package com.nhncorp.lucy.security.xss;

import com.nhncorp.lucy.security.xss.config.AttributeRule;
import com.nhncorp.lucy.security.xss.config.ElementRule;
import com.nhncorp.lucy.security.xss.config.XssConfiguration;
import com.nhncorp.lucy.security.xss.markup.Attribute;
import com.nhncorp.lucy.security.xss.markup.Comment;
import com.nhncorp.lucy.security.xss.markup.Content;
import com.nhncorp.lucy.security.xss.markup.Description;
import com.nhncorp.lucy.security.xss.markup.Element;
import com.nhncorp.lucy.security.xss.markup.IEHackExtensionElement;
import com.nhncorp.lucy.security.xss.markup.MarkupParser;
import com.nhncorp.lucy.security.xss.markup.Text;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/XssFilter.class */
public final class XssFilter implements LucyXssFilter {
    private static final String BAD_TAG_INFO = "<!-- Not Allowed Tag Filtered -->";
    private static final String BAD_ATT_INFO_START = "<!-- Not Allowed Attribute Filtered (";
    private static final String BAD_ATT_INFO_END = ") -->";
    private static final String REMOVE_TAG_INFO_START = "<!-- Removed Tag Filtered (";
    private static final String REMOVE_TAG_INFO_END = ") -->";
    private static final String CONFIG = "lucy-xss-superset.xml";
    private static final String IE_HACK_EXTENSION = "IEHackExtension";
    private boolean withoutComment;
    private String service;
    private String blockingPrefix;
    private boolean blockingPrefixEnabled;
    private boolean filteringTagInCommentEnabled;
    private XssFilter commentFilter;
    private XssConfiguration config;
    private static final Log LOG = LogFactory.getLog(XssFilter.class);
    private static final Map<FilterRepositoryKey, XssFilter> instanceMap = new HashMap();

    private XssFilter(XssConfiguration xssConfiguration) {
        this.config = xssConfiguration;
    }

    public static XssFilter getInstance() throws XssFilterException {
        return getInstance(CONFIG, false);
    }

    public static XssFilter getInstance(boolean z) throws XssFilterException {
        return getInstance(CONFIG, z);
    }

    public static XssFilter getInstance(String str) throws XssFilterException {
        return getInstance(str, false);
    }

    public static XssFilter getInstance(String str, boolean z) throws XssFilterException {
        try {
            synchronized (XssFilter.class) {
                FilterRepositoryKey filterRepositoryKey = new FilterRepositoryKey(str, z);
                XssFilter xssFilter = instanceMap.get(filterRepositoryKey);
                if (xssFilter != null) {
                    xssFilter.withoutComment = z;
                    return xssFilter;
                }
                XssFilter xssFilter2 = new XssFilter(XssConfiguration.newInstance(str));
                xssFilter2.service = xssFilter2.config.getService();
                xssFilter2.blockingPrefixEnabled = xssFilter2.config.isEnableBlockingPrefix();
                xssFilter2.blockingPrefix = xssFilter2.config.getBlockingPrefix();
                xssFilter2.withoutComment = z;
                xssFilter2.filteringTagInCommentEnabled = xssFilter2.config.isFilteringTagInCommentEnabled();
                if (xssFilter2.filteringTagInCommentEnabled && !xssFilter2.config.isNoTagAllowedInComment()) {
                    xssFilter2.commentFilter = getCommentFilterInstance(xssFilter2.config);
                }
                instanceMap.put(filterRepositoryKey, xssFilter2);
                return xssFilter2;
            }
        } catch (Exception e) {
            throw new XssFilterException(e.getMessage());
        }
    }

    public static XssFilter getCommentFilterInstance(XssConfiguration xssConfiguration) {
        XssFilter xssFilter = new XssFilter(xssConfiguration);
        xssFilter.service = xssFilter.config.getService();
        xssFilter.blockingPrefixEnabled = xssFilter.config.isEnableBlockingPrefix();
        xssFilter.blockingPrefix = xssFilter.config.getBlockingPrefix();
        xssFilter.withoutComment = true;
        xssFilter.filteringTagInCommentEnabled = true;
        return xssFilter;
    }

    public XssConfiguration getConfig() {
        return this.config;
    }

    @Override // com.nhncorp.lucy.security.xss.LucyXssFilter
    public String doFilter(String str) {
        StringWriter stringWriter = new StringWriter();
        doFilter(str, stringWriter);
        return stringWriter.toString();
    }

    @Override // com.nhncorp.lucy.security.xss.LucyXssFilter
    public void doFilter(String str, Writer writer) {
        StringWriter stringWriter = new StringWriter();
        if (str == null || str.length() == 0) {
            LOG.debug("target string is empty. doFilter() method end.");
            return;
        }
        Collection<Content> parse = MarkupParser.parse(str);
        if (parse == null || parse.isEmpty()) {
            return;
        }
        try {
            serialize(writer, parse, stringWriter);
        } catch (IOException e) {
        }
    }

    public String doFilter(String str, String str2, String str3) {
        if (str == null || str.length() == 0 || str2 == null || str2.length() == 0 || str3 == null || str3.length() == 0) {
            return "";
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append('<').append(str);
        stringBuffer.append(' ').append(str2).append('=').append(str3);
        stringBuffer.append('>').append("</").append(str).append('>');
        Collection<Content> parse = MarkupParser.parse(stringBuffer.toString());
        if (parse == null || parse.isEmpty()) {
            return "";
        }
        for (Content content : parse) {
            if (content instanceof Element) {
                Element element = (Element) Element.class.cast(content);
                checkRule(element);
                Attribute attribute = element.getAttribute(str2);
                if (attribute != null) {
                    return attribute.isDisabled() ? "" : attribute.getValue();
                }
            }
        }
        return "";
    }

    private void serialize(Writer writer, Collection<Content> collection, StringWriter stringWriter) throws IOException {
        if (collection == null || collection.isEmpty()) {
            return;
        }
        for (Content content : collection) {
            if ((content instanceof Text) || (content instanceof Description)) {
                content.serialize(writer);
            } else if (content instanceof Comment) {
                serialize(writer, (Comment) Comment.class.cast(content));
            } else if (content instanceof IEHackExtensionElement) {
                serialize(writer, (IEHackExtensionElement) IEHackExtensionElement.class.cast(content), stringWriter);
            } else if (content instanceof Element) {
                serialize(writer, (Element) Element.class.cast(content), stringWriter);
            }
        }
    }

    private void serialize(Writer writer, Comment comment) throws IOException {
        comment.serializeFilteringTagInComment(writer, this.filteringTagInCommentEnabled, this.commentFilter);
    }

    private void serialize(Writer writer, IEHackExtensionElement iEHackExtensionElement, StringWriter stringWriter) throws IOException {
        ElementRule elementRule = this.config.getElementRule(IE_HACK_EXTENSION);
        if (elementRule != null) {
            elementRule.checkEndTag(iEHackExtensionElement);
            elementRule.checkDisabled(iEHackExtensionElement);
            elementRule.excuteListener(iEHackExtensionElement);
        } else {
            iEHackExtensionElement.setEnabled(false);
        }
        if (writer == null) {
            return;
        }
        if (iEHackExtensionElement.isDisabled()) {
            if (!this.withoutComment) {
                writer.write(REMOVE_TAG_INFO_START);
                writer.write(iEHackExtensionElement.getName().replaceAll("<", "&lt;").replaceFirst(">", "&gt;"));
                writer.write(") -->");
            }
            if (iEHackExtensionElement.isEmpty()) {
                return;
            }
            serialize(writer, iEHackExtensionElement.getContents(), stringWriter);
            return;
        }
        iEHackExtensionElement.serialize(writer);
        if (!iEHackExtensionElement.isEmpty()) {
            serialize(writer, iEHackExtensionElement.getContents(), stringWriter);
        }
        if (iEHackExtensionElement.isClosed()) {
            if (iEHackExtensionElement.getName().replaceAll("-->", ">").replaceFirst("<!--\\s*", "<!--").replaceAll("]\\s*>", "]>").indexOf("<!--") != -1) {
                writer.write("<![endif]-->");
            } else {
                writer.write("<![endif]>");
            }
        }
    }

    private void serialize(Writer writer, Element element, StringWriter stringWriter) throws IOException {
        boolean z = false;
        checkRuleRemove(element);
        if (element.isRemoved()) {
            if (!this.withoutComment) {
                writer.write(REMOVE_TAG_INFO_START);
                writer.write(element.getName());
                writer.write(") -->");
            }
            if (element.isEmpty()) {
                return;
            }
            serialize(writer, element.getContents(), stringWriter);
            return;
        }
        if (!element.isDisabled() || this.blockingPrefixEnabled) {
            checkRule(element);
        }
        if (element.isDisabled()) {
            if (this.blockingPrefixEnabled) {
                element.setName(this.blockingPrefix + element.getName());
                element.setEnabled(true);
            } else {
                if (!this.withoutComment) {
                    writer.write(BAD_TAG_INFO);
                }
                writer.write("&lt;");
                writer.write(element.getName());
            }
        }
        if (!element.isDisabled() && !this.withoutComment && element.existDisabledAttribute()) {
            writer.write(BAD_ATT_INFO_START);
        }
        Collection<Attribute> attributes = element.getAttributes();
        StringWriter stringWriter2 = new StringWriter();
        StringWriter stringWriter3 = new StringWriter();
        if (attributes != null && !attributes.isEmpty()) {
            for (Attribute attribute : attributes) {
                if (element.isDisabled() || !attribute.isDisabled()) {
                    stringWriter2.write(32);
                    attribute.serialize(stringWriter2);
                } else {
                    z = true;
                    if (!this.withoutComment) {
                        stringWriter3.write(32);
                        attribute.serialize(stringWriter3);
                    }
                }
            }
        }
        if (z) {
            String stringWriter4 = stringWriter3.toString();
            if (!this.withoutComment) {
                writer.write(stringWriter4);
                writer.write(") -->");
            }
        }
        if (!element.isDisabled()) {
            writer.write(60);
            writer.write(element.getName());
        }
        writer.write(stringWriter2.toString());
        if (element.isStartClosed()) {
            writer.write(element.isDisabled() ? " /&gt;" : " />");
        } else {
            writer.write(element.isDisabled() ? "&gt;" : ">");
        }
        if (!element.isEmpty()) {
            serialize(writer, element.getContents(), stringWriter);
        }
        if (element.isClosed()) {
            if (!element.isDisabled() || this.blockingPrefixEnabled) {
                writer.write("</");
                writer.write(element.getName());
                writer.write(62);
            } else {
                writer.write("&lt;/");
                writer.write(element.getName());
                writer.write("&gt;");
            }
        }
    }

    private void checkRuleRemove(Element element) {
        ElementRule elementRule = this.config.getElementRule(element.getName());
        if (elementRule == null) {
            element.setEnabled(false);
            return;
        }
        elementRule.checkRemoveTag(element);
        if (element.isRemoved()) {
            elementRule.excuteListener(element);
        }
    }

    private void checkRule(Element element) {
        ElementRule elementRule = this.config.getElementRule(element.getName());
        if (elementRule == null) {
            elementRule = new ElementRule(element.getName());
        }
        elementRule.checkEndTag(element);
        elementRule.checkDisabled(element);
        elementRule.disableNotAllowedAttributes(element);
        elementRule.disableNotAllowedChildElements(element);
        Collection<Attribute> attributes = element.getAttributes();
        if (attributes != null && !attributes.isEmpty()) {
            for (Attribute attribute : attributes) {
                if (!attribute.isDisabled() && !attribute.isMinimized()) {
                    AttributeRule attributeRule = this.config.getAttributeRule(attribute.getName());
                    if (attributeRule == null) {
                        attribute.setEnabled(false);
                    } else {
                        if (attributeRule.getExceptionTagList().contains(element.getName().toLowerCase())) {
                            attributeRule.checkDisabled(attribute);
                            attribute.setEnabled(attribute.isDisabled());
                        } else {
                            attributeRule.checkDisabled(attribute);
                        }
                        attributeRule.checkAttributeValue(attribute);
                        attributeRule.executeListener(attribute);
                    }
                }
            }
        }
        elementRule.excuteListener(element);
    }
}
