package org.openxma.dsl.platform.security;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/dsl-platform-jsf-6.0.2.jar:org/openxma/dsl/platform/security/XSSProtectionFilter.class */
public class XSSProtectionFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(XSSProtectionFilter.class);
    private static final String POLICY_FILE_NAME = "antisamy-policy-file-name";
    private static final String DEFAULT_POLICY_FILE_NAME = "antisamy-basic.xml";
    private AntiSamy antiSamy;

    /* loaded from: input_file:WEB-INF/lib/dsl-platform-jsf-6.0.2.jar:org/openxma/dsl/platform/security/XSSProtectionFilter$CleanServletRequest.class */
    private static class CleanServletRequest extends HttpServletRequestWrapper {
        private final AntiSamy antiSamy;

        private CleanServletRequest(HttpServletRequest httpServletRequest, AntiSamy antiSamy) {
            super(httpServletRequest);
            this.antiSamy = antiSamy;
        }

        public String[] getParameterValues(String str) {
            String[] parameterValues = super.getParameterValues(str);
            if (parameterValues == null) {
                return null;
            }
            ArrayList arrayList = new ArrayList(parameterValues.length);
            for (String str2 : parameterValues) {
                arrayList.add(filterString(str2));
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        }

        public Map getParameterMap() {
            Map parameterMap = super.getParameterMap();
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap(parameterMap.size());
            for (String str : parameterMap.keySet()) {
                concurrentHashMap.put(str, getParameterValues(str));
            }
            return Collections.unmodifiableMap(concurrentHashMap);
        }

        public String getParameter(String str) {
            return filterString(super.getParameter(str));
        }

        private String filterString(String str) {
            if (str == null || "".equals(str)) {
                return str;
            }
            try {
                CleanResults scan = this.antiSamy.scan(str);
                if (scan.getNumberOfErrors() > 0) {
                    XSSProtectionFilter.LOG.warn("antisamy encountered problem with input: " + scan.getErrorMessages());
                }
                return scan.getCleanHTML();
            } catch (Exception e) {
                throw new IllegalStateException(e.getMessage(), e);
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter(POLICY_FILE_NAME);
        if (initParameter == null || "".equals(initParameter)) {
            LOG.warn("Parameter antisamy-policy-file-name is not specified in the XSSProtectionFilter, using antisamy-basic.xml as the policy file.");
            initParameter = DEFAULT_POLICY_FILE_NAME;
        }
        try {
            InputStream resourceAsStream = getClassLoader().getResourceAsStream(initParameter);
            if (resourceAsStream == null) {
                LOG.info("InputStream is null");
            }
            this.antiSamy = new AntiSamy(Policy.getInstance(resourceAsStream));
        } catch (PolicyException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }

    private ClassLoader getClassLoader() {
        ClassLoader classLoader = null;
        try {
            classLoader = Thread.currentThread().getContextClassLoader();
        } catch (Throwable th) {
        }
        if (classLoader == null) {
            classLoader = getClass().getClassLoader();
        }
        return classLoader;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            filterChain.doFilter(new CleanServletRequest((HttpServletRequest) servletRequest, this.antiSamy), servletResponse);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }
}
