package org.owasp.validator.html.scan;

import java.util.ArrayList;
import java.util.List;
import java.util.ResourceBundle;
import java.util.Stack;
import java.util.regex.Pattern;
import org.apache.batik.constants.XMLConstants;
import org.apache.commons.configuration.HierarchicalConfigurationXMLReader;
import org.htmlunit.cyberneko.filters.DefaultFilter;
import org.htmlunit.cyberneko.xerces.util.XMLAttributesImpl;
import org.htmlunit.cyberneko.xerces.util.XMLStringBuffer;
import org.htmlunit.cyberneko.xerces.xni.Augmentations;
import org.htmlunit.cyberneko.xerces.xni.QName;
import org.htmlunit.cyberneko.xerces.xni.XMLAttributes;
import org.htmlunit.cyberneko.xerces.xni.XMLString;
import org.htmlunit.cyberneko.xerces.xni.XNIException;
import org.htmlunit.cyberneko.xerces.xni.parser.XMLDocumentFilter;
import org.owasp.validator.css.CssScanner;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.InternalPolicy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.ScanException;
import org.owasp.validator.html.model.Attribute;
import org.owasp.validator.html.model.Tag;
import org.owasp.validator.html.util.ErrorMessageUtil;
import org.owasp.validator.html.util.HTMLEntityEncoder;

/* loaded from: classes7.dex */
public class MagicSAXFilter extends DefaultFilter implements XMLDocumentFilter {
    public static final Pattern conditionalDirectives = Pattern.compile("<?!?\\[\\s*(?:end)?if[^]]*\\]>?");
    public boolean isNofollowAnchors;
    public boolean isNoopenerAndNoreferrerAnchors;
    public boolean isValidateParamAsEmbed;
    public int maxInputSize;
    public ResourceBundle messages;
    public InternalPolicy policy;
    public boolean preserveComments;
    public boolean shouldParseImportedStyles;
    public final Stack<Ops> operations = new Stack<>();
    public final List<String> errorMessages = new ArrayList();
    public StringBuffer cssContent = null;
    public XMLAttributes cssAttributes = null;
    public CssScanner cssScanner = null;
    public boolean inCdata = false;

    /* loaded from: classes7.dex */
    public enum Ops {
        CSS,
        FILTER,
        REMOVE,
        TRUNCATE,
        KEEP,
        ENCODE;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static Ops[] valuesCustom() {
            Ops[] valuesCustom = values();
            int length = valuesCustom.length;
            Ops[] opsArr = new Ops[length];
            System.arraycopy(valuesCustom, 0, opsArr, 0, length);
            return opsArr;
        }
    }

    public MagicSAXFilter(ResourceBundle resourceBundle) {
        this.messages = resourceBundle;
    }

    public final void addError(String str, Object[] objArr) {
        this.errorMessages.add(ErrorMessageUtil.getMessage(this.messages, str, objArr));
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void characters(XMLString xMLString, Augmentations augmentations) throws XNIException {
        Ops peekTop = peekTop();
        if (peekTop != Ops.REMOVE) {
            if (peekTop == Ops.CSS) {
                this.cssContent.append(xMLString.ch, xMLString.offset, xMLString.length);
                return;
            }
            if (this.inCdata) {
                addError(ErrorMessageUtil.ERROR_CDATA_FOUND, new Object[]{HTMLEntityEncoder.htmlEntityEncode(xMLString.toString())});
            }
            super.characters(xMLString, augmentations);
        }
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void comment(XMLString xMLString, Augmentations augmentations) throws XNIException {
        String xMLString2;
        if (!this.preserveComments || (xMLString2 = xMLString.toString()) == null) {
            return;
        }
        String replaceAll = conditionalDirectives.matcher(xMLString2).replaceAll("");
        super.comment(new XMLString(replaceAll.toCharArray(), 0, replaceAll.length()), augmentations);
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void doctypeDecl(String str, String str2, String str3, Augmentations augmentations) throws XNIException {
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void emptyElement(QName qName, XMLAttributes xMLAttributes, Augmentations augmentations) throws XNIException {
        startElement(qName, xMLAttributes, augmentations);
        endElement(qName, augmentations);
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void endCDATA(Augmentations augmentations) throws XNIException {
        this.inCdata = false;
        super.endCDATA(augmentations);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void endElement(QName qName, Augmentations augmentations) throws XNIException {
        Ops peekTop = peekTop();
        if (Ops.REMOVE == peekTop) {
            this.operations.pop();
            return;
        }
        if (Ops.FILTER == peekTop) {
            this.operations.pop();
            return;
        }
        if (Ops.ENCODE == peekTop) {
            this.operations.pop();
            super.characters(makeEndTag(qName.rawname), augmentations);
            return;
        }
        if (Ops.CSS != peekTop) {
            this.operations.pop();
            super.endElement(qName, augmentations);
            return;
        }
        this.operations.pop();
        try {
            try {
                CleanResults scanStyleSheet = makeCssScanner().scanStyleSheet(this.cssContent.toString(), this.maxInputSize);
                this.errorMessages.addAll(scanStyleSheet.getErrorMessages());
                if (scanStyleSheet.getCleanHTML() != null && !scanStyleSheet.getCleanHTML().equals("")) {
                    super.startElement(qName, this.cssAttributes, augmentations);
                    super.characters(new XMLStringBuffer(scanStyleSheet.getCleanHTML()), augmentations);
                    super.endElement(qName, augmentations);
                }
            } catch (ScanException unused) {
                addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(this.cssContent.toString())});
            }
        } finally {
            this.cssContent = null;
            this.cssAttributes = null;
        }
    }

    public List<String> getErrorMessages() {
        return new ArrayList(this.errorMessages);
    }

    public final CssScanner makeCssScanner() {
        if (this.cssScanner == null) {
            this.cssScanner = new CssScanner(this.policy, this.messages, this.shouldParseImportedStyles);
        }
        return this.cssScanner;
    }

    public final XMLStringBuffer makeEndTag(String str) {
        return new XMLStringBuffer(XMLConstants.XML_CLOSE_TAG_START + str + XMLConstants.XML_CLOSE_TAG_END);
    }

    public final QName makeSimpleQname(String str) {
        return new QName("", str, str, "");
    }

    public final Ops peekTop() {
        if (this.operations.empty()) {
            return null;
        }
        return this.operations.peek();
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void processingInstruction(String str, XMLString xMLString, Augmentations augmentations) throws XNIException {
    }

    public void reset(InternalPolicy internalPolicy) {
        this.policy = internalPolicy;
        this.isNofollowAnchors = internalPolicy.isNofollowAnchors();
        this.isNoopenerAndNoreferrerAnchors = this.policy.isNoopenerAndNoreferrerAnchors();
        this.isValidateParamAsEmbed = this.policy.isValidateParamAsEmbed();
        this.preserveComments = this.policy.isPreserveComments();
        this.maxInputSize = this.policy.getMaxInputSize();
        this.shouldParseImportedStyles = this.policy.isEmbedStyleSheets();
        this.operations.clear();
        this.errorMessages.clear();
        this.cssContent = null;
        this.cssAttributes = null;
        this.cssScanner = null;
        this.inCdata = false;
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void startCDATA(Augmentations augmentations) throws XNIException {
        this.inCdata = true;
        super.startCDATA(augmentations);
    }

    @Override // org.htmlunit.cyberneko.filters.DefaultFilter, org.htmlunit.cyberneko.xerces.xni.XMLDocumentHandler
    public void startElement(QName qName, XMLAttributes xMLAttributes, Augmentations augmentations) throws XNIException {
        String str;
        XMLAttributes xMLAttributes2;
        String str2;
        boolean z;
        Attribute attributeByName;
        String value;
        boolean z2;
        boolean z3;
        Tag embedTag;
        String lowerCase = qName.localpart.toLowerCase();
        Tag tagByLowercaseName = this.policy.getTagByLowercaseName(lowerCase);
        String str3 = "value";
        String str4 = "name";
        if (tagByLowercaseName == null && this.isValidateParamAsEmbed && "param".equals(lowerCase) && (embedTag = this.policy.getEmbedTag()) != null && embedTag.isAction("validate")) {
            String value2 = xMLAttributes.getValue("name");
            str2 = xMLAttributes.getValue("value");
            xMLAttributes2 = new XMLAttributesImpl();
            xMLAttributes2.addAttribute(makeSimpleQname(value2), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, str2);
            z = true;
            tagByLowercaseName = embedTag;
            str = value2;
        } else {
            str = null;
            xMLAttributes2 = xMLAttributes;
            str2 = null;
            z = false;
        }
        XMLAttributesImpl xMLAttributesImpl = new XMLAttributesImpl();
        Ops peekTop = peekTop();
        Ops ops = Ops.REMOVE;
        if (ops == peekTop || Ops.CSS == peekTop) {
            this.operations.push(ops);
        } else if ((tagByLowercaseName == null && this.policy.isEncodeUnknownTag()) || (tagByLowercaseName != null && tagByLowercaseName.isAction("encode"))) {
            String str5 = XMLConstants.XML_OPEN_TAG_START + qName.localpart + XMLConstants.XML_CLOSE_TAG_END;
            super.characters(new XMLString(str5.toCharArray(), 0, str5.length()), augmentations);
            this.operations.push(Ops.ENCODE);
        } else if (tagByLowercaseName == null) {
            addError(ErrorMessageUtil.ERROR_TAG_NOT_IN_POLICY, new Object[]{HTMLEntityEncoder.htmlEntityEncode(qName.localpart)});
            this.operations.push(Ops.FILTER);
        } else if (tagByLowercaseName.isAction("filter")) {
            addError(ErrorMessageUtil.ERROR_TAG_FILTERED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(qName.localpart)});
            this.operations.push(Ops.FILTER);
        } else if (tagByLowercaseName.isAction("validate")) {
            boolean endsWith = "style".endsWith(qName.localpart);
            int i = 0;
            boolean z4 = false;
            boolean z5 = false;
            while (i < xMLAttributes2.getLength()) {
                String qName2 = xMLAttributes2.getQName(i);
                String str6 = str2;
                String value3 = xMLAttributes2.getValue(i);
                String str7 = str;
                String lowerCase2 = qName2.toLowerCase();
                Attribute attributeByName2 = tagByLowercaseName.getAttributeByName(lowerCase2);
                String str8 = str3;
                if (attributeByName2 == null && (attributeByName2 = this.policy.getGlobalAttributeByName(lowerCase2)) == null && this.policy.isAllowDynamicAttributes()) {
                    attributeByName2 = this.policy.getDynamicAttributeByName(lowerCase2);
                }
                Attribute attribute = attributeByName2;
                String str9 = str4;
                if ("style".equalsIgnoreCase(qName2)) {
                    try {
                        CleanResults scanInlineStyle = makeCssScanner().scanInlineStyle(value3, qName.localpart, this.maxInputSize);
                        xMLAttributes2.setValue(i, scanInlineStyle.getCleanHTML());
                        xMLAttributesImpl.addAttribute(makeSimpleQname(qName2), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, scanInlineStyle.getCleanHTML());
                        this.errorMessages.addAll(scanInlineStyle.getErrorMessages());
                    } catch (ScanException unused) {
                        addError(ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED, new Object[]{qName.localpart, HTMLEntityEncoder.htmlEntityEncode(value3)});
                    }
                    z2 = endsWith;
                } else if (attribute != null) {
                    if (attribute.containsAllowedValue(value3.toLowerCase()) || attribute.matchesAllowedExpression(value3)) {
                        int index = xMLAttributesImpl.getIndex(qName2);
                        if (index > 0) {
                            xMLAttributesImpl.setValue(index, value3);
                        } else {
                            xMLAttributesImpl.addAttribute(makeSimpleQname(qName2), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, value3);
                        }
                        z3 = true;
                    } else {
                        z3 = false;
                    }
                    if (z3) {
                        z2 = endsWith;
                    } else {
                        z2 = endsWith;
                        if ("removeTag".equals(attribute.getOnInvalid())) {
                            addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID_REMOVED, new Object[]{tagByLowercaseName.getName(), HTMLEntityEncoder.htmlEntityEncode(qName2), HTMLEntityEncoder.htmlEntityEncode(value3)});
                            z4 = true;
                        }
                    }
                    if (!z3 && ("filterTag".equals(attribute.getOnInvalid()) || z)) {
                        addError("error.attribute.invalid.filtered", new Object[]{tagByLowercaseName.getName(), HTMLEntityEncoder.htmlEntityEncode(qName2), HTMLEntityEncoder.htmlEntityEncode(value3)});
                        z5 = true;
                    } else if (!z3) {
                        addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID, new Object[]{tagByLowercaseName.getName(), HTMLEntityEncoder.htmlEntityEncode(qName2), HTMLEntityEncoder.htmlEntityEncode(value3)});
                    }
                } else {
                    z2 = endsWith;
                    addError(ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY, new Object[]{qName.localpart, HTMLEntityEncoder.htmlEntityEncode(qName2), HTMLEntityEncoder.htmlEntityEncode(value3)});
                    if (!z) {
                    }
                    z5 = true;
                }
                i++;
                str2 = str6;
                str = str7;
                str4 = str9;
                str3 = str8;
                endsWith = z2;
            }
            if (z4) {
                this.operations.push(Ops.REMOVE);
            } else if (endsWith) {
                this.operations.push(Ops.CSS);
                this.cssContent = new StringBuffer();
                this.cssAttributes = xMLAttributesImpl;
            } else if (z5) {
                this.operations.push(Ops.FILTER);
            } else {
                if ("a".equals(qName.localpart)) {
                    boolean z6 = this.isNofollowAnchors;
                    boolean z7 = this.isNoopenerAndNoreferrerAnchors && (value = xMLAttributes2.getValue("target")) != null && value.equalsIgnoreCase("_blank");
                    String value4 = xMLAttributes2.getValue("rel");
                    if (value4 != null && (attributeByName = tagByLowercaseName.getAttributeByName("rel")) != null && !attributeByName.containsAllowedValue(value4) && !attributeByName.matchesAllowedExpression(value4)) {
                        value4 = "";
                    }
                    String mergeRelValuesInAnchor = Attribute.mergeRelValuesInAnchor(z6, z7, value4);
                    if (!mergeRelValuesInAnchor.isEmpty()) {
                        int index2 = xMLAttributesImpl.getIndex("rel");
                        if (index2 > 0) {
                            xMLAttributesImpl.setValue(index2, mergeRelValuesInAnchor);
                        } else {
                            xMLAttributesImpl.addAttribute(makeSimpleQname("rel"), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, mergeRelValuesInAnchor);
                        }
                    }
                }
                if (z) {
                    XMLAttributesImpl xMLAttributesImpl2 = new XMLAttributesImpl();
                    xMLAttributesImpl2.addAttribute(makeSimpleQname(str4), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, str);
                    xMLAttributesImpl2.addAttribute(makeSimpleQname(str3), HierarchicalConfigurationXMLReader.SAXVisitor.ATTR_TYPE, str2);
                    xMLAttributesImpl = xMLAttributesImpl2;
                }
                this.operations.push(Ops.KEEP);
            }
        } else if (tagByLowercaseName.isAction(Policy.ACTION_TRUNCATE)) {
            this.operations.push(Ops.TRUNCATE);
        } else {
            addError(ErrorMessageUtil.ERROR_TAG_DISALLOWED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(qName.localpart)});
            this.operations.push(ops);
        }
        if (Ops.TRUNCATE.equals(this.operations.peek())) {
            super.startElement(qName, new XMLAttributesImpl(), augmentations);
        } else if (Ops.KEEP.equals(this.operations.peek())) {
            super.startElement(qName, xMLAttributesImpl, augmentations);
        }
    }
}
