package com.nhncorp.lucy.security.xss.config;

import com.nhncorp.lucy.security.xss.event.AttributeListener;
import com.nhncorp.lucy.security.xss.event.ElementListener;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/config/XssConfiguration.class */
public final class XssConfiguration {
    private static final String DEFAULT_CONFIG = "/lucy-xss-default.xml";
    private boolean blockingPrefixEnabled;
    private String service = "UnknownService";
    private String blockingPrefix = "diabled_";
    private boolean filteringTagInCommentEnabled = true;
    private String filteringTagInCommentType = "strict";
    private Map<String, ElementRule> tags = new HashMap();
    private Map<String, AttributeRule> atts = new HashMap();
    private Map<String, Set<String>> tagGroups = new HashMap();
    private Map<String, Set<String>> attGroups = new HashMap();
    private Map<String, Set<String>> childElementRef = new HashMap();
    private Map<String, Set<String>> childElementGroupRef = new HashMap();
    private Map<String, Set<String>> parentElementGroupRef = new HashMap();
    private Map<String, Set<String>> childAttrRef = new HashMap();
    private Map<String, Set<String>> childAttrGroupRef = new HashMap();
    private Map<String, Set<String>> parentAttrGroupRef = new HashMap();

    private XssConfiguration() {
    }

    public static XssConfiguration newInstance(String str) throws Exception {
        try {
            XssConfiguration create = create(DocumentBuilderFactory.newInstance().newDocumentBuilder(), str);
            if (create == null) {
                throw new Exception(String.format("The XSS configuration file [%s] is not a expected xml document.", str));
            }
            create.closeConfigurationResource();
            return create;
        } catch (Exception e) {
            throw new Exception(String.format("Cannot parse the XSS configuration file [%s].", str), e);
        }
    }

    private static XssConfiguration create(DocumentBuilder documentBuilder, String str) throws SAXException, IOException {
        XssConfiguration xssConfiguration = null;
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            resourceAsStream = XssConfiguration.class.getResourceAsStream(DEFAULT_CONFIG);
        }
        try {
            Element documentElement = documentBuilder.parse(resourceAsStream).getDocumentElement();
            String attribute = documentElement.getAttribute("extends");
            if (attribute != null && !"".equals(attribute)) {
                xssConfiguration = create(documentBuilder, attribute);
            }
            if (xssConfiguration == null) {
                xssConfiguration = new XssConfiguration();
            }
            NodeList elementsByTagName = documentElement.getElementsByTagName("elementGroup");
            for (int i = 0; elementsByTagName.getLength() > 0 && i < elementsByTagName.getLength(); i++) {
                xssConfiguration.addElementGroup((Element) Element.class.cast(elementsByTagName.item(i)));
            }
            NodeList elementsByTagName2 = documentElement.getElementsByTagName("attributeGroup");
            for (int i2 = 0; elementsByTagName2.getLength() > 0 && i2 < elementsByTagName2.getLength(); i2++) {
                xssConfiguration.addAttributeGroup((Element) Element.class.cast(elementsByTagName2.item(i2)));
            }
            NodeList elementsByTagName3 = documentElement.getElementsByTagName("element");
            for (int i3 = 0; elementsByTagName3.getLength() > 0 && i3 < elementsByTagName3.getLength(); i3++) {
                xssConfiguration.addElementRule((Element) Element.class.cast(elementsByTagName3.item(i3)));
            }
            NodeList elementsByTagName4 = documentElement.getElementsByTagName("attribute");
            for (int i4 = 0; elementsByTagName4.getLength() > 0 && i4 < elementsByTagName4.getLength(); i4++) {
                xssConfiguration.addAttributeRule((Element) Element.class.cast(elementsByTagName4.item(i4)));
            }
            NodeList elementsByTagName5 = documentElement.getElementsByTagName("blockingPrefix");
            for (int i5 = 0; elementsByTagName5.getLength() > 0 && i5 < elementsByTagName5.getLength(); i5++) {
                xssConfiguration.enableBlockingPrefix((Element) Element.class.cast(elementsByTagName5.item(i5)));
            }
            NodeList elementsByTagName6 = documentElement.getElementsByTagName("filteringTagInComment");
            for (int i6 = 0; elementsByTagName6.getLength() > 0 && i6 < elementsByTagName6.getLength(); i6++) {
                xssConfiguration.enableFilteringTagInComment((Element) Element.class.cast(elementsByTagName6.item(i6)));
            }
            return xssConfiguration;
        } finally {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e) {
                }
            }
        }
    }

    private void enableBlockingPrefix(Element element) {
        String attribute = element.getAttribute("enable");
        String attribute2 = element.getAttribute("prefix");
        if (attribute != null && ("true".equalsIgnoreCase(attribute) || "false".equalsIgnoreCase(attribute))) {
            setBlockingPrefixEnabled("true".equalsIgnoreCase(attribute));
        }
        if (attribute2 == null || attribute2.isEmpty()) {
            return;
        }
        setBlockingPrefix(attribute2);
    }

    public ElementRule getElementRule(String str) {
        ElementRule elementRule = null;
        if (str != null && this.tags != null && !this.tags.isEmpty()) {
            elementRule = this.tags.get(str.toLowerCase());
        }
        return elementRule;
    }

    public AttributeRule getAttributeRule(String str) {
        AttributeRule attributeRule = null;
        if (str != null && this.atts != null && !this.atts.isEmpty()) {
            attributeRule = this.atts.get(str.toLowerCase());
        }
        return attributeRule;
    }

    private void addElementRule(Element element) {
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        String attribute2 = element.getAttribute("endTag");
        String attribute3 = element.getAttribute("disable");
        String attribute4 = element.getAttribute("removeTag");
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        ElementRule elementRule = z ? this.tags.get(attribute) : null;
        if (elementRule == null || !z) {
            elementRule = new ElementRule(attribute);
            this.tags.put(attribute.toLowerCase(), elementRule);
        }
        if (attribute2 != null && ("true".equalsIgnoreCase(attribute2) || "false".equalsIgnoreCase(attribute2))) {
            elementRule.setEndTag("true".equalsIgnoreCase(attribute2));
        }
        if (attribute4 != null && ("true".equalsIgnoreCase(attribute4) || "false".equalsIgnoreCase(attribute4))) {
            elementRule.setRemoveTag("true".equalsIgnoreCase(attribute4));
        }
        if (attribute3 != null && ("true".equalsIgnoreCase(attribute3) || "false".equalsIgnoreCase(attribute3))) {
            elementRule.setDisabled("true".equalsIgnoreCase(attribute3));
        }
        NodeList elementsByTagName = element.getElementsByTagName("attributes");
        if (elementsByTagName != null && elementsByTagName.getLength() > 0) {
            NodeList childNodes = ((Element) Element.class.cast(elementsByTagName.item(0))).getChildNodes();
            addAttrGroupRef(childNodes, attribute);
            elementRule.addAllowedAttributes(getReferences(childNodes, this.attGroups, null));
        }
        NodeList elementsByTagName2 = element.getElementsByTagName("elements");
        if (elementsByTagName2 != null && elementsByTagName2.getLength() > 0) {
            NodeList childNodes2 = ((Element) Element.class.cast(elementsByTagName2.item(0))).getChildNodes();
            addElementGroupRef(childNodes2, attribute);
            elementRule.addAllowedElements(getReferences(childNodes2, this.tagGroups, null));
        }
        NodeList elementsByTagName3 = element.getElementsByTagName("listener");
        for (int i = 0; elementsByTagName3.getLength() > 0 && i < elementsByTagName3.getLength(); i++) {
            String textContent = elementsByTagName3.item(i).getTextContent();
            if (textContent != null) {
                try {
                    elementRule.addListener((ElementListener) ElementListener.class.cast(Class.forName(textContent.trim()).newInstance()));
                } catch (Exception e) {
                    System.out.println(attribute + "태그의 " + textContent + "(ElementListener) 설정 중 오류 발생. xml 설정을 확인하세요. " + e.toString());
                }
            }
        }
    }

    private void addAttributeRule(Element element) {
        String[] split;
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        String attribute2 = element.getAttribute("disable");
        String attribute3 = element.getAttribute("base64Decoding");
        String attribute4 = element.getAttribute("exceptionTagList");
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        AttributeRule attributeRule = z ? this.atts.get(attribute) : null;
        if (attributeRule == null || !z) {
            attributeRule = new AttributeRule(attribute);
            this.atts.put(attribute.toLowerCase(), attributeRule);
        }
        if (attribute2 != null && ("true".equalsIgnoreCase(attribute2) || "false".equalsIgnoreCase(attribute2))) {
            attributeRule.setDisabled("true".equalsIgnoreCase(attribute2));
        }
        if (attribute4 != null && attribute4.length() > 0 && (split = attribute4.split(",")) != null) {
            for (int i = 0; i < split.length; i++) {
                if (split[i] != null) {
                    attributeRule.addExceptionTag(split[i].trim());
                }
            }
        }
        if (attribute3 != null && ("true".equalsIgnoreCase(attribute3) || "false".equalsIgnoreCase(attribute3))) {
            attributeRule.setBase64Decoding("true".equalsIgnoreCase(attribute3));
        }
        NodeList elementsByTagName = element.getElementsByTagName("allowedPattern");
        for (int i2 = 0; elementsByTagName.getLength() > 0 && i2 < elementsByTagName.getLength(); i2++) {
            attributeRule.addAllowedPattern(elementsByTagName.item(i2).getTextContent());
        }
        NodeList elementsByTagName2 = element.getElementsByTagName("notAllowedPattern");
        for (int i3 = 0; elementsByTagName2.getLength() > 0 && i3 < elementsByTagName2.getLength(); i3++) {
            attributeRule.addNotAllowedPattern(elementsByTagName2.item(i3).getTextContent());
        }
        NodeList elementsByTagName3 = element.getElementsByTagName("listener");
        for (int i4 = 0; elementsByTagName3.getLength() > 0 && i4 < elementsByTagName3.getLength(); i4++) {
            String textContent = elementsByTagName3.item(i4).getTextContent();
            if (textContent != null) {
                try {
                    attributeRule.addListener((AttributeListener) AttributeListener.class.cast(Class.forName(textContent.trim()).newInstance()));
                } catch (Exception e) {
                    System.out.println(attribute + "속성의 " + textContent + "(AttributeListener) 설정 중 오류 발생. xml 설정을 확인하세요. " + e.toString());
                }
            }
        }
    }

    private void addElementGroup(Element element) {
        Set<String> set;
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        Set<String> set2 = z ? this.tagGroups.get(attribute) : null;
        if (set2 == null) {
            set2 = new HashSet();
        }
        NodeList elementsByTagName = element.getElementsByTagName("ref");
        Set<String> hashSet = new HashSet<>();
        Collection<String> references = getReferences(elementsByTagName, this.tagGroups, hashSet);
        if (references != null && !references.isEmpty()) {
            set2.addAll(references);
        }
        if (hashSet != null && !hashSet.isEmpty()) {
            HashSet hashSet2 = new HashSet();
            for (String str : hashSet) {
                if (this.childElementGroupRef.containsKey(str)) {
                    hashSet2.addAll(this.childElementGroupRef.get(str));
                }
                Set<String> set3 = this.parentElementGroupRef.get(str);
                if (set3 == null) {
                    set3 = new HashSet();
                }
                set3.add(attribute);
                this.parentElementGroupRef.put(str, set3);
            }
            if (!hashSet2.isEmpty()) {
                hashSet.addAll(hashSet2);
            }
            this.childElementGroupRef.put(attribute, hashSet);
        }
        this.tagGroups.put(attribute, set2);
        if (this.parentElementGroupRef.containsKey(attribute)) {
            Iterator<String> it = this.parentElementGroupRef.get(attribute).iterator();
            while (it.hasNext()) {
                this.tagGroups.get(it.next()).addAll(set2);
            }
        }
        if (!z || (set = this.childElementRef.get(attribute)) == null) {
            return;
        }
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            this.tags.get(it2.next()).addAllowedElements(references);
        }
    }

    private void addAttributeGroup(Element element) {
        Set<String> set;
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        Set<String> set2 = z ? this.attGroups.get(attribute) : null;
        if (set2 == null) {
            set2 = new HashSet();
        }
        NodeList elementsByTagName = element.getElementsByTagName("ref");
        Set<String> hashSet = new HashSet<>();
        Collection<String> references = getReferences(elementsByTagName, this.attGroups, hashSet);
        if (references != null && !references.isEmpty()) {
            set2.addAll(references);
        }
        if (hashSet != null && !hashSet.isEmpty()) {
            HashSet hashSet2 = new HashSet();
            for (String str : hashSet) {
                if (this.childAttrGroupRef.containsKey(str)) {
                    hashSet2.addAll(this.childAttrGroupRef.get(str));
                }
                Set<String> set3 = this.parentAttrGroupRef.get(str);
                if (set3 == null) {
                    set3 = new HashSet();
                }
                set3.add(attribute);
                this.parentAttrGroupRef.put(str, set3);
            }
            if (!hashSet2.isEmpty()) {
                hashSet.addAll(hashSet2);
            }
            this.childAttrGroupRef.put(attribute, hashSet);
        }
        this.attGroups.put(attribute, set2);
        if (this.parentAttrGroupRef.containsKey(attribute)) {
            Iterator<String> it = this.parentAttrGroupRef.get(attribute).iterator();
            while (it.hasNext()) {
                this.attGroups.get(it.next()).addAll(set2);
            }
        }
        if (!z || (set = this.childAttrRef.get(attribute)) == null) {
            return;
        }
        Iterator<String> it2 = set.iterator();
        while (it2.hasNext()) {
            this.tags.get(it2.next()).addAllowedAttributes(references);
        }
    }

    private void addElementGroupRef(NodeList nodeList, String str) {
        for (int i = 0; nodeList.getLength() > 0 && i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            if (item.getNodeType() == 1 && item.getNodeName().equals("ref")) {
                String attribute = ((Element) Element.class.cast(item)).getAttribute("name");
                HashSet<String> hashSet = new HashSet();
                if (this.tagGroups.containsKey(attribute)) {
                    hashSet.add(attribute);
                    Set<String> set = this.childElementGroupRef.get(attribute);
                    if (set != null) {
                        hashSet.addAll(set);
                    }
                    for (String str2 : hashSet) {
                        if (this.childElementRef.containsKey(str2)) {
                            this.childElementRef.get(str2).add(str);
                        } else {
                            HashSet hashSet2 = new HashSet();
                            hashSet2.add(str);
                            this.childElementRef.put(str2, hashSet2);
                        }
                    }
                }
            }
        }
    }

    private void addAttrGroupRef(NodeList nodeList, String str) {
        for (int i = 0; nodeList.getLength() > 0 && i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            if (item.getNodeType() == 1 && item.getNodeName().equals("ref")) {
                String attribute = ((Element) Element.class.cast(item)).getAttribute("name");
                HashSet<String> hashSet = new HashSet();
                if (this.attGroups.containsKey(attribute)) {
                    hashSet.add(attribute);
                    Set<String> set = this.childAttrGroupRef.get(attribute);
                    if (set != null) {
                        hashSet.addAll(set);
                    }
                    for (String str2 : hashSet) {
                        if (this.childAttrRef.containsKey(str2)) {
                            this.childAttrRef.get(str2).add(str);
                        } else {
                            HashSet hashSet2 = new HashSet();
                            hashSet2.add(str);
                            this.childAttrRef.put(str2, hashSet2);
                        }
                    }
                }
            }
        }
    }

    private Collection<String> getReferences(NodeList nodeList, Map<String, Set<String>> map, Set<String> set) {
        Collection<String> references;
        ArrayList arrayList = new ArrayList();
        for (int i = 0; nodeList.getLength() > 0 && i < nodeList.getLength(); i++) {
            Node item = nodeList.item(i);
            if (item.getNodeType() == 1 && item.getNodeName().equals("ref")) {
                Element element = (Element) Element.class.cast(item);
                String attribute = element.getAttribute("name");
                if (map.containsKey(attribute)) {
                    if (set != null) {
                        set.add(attribute);
                    }
                    HashSet hashSet = new HashSet(map.get(attribute));
                    NodeList elementsByTagName = element.getElementsByTagName("excludes");
                    if (elementsByTagName != null && elementsByTagName.getLength() > 0 && (references = getReferences(((Element) Element.class.cast(elementsByTagName.item(0))).getElementsByTagName("ref"), map, null)) != null && !references.isEmpty()) {
                        hashSet.removeAll(references);
                    }
                    if (!hashSet.isEmpty()) {
                        arrayList.addAll(hashSet);
                    }
                } else {
                    arrayList.add(attribute);
                }
            }
        }
        return arrayList;
    }

    public void setService(String str) {
        this.service = str;
    }

    public String getService() {
        return this.service;
    }

    public void setBlockingPrefixEnabled(boolean z) {
        this.blockingPrefixEnabled = z;
    }

    public boolean isEnableBlockingPrefix() {
        return this.blockingPrefixEnabled;
    }

    public void setBlockingPrefix(String str) {
        this.blockingPrefix = str;
    }

    public String getBlockingPrefix() {
        return this.blockingPrefix;
    }

    public void closeConfigurationResource() {
        this.childElementRef = null;
        this.childElementGroupRef = null;
        this.parentElementGroupRef = null;
        this.childAttrGroupRef = null;
        this.childAttrRef = null;
        this.parentAttrGroupRef = null;
    }

    private void enableFilteringTagInComment(Element element) {
        String attribute = element.getAttribute("enable");
        String attribute2 = element.getAttribute("type");
        if (attribute != null && ("true".equalsIgnoreCase(attribute) || "false".equalsIgnoreCase(attribute))) {
            setFilteringTagInCommentEnabled("true".equalsIgnoreCase(attribute));
        }
        if (attribute2 == null || attribute2.isEmpty()) {
            return;
        }
        setFilteringTagInCommentType(attribute2);
    }

    private void setFilteringTagInCommentType(String str) {
        this.filteringTagInCommentType = str;
    }

    private void setFilteringTagInCommentEnabled(boolean z) {
        this.filteringTagInCommentEnabled = z;
    }

    public boolean isFilteringTagInCommentEnabled() {
        return this.filteringTagInCommentEnabled;
    }

    public boolean isNoTagAllowedInComment() {
        return "strict".endsWith(this.filteringTagInCommentType);
    }
}
