package org.owasp.validator.css;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.net.URI;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.ResourceBundle;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.batik.constants.XMLConstants;
import org.apache.batik.css.parser.ParseException;
import org.apache.batik.css.parser.Parser;
import org.apache.hc.client5.http.ClientProtocolException;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.config.RequestConfig;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpEntity;
import org.apache.hc.core5.http.io.HttpClientResponseHandler;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.util.Timeout;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.InternalPolicy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.ScanException;
import org.owasp.validator.html.util.ErrorMessageUtil;
import org.owasp.validator.html.util.HTMLEntityEncoder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.css.sac.InputSource;
import org.w3c.dom.DocumentFragment;

/* loaded from: input_file:lib/antisamy-1.7.4.jar:org/owasp/validator/css/CssScanner.class */
public class CssScanner {
    private final Parser parser;
    private final InternalPolicy policy;
    private final ResourceBundle messages;
    private final boolean shouldParseImportedStyles;
    protected static final Logger logger = LoggerFactory.getLogger(CssScanner.class);
    protected static final Timeout DEFAULT_TIMEOUT = Timeout.ofMilliseconds(1000L);
    private static final String CDATA = "^\\s*<!\\[CDATA\\[(.*)\\]\\]>\\s*$";
    private static final Pattern cdataMatchPattern = Pattern.compile(CDATA, 32);

    public CssScanner(InternalPolicy internalPolicy, ResourceBundle resourceBundle) {
        this(internalPolicy, resourceBundle, false);
    }

    @Deprecated
    public CssScanner(InternalPolicy internalPolicy, ResourceBundle resourceBundle, boolean z) {
        this.parser = new CssParser();
        this.policy = internalPolicy;
        this.messages = resourceBundle;
        this.shouldParseImportedStyles = z;
        if (z) {
            logger.warn("Allowing CSS imports from external URLs is a dangerous practice. It is recommended you disable this feature. Support for this feature in AntiSamy is deprecated and will be removed in a future release.");
        }
    }

    public CleanResults scanStyleSheet(String str, int i) throws ScanException {
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList arrayList = new ArrayList();
        Matcher matcher = cdataMatchPattern.matcher(str);
        boolean matches = matcher.matches();
        if (matches) {
            str = matcher.group(1);
        }
        CssHandler cssHandler = new CssHandler(this.policy, arrayList, this.messages);
        this.parser.setDocumentHandler(cssHandler);
        try {
            this.parser.parseStyleSheet(new InputSource(new StringReader(str)));
            String cleanStylesheetWithImports = getCleanStylesheetWithImports(i, arrayList, cssHandler);
            if (matches) {
                cleanStylesheetWithImports = "<![CDATA[" + cleanStylesheetWithImports + XMLConstants.XML_CDATA_END;
            }
            return new CleanResults(currentTimeMillis, cleanStylesheetWithImports, (DocumentFragment) null, arrayList);
        } catch (IOException | ParseException e) {
            throw new ScanException(e);
        }
    }

    public CleanResults scanInlineStyle(String str, String str2, int i) throws ScanException {
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList arrayList = new ArrayList();
        CssHandler cssHandler = new CssHandler(this.policy, arrayList, this.messages, str2);
        this.parser.setDocumentHandler(cssHandler);
        try {
            this.parser.parseStyleDeclaration(str);
            return new CleanResults(currentTimeMillis, getCleanStylesheetWithImports(i, arrayList, cssHandler), (DocumentFragment) null, arrayList);
        } catch (IOException e) {
            throw new ScanException(e);
        }
    }

    private String getCleanStylesheetWithImports(int i, List<String> list, CssHandler cssHandler) throws ScanException {
        String cleanStylesheet = cssHandler.getCleanStylesheet();
        if (this.shouldParseImportedStyles) {
            cssHandler.emptyStyleSheet();
            parseImportedStylesheets(cssHandler.getImportedStylesheetsURIList(), list, i);
            cleanStylesheet = cssHandler.getCleanStylesheet() + cleanStylesheet;
        }
        return cleanStylesheet;
    }

    @Deprecated
    private void parseImportedStylesheets(LinkedList<URI> linkedList, List<String> list, int i) throws ScanException {
        if (linkedList.isEmpty()) {
            return;
        }
        int i2 = 0;
        Timeout timeout = DEFAULT_TIMEOUT;
        try {
            timeout = Timeout.ofMilliseconds(Long.parseLong(this.policy.getDirective(Policy.CONNECTION_TIMEOUT)));
        } catch (NumberFormatException e) {
        }
        CloseableHttpClient build = HttpClientBuilder.create().disableAutomaticRetries().disableConnectionState().disableCookieManagement().setDefaultRequestConfig(RequestConfig.custom().setConnectTimeout(timeout).setResponseTimeout(timeout).setConnectionRequestTimeout(timeout).build()).build();
        int i3 = 1;
        try {
            i3 = Integer.parseInt(this.policy.getDirective(Policy.MAX_STYLESHEET_IMPORTS));
        } catch (NumberFormatException e2) {
        }
        while (!linkedList.isEmpty()) {
            URI removeFirst = linkedList.removeFirst();
            i2++;
            if (i2 > i3) {
                list.add(ErrorMessageUtil.getMessage(this.messages, ErrorMessageUtil.ERROR_CSS_IMPORT_EXCEEDED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(removeFirst.toString()), String.valueOf(i3)}));
            } else {
                byte[] bArr = null;
                try {
                    bArr = ((String) build.execute(new HttpGet(removeFirst), new HttpClientResponseHandler<String>() { // from class: org.owasp.validator.css.CssScanner.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // org.apache.hc.core5.http.io.HttpClientResponseHandler
                        public String handleResponse(ClassicHttpResponse classicHttpResponse) throws IOException {
                            int code = classicHttpResponse.getCode();
                            if (code < 200 || code >= 300) {
                                throw new ClientProtocolException("Unexpected response status: " + code);
                            }
                            HttpEntity entity = classicHttpResponse.getEntity();
                            if (entity == null) {
                                return null;
                            }
                            try {
                                return EntityUtils.toString(entity);
                            } catch (ParseException | org.apache.hc.core5.http.ParseException e3) {
                                throw new ClientProtocolException(e3);
                            }
                        }
                    })).getBytes();
                    if (bArr != null && bArr.length > i) {
                        list.add(ErrorMessageUtil.getMessage(this.messages, ErrorMessageUtil.ERROR_CSS_IMPORT_INPUT_SIZE, new Object[]{HTMLEntityEncoder.htmlEntityEncode(removeFirst.toString()), String.valueOf(this.policy.getMaxInputSize())}));
                        bArr = null;
                    }
                } catch (IOException e3) {
                    list.add(ErrorMessageUtil.getMessage(this.messages, ErrorMessageUtil.ERROR_CSS_IMPORT_FAILURE, new Object[]{HTMLEntityEncoder.htmlEntityEncode(removeFirst.toString())}));
                }
                if (bArr != null) {
                    i -= bArr.length;
                    try {
                        this.parser.parseStyleSheet(new InputSource(new InputStreamReader(new ByteArrayInputStream(bArr), Charset.forName("UTF8"))));
                    } catch (IOException e4) {
                        throw new ScanException(e4);
                    }
                } else {
                    continue;
                }
            }
        }
    }
}
