package weblogic.security.providers.utils;

import java.net.MalformedURLException;
import java.net.URL;
import java.text.Normalizer;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;

/* loaded from: input_file:weblogic/security/providers/utils/XSSSanitizer.class */
public class XSSSanitizer {
    public static final String RESOURCE_URL_PREFIX = "/";
    public static final String ENCODING_PREFIX = "=?UTF-8?B?";
    public static final String ENCODING_POSTFIX = "?=";
    public static final String NULL_STR = "null";
    public static final String EMPTY_STRING = "";
    public static final String SPACE_CHAR = " ";
    public static final String NAME_VALUE_DELIMITER = "=";
    public static final String NAME_VALUE_PAIRS_DELIMETER = " ";
    public static final String COLON = ":";
    public static final String HOST = "host";
    public static final String PORT = "port";
    public static final String ENCODING_FORMAT = "UTF-8";
    private static final Character[] FILTER_CHARS = {'<', '>', '(', ')', '\"', '\'', ' ', '/', '?', ':', ';', '\\', '%'};
    private static final String[] REPLACEMENT_CHARS = {"%3C", "%3E", "%28", "%29", "%22", "%27", "%20", "%2F", "%3F", "%3A", "%3B", "%5C", "%25"};
    private static final Pattern[] SCRIPT_PATTERNS = {Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("</script>", 2), Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42), Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("onload(.*?)=", 42)};
    private static final Map REPLACEMENT_MAP = new HashMap();
    private static final Set FILTER_SET = new HashSet();

    public static String sanitizeURLInput(String str) {
        boolean z = false;
        URL url = null;
        if (str != null) {
            z = str.startsWith(RESOURCE_URL_PREFIX);
            try {
                url = z ? new URL("HTTP", "host.example.com", str) : new URL(str);
            } catch (MalformedURLException e) {
            }
        }
        return url == null ? null : constructValidatedURL(z, url);
    }

    private static String constructValidatedURL(boolean z, URL url) {
        StringBuilder sb = new StringBuilder();
        if (!z) {
            sb.append(url.getProtocol());
            sb.append(COLON);
            sb.append(RESOURCE_URL_PREFIX);
            sb.append(RESOURCE_URL_PREFIX);
            sb.append(url.getHost());
            int port = url.getPort();
            if (port != -1) {
                sb.append(COLON);
                sb.append(port);
            }
        }
        String path = url.getPath();
        if (path != null) {
            sb.append(path);
        }
        String query = url.getQuery();
        if (query != null) {
            sb.append('?');
            sb.append(sanitizeStringInput(query));
        }
        String ref = url.getRef();
        if (ref != null) {
            sb.append("#");
            sb.append(sanitizeStringInput(ref));
        }
        return sb.toString();
    }

    public static String sanitizeStringInput(String str) {
        String str2 = null;
        if (str != null) {
            StringBuilder sb = new StringBuilder();
            char[] charArray = str.toCharArray();
            for (int i = 0; i < charArray.length; i++) {
                if (FILTER_SET.contains(Character.valueOf(charArray[i]))) {
                    sb.append((String) REPLACEMENT_MAP.get(Character.valueOf(charArray[i])));
                } else {
                    sb.append(charArray[i]);
                }
            }
            str2 = sb.toString();
        }
        return str2;
    }

    public static String stripXSS(String str) {
        String str2 = null;
        if (str != null) {
            str2 = Normalizer.normalize(str, Normalizer.Form.NFD).replaceAll("��", EMPTY_STRING);
            for (int i = 0; i < SCRIPT_PATTERNS.length; i++) {
                str2 = SCRIPT_PATTERNS[i].matcher(str2).replaceAll(EMPTY_STRING);
            }
        }
        return str2;
    }

    public static boolean isStringClean(String str) {
        if (str == null || str.isEmpty()) {
            return true;
        }
        return Normalizer.normalize(str, Normalizer.Form.NFD).equals(stripXSS(str));
    }

    static {
        for (int i = 0; i < FILTER_CHARS.length && i < REPLACEMENT_CHARS.length; i++) {
            char charValue = FILTER_CHARS[i].charValue();
            FILTER_SET.add(Character.valueOf(charValue));
            REPLACEMENT_MAP.put(Character.valueOf(charValue), REPLACEMENT_CHARS[i]);
        }
    }
}
