package com.github.bgalek.security.svg;

import java.io.ByteArrayInputStream;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
import org.owasp.html.HtmlChangeListener;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;

/* loaded from: input_file:com/github/bgalek/security/svg/SvgSecurityValidator.class */
public class SvgSecurityValidator implements XssDetector {
    private static final Pattern JAVASCRIPT_PROTOCOL_IN_CSS_URL;
    private final String[] svgElements;
    private final String[] svgAttributes;
    private final DocumentBuilder xmlParser;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/bgalek/security/svg/SvgSecurityValidator$ListHtmlChangeListener.class */
    public static class ListHtmlChangeListener implements HtmlChangeListener<Set<String>> {
        private ListHtmlChangeListener() {
        }

        public void discardedTag(Set<String> set, String str) {
            ((Set) Objects.requireNonNull(set)).add(str);
        }

        public void discardedAttributes(Set<String> set, String str, String... strArr) {
            ((Set) Objects.requireNonNull(set)).addAll(Arrays.asList(strArr));
        }
    }

    @Deprecated
    public SvgSecurityValidator() {
        this.svgElements = SvgElements.DEFAULT_SVG_ELEMENTS;
        this.svgAttributes = SvgAttributes.DEFAULT_SVG_ATTRIBUTES;
        this.xmlParser = null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SvgSecurityValidator(String[] strArr, String[] strArr2, DocumentBuilder documentBuilder) {
        this.svgElements = strArr;
        this.svgAttributes = strArr2;
        this.xmlParser = documentBuilder;
    }

    public static SvgSecurityValidatorBuilder builder() {
        return new SvgSecurityValidatorBuilder();
    }

    @Override // com.github.bgalek.security.svg.XssDetector
    public ValidationResult validate(String str) {
        if (this.xmlParser != null) {
            validateXMLSchema(str);
        }
        Set<String> offendingElements = getOffendingElements(str);
        return offendingElements.isEmpty() ? new NegativeValidationResult() : new PositiveValidationResult(offendingElements);
    }

    @Override // com.github.bgalek.security.svg.XssDetector
    public ValidationResult validate(byte[] bArr) {
        return validate(new String(bArr, StandardCharsets.UTF_8));
    }

    private void validateXMLSchema(String str) {
        try {
            if (!$assertionsDisabled && this.xmlParser == null) {
                throw new AssertionError();
            }
            this.xmlParser.parse(new ByteArrayInputStream(str.getBytes()));
        } catch (Exception e) {
            throw new InvalidXMLSyntaxException(e);
        }
    }

    private Set<String> getOffendingElements(String str) {
        if (JAVASCRIPT_PROTOCOL_IN_CSS_URL.matcher(str).find()) {
            return Collections.singleton("style");
        }
        PolicyFactory factory = new HtmlPolicyBuilder().allowElements(this.svgElements).allowAttributes(this.svgAttributes).globally().allowUrlProtocols(new String[]{"https"}).toFactory();
        HashSet hashSet = new HashSet();
        factory.sanitize(str, violationsCollector(), hashSet);
        return hashSet;
    }

    private static HtmlChangeListener<Set<String>> violationsCollector() {
        return new ListHtmlChangeListener();
    }

    static {
        $assertionsDisabled = !SvgSecurityValidator.class.desiredAssertionStatus();
        JAVASCRIPT_PROTOCOL_IN_CSS_URL = Pattern.compile("url\\(.?javascript");
    }
}
