package org.apache.sling.xss.impl;

import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.api.resource.observation.ExternalResourceChangeListener;
import org.apache.sling.api.resource.observation.ResourceChange;
import org.apache.sling.api.resource.observation.ResourceChangeListener;
import org.apache.sling.serviceusermapping.ServiceUserMapped;
import org.apache.sling.xss.ProtectionContext;
import org.apache.sling.xss.XSSFilter;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.owasp.validator.html.model.Attribute;
import org.owasp.validator.html.model.Tag;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {ResourceChangeListener.class, XSSFilter.class}, property = {"service.vendor=The Apache Software Foundation", "resource.change.types=ADDED", "resource.change.types=CHANGED", "resource.change.types=REMOVED", "resource.paths=sling/xss/config.xml"})
/* loaded from: input_file:resources/install/0/org.apache.sling.xss-2.0.4.jar:org/apache/sling/xss/impl/XSSFilterImpl.class */
public class XSSFilterImpl implements XSSFilter, ResourceChangeListener, ExternalResourceChangeListener {
    static final Attribute DEFAULT_HREF_ATTRIBUTE = new Attribute("href", Arrays.asList(Pattern.compile("([\\p{L}\\p{M}*+\\p{N}\\\\\\.\\#@\\$%\\+&;\\-_~,\\?=/!\\*\\(\\)]*|\\#(\\w)+)"), Pattern.compile("(\\s)*((ht|f)tp(s?)://|mailto:)[\\p{L}\\p{M}*+\\p{N}]+[\\p{L}\\p{M}*+\\p{N}\\p{Zs}\\.\\#@\\$%\\+&;:\\-_~,\\?=/!\\*\\(\\)]*(\\s)*")), Collections.emptyList(), "removeAttribute", "");
    static final String DEFAULT_POLICY_PATH = "sling/xss/config.xml";
    private static final String EMBEDDED_POLICY_PATH = "SLING-INF/content/config.xml";
    private static final int DEFAULT_POLICY_CACHE_SIZE = 128;
    private PolicyHandler defaultHandler;
    private Attribute hrefAttribute;

    @Reference
    private ResourceResolverFactory resourceResolverFactory;

    @Reference
    private ServiceUserMapped serviceUserMapped;
    private final Logger logger = LoggerFactory.getLogger((Class<?>) XSSFilterImpl.class);
    private final XSSFilterRule htmlHtmlContext = new HtmlToHtmlContentContext();
    private final XSSFilterRule plainHtmlContext = new PlainTextToHtmlContentContext();
    private final Map<String, PolicyHandler> policies = new ConcurrentHashMap();

    @Override // org.apache.sling.api.resource.observation.ResourceChangeListener
    public void onChange(@Nonnull List<ResourceChange> list) {
        for (ResourceChange resourceChange : list) {
            if (resourceChange.getPath().endsWith(DEFAULT_POLICY_PATH)) {
                this.logger.info("Detected policy file change ({}) at {}. Updating default handler.", resourceChange.getType().name(), resourceChange.getPath());
                updateDefaultHandler();
            }
        }
    }

    @Override // org.apache.sling.xss.XSSFilter
    public boolean check(ProtectionContext protectionContext, String str) {
        return check(protectionContext, str, null);
    }

    @Override // org.apache.sling.xss.XSSFilter
    public String filter(String str) {
        return filter(XSSFilter.DEFAULT_CONTEXT, str);
    }

    @Override // org.apache.sling.xss.XSSFilter
    public String filter(ProtectionContext protectionContext, String str) {
        return filter(protectionContext, str, null);
    }

    @Override // org.apache.sling.xss.XSSFilter
    public boolean isValidHref(String str) {
        if (StringUtils.isEmpty(str)) {
            return true;
        }
        try {
            String decode = URLDecoder.decode(str, StandardCharsets.UTF_8.name());
            String unescapeXml = StringEscapeUtils.unescapeXml(decode);
            return (unescapeXml.equals(str) || unescapeXml.equals(decode)) ? runHrefValidation(str) : runHrefValidation(unescapeXml);
        } catch (UnsupportedEncodingException e) {
            this.logger.error("Unable to decode url: {}.", str);
            return false;
        }
    }

    private boolean runHrefValidation(@Nonnull String str) {
        boolean containsAllowedValue = this.hrefAttribute.containsAllowedValue(str.toLowerCase());
        if (!containsAllowedValue) {
            containsAllowedValue = this.hrefAttribute.matchesAllowedExpression(str);
        }
        return containsAllowedValue;
    }

    @Activate
    protected void activate() {
        updateDefaultHandler();
    }

    /* JADX WARN: Code restructure failed: missing block: B:6:0x0028, code lost:
    
        if (r0 == null) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean check(org.apache.sling.xss.ProtectionContext r5, java.lang.String r6, java.lang.String r7) {
        /*
            r4 = this;
            r0 = r4
            r1 = r5
            org.apache.sling.xss.impl.XSSFilterRule r0 = r0.getFilterRule(r1)
            r8 = r0
            r0 = 0
            r9 = r0
            r0 = r8
            boolean r0 = r0.supportsPolicy()
            if (r0 == 0) goto L31
            r0 = r7
            if (r0 == 0) goto L2b
            r0 = r4
            java.util.Map<java.lang.String, org.apache.sling.xss.impl.PolicyHandler> r0 = r0.policies
            r1 = r7
            java.lang.Object r0 = r0.get(r1)
            org.apache.sling.xss.impl.PolicyHandler r0 = (org.apache.sling.xss.impl.PolicyHandler) r0
            r1 = r0
            r9 = r1
            if (r0 != 0) goto L31
        L2b:
            r0 = r4
            org.apache.sling.xss.impl.PolicyHandler r0 = r0.defaultHandler
            r9 = r0
        L31:
            r0 = r8
            r1 = r9
            r2 = r6
            boolean r0 = r0.check(r1, r2)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sling.xss.impl.XSSFilterImpl.check(org.apache.sling.xss.ProtectionContext, java.lang.String, java.lang.String):boolean");
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x002f, code lost:
    
        if (r0 == null) goto L12;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String filter(org.apache.sling.xss.ProtectionContext r5, java.lang.String r6, java.lang.String r7) {
        /*
            r4 = this;
            r0 = r6
            if (r0 != 0) goto L7
            java.lang.String r0 = ""
            return r0
        L7:
            r0 = r4
            r1 = r5
            org.apache.sling.xss.impl.XSSFilterRule r0 = r0.getFilterRule(r1)
            r8 = r0
            r0 = 0
            r9 = r0
            r0 = r8
            boolean r0 = r0.supportsPolicy()
            if (r0 == 0) goto L38
            r0 = r7
            if (r0 == 0) goto L32
            r0 = r4
            java.util.Map<java.lang.String, org.apache.sling.xss.impl.PolicyHandler> r0 = r0.policies
            r1 = r7
            java.lang.Object r0 = r0.get(r1)
            org.apache.sling.xss.impl.PolicyHandler r0 = (org.apache.sling.xss.impl.PolicyHandler) r0
            r1 = r0
            r9 = r1
            if (r0 != 0) goto L38
        L32:
            r0 = r4
            org.apache.sling.xss.impl.PolicyHandler r0 = r0.defaultHandler
            r9 = r0
        L38:
            r0 = r8
            r1 = r9
            r2 = r6
            java.lang.String r0 = r0.filter(r1, r2)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.sling.xss.impl.XSSFilterImpl.filter(org.apache.sling.xss.ProtectionContext, java.lang.String, java.lang.String):java.lang.String");
    }

    public void setDefaultPolicy(InputStream inputStream) throws Exception {
        setDefaultHandler(new PolicyHandler(inputStream));
    }

    public void resetDefaultPolicy() {
        updateDefaultHandler();
    }

    public void loadPolicy(String str, InputStream inputStream) throws Exception {
        if (this.policies.size() < 128) {
            this.policies.put(str, new PolicyHandler(inputStream));
        }
    }

    public void unloadPolicy(String str) {
        this.policies.remove(str);
    }

    public boolean hasPolicy(String str) {
        return this.policies.containsKey(str);
    }

    /* JADX WARN: Finally extract failed */
    private synchronized void updateDefaultHandler() {
        ResourceResolver serviceResourceResolver;
        Throwable th;
        this.defaultHandler = null;
        try {
            serviceResourceResolver = this.resourceResolverFactory.getServiceResourceResolver(null);
            th = null;
        } catch (LoginException e) {
            this.logger.error("Unable to load the default policy file.", (Throwable) e);
        }
        try {
            Resource resource = serviceResourceResolver.getResource(DEFAULT_POLICY_PATH);
            if (resource != null) {
                try {
                    InputStream inputStream = (InputStream) resource.adaptTo(InputStream.class);
                    Throwable th2 = null;
                    try {
                        try {
                            setDefaultHandler(new PolicyHandler(inputStream));
                            this.logger.info("Installed default policy from {}.", resource.getPath());
                            if (inputStream != null) {
                                if (0 != 0) {
                                    try {
                                        inputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    inputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Throwable th4) {
                        if (inputStream != null) {
                            if (th2 != null) {
                                try {
                                    inputStream.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                inputStream.close();
                            }
                        }
                        throw th4;
                    }
                } catch (Exception e2) {
                    Throwable[] suppressed = e2.getSuppressed();
                    if (suppressed.length > 0) {
                        for (Throwable th6 : suppressed) {
                            this.logger.error("Unable to load policy from " + resource.getPath(), th6);
                        }
                    }
                    this.logger.error("Unable to load policy from " + resource.getPath(), (Throwable) e2);
                }
            }
            if (serviceResourceResolver != null) {
                if (0 != 0) {
                    try {
                        serviceResourceResolver.close();
                    } catch (Throwable th7) {
                        th.addSuppressed(th7);
                    }
                } else {
                    serviceResourceResolver.close();
                }
            }
            if (this.defaultHandler == null) {
                this.logger.info("Could not find a policy file at the default location {}. Attempting to use the default resource embedded in the bundle.", DEFAULT_POLICY_PATH);
                try {
                    InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(EMBEDDED_POLICY_PATH);
                    Throwable th8 = null;
                    try {
                        setDefaultHandler(new PolicyHandler(resourceAsStream));
                        this.logger.info("Installed default policy from the embedded {} file from the bundle.", EMBEDDED_POLICY_PATH);
                        if (resourceAsStream != null) {
                            if (0 != 0) {
                                try {
                                    resourceAsStream.close();
                                } catch (Throwable th9) {
                                    th8.addSuppressed(th9);
                                }
                            } else {
                                resourceAsStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Exception e3) {
                    Throwable[] suppressed2 = e3.getSuppressed();
                    if (suppressed2.length > 0) {
                        for (Throwable th10 : suppressed2) {
                            this.logger.error("Unable to load policy from embedded policy file.", th10);
                        }
                    }
                    this.logger.error("Unable to load policy from embedded policy file.", (Throwable) e3);
                }
            }
            if (this.defaultHandler == null) {
                throw new IllegalStateException("Cannot load a default policy handler.");
            }
        } catch (Throwable th11) {
            if (serviceResourceResolver != null) {
                if (0 != 0) {
                    try {
                        serviceResourceResolver.close();
                    } catch (Throwable th12) {
                        th.addSuppressed(th12);
                    }
                } else {
                    serviceResourceResolver.close();
                }
            }
            throw th11;
        }
    }

    private XSSFilterRule getFilterRule(ProtectionContext protectionContext) {
        if (protectionContext == null) {
            throw new NullPointerException("context");
        }
        return protectionContext == ProtectionContext.HTML_HTML_CONTENT ? this.htmlHtmlContext : this.plainHtmlContext;
    }

    private void setDefaultHandler(PolicyHandler policyHandler) {
        Tag tagByLowercaseName = policyHandler.getPolicy().getTagByLowercaseName("a");
        Attribute attributeByName = tagByLowercaseName != null ? tagByLowercaseName.getAttributeByName("href") : null;
        if (attributeByName == null) {
            attributeByName = DEFAULT_HREF_ATTRIBUTE;
        }
        this.defaultHandler = policyHandler;
        this.hrefAttribute = attributeByName;
    }
}
