set to either \"clean\" (the default for legacy support) or \"throw\"; assuming \"clean\" for legacy behavior.");
                    z = true;
                    break;
            }
        } catch (ConfigurationException e) {
            LOGGER.warning(Logger.EVENT_FAILURE, "ESAPI property Validator.HtmlValidationAction must be set to either \"clean\" (the default for legacy support) or \"throw\"; assuming \"clean\"", e);
        }
        return z;
    }

    private String invokeAntiSamy(String str, String str2) throws ValidationException {
        if (StringUtilities.isEmpty(str2)) {
            if (this.allowNull) {
                return null;
            }
            throw new ValidationException(str + " is required", "AntiSamy validation error: context=" + str + ", input=" + str2, str);
        }
        try {
            CleanResults scan = new AntiSamy().scan(super.getValid(str, str2), antiSamyPolicy);
            List<String> errorMessages = scan.getErrorMessages();
            if (!errorMessages.isEmpty()) {
                if (!legacyHtmlValidation()) {
                    throw new ValidationException(str + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + str + " errors=" + errorMessages.toString());
                }
                LOGGER.info(Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errorMessages);
            }
            return scan.getCleanHTML().trim();
        } catch (PolicyException e) {
            throw new ValidationException(str + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + str + " error=" + e.getMessage(), e, str);
        } catch (ScanException e2) {
            throw new ValidationException(str + ": Invalid HTML input", "Invalid HTML input: context=" + str + " error=" + e2.getMessage(), e2, str);
        }
    }

    static {
        configureInstance();
    }
}
