package eu.europa.esig.dss.xades;

import eu.europa.esig.dss.utils.Utils;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import org.apache.xml.security.utils.resolver.ResourceResolverContext;
import org.apache.xml.security.utils.resolver.implementations.ResolverFragment;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:eu/europa/esig/dss/xades/EnforcedResolverFragment.class */
public class EnforcedResolverFragment extends ResolverFragment {
    private static final Logger LOG = LoggerFactory.getLogger(EnforcedResolverFragment.class);
    private static final String XPATH_CHAR_FILTER = "()='[]:,*/ ";

    public boolean engineCanResolveURI(ResourceResolverContext resourceResolverContext) {
        return checkValueForXpathInjection(resourceResolverContext.uriToResolve) && super.engineCanResolveURI(resourceResolverContext);
    }

    public boolean checkValueForXpathInjection(String str) {
        if (!Utils.isStringNotEmpty(str)) {
            return true;
        }
        try {
            for (char c : URLDecoder.decode(str, StandardCharsets.UTF_8.name()).toCharArray()) {
                if (XPATH_CHAR_FILTER.indexOf(c) != -1) {
                    if (!LOG.isDebugEnabled()) {
                        return false;
                    }
                    LOG.debug("Forbidden char '{}' detected", Character.valueOf(c));
                    return false;
                }
            }
            return true;
        } catch (UnsupportedEncodingException e) {
            LOG.warn("Unable to decode '{}' : {}", str, e.getMessage());
            return false;
        }
    }
}
