package net.sourceforge.plantuml.security;

import java.awt.Image;
import java.awt.image.BufferedImage;
import java.awt.image.ImageObserver;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.OutputStream;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
import javax.swing.ImageIcon;
import net.sourceforge.plantuml.StringUtils;
import net.sourceforge.plantuml.json.Json;
import net.sourceforge.plantuml.json.JsonValue;
import net.sourceforge.plantuml.log.Logme;
import net.sourceforge.plantuml.security.authentication.SecurityAccessInterceptor;
import net.sourceforge.plantuml.security.authentication.SecurityAuthentication;
import net.sourceforge.plantuml.security.authentication.SecurityAuthorizeManager;
import net.sourceforge.plantuml.security.authentication.SecurityCredentials;
import net.sourceforge.plantuml.security.authentication.SecurityDefaultNoopAccessInterceptor;
import net.sourceforge.plantuml.security.authentication.SecurityDefaultNoopAuthorizeManager;
import net.sourceforge.plantuml.security.authentication.basicauth.BasicAuthAccessInterceptor;
import net.sourceforge.plantuml.security.authentication.basicauth.BasicAuthAuthorizeManager;
import net.sourceforge.plantuml.security.authentication.oauth.OAuth2AccessInterceptor;
import net.sourceforge.plantuml.security.authentication.oauth.OAuth2ClientAccessAuthorizeManager;
import net.sourceforge.plantuml.security.authentication.oauth.OAuth2ResourceOwnerAccessAuthorizeManager;
import net.sourceforge.plantuml.security.authentication.token.TokenAuthAccessInterceptor;
import net.sourceforge.plantuml.security.authentication.token.TokenAuthAuthorizeManager;
import net.sourceforge.plantuml.utils.Log;

/* loaded from: input_file:net/sourceforge/plantuml/security/SecurityUtils.class */
public class SecurityUtils {
    public static final String NO_CREDENTIALS = "<none>";
    public static final String PATHS_CLASSES = "java.class.path";
    public static final String PATHS_INCLUDES = "plantuml.include.path";
    public static final String ALLOWLIST_LOCAL_PATHS = "plantuml.allowlist.path";
    public static final String ALLOWLIST_URL = "plantuml.allowlist.url";
    public static final String PATHS_SECURITY = "plantuml.security.credentials.path";
    public static final String SECURITY_ALLOW_NONSSL_AUTH = "plantuml.security.allowNonSSLAuth";
    private static final SecurityAuthorizeManager PUBLIC_AUTH_MANAGER = new SecurityDefaultNoopAuthorizeManager();
    private static final SecurityAccessInterceptor PUBLIC_ACCESS_INTERCEPTOR = new SecurityDefaultNoopAccessInterceptor();
    private static final SecurityAuthorizeManager TOKEN_AUTH_MANAGER = new TokenAuthAuthorizeManager();
    private static final SecurityAccessInterceptor TOKEN_ACCESS_INTERCEPTOR = new TokenAuthAccessInterceptor();
    private static final SecurityAuthorizeManager BASICAUTH_AUTH_MANAGER = new BasicAuthAuthorizeManager();
    private static final SecurityAccessInterceptor BASICAUTH_ACCESS_INTERCEPTOR = new BasicAuthAccessInterceptor();
    private static final SecurityAuthorizeManager OAUTH2_CLIENT_AUTH_MANAGER = new OAuth2ClientAccessAuthorizeManager();
    private static final SecurityAuthorizeManager OAUTH2_RESOURCEOWNER_AUTH_MANAGER = new OAuth2ResourceOwnerAccessAuthorizeManager();
    private static final SecurityAccessInterceptor OAUTH2_ACCESS_INTERCEPTOR = new OAuth2AccessInterceptor();
    private static final Pattern SECURE_CHARS = Pattern.compile("^[a-zA-Z0-9\\-]+$");
    private static SecurityProfile current = null;

    public static synchronized SecurityProfile getSecurityProfile() {
        if (current == null) {
            current = SecurityProfile.init();
        }
        return current;
    }

    public static boolean ignoreThisLink(String str) {
        return !allowJavascriptInLink() && isJavascriptLink(str);
    }

    private static boolean isJavascriptLink(String str) {
        return str.toLowerCase().replaceAll("[^a-z]", "").startsWith("javascript");
    }

    private static boolean allowJavascriptInLink() {
        return "true".equalsIgnoreCase(getenv("PLANTUML_ALLOW_JAVASCRIPT_IN_LINK"));
    }

    public static String getenv(String str) {
        String property = System.getProperty(str);
        return StringUtils.isNotEmpty(property) ? property : System.getenv(str);
    }

    public static boolean isSecurityEnv(String str) {
        return str != null && str.toLowerCase().startsWith("plantuml.security.");
    }

    public static boolean isNonSSLAuthenticationAllowed() {
        return Boolean.parseBoolean(getenv(SECURITY_ALLOW_NONSSL_AUTH));
    }

    public static List<SFile> getPath(String str) {
        ArrayList arrayList = new ArrayList();
        String str2 = getenv(str);
        if (str2 == null) {
            return Collections.unmodifiableList(arrayList);
        }
        StringTokenizer stringTokenizer = new StringTokenizer(StringUtils.eventuallyRemoveStartingAndEndingDoubleQuote(str2), System.getProperty("path.separator"));
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            try {
                SFile canonicalFile = new SFile(nextToken).getCanonicalFile();
                if (canonicalFile.isDirectory()) {
                    arrayList.add(canonicalFile);
                }
            } catch (IOException e) {
                Log.info("Cannot access to " + nextToken + ". " + e);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    public static boolean allowSvgText() {
        return true;
    }

    public static PrintWriter createPrintWriter(OutputStream outputStream) {
        return new PrintWriter(outputStream);
    }

    public static PrintWriter createPrintWriter(OutputStream outputStream, boolean z) {
        return new PrintWriter(outputStream, z);
    }

    public static PrintStream createPrintStream(OutputStream outputStream) {
        return new PrintStream(outputStream);
    }

    public static PrintStream createPrintStream(OutputStream outputStream, boolean z, String str) throws UnsupportedEncodingException {
        return new PrintStream(outputStream, z, str);
    }

    public static PrintStream createPrintStream(OutputStream outputStream, boolean z, Charset charset) throws UnsupportedEncodingException {
        return new PrintStream(outputStream, z, charset.name());
    }

    public static synchronized BufferedImage readRasterImage(ImageIcon imageIcon) {
        Image image = imageIcon.getImage();
        if (imageIcon.getIconWidth() == -1) {
            return null;
        }
        BufferedImage bufferedImage = new BufferedImage(imageIcon.getIconWidth(), imageIcon.getIconHeight(), 2);
        bufferedImage.getGraphics().drawImage(image, 0, 0, (ImageObserver) null);
        image.flush();
        return bufferedImage;
    }

    public static FileReader createFileReader(String str) throws FileNotFoundException {
        return new FileReader(str);
    }

    public static PrintWriter createPrintWriter(String str) throws FileNotFoundException {
        return new PrintWriter(str);
    }

    public static FileOutputStream createFileOutputStream(String str) throws FileNotFoundException {
        return new FileOutputStream(str);
    }

    public static SecurityAuthorizeManager getAuthenticationManager(SecurityCredentials securityCredentials) {
        if (securityCredentials == SecurityCredentials.NONE) {
            return PUBLIC_AUTH_MANAGER;
        }
        if ("tokenauth".equalsIgnoreCase(securityCredentials.getType())) {
            return TOKEN_AUTH_MANAGER;
        }
        if ("basicauth".equalsIgnoreCase(securityCredentials.getType())) {
            return BASICAUTH_AUTH_MANAGER;
        }
        if ("oauth2".equalsIgnoreCase(securityCredentials.getType())) {
            String propertyStr = securityCredentials.getPropertyStr("grantType");
            if ("client_credentials".equalsIgnoreCase(propertyStr)) {
                return OAUTH2_CLIENT_AUTH_MANAGER;
            }
            if ("password".equalsIgnoreCase(propertyStr)) {
                return OAUTH2_RESOURCEOWNER_AUTH_MANAGER;
            }
        }
        return PUBLIC_AUTH_MANAGER;
    }

    public static SecurityAccessInterceptor getAccessInterceptor(SecurityAuthentication securityAuthentication) {
        if (securityAuthentication != null) {
            String type = securityAuthentication.getType();
            if ("public".equals(type)) {
                return PUBLIC_ACCESS_INTERCEPTOR;
            }
            if ("tokenauth".equalsIgnoreCase(type)) {
                return TOKEN_ACCESS_INTERCEPTOR;
            }
            if ("basicauth".equalsIgnoreCase(type)) {
                return BASICAUTH_ACCESS_INTERCEPTOR;
            }
            if ("oauth2".equalsIgnoreCase(type)) {
                return OAUTH2_ACCESS_INTERCEPTOR;
            }
        }
        return PUBLIC_ACCESS_INTERCEPTOR;
    }

    public static boolean existsSecurityCredentials(String str) {
        SFile securityPath = getSecurityPath();
        if (securityPath == null) {
            return false;
        }
        File file = new File(securityPath.conv(), str + ".credential");
        return file.exists() && file.canRead() && !file.isDirectory() && file.length() > 2;
    }

    public static SecurityCredentials loadSecurityCredentials(String str) {
        SFile securityPath;
        return (str == null || !checkFileSystemSaveCharactersStrict(str) || "<none>".equals(str) || (securityPath = getSecurityPath()) == null) ? SecurityCredentials.NONE : SecurityCredentials.fromJson(loadJson(new File(securityPath.conv(), str + ".credential")));
    }

    private static boolean checkFileSystemSaveCharactersStrict(String str) {
        return StringUtils.isNotEmpty(str) && SECURE_CHARS.matcher(str).matches() && str.length() <= 64;
    }

    public static SFile getSecurityPath() {
        List<SFile> path = getPath(PATHS_SECURITY);
        if (path.isEmpty()) {
            return null;
        }
        SFile sFile = path.get(0);
        File conv = sFile.conv();
        if (conv.exists() && conv.isDirectory()) {
            return sFile;
        }
        return null;
    }

    private static JsonValue loadJson(File file) {
        if (file.exists() && file.canRead() && file.length() > 2) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
                try {
                    JsonValue parse = Json.parse(bufferedReader);
                    bufferedReader.close();
                    return parse;
                } finally {
                }
            } catch (IOException e) {
                Logme.error(e);
            }
        }
        return Json.object();
    }
}
