package com.nhncorp.lucy.security.xss.listener;

import com.nhncorp.lucy.security.xss.Constants;
import com.nhncorp.lucy.security.xss.markup.Element;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Date;
import java.util.Properties;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/listener/SecurityUtils.class */
public class SecurityUtils {
    private static final String EXTENSION_PROPERTIES = "xssfilter-extension.properties";
    private static final char[] specialCharArray = "?&=".toCharArray();
    public static final char EXTENSION_SEPARATOR = '.';
    private static final char UNIX_SEPARATOR = '/';
    private static final char WINDOWS_SEPARATOR = '\\';
    private static Properties props;

    public static boolean checkVulnerable(Element element, String str, boolean z) {
        int indexOfAny;
        boolean z2 = false;
        if (!z) {
            String strip = StringUtils.strip(element.getAttributeValue("type").trim(), "'\"");
            if (strip == null || strip.length() == 0) {
                String extension = getExtension(StringUtils.strip(str, "'\""));
                if (StringUtils.containsAny(extension, specialCharArray) && (indexOfAny = StringUtils.indexOfAny(extension, specialCharArray)) != -1) {
                    extension = StringUtils.substring(extension, 0, indexOfAny);
                }
                if (!StringUtils.isEmpty(extension)) {
                    String typeFromExtension = getTypeFromExtension(extension);
                    if (StringUtils.isEmpty(typeFromExtension)) {
                        typeFromExtension = props.getProperty(extension);
                        if (typeFromExtension != null) {
                            typeFromExtension = typeFromExtension.trim();
                        }
                    }
                    if (StringUtils.isEmpty(typeFromExtension)) {
                        z2 = true;
                    } else {
                        element.putAttribute("type", "\"" + typeFromExtension + "\"");
                    }
                }
            } else if (!isAllowedType(strip) && !props.values().contains(strip)) {
                z2 = true;
            }
        }
        return z2;
    }

    public static boolean checkVulnerableWithHttp(Element element, String str, boolean z, ContentTypeCacheRepo contentTypeCacheRepo) {
        int indexOfAny;
        boolean z2 = false;
        if (!z) {
            String strip = StringUtils.strip(element.getAttributeValue("type").trim(), "'\"");
            if (strip == null || "".equals(strip)) {
                String strip2 = StringUtils.strip(str, "'\"");
                String extension = getExtension(strip2);
                if (StringUtils.containsAny(extension, specialCharArray) && (indexOfAny = StringUtils.indexOfAny(extension, specialCharArray)) != -1) {
                    extension = StringUtils.substring(extension, 0, indexOfAny);
                }
                if (StringUtils.isEmpty(extension)) {
                    String contentTypeFromUrlConnection = getContentTypeFromUrlConnection(strip2, contentTypeCacheRepo);
                    if (isAllowedType(contentTypeFromUrlConnection)) {
                        element.putAttribute("type", "\"" + contentTypeFromUrlConnection + "\"");
                    } else {
                        z2 = true;
                    }
                } else {
                    String typeFromExtension = getTypeFromExtension(extension);
                    if (StringUtils.isEmpty(typeFromExtension)) {
                        typeFromExtension = props.getProperty(extension);
                        if (typeFromExtension != null) {
                            typeFromExtension = typeFromExtension.trim();
                        }
                    }
                    if (StringUtils.isEmpty(typeFromExtension)) {
                        z2 = true;
                    } else {
                        element.putAttribute("type", "\"" + typeFromExtension + "\"");
                    }
                }
            } else if (!isAllowedType(strip) && !props.values().contains(strip)) {
                z2 = true;
            }
        }
        return z2;
    }

    public static String getContentTypeFromUrlConnection(String str, ContentTypeCacheRepo contentTypeCacheRepo) {
        String contentTypeFromCache = contentTypeCacheRepo.getContentTypeFromCache(str);
        if (StringUtils.isNotEmpty(contentTypeFromCache)) {
            return contentTypeFromCache;
        }
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URL(str).openConnection();
                httpURLConnection2.setRequestMethod("HEAD");
                httpURLConnection2.setConnectTimeout(1000);
                httpURLConnection2.setReadTimeout(1000);
                httpURLConnection2.connect();
                if (httpURLConnection2.getResponseCode() != 200) {
                    System.err.println("error");
                } else {
                    contentTypeFromCache = httpURLConnection2.getContentType();
                    if (contentTypeFromCache != null) {
                        contentTypeCacheRepo.addContentTypeToCache(str, new ContentType(contentTypeFromCache, new Date()));
                    }
                }
                if (httpURLConnection2 != null) {
                    httpURLConnection2.disconnect();
                }
            } catch (Exception e) {
                e.printStackTrace();
                if (0 != 0) {
                    httpURLConnection.disconnect();
                }
            }
            return contentTypeFromCache;
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    public static String getTypeFromExtension(String str) {
        return Constants.mimeTypes.get(str);
    }

    public static boolean isAllowedType(String str) {
        if (StringUtils.isEmpty(str) || StringUtils.startsWith(str, "text/")) {
            return false;
        }
        return !StringUtils.isNotEmpty(str) || Constants.mimeTypes.values().contains(str);
    }

    public static String getExtension(String str) {
        if (str == null) {
            return null;
        }
        int indexOfExtension = indexOfExtension(str);
        return indexOfExtension == -1 ? "" : str.substring(indexOfExtension + 1);
    }

    public static int indexOfExtension(String str) {
        int lastIndexOf;
        if (str != null && indexOfLastSeparator(str) <= (lastIndexOf = str.lastIndexOf(46))) {
            return lastIndexOf;
        }
        return -1;
    }

    public static int indexOfLastSeparator(String str) {
        if (str == null) {
            return -1;
        }
        return Math.max(str.lastIndexOf(UNIX_SEPARATOR), str.lastIndexOf(WINDOWS_SEPARATOR));
    }

    static {
        try {
            props = new Properties();
            props.load(SecurityUtils.class.getClassLoader().getResourceAsStream(EXTENSION_PROPERTIES));
        } catch (Exception e) {
            System.out.println("xssfilter-extension.properties 파일을 찾지 못했습니다.");
        }
    }
}
