package com.atlassian.confluence.content.render.xhtml;

import com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner;
import com.atlassian.confluence.content.render.xhtml.XhtmlCleaner;
import com.atlassian.confluence.core.ContentEntityObject;
import com.atlassian.core.util.ClassLoaderUtils;
import java.io.InputStream;
import java.text.FieldPosition;
import java.text.MessageFormat;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/confluence/content/render/xhtml/PolicyConfiguredCleaner.class */
public class PolicyConfiguredCleaner implements StorageFormatCleaner, RenderedContentCleaner, XhtmlCleaner {
    private static final Logger log = LoggerFactory.getLogger(PolicyConfiguredCleaner.class);
    private static final MessageFormat CSS_CLEANING_FORMAT = new MessageFormat("<span style=\"{0}\">placeholder span</span>");
    private static final Pattern CSS_CLEANING_EXTRACT_PATTERN = Pattern.compile("style=\"([^\"]*)\"");
    private static final MessageFormat URL_CHECKING_FORMAT = new MessageFormat("<a href=\"{0}\">placeholder link</a>");
    private static final Pattern URL_CHECKING_EXTRACT_PATTERN = Pattern.compile("href=\"([^\"]*)\"");
    private final AntiSamy cleaner;

    public PolicyConfiguredCleaner(String str) {
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream(str, PolicyConfiguredCleaner.class);
        if (resourceAsStream == null) {
            throw new IllegalArgumentException("The policy resource " + str + " was not found on the classpath.");
        }
        try {
            this.cleaner = new AntiSamy(Policy.getInstance(resourceAsStream));
        } catch (PolicyException e) {
            throw new IllegalArgumentException("The policy resource " + str + " for the PolicyConfiguredCleaner could not be parsed.", e);
        }
    }

    @Override // com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public XhtmlCleaner.Result clean(ContentEntityObject contentEntityObject) {
        return clean(contentEntityObject.getBodyAsString());
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner
    public StorageFormatCleaner.Result cleanEntity(ContentEntityObject contentEntityObject) {
        return cleanEntityBody(contentEntityObject.getBodyAsString());
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner, com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public String cleanQuietly(ContentEntityObject contentEntityObject) {
        return cleanQuietlyWithLogging(contentEntityObject.getBodyAsString());
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner, com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public String cleanQuietly(String str, ConversionContext conversionContext) {
        return cleanQuietlyWithLogging(str);
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner, com.atlassian.confluence.content.render.xhtml.RenderedContentCleaner, com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public String cleanQuietly(String str) {
        return cleanQuietlyWithLogging(str);
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner, com.atlassian.confluence.content.render.xhtml.RenderedContentCleaner, com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public String cleanStyleAttribute(String str) {
        if (StringUtils.isBlank(str)) {
            return "";
        }
        Matcher matcher = CSS_CLEANING_EXTRACT_PATTERN.matcher(antiSamyClean(CSS_CLEANING_FORMAT.format((Object[]) new String[]{str}, new StringBuffer(), (FieldPosition) null).toString()).getCleanedData());
        return matcher.find() ? matcher.group(1) : "";
    }

    @Override // com.atlassian.confluence.content.render.xhtml.StorageFormatCleaner, com.atlassian.confluence.content.render.xhtml.RenderedContentCleaner, com.atlassian.confluence.content.render.xhtml.XhtmlCleaner
    public boolean isCleanUrlAttribute(String str) {
        if (StringUtils.isBlank(str)) {
            return true;
        }
        return URL_CHECKING_EXTRACT_PATTERN.matcher(antiSamyClean(URL_CHECKING_FORMAT.format((Object[]) new String[]{str}, new StringBuffer(), (FieldPosition) null).toString()).getCleanedData()).find();
    }

    private XhtmlCleaner.Result clean(String str) {
        StorageFormatCleaner.Result antiSamyClean = antiSamyClean(str);
        if (StringUtils.isBlank(antiSamyClean.getCleanedData())) {
            antiSamyClean.setCleanedData("");
        }
        return toXhtmlCleanerResult(antiSamyClean);
    }

    private XhtmlCleaner.Result toXhtmlCleanerResult(StorageFormatCleaner.Result result) {
        if (result == null) {
            return null;
        }
        XhtmlCleaner.Result result2 = new XhtmlCleaner.Result();
        result2.setCleanedData(result.getCleanedData());
        Iterator<StorageFormatCleaner.AppliedRuleDescription> it = result.getAppliedRuleDescriptions().iterator();
        while (it.hasNext()) {
            result2.addAppliedRuleDescription(toXhtmlCleanerRuleDescription(it.next()));
        }
        return result2;
    }

    private XhtmlCleaner.AppliedRuleDescription toXhtmlCleanerRuleDescription(StorageFormatCleaner.AppliedRuleDescription appliedRuleDescription) {
        return new XhtmlCleaner.AppliedRuleDescription(appliedRuleDescription.getKey(), appliedRuleDescription.getParameters());
    }

    private StorageFormatCleaner.Result cleanEntityBody(String str) {
        StorageFormatCleaner.Result antiSamyClean = antiSamyClean(str);
        if (StringUtils.isBlank(antiSamyClean.getCleanedData())) {
            antiSamyClean.setCleanedData("");
        }
        return antiSamyClean;
    }

    private String cleanQuietlyWithLogging(String str) {
        StorageFormatCleaner.Result cleanEntityBody = cleanEntityBody(str);
        if (log.isDebugEnabled() && !cleanEntityBody.getAppliedRuleDescriptions().isEmpty()) {
            log.debug("The supplied HTML required cleaning. See the following log messages for more details.");
            Iterator<StorageFormatCleaner.AppliedRuleDescription> it = cleanEntityBody.getAppliedRuleDescriptions().iterator();
            while (it.hasNext()) {
                log.debug(it.next().getKey());
            }
        }
        return cleanEntityBody.getCleanedData();
    }

    private StorageFormatCleaner.Result antiSamyClean(String str) {
        StorageFormatCleaner.Result result = new StorageFormatCleaner.Result();
        if (StringUtils.isBlank(str)) {
            result.setCleanedData("");
            return result;
        }
        try {
            CleanResults scan = this.cleaner.scan(StaxUtils.stripIllegalControlChars(str).toString());
            if (scan.getNumberOfErrors() > 0) {
                List errorMessages = scan.getErrorMessages();
                for (int i = 0; i < errorMessages.size(); i++) {
                    result.addAppliedRuleDescription(new StorageFormatCleaner.AppliedRuleDescription((String) errorMessages.get(i), Collections.emptyList()));
                }
            }
            result.setCleanedData(scan.getCleanHTML());
            return result;
        } catch (ScanException e) {
            throw new RuntimeException((Throwable) e);
        } catch (PolicyException e2) {
            throw new RuntimeException("The policy file for the PolicyConfiguredCleaner could not be parsed.", e2);
        }
    }
}
