package com.nhncorp.lucy.security.xss.config;

import com.nhncorp.lucy.security.xss.event.AttributeListener;
import com.nhncorp.lucy.security.xss.event.ElementListener;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/config/XssSaxConfiguration.class */
public final class XssSaxConfiguration {
    private static final String DEFAULT_CONFIG = "/lucy-xss-default-sax.xml";
    private boolean blockingPrefixEnabled;
    private String service = "UnknownService";
    private String blockingPrefix = "diabled_";
    private boolean filteringTagInCommentEnabled = true;
    private String filteringTagInCommentType = "strict";
    private Map<String, ElementRule> tags = new HashMap();
    private Map<String, AttributeRule> atts = new HashMap();

    private XssSaxConfiguration() {
    }

    public static XssSaxConfiguration newInstance(String str) throws Exception {
        try {
            XssSaxConfiguration create = create(DocumentBuilderFactory.newInstance().newDocumentBuilder(), str);
            if (create == null) {
                throw new Exception(String.format("The XSS configuration file [%s] is not a expected xml document.", str));
            }
            return create;
        } catch (Exception e) {
            throw new Exception(String.format("Cannot parse the XSS configuration file [%s].", str), e);
        }
    }

    private static XssSaxConfiguration create(DocumentBuilder documentBuilder, String str) throws SAXException, IOException {
        XssSaxConfiguration xssSaxConfiguration = null;
        InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
        if (resourceAsStream == null) {
            resourceAsStream = XssSaxConfiguration.class.getResourceAsStream(DEFAULT_CONFIG);
        }
        try {
            Element documentElement = documentBuilder.parse(resourceAsStream).getDocumentElement();
            String attribute = documentElement.getAttribute("extends");
            if (attribute != null && !"".equals(attribute)) {
                xssSaxConfiguration = create(documentBuilder, attribute);
            }
            if (xssSaxConfiguration == null) {
                xssSaxConfiguration = new XssSaxConfiguration();
            }
            NodeList elementsByTagName = documentElement.getElementsByTagName("element");
            for (int i = 0; elementsByTagName.getLength() > 0 && i < elementsByTagName.getLength(); i++) {
                xssSaxConfiguration.addElementRule((Element) Element.class.cast(elementsByTagName.item(i)));
            }
            NodeList elementsByTagName2 = documentElement.getElementsByTagName("attribute");
            for (int i2 = 0; elementsByTagName2.getLength() > 0 && i2 < elementsByTagName2.getLength(); i2++) {
                xssSaxConfiguration.addAttributeRule((Element) Element.class.cast(elementsByTagName2.item(i2)));
            }
            NodeList elementsByTagName3 = documentElement.getElementsByTagName("blockingPrefix");
            for (int i3 = 0; elementsByTagName3.getLength() > 0 && i3 < elementsByTagName3.getLength(); i3++) {
                xssSaxConfiguration.enableBlockingPrefix((Element) Element.class.cast(elementsByTagName3.item(i3)));
            }
            NodeList elementsByTagName4 = documentElement.getElementsByTagName("filteringTagInComment");
            for (int i4 = 0; elementsByTagName4.getLength() > 0 && i4 < elementsByTagName4.getLength(); i4++) {
                xssSaxConfiguration.enableFilteringTagInComment((Element) Element.class.cast(elementsByTagName4.item(i4)));
            }
            return xssSaxConfiguration;
        } finally {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e) {
                }
            }
        }
    }

    private void enableBlockingPrefix(Element element) {
        String attribute = element.getAttribute("enable");
        String attribute2 = element.getAttribute("prefix");
        if (attribute != null && ("true".equalsIgnoreCase(attribute) || "false".equalsIgnoreCase(attribute))) {
            setBlockingPrefixEnabled("true".equalsIgnoreCase(attribute));
        }
        if (attribute2 == null || attribute2.isEmpty()) {
            return;
        }
        setBlockingPrefix(attribute2);
    }

    public ElementRule getElementRule(String str) {
        ElementRule elementRule = null;
        if (str != null && this.tags != null && !this.tags.isEmpty()) {
            elementRule = this.tags.get(str.toLowerCase());
        }
        return elementRule;
    }

    public AttributeRule getAttributeRule(String str) {
        AttributeRule attributeRule = null;
        if (str != null && this.atts != null && !this.atts.isEmpty()) {
            attributeRule = this.atts.get(str.toLowerCase());
        }
        return attributeRule;
    }

    private void addElementRule(Element element) {
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        String attribute2 = element.getAttribute("disable");
        String attribute3 = element.getAttribute("removeTag");
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        ElementRule elementRule = z ? this.tags.get(attribute) : null;
        if (elementRule == null || !z) {
            elementRule = new ElementRule(attribute);
            this.tags.put(attribute.toLowerCase(), elementRule);
        }
        if (attribute3 != null && ("true".equalsIgnoreCase(attribute3) || "false".equalsIgnoreCase(attribute3))) {
            elementRule.setRemoveTag("true".equalsIgnoreCase(attribute3));
        }
        if (attribute2 != null && ("true".equalsIgnoreCase(attribute2) || "false".equalsIgnoreCase(attribute2))) {
            elementRule.setDisabled("true".equalsIgnoreCase(attribute2));
        }
        element.getElementsByTagName("attributes");
        NodeList elementsByTagName = element.getElementsByTagName("listener");
        for (int i = 0; elementsByTagName.getLength() > 0 && i < elementsByTagName.getLength(); i++) {
            String textContent = elementsByTagName.item(i).getTextContent();
            if (textContent != null) {
                try {
                    elementRule.addListener((ElementListener) ElementListener.class.cast(Class.forName(textContent.trim()).newInstance()));
                } catch (Exception e) {
                }
            }
        }
    }

    private void addAttributeRule(Element element) {
        String[] split;
        String attribute = element.getAttribute("name");
        boolean z = !"false".equalsIgnoreCase(element.getAttribute("override"));
        String attribute2 = element.getAttribute("disable");
        String attribute3 = element.getAttribute("base64Decoding");
        String attribute4 = element.getAttribute("exceptionTagList");
        if (attribute == null || "".equals(attribute)) {
            return;
        }
        AttributeRule attributeRule = z ? this.atts.get(attribute) : null;
        if (attributeRule == null || !z) {
            attributeRule = new AttributeRule(attribute);
            this.atts.put(attribute.toLowerCase(), attributeRule);
        }
        if (attribute2 != null && ("true".equalsIgnoreCase(attribute2) || "false".equalsIgnoreCase(attribute2))) {
            attributeRule.setDisabled("true".equalsIgnoreCase(attribute2));
        }
        if (attribute4 != null && attribute4.length() > 0 && (split = attribute4.split(",")) != null) {
            for (int i = 0; i < split.length; i++) {
                if (split[i] != null) {
                    attributeRule.addExceptionTag(split[i].trim());
                }
            }
        }
        if (attribute3 != null && ("true".equalsIgnoreCase(attribute3) || "false".equalsIgnoreCase(attribute3))) {
            attributeRule.setBase64Decoding("true".equalsIgnoreCase(attribute3));
        }
        NodeList elementsByTagName = element.getElementsByTagName("allowedPattern");
        for (int i2 = 0; elementsByTagName.getLength() > 0 && i2 < elementsByTagName.getLength(); i2++) {
            attributeRule.addAllowedPattern(elementsByTagName.item(i2).getTextContent());
        }
        NodeList elementsByTagName2 = element.getElementsByTagName("notAllowedPattern");
        for (int i3 = 0; elementsByTagName2.getLength() > 0 && i3 < elementsByTagName2.getLength(); i3++) {
            attributeRule.addNotAllowedPattern(elementsByTagName2.item(i3).getTextContent());
        }
        NodeList elementsByTagName3 = element.getElementsByTagName("listener");
        for (int i4 = 0; elementsByTagName3.getLength() > 0 && i4 < elementsByTagName3.getLength(); i4++) {
            String textContent = elementsByTagName3.item(i4).getTextContent();
            if (textContent != null) {
                try {
                    attributeRule.addListener((AttributeListener) AttributeListener.class.cast(Class.forName(textContent.trim()).newInstance()));
                } catch (Exception e) {
                }
            }
        }
    }

    public void setService(String str) {
        this.service = str;
    }

    public String getService() {
        return this.service;
    }

    public void setBlockingPrefixEnabled(boolean z) {
        this.blockingPrefixEnabled = z;
    }

    public boolean isEnableBlockingPrefix() {
        return this.blockingPrefixEnabled;
    }

    public void setBlockingPrefix(String str) {
        this.blockingPrefix = str;
    }

    public String getBlockingPrefix() {
        return this.blockingPrefix;
    }

    private void enableFilteringTagInComment(Element element) {
        String attribute = element.getAttribute("enable");
        String attribute2 = element.getAttribute("type");
        if (attribute != null && ("true".equalsIgnoreCase(attribute) || "false".equalsIgnoreCase(attribute))) {
            setFilteringTagInCommentEnabled("true".equalsIgnoreCase(attribute));
        }
        if (attribute2 == null || attribute2.isEmpty()) {
            return;
        }
        setFilteringTagInCommentType(attribute2);
    }

    private void setFilteringTagInCommentType(String str) {
        this.filteringTagInCommentType = str;
    }

    private void setFilteringTagInCommentEnabled(boolean z) {
        this.filteringTagInCommentEnabled = z;
    }

    public boolean isFilteringTagInCommentEnabled() {
        return this.filteringTagInCommentEnabled;
    }

    public boolean isNoTagAllowedInComment() {
        return "strict".endsWith(this.filteringTagInCommentType);
    }
}
