package com.nhncorp.lucy.security.xss;

import com.nhncorp.lucy.security.xss.config.AttributeRule;
import com.nhncorp.lucy.security.xss.config.ElementRule;
import com.nhncorp.lucy.security.xss.config.XssSaxConfiguration;
import com.nhncorp.lucy.security.xss.listener.SecurityUtils;
import com.nhncorp.lucy.security.xss.listener.WhiteUrlList;
import com.nhncorp.lucy.security.xss.markup.Attribute;
import com.nhncorp.lucy.security.xss.markup.Comment;
import com.nhncorp.lucy.security.xss.markup.Description;
import com.nhncorp.lucy.security.xss.markup.Element;
import com.nhncorp.lucy.security.xss.markup.IEHackExtensionElement;
import com.nhncorp.lucy.security.xss.markup.MarkupSaxParser;
import com.nhncorp.lucy.security.xss.markup.Text;
import com.nhncorp.lucy.security.xss.markup.rule.CharArraySegment;
import com.nhncorp.lucy.security.xss.markup.rule.Token;
import java.io.IOException;
import java.io.StringWriter;
import java.io.Writer;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/XssSaxFilter.class */
public final class XssSaxFilter implements LucyXssFilter {
    private static final String BAD_TAG_INFO = "<!-- Not Allowed Tag Filtered -->";
    private static final String BAD_ATT_INFO_START = "<!-- Not Allowed Attribute Filtered (";
    private static final String BAD_ATT_INFO_END = ") -->";
    private static final String REMOVE_TAG_INFO_START = "<!-- Removed Tag Filtered (";
    private static final String REMOVE_TAG_INFO_END = ") -->";
    private static final String CONFIG = "lucy-xss-superset-sax.xml";
    private static final String IE_HACK_EXTENSION = "IEHackExtension";
    private boolean withoutComment;
    private String service;
    private String blockingPrefix;
    private boolean blockingPrefixEnabled;
    private boolean filteringTagInCommentEnabled;
    private XssSaxFilter commentFilter;
    private XssSaxConfiguration config;
    private static final Log LOG = LogFactory.getLog(XssSaxFilter.class);
    private static final Map<FilterRepositoryKey, XssSaxFilter> instanceMap = new HashMap();
    private static final Pattern[] PARAMLIST = {Pattern.compile("['\"]?\\s*(?i:invokeURLs)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:autostart)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:allowScriptAccess)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:allowNetworking)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:autoplay)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:enablehref)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:enablejavascript)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:nojava)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:AllowHtmlPopupwindow)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:enableHtmlAccess)\\s*['\"]?")};
    private static final Pattern[] URLNAMES = {Pattern.compile("['\"]?\\s*(?i:url)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:href)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:src)\\s*['\"]?"), Pattern.compile("['\"]?\\s*(?i:movie)\\s*['\"]?")};

    private static boolean containsURLName(String str) {
        for (Pattern pattern : URLNAMES) {
            if (pattern.matcher(str).matches()) {
                return true;
            }
        }
        return false;
    }

    private boolean isWhiteUrl(String str) {
        WhiteUrlList whiteUrlList = WhiteUrlList.getInstance();
        return whiteUrlList != null && whiteUrlList.contains(str);
    }

    private XssSaxFilter(XssSaxConfiguration xssSaxConfiguration) {
        this.config = xssSaxConfiguration;
    }

    public static XssSaxFilter getInstance() throws XssFilterException {
        return getInstance(CONFIG, false);
    }

    public static XssSaxFilter getInstance(boolean z) throws XssFilterException {
        return getInstance(CONFIG, z);
    }

    public static XssSaxFilter getInstance(String str) throws XssFilterException {
        return getInstance(str, false);
    }

    public static XssSaxFilter getInstance(String str, boolean z) throws XssFilterException {
        try {
            synchronized (XssSaxFilter.class) {
                FilterRepositoryKey filterRepositoryKey = new FilterRepositoryKey(str, z);
                XssSaxFilter xssSaxFilter = instanceMap.get(filterRepositoryKey);
                if (xssSaxFilter != null) {
                    return xssSaxFilter;
                }
                XssSaxFilter xssSaxFilter2 = new XssSaxFilter(XssSaxConfiguration.newInstance(str));
                xssSaxFilter2.withoutComment = z;
                xssSaxFilter2.service = xssSaxFilter2.config.getService();
                xssSaxFilter2.blockingPrefixEnabled = xssSaxFilter2.config.isEnableBlockingPrefix();
                xssSaxFilter2.blockingPrefix = xssSaxFilter2.config.getBlockingPrefix();
                xssSaxFilter2.withoutComment = z;
                xssSaxFilter2.filteringTagInCommentEnabled = xssSaxFilter2.config.isFilteringTagInCommentEnabled();
                if (xssSaxFilter2.filteringTagInCommentEnabled && !xssSaxFilter2.config.isNoTagAllowedInComment()) {
                    xssSaxFilter2.commentFilter = getCommentFilterInstance(xssSaxFilter2.config);
                }
                instanceMap.put(filterRepositoryKey, xssSaxFilter2);
                return xssSaxFilter2;
            }
        } catch (Exception e) {
            throw new XssFilterException(e.getMessage());
        }
    }

    public static XssSaxFilter getCommentFilterInstance(XssSaxConfiguration xssSaxConfiguration) {
        XssSaxFilter xssSaxFilter = new XssSaxFilter(xssSaxConfiguration);
        xssSaxFilter.service = xssSaxFilter.config.getService();
        xssSaxFilter.blockingPrefixEnabled = xssSaxFilter.config.isEnableBlockingPrefix();
        xssSaxFilter.blockingPrefix = xssSaxFilter.config.getBlockingPrefix();
        xssSaxFilter.withoutComment = true;
        xssSaxFilter.filteringTagInCommentEnabled = true;
        return xssSaxFilter;
    }

    public XssSaxConfiguration getConfig() {
        return this.config;
    }

    @Override // com.nhncorp.lucy.security.xss.LucyXssFilter
    public String doFilter(String str) {
        StringWriter stringWriter = new StringWriter();
        doFilter(str, stringWriter);
        return stringWriter.toString();
    }

    @Override // com.nhncorp.lucy.security.xss.LucyXssFilter
    public void doFilter(String str, Writer writer) {
        StringWriter stringWriter = new StringWriter();
        if (str == null || str.length() == 0) {
            LOG.debug("target string is empty. doFilter() method end.");
            return;
        }
        try {
            parseAndFilter(str, writer, stringWriter);
        } catch (IOException e) {
            LOG.error(e.getMessage(), e);
        }
    }

    public void doFilter(char[] cArr, int i, int i2, Writer writer) {
        StringWriter stringWriter = new StringWriter();
        if (cArr == null || cArr.length == 0 || i2 == 0) {
            LOG.debug("target string is empty. doFilter() method end.");
            return;
        }
        try {
            parseAndFilter(cArr, i, i2, writer, stringWriter);
        } catch (IOException e) {
            LOG.error(e.getMessage(), e);
        }
    }

    private void parseAndFilter(String str, Writer writer, StringWriter stringWriter) throws IOException {
        if (str == null || str.length() <= 0) {
            return;
        }
        doParseAndFilter(writer, stringWriter, new LinkedList<>(), new LinkedList<>(), new CharArraySegment(str));
    }

    private void parseAndFilter(char[] cArr, int i, int i2, Writer writer, StringWriter stringWriter) throws IOException {
        if (cArr == null || cArr.length <= 0 || i2 <= 0) {
            return;
        }
        doParseAndFilter(writer, stringWriter, new LinkedList<>(), new LinkedList<>(), new CharArraySegment(cArr, i, i2));
    }

    private void doParseAndFilter(Writer writer, StringWriter stringWriter, LinkedList<Element> linkedList, LinkedList<String> linkedList2, CharArraySegment charArraySegment) throws IOException {
        while (true) {
            Token parse = MarkupSaxParser.parse(charArraySegment);
            if (parse == null) {
                return;
            }
            String name = parse.getName();
            if ("description".equals(name)) {
                new Description(parse.getText()).serialize(writer);
            } else if ("comment".equals(name)) {
                String text = parse.getText();
                if (text != null && text.length() != 0) {
                    text = text.substring(4, text.length() - 3);
                }
                new Comment(text).serializeFilteringTagInComment(writer, this.filteringTagInCommentEnabled, this.commentFilter);
            } else if ("iEHExStartTag".endsWith(name)) {
                IEHackExtensionElement iEHackExtensionElement = new IEHackExtensionElement(parse.getText());
                checkIEHackRule(iEHackExtensionElement);
                if (iEHackExtensionElement.isDisabled() && !this.withoutComment) {
                    writer.write(REMOVE_TAG_INFO_START);
                    writer.write(iEHackExtensionElement.getName().replaceAll("<", "&lt;").replaceFirst(">", "&gt;"));
                    writer.write(") -->");
                }
                iEHackExtensionElement.serialize(writer);
            } else if ("startTag".equals(name)) {
                Token child = parse.getChild("tagName");
                if (child != null) {
                    Element element = new Element(child.getText());
                    List<Token> children = parse.getChildren("attribute");
                    if (children != null) {
                        for (Token token : children) {
                            if (token != null) {
                                Token child2 = token.getChild("attName");
                                Token child3 = token.getChild("attValue");
                                if (child2 != null && child3 == null) {
                                    element.putAttribute(new Attribute(child2.getText()));
                                } else if (child2 != null && child3 != null) {
                                    element.putAttribute(new Attribute(child2.getText(), CommonUtils.getQuotePair(child3.getText())));
                                }
                            }
                        }
                    }
                    if (parse.getChild("closeStartEnd") != null) {
                        element.setStartClose(true);
                    }
                    doObjectParamStartTagProcess(linkedList, linkedList2, element);
                    serialize(writer, element, stringWriter);
                }
            } else if ("iEHExEndTag".endsWith(name)) {
                IEHackExtensionElement iEHackExtensionElement2 = new IEHackExtensionElement(parse.getText());
                checkIEHackRule(iEHackExtensionElement2);
                if (!iEHackExtensionElement2.isDisabled()) {
                    String name2 = iEHackExtensionElement2.getName();
                    if (name2 != null) {
                        name2 = name2.replaceFirst("<!--", "<!");
                    }
                    writer.write(name2);
                }
            } else if ("endTag".equals(name)) {
                Token child4 = parse.getChild("tagName");
                if (child4 != null) {
                    String text2 = child4.getText();
                    boolean z = false;
                    if ("object".equalsIgnoreCase(text2) && linkedList.size() > 0) {
                        z = doObjectEndTagProcess(writer, stringWriter, linkedList, linkedList2);
                    }
                    Element element2 = new Element(text2);
                    checkRuleRemove(element2);
                    if (!element2.isRemoved()) {
                        if (z) {
                            element2.setEnabled(false);
                        }
                        if (!element2.isDisabled() || this.blockingPrefixEnabled) {
                            checkRule(element2);
                        }
                        if (!element2.isDisabled()) {
                            writer.write("</");
                            writer.write(element2.getName());
                            writer.write(62);
                        } else if (this.blockingPrefixEnabled) {
                            element2.setName(this.blockingPrefix + element2.getName());
                            element2.setEnabled(true);
                            writer.write("</");
                            writer.write(element2.getName());
                            writer.write(62);
                        } else {
                            writer.write("&lt;/");
                            writer.write(element2.getName());
                            writer.write("&gt;");
                        }
                    }
                }
            } else {
                new Text(parse.getText()).serialize(writer);
            }
        }
    }

    private void doObjectParamStartTagProcess(LinkedList<Element> linkedList, LinkedList<String> linkedList2, Element element) {
        if ("object".equalsIgnoreCase(element.getName())) {
            linkedList.push(element);
            boolean z = false;
            Attribute attribute = element.getAttribute("data");
            if (attribute != null) {
                String value = attribute.getValue();
                z = isWhiteUrl(value);
                if (SecurityUtils.checkVulnerable(element, value, z)) {
                    element.setEnabled(false);
                    return;
                }
            }
            if (z) {
                linkedList2.push("\"all\"");
                return;
            } else {
                linkedList2.push("\"internal\"");
                return;
            }
        }
        if (linkedList.size() <= 0 || !"param".equalsIgnoreCase(element.getName())) {
            return;
        }
        Attribute attribute2 = element.getAttribute("name");
        Attribute attribute3 = element.getAttribute("value");
        if (attribute2 == null || attribute3 == null) {
            return;
        }
        linkedList.push(element);
        if (containsURLName(attribute2.getValue())) {
            linkedList2.pop();
            if (isWhiteUrl(attribute3.getValue())) {
                linkedList2.push("\"all\"");
            } else {
                linkedList2.push("\"internal\"");
            }
        }
    }

    private boolean doObjectEndTagProcess(Writer writer, StringWriter stringWriter, LinkedList<Element> linkedList, LinkedList<String> linkedList2) throws IOException {
        ArrayList arrayList = new ArrayList();
        Element element = null;
        while (linkedList.size() > 0) {
            element = linkedList.pop();
            if ("object".equalsIgnoreCase(element.getName())) {
                break;
            }
            Attribute attribute = element.getAttribute("name");
            if (attribute != null) {
                arrayList.add(attribute.getValue());
            }
        }
        if (element == null || !"object".equalsIgnoreCase(element.getName())) {
            return false;
        }
        if (element != null && element.isDisabled()) {
            return true;
        }
        for (int i = 0; i < PARAMLIST.length; i++) {
            Pattern pattern = PARAMLIST[i];
            boolean z = false;
            Iterator it = arrayList.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (pattern.matcher((String) it.next()).matches()) {
                        z = true;
                    }
                }
            }
            if (!z) {
                switch (i) {
                    case 0:
                        Element element2 = new Element("param");
                        element2.putAttribute("name", "\"invokeURLs\"");
                        element2.putAttribute("value", "\"false\"");
                        serialize(writer, element2, stringWriter);
                        break;
                    case 1:
                        Element element3 = new Element("param");
                        element3.putAttribute("name", "\"autostart\"");
                        element3.putAttribute("value", "\"false\"");
                        serialize(writer, element3, stringWriter);
                        break;
                    case 2:
                        Element element4 = new Element("param");
                        element4.putAttribute("name", "\"allowScriptAccess\"");
                        element4.putAttribute("value", "\"never\"");
                        serialize(writer, element4, stringWriter);
                        break;
                    case 3:
                        Element element5 = new Element("param");
                        element5.putAttribute("name", "\"allowNetworking\"");
                        element5.putAttribute("value", linkedList2.size() == 0 ? "\"internal\"" : linkedList2.pop());
                        serialize(writer, element5, stringWriter);
                        break;
                    case 4:
                        Element element6 = new Element("param");
                        element6.putAttribute("name", "\"autoplay\"");
                        element6.putAttribute("value", "\"false\"");
                        serialize(writer, element6, stringWriter);
                        break;
                    case 5:
                        Element element7 = new Element("param");
                        element7.putAttribute("name", "\"enablehref\"");
                        element7.putAttribute("value", "\"false\"");
                        serialize(writer, element7, stringWriter);
                        break;
                    case 6:
                        Element element8 = new Element("param");
                        element8.putAttribute("name", "\"enablejavascript\"");
                        element8.putAttribute("value", "\"false\"");
                        serialize(writer, element8, stringWriter);
                        break;
                    case 7:
                        Element element9 = new Element("param");
                        element9.putAttribute("name", "\"nojava\"");
                        element9.putAttribute("value", "\"true\"");
                        serialize(writer, element9, stringWriter);
                        break;
                    case 8:
                        Element element10 = new Element("param");
                        element10.putAttribute("name", "\"AllowHtmlPopupwindow\"");
                        element10.putAttribute("value", "\"false\"");
                        serialize(writer, element10, stringWriter);
                        break;
                    case 9:
                        Element element11 = new Element("param");
                        element11.putAttribute("name", "\"enableHtmlAccess\"");
                        element11.putAttribute("value", "\"false\"");
                        serialize(writer, element11, stringWriter);
                        break;
                    default:
                        System.out.println("발생 할 수 없는 로직입니다.");
                        break;
                }
            }
        }
        return false;
    }

    private void serialize(Writer writer, IEHackExtensionElement iEHackExtensionElement, StringWriter stringWriter) throws IOException {
        checkIEHackRule(iEHackExtensionElement);
        if (iEHackExtensionElement.isDisabled()) {
            if (this.withoutComment) {
                return;
            }
            writer.write(REMOVE_TAG_INFO_START);
            writer.write(iEHackExtensionElement.getName().replaceAll("<", "&lt;").replaceFirst(">", "&gt;"));
            writer.write(") -->");
            return;
        }
        String replaceAll = iEHackExtensionElement.getName().replaceAll("-->", ">").replaceFirst("<!--\\s*", "<!--").replaceAll("]\\s*>", "]>");
        int indexOf = replaceAll.indexOf("<!") + 1;
        int lastIndexOf = replaceAll.lastIndexOf(">");
        writer.write(replaceAll.substring(0, indexOf) + StringUtils.replaceEach(replaceAll.substring(indexOf, lastIndexOf), new String[]{"<", ">"}, new String[]{"&lt;", "&gt;"}) + replaceAll.substring(lastIndexOf));
    }

    private void checkIEHackRule(IEHackExtensionElement iEHackExtensionElement) {
        ElementRule elementRule = this.config.getElementRule(IE_HACK_EXTENSION);
        if (elementRule == null) {
            iEHackExtensionElement.setEnabled(false);
        } else {
            elementRule.checkDisabled(iEHackExtensionElement);
            elementRule.excuteListener(iEHackExtensionElement);
        }
    }

    private void serialize(Writer writer, Element element, StringWriter stringWriter) throws IOException {
        boolean z = false;
        checkRuleRemove(element);
        if (element.isRemoved()) {
            if (this.withoutComment) {
                return;
            }
            writer.write(REMOVE_TAG_INFO_START);
            writer.write(element.getName());
            writer.write(") -->");
            return;
        }
        if (!element.isDisabled() || this.blockingPrefixEnabled) {
            checkRule(element);
        }
        if (element.isDisabled()) {
            if (this.blockingPrefixEnabled) {
                element.setName(this.blockingPrefix + element.getName());
                element.setEnabled(true);
            } else {
                if (!this.withoutComment) {
                    writer.write(BAD_TAG_INFO);
                }
                writer.write("&lt;");
                writer.write(element.getName());
            }
        }
        if (!element.isDisabled() && !this.withoutComment && element.existDisabledAttribute()) {
            writer.write(BAD_ATT_INFO_START);
        }
        Collection<Attribute> attributes = element.getAttributes();
        StringWriter stringWriter2 = new StringWriter();
        StringWriter stringWriter3 = new StringWriter();
        if (attributes != null && !attributes.isEmpty()) {
            for (Attribute attribute : attributes) {
                if (element.isDisabled() || !attribute.isDisabled()) {
                    stringWriter2.write(32);
                    attribute.serialize(stringWriter2);
                } else {
                    z = true;
                    if (!this.withoutComment) {
                        stringWriter3.write(32);
                        attribute.serialize(stringWriter3);
                    }
                }
            }
        }
        if (z) {
            String stringWriter4 = stringWriter3.toString();
            if (!this.withoutComment) {
                writer.write(stringWriter4);
                writer.write(") -->");
            }
        }
        if (!element.isDisabled()) {
            writer.write(60);
            writer.write(element.getName());
        }
        writer.write(stringWriter2.toString());
        if (element.isStartClosed()) {
            writer.write(element.isDisabled() ? " /&gt;" : " />");
        } else {
            writer.write(element.isDisabled() ? "&gt;" : ">");
        }
    }

    private void checkRuleRemove(Element element) {
        ElementRule elementRule = this.config.getElementRule(element.getName());
        if (elementRule == null) {
            element.setEnabled(false);
            return;
        }
        elementRule.checkRemoveTag(element);
        if (element.isRemoved()) {
            elementRule.excuteListener(element);
        }
    }

    private void checkRule(Element element) {
        ElementRule elementRule = this.config.getElementRule(element.getName());
        if (elementRule == null) {
            elementRule = new ElementRule(element.getName());
        }
        elementRule.checkDisabled(element);
        Collection<Attribute> attributes = element.getAttributes();
        if (attributes != null && !attributes.isEmpty()) {
            for (Attribute attribute : attributes) {
                if (!attribute.isDisabled()) {
                    AttributeRule attributeRule = this.config.getAttributeRule(attribute.getName());
                    if (attributeRule == null) {
                        attribute.setEnabled(false);
                    } else {
                        if (attributeRule.getExceptionTagList().contains(element.getName().toLowerCase())) {
                            attributeRule.checkDisabled(attribute);
                            attribute.setEnabled(attribute.isDisabled());
                        } else {
                            attributeRule.checkDisabled(attribute);
                        }
                        attributeRule.checkAttributeValue(attribute);
                        attributeRule.executeListener(attribute);
                    }
                }
            }
        }
        elementRule.excuteListener(element);
    }
}
