package com.liferay.portal.security.antisamy.internal;

import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.sanitizer.Sanitizer;
import com.liferay.portal.kernel.sanitizer.SanitizerException;
import com.liferay.portal.kernel.util.Validator;
import java.io.InputStream;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;

/* loaded from: input_file:com/liferay/portal/security/antisamy/internal/AntiSamySanitizerImpl.class */
public class AntiSamySanitizerImpl implements Sanitizer {
    private static final Log _log = LogFactoryUtil.getLog(AntiSamySanitizerImpl.class);
    private final Policy _policy;
    private final List<String> _blacklist = new ArrayList();
    private final Map<String, Policy> _policies = new HashMap();
    private final List<String> _whitelist = new ArrayList();

    public AntiSamySanitizerImpl(String[] strArr, URL url, String[] strArr2) {
        try {
            InputStream openStream = url.openStream();
            Throwable th = null;
            try {
                try {
                    this._policy = Policy.getInstance(openStream);
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                    if (strArr != null) {
                        for (String str : strArr) {
                            String trim = str.trim();
                            if (!trim.isEmpty()) {
                                this._blacklist.add(stripTrailingStar(trim));
                            }
                        }
                    }
                    if (strArr2 != null) {
                        for (String str2 : strArr2) {
                            String trim2 = str2.trim();
                            if (!trim2.isEmpty()) {
                                this._whitelist.add(stripTrailingStar(trim2));
                            }
                        }
                    }
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to initialize policy", e);
        }
    }

    public void addPolicy(String str, URL url) {
        try {
            InputStream openStream = url.openStream();
            Throwable th = null;
            try {
                try {
                    this._policies.put(str, Policy.getInstance(openStream));
                    if (openStream != null) {
                        if (0 != 0) {
                            try {
                                openStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            throw new IllegalStateException("Unable to initialize policy", e);
        }
    }

    public void removePolicy(String str) {
        this._policies.remove(str);
    }

    public String sanitize(long j, long j2, long j3, String str, long j4, String str2, String[] strArr, String str3, Map<String, Object> map) throws SanitizerException {
        if (_log.isDebugEnabled()) {
            _log.debug(StringBundler.concat(new Object[]{"Sanitizing ", str, "#", Long.valueOf(j4)}));
        }
        if (Validator.isNull(str3)) {
            return str3;
        }
        if (Validator.isNull(str2) || !str2.equals("text/html")) {
            return str3;
        }
        if (isWhitelisted(str, j4)) {
            return str3;
        }
        AntiSamy antiSamy = new AntiSamy();
        try {
            return isConfigured(str, j4) ? antiSamy.scan(str3, this._policies.get(str), 1).getCleanHTML() : antiSamy.scan(str3, this._policy).getCleanHTML();
        } catch (Exception e) {
            _log.error("Unable to sanitize input", e);
            throw new SanitizerException(e);
        }
    }

    protected boolean isConfigured(String str, long j) {
        String str2 = str + "#" + j;
        Iterator<String> it = this._policies.keySet().iterator();
        while (it.hasNext()) {
            if (str2.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    protected boolean isWhitelisted(String str, long j) {
        String str2 = str + "#" + j;
        for (String str3 : this._blacklist) {
            if (str3.equals("*") || str2.startsWith(str3)) {
                return false;
            }
        }
        for (String str4 : this._whitelist) {
            if (str4.equals("*") || str2.startsWith(str4)) {
                return true;
            }
        }
        return false;
    }

    protected String stripTrailingStar(String str) {
        if (!str.equals("*") && str.charAt(str.length() - 1) == '*') {
            return str.substring(0, str.length() - 1);
        }
        return str;
    }
}
