package org.nuxeo.ecm.platform.htmlsanitizer;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.ClientException;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.core.api.model.Property;
import org.nuxeo.ecm.core.api.model.PropertyNotFoundException;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;

/* loaded from: input_file:org/nuxeo/ecm/platform/htmlsanitizer/HtmlSanitizerServiceImpl.class */
public class HtmlSanitizerServiceImpl extends DefaultComponent implements HtmlSanitizerService {
    private static final Log log = LogFactory.getLog(HtmlSanitizerServiceImpl.class);
    public static final String ANTISAMY_XP = "antisamy";
    public static final String SANITIZER_XP = "sanitizer";
    public Policy policy;
    public LinkedList<HtmlSanitizerAntiSamyDescriptor> allPolicies = new LinkedList<>();
    public List<HtmlSanitizerDescriptor> allSanitizers = new ArrayList(1);
    public List<HtmlSanitizerDescriptor> sanitizers = new ArrayList(1);

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (ANTISAMY_XP.equals(str)) {
            if (!(obj instanceof HtmlSanitizerAntiSamyDescriptor)) {
                log.error("Contribution " + obj + " is not of type " + HtmlSanitizerAntiSamyDescriptor.class.getName());
                return;
            }
            HtmlSanitizerAntiSamyDescriptor htmlSanitizerAntiSamyDescriptor = (HtmlSanitizerAntiSamyDescriptor) obj;
            log.info("Registering AntiSamy policy: " + htmlSanitizerAntiSamyDescriptor.policy);
            addAntiSamy(htmlSanitizerAntiSamyDescriptor);
            return;
        }
        if (!SANITIZER_XP.equals(str)) {
            log.error("Contribution extension point should be 'sanitizer' but is: " + str);
        } else {
            if (!(obj instanceof HtmlSanitizerDescriptor)) {
                log.error("Contribution " + obj + " is not of type " + HtmlSanitizerDescriptor.class.getName());
                return;
            }
            HtmlSanitizerDescriptor htmlSanitizerDescriptor = (HtmlSanitizerDescriptor) obj;
            log.info("Registering HTML sanitizer: " + htmlSanitizerDescriptor);
            addSanitizer(htmlSanitizerDescriptor);
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (ANTISAMY_XP.equals(str)) {
            if (obj instanceof HtmlSanitizerAntiSamyDescriptor) {
                HtmlSanitizerAntiSamyDescriptor htmlSanitizerAntiSamyDescriptor = (HtmlSanitizerAntiSamyDescriptor) obj;
                log.info("Unregistering AntiSamy policy: " + htmlSanitizerAntiSamyDescriptor.policy);
                removeAntiSamy(htmlSanitizerAntiSamyDescriptor);
                return;
            }
            return;
        }
        if (SANITIZER_XP.equals(str) && (obj instanceof HtmlSanitizerDescriptor)) {
            HtmlSanitizerDescriptor htmlSanitizerDescriptor = (HtmlSanitizerDescriptor) obj;
            log.info("Unregistering HTML sanitizer: " + htmlSanitizerDescriptor);
            removeSanitizer(htmlSanitizerDescriptor);
        }
    }

    protected void addAntiSamy(HtmlSanitizerAntiSamyDescriptor htmlSanitizerAntiSamyDescriptor) {
        if (Thread.currentThread().getContextClassLoader().getResourceAsStream(htmlSanitizerAntiSamyDescriptor.policy) == null) {
            log.error("Cannot find AntiSamy policy: " + htmlSanitizerAntiSamyDescriptor.policy);
        } else {
            this.allPolicies.add(htmlSanitizerAntiSamyDescriptor);
            refreshPolicy();
        }
    }

    protected void removeAntiSamy(HtmlSanitizerAntiSamyDescriptor htmlSanitizerAntiSamyDescriptor) {
        this.allPolicies.remove(htmlSanitizerAntiSamyDescriptor);
        refreshPolicy();
    }

    protected void refreshPolicy() {
        if (this.allPolicies.isEmpty()) {
            this.policy = null;
            return;
        }
        HtmlSanitizerAntiSamyDescriptor removeLast = this.allPolicies.removeLast();
        try {
            this.policy = Policy.getInstance(Thread.currentThread().getContextClassLoader().getResourceAsStream(removeLast.policy));
        } catch (PolicyException e) {
            this.policy = null;
            throw new RuntimeException("Cannot parse AntiSamy policy: " + removeLast.policy, e);
        }
    }

    protected Policy getPolicy() {
        return this.policy;
    }

    protected void addSanitizer(HtmlSanitizerDescriptor htmlSanitizerDescriptor) {
        if (htmlSanitizerDescriptor.fields.isEmpty()) {
            log.error("Sanitizer has no fields: " + htmlSanitizerDescriptor);
        } else {
            this.allSanitizers.add(htmlSanitizerDescriptor);
            refreshSanitizers();
        }
    }

    protected void removeSanitizer(HtmlSanitizerDescriptor htmlSanitizerDescriptor) {
        this.allSanitizers.remove(htmlSanitizerDescriptor);
        refreshSanitizers();
    }

    protected void refreshSanitizers() {
        this.sanitizers.clear();
        for (HtmlSanitizerDescriptor htmlSanitizerDescriptor : this.allSanitizers) {
            Iterator<HtmlSanitizerDescriptor> it = this.sanitizers.iterator();
            while (true) {
                if (it.hasNext()) {
                    if (it.next().name.equals(htmlSanitizerDescriptor.name)) {
                        it.remove();
                        break;
                    }
                } else {
                    break;
                }
            }
            if (htmlSanitizerDescriptor.enabled) {
                this.sanitizers.add(htmlSanitizerDescriptor);
            }
        }
    }

    protected List<HtmlSanitizerDescriptor> getSanitizers() {
        return this.sanitizers;
    }

    @Override // org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService
    public void sanitizeDocument(DocumentModel documentModel) throws ClientException {
        if (getPolicy() == null) {
            log.error("Cannot sanitize, no policy registered");
            return;
        }
        for (HtmlSanitizerDescriptor htmlSanitizerDescriptor : getSanitizers()) {
            if (htmlSanitizerDescriptor.types.isEmpty() || htmlSanitizerDescriptor.types.contains(documentModel.getType())) {
                for (String str : htmlSanitizerDescriptor.fields) {
                    try {
                        Property property = documentModel.getProperty(str);
                        Serializable value = property.getValue();
                        if (value != null) {
                            if (value instanceof String) {
                                String sanitizeString = sanitizeString((String) value, "doc " + documentModel.getPathAsString() + " (" + documentModel.getId() + ") field " + str);
                                if (!sanitizeString.equals(value)) {
                                    property.setValue(sanitizeString);
                                }
                            } else {
                                log.debug("Cannot sanitize non-string field: " + str);
                            }
                        }
                    } catch (PropertyNotFoundException e) {
                    }
                }
            }
        }
    }

    @Override // org.nuxeo.ecm.platform.htmlsanitizer.HtmlSanitizerService
    public String sanitizeString(String str, String str2) {
        if (getPolicy() == null) {
            log.error("Cannot sanitize, no policy registered");
            return str;
        }
        try {
            CleanResults scan = new AntiSamy().scan(str, getPolicy());
            Iterator it = scan.getErrorMessages().iterator();
            while (it.hasNext()) {
                Object next = it.next();
                Log log2 = log;
                Object[] objArr = new Object[2];
                objArr[0] = str2 == null ? "" : str2;
                objArr[1] = next;
                log2.debug(String.format("Sanitizing %s: %s", objArr));
            }
            return scan.getCleanHTML();
        } catch (Exception e) {
            log.error("Cannot sanitize", e);
            return str;
        }
    }
}
