package pt.digitalis.dif.utils.security;

import com.google.javascript.jscomp.parsing.parser.PredefinedName;
import org.apache.commons.lang.StringEscapeUtils;
import org.owasp.html.PolicyFactory;
import org.owasp.html.Sanitizers;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import pt.digitalis.dif.codegen.CGAncillaries;
import pt.digitalis.dif.exception.BusinessException;
import pt.digitalis.dif.utils.http.JSONUtils;
import pt.digitalis.dif.utils.logging.DIFLogger;
import pt.digitalis.dif.utils.security.configuration.HTTPSecurityConfiguration;
import pt.digitalis.log.LogLevel;
import pt.digitalis.utils.common.StringUtils;

/* loaded from: input_file:WEB-INF/lib/dif-presentation-core-3.0.1-37-SNAPSHOT.jar:pt/digitalis/dif/utils/security/ParameterSanitizationManager.class */
public class ParameterSanitizationManager {
    private static ParameterSanitizationManager instance = null;
    private AntiSamy antiSamyInstance;
    private PolicyFactory javaHTMLSanitizerPolicy;
    private SECURITY_API selectedAPI;

    /* loaded from: input_file:WEB-INF/lib/dif-presentation-core-3.0.1-37-SNAPSHOT.jar:pt/digitalis/dif/utils/security/ParameterSanitizationManager$SECURITY_API.class */
    public enum SECURITY_API {
        OWASPAntiSamy,
        OWASPJavaHTMLSanitizer;

        public static SECURITY_API fromConfigurationValue(String str) {
            if ("jhs".equals(str)) {
                return OWASPJavaHTMLSanitizer;
            }
            if (PredefinedName.AS.equals(str)) {
                return OWASPAntiSamy;
            }
            return null;
        }
    }

    public ParameterSanitizationManager(SECURITY_API security_api) throws SecurityException {
        this.antiSamyInstance = null;
        this.javaHTMLSanitizerPolicy = null;
        this.selectedAPI = security_api;
        switch (security_api) {
            case OWASPAntiSamy:
                try {
                    this.antiSamyInstance = new AntiSamy(Policy.getInstance(Thread.currentThread().getContextClassLoader().getResourceAsStream("antisamyDIF.xml")));
                    return;
                } catch (PolicyException e) {
                    throw new SecurityException(e);
                }
            case OWASPJavaHTMLSanitizer:
                this.javaHTMLSanitizerPolicy = Sanitizers.FORMATTING.and(Sanitizers.LINKS);
                return;
            default:
                return;
        }
    }

    public static ParameterSanitizationManager getNewInstance() {
        SECURITY_API fromConfigurationValue = SECURITY_API.fromConfigurationValue(HTTPSecurityConfiguration.getInstance().getXssParameterSanitizationAPI());
        if (instance == null || !instance.getSelectedAPI().equals(fromConfigurationValue)) {
            instance = new ParameterSanitizationManager(fromConfigurationValue);
        }
        return instance;
    }

    public SECURITY_API getSelectedAPI() {
        return this.selectedAPI;
    }

    public String sanitizeParameter(String str, boolean z) {
        String str2 = str;
        if (StringUtils.isNotBlank(str)) {
            if (this.selectedAPI == SECURITY_API.OWASPJavaHTMLSanitizer) {
                if (str.startsWith(CGAncillaries.START_BLOCK) && str.endsWith("}") && JSONUtils.isJSONContent(str)) {
                    str2 = JSONUtils.sanitizeJSONString(str);
                } else if (str.startsWith("[{") && str.endsWith("}]") && JSONUtils.isJSONContent(str)) {
                    str2 = JSONUtils.sanitizeJSONString(str);
                } else {
                    str2 = this.javaHTMLSanitizerPolicy.sanitize(str);
                    if (HTTPSecurityConfiguration.getInstance().getXssParameterSanitizationUnescapeHTMLWhiteListCharacters().booleanValue()) {
                        str2 = StringUtils.unescapeHTMLCharactersWhiteList(str2);
                    }
                }
            } else if (this.selectedAPI == SECURITY_API.OWASPAntiSamy) {
                CleanResults cleanResults = null;
                try {
                    cleanResults = this.antiSamyInstance.scan(str);
                } catch (PolicyException e) {
                    if (z) {
                        new BusinessException("Error while parsing the parameter value for sanitization", e).addToExceptionContext("Parameter value", str).log(LogLevel.WARN);
                    }
                } catch (ScanException e2) {
                    if (z) {
                        new BusinessException("Error while parsing the parameter value for sanitization", e2).addToExceptionContext("Parameter value", str).log(LogLevel.WARN);
                    }
                }
                if (cleanResults != null && cleanResults.getNumberOfErrors() > 0) {
                    str2 = cleanResults.getCleanHTML();
                    if (z) {
                        DIFLogger.getLogger().warn(new BusinessException("Errors detected on parameter parsing").addToExceptionContext("Parameter value", str).addToExceptionContext("Sanitized Parameter value", str2).addToExceptionContext("Errors", cleanResults.getErrorMessages()).getRenderedExceptionContext());
                    }
                }
            }
        }
        return str2;
    }

    public String sanitizeViewValue(String str, boolean z) {
        String str2 = str;
        if (HTTPSecurityConfiguration.getInstance().getXssParameterSanitization().booleanValue() && StringUtils.isNotBlank(str)) {
            str2 = StringEscapeUtils.escapeHtml(str2);
        }
        return str2;
    }
}
