package org.liveSense.service.xssRemove;

import java.io.ByteArrayInputStream;
import java.io.InputStreamReader;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.Iterator;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.observation.ObservationManager;
import org.apache.sling.commons.osgi.OsgiUtil;
import org.apache.sling.jcr.api.SlingRepository;
import org.ccil.cowan.tagsoup.XMLWriter;
import org.liveSense.core.Configurator;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.InputSource;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;

/* loaded from: input_file:org/liveSense/service/xssRemove/XSSRemoveImpl.class */
public class XSSRemoveImpl implements XSSRemove {
    private ObservationManager observationManager;
    private SlingRepository repository;
    private Configurator configurator;
    public static final String PARAM_CONTENT_PATHES = "contentPathes";
    public static final String PARAM_SUPPORTED_MIME_TYPES = "supportedMimeTypes";
    public static final String PARAM_ELEMENT_REMOVAL_LIST = "elementRemovalList";
    public static final String PARAM_ATTRIBUTE_NAME_REMOVAL_LIST = "attributeNameRemovalList";
    public static final String PARAM_ATTRIBUTE_NAME_START_LIST = "attributeNameStartList";
    public static final String PARAM_ATTRIBUTE_TYPE_VALUE_START_LIST = "attributeTypeValueStartList";
    public static final String PARAM_ATTRIBUTE_SRC_HREF_LIST = "attributeSrcHrefList";
    public static final String PARAM_ELEMENT_REPLACEMENT_LIST = "elementReplacementList";
    public static final String PARAM_STYLE_CONTENT_LIST = "styleContentList";
    Session session;
    private XSSParser parser;
    private static final Logger log = LoggerFactory.getLogger(XSSRemoveImpl.class);
    public static final String[] DEFAULT_CONTENT_PATHES = {"/sites", "/users"};
    public static final String[] DEFAULT_SUPPORTED_MIME_TYPES = {"text/html"};
    public static final String[] DEFAULT_ELEMENT_REMOVAL_LIST = {"script", "applet", "embed", "xml", "bgsound", "meta", "link", "style", "base"};
    public static final String[] DEFAULT_ATTRIBUTE_NAME_REMOVAL_LIST = {"onload", "onclick", "onchange", "onsubmit", "onmouseover", "onerror", "dynsrc", "datasrc", "datafld", "dataformatas"};
    public static final String[] DEFAULT_ATTRIBUTE_NAME_START_LIST = {"on"};
    public static final String[] DEFAULT_ATTRIBUTE_TYPE_VALUE_START_LIST = {"text/javascript"};
    public static final String[] DEFAULT_ATTRIBUTE_SRC_HREF_LIST = {"javascript:", "^\\s*j\\s*a\\s*v\\s*a\\s*s\\s*c\\s*r\\s*i\\s*p\\s*t\\s*:", "^\\s*v\\s*i\\s*e\\s*w\\s*-s\\s*o\\s*u\\s*r\\s*c\\s*e\\s*:", "^\\s*d\\s*a\\s*t\\s*a\\s*:", "^\\s*v\\s*b\\s*s\\s*s\\s*r\\s*i\\s*p\\s*t\\s*:", "^\\s*a\\s*b\\s*o\\s*u\\s*t\\s*:", "^\\s*s\\s*h\\s*e\\s*e\\s*l\\s*:"};
    public static final String[] DEFAULT_ELEMENT_REPLACEMENT_LIST = {"html/div", "head/div", "body/div", "iframe/div", "frame/div", "frameset/div", "layer/div", "ilayer/div", "blink/span", "object/div"};
    public static final String[] DEFAULT_STYLE_CONTENT_LIST = {"javascript", "expression"};
    private String[] contentPathes = DEFAULT_CONTENT_PATHES;
    private String[] supportedMimeTypes = DEFAULT_SUPPORTED_MIME_TYPES;
    private String[] elementRemovalList = DEFAULT_ELEMENT_REMOVAL_LIST;
    private String[] attributeNameRemovalList = DEFAULT_ATTRIBUTE_NAME_REMOVAL_LIST;
    private String[] attributeNameStartList = DEFAULT_ATTRIBUTE_NAME_START_LIST;
    private String[] attributeTypeValueStartList = DEFAULT_ATTRIBUTE_TYPE_VALUE_START_LIST;
    private String[] attributeSrcHrefList = DEFAULT_ATTRIBUTE_SRC_HREF_LIST;
    private String[] elementReplacementList = DEFAULT_ELEMENT_REPLACEMENT_LIST;
    private String[] styleContentList = DEFAULT_STYLE_CONTENT_LIST;
    private ArrayList<XSSRemoveEventListener> eventListeners = new ArrayList<>();

    protected void activate(ComponentContext componentContext) throws RepositoryException {
        componentContext.getProperties();
        String[] stringArray = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_CONTENT_PATHES), DEFAULT_CONTENT_PATHES);
        boolean z = false;
        if (stringArray.length == this.contentPathes.length) {
            for (int i = 0; i < stringArray.length; i++) {
                if (!stringArray[i].equals(this.contentPathes[i])) {
                    z = true;
                }
            }
            if (z) {
                StringBuffer stringBuffer = new StringBuffer();
                StringBuffer stringBuffer2 = new StringBuffer();
                for (int i2 = 0; i2 < stringArray.length; i2++) {
                    if (i2 != 0) {
                        stringBuffer2.append(", ");
                    }
                    stringBuffer2.append(stringArray[i2].toString());
                }
                for (int i3 = 0; i3 < this.contentPathes.length; i3++) {
                    if (i3 != 0) {
                        stringBuffer.append(", ");
                    }
                    stringBuffer.append(this.contentPathes[i3].toString());
                }
                log.info("Setting new contentPathes: {}) (was: {})", stringBuffer2.toString(), stringBuffer.toString());
                this.contentPathes = stringArray;
            }
        }
        String[] stringArray2 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ELEMENT_REMOVAL_LIST), DEFAULT_ELEMENT_REMOVAL_LIST);
        boolean z2 = false;
        if (stringArray2.length == this.elementRemovalList.length) {
            for (int i4 = 0; i4 < stringArray2.length; i4++) {
                if (!stringArray2[i4].equals(this.elementRemovalList[i4])) {
                    z2 = true;
                }
            }
            if (z2) {
                StringBuffer stringBuffer3 = new StringBuffer();
                StringBuffer stringBuffer4 = new StringBuffer();
                for (int i5 = 0; i5 < stringArray2.length; i5++) {
                    if (i5 != 0) {
                        stringBuffer4.append(", ");
                    }
                    stringBuffer4.append(stringArray2[i5].toString());
                }
                for (int i6 = 0; i6 < this.elementRemovalList.length; i6++) {
                    if (i6 != 0) {
                        stringBuffer3.append(", ");
                    }
                    stringBuffer3.append(this.elementRemovalList[i6].toString());
                }
                log.info("Setting new elementRemovalList: {}) (was: {})", stringBuffer4.toString(), stringBuffer3.toString());
                this.elementRemovalList = stringArray2;
            }
        }
        String[] stringArray3 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ATTRIBUTE_NAME_REMOVAL_LIST), DEFAULT_ATTRIBUTE_NAME_REMOVAL_LIST);
        boolean z3 = false;
        if (stringArray3.length == this.attributeNameRemovalList.length) {
            for (int i7 = 0; i7 < stringArray3.length; i7++) {
                if (!stringArray3[i7].equals(this.attributeNameRemovalList[i7])) {
                    z3 = true;
                }
            }
            if (z3) {
                StringBuffer stringBuffer5 = new StringBuffer();
                StringBuffer stringBuffer6 = new StringBuffer();
                for (int i8 = 0; i8 < stringArray3.length; i8++) {
                    if (i8 != 0) {
                        stringBuffer6.append(", ");
                    }
                    stringBuffer6.append(stringArray3[i8].toString());
                }
                for (int i9 = 0; i9 < this.attributeNameRemovalList.length; i9++) {
                    if (i9 != 0) {
                        stringBuffer5.append(", ");
                    }
                    stringBuffer5.append(this.attributeNameRemovalList[i9].toString());
                }
                log.info("Setting new attributeNameRemovalList: {}) (was: {})", stringBuffer6.toString(), stringBuffer5.toString());
                this.attributeNameRemovalList = stringArray3;
            }
        }
        String[] stringArray4 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ATTRIBUTE_NAME_START_LIST), DEFAULT_ATTRIBUTE_NAME_START_LIST);
        boolean z4 = false;
        if (stringArray4.length == this.attributeNameStartList.length) {
            for (int i10 = 0; i10 < stringArray4.length; i10++) {
                if (!stringArray4[i10].equals(this.attributeNameStartList[i10])) {
                    z4 = true;
                }
            }
            if (z4) {
                StringBuffer stringBuffer7 = new StringBuffer();
                StringBuffer stringBuffer8 = new StringBuffer();
                for (int i11 = 0; i11 < stringArray4.length; i11++) {
                    if (i11 != 0) {
                        stringBuffer8.append(", ");
                    }
                    stringBuffer8.append(stringArray4[i11].toString());
                }
                for (int i12 = 0; i12 < this.attributeNameStartList.length; i12++) {
                    if (i12 != 0) {
                        stringBuffer7.append(", ");
                    }
                    stringBuffer7.append(this.attributeNameStartList[i12].toString());
                }
                log.info("Setting new attributeNameStartList: {}) (was: {})", stringBuffer8.toString(), stringBuffer7.toString());
                this.attributeNameStartList = stringArray4;
            }
        }
        String[] stringArray5 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ATTRIBUTE_TYPE_VALUE_START_LIST), DEFAULT_ATTRIBUTE_TYPE_VALUE_START_LIST);
        boolean z5 = false;
        if (stringArray5.length == this.attributeTypeValueStartList.length) {
            for (int i13 = 0; i13 < stringArray5.length; i13++) {
                if (!stringArray5[i13].equals(this.attributeTypeValueStartList[i13])) {
                    z5 = true;
                }
            }
            if (z5) {
                StringBuffer stringBuffer9 = new StringBuffer();
                StringBuffer stringBuffer10 = new StringBuffer();
                for (int i14 = 0; i14 < stringArray5.length; i14++) {
                    if (i14 != 0) {
                        stringBuffer10.append(", ");
                    }
                    stringBuffer10.append(stringArray5[i14].toString());
                }
                for (int i15 = 0; i15 < this.attributeTypeValueStartList.length; i15++) {
                    if (i15 != 0) {
                        stringBuffer9.append(", ");
                    }
                    stringBuffer9.append(this.attributeTypeValueStartList[i15].toString());
                }
                log.info("Setting new attributeTypeValueStartList: {}) (was: {})", stringBuffer10.toString(), stringBuffer9.toString());
                this.attributeTypeValueStartList = stringArray5;
            }
        }
        String[] stringArray6 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ATTRIBUTE_SRC_HREF_LIST), DEFAULT_ATTRIBUTE_SRC_HREF_LIST);
        boolean z6 = false;
        if (stringArray6.length == this.attributeSrcHrefList.length) {
            for (int i16 = 0; i16 < stringArray6.length; i16++) {
                if (!stringArray6[i16].equals(this.attributeSrcHrefList[i16])) {
                    z6 = true;
                }
            }
            if (z6) {
                StringBuffer stringBuffer11 = new StringBuffer();
                StringBuffer stringBuffer12 = new StringBuffer();
                for (int i17 = 0; i17 < stringArray6.length; i17++) {
                    if (i17 != 0) {
                        stringBuffer12.append(", ");
                    }
                    stringBuffer12.append(stringArray6[i17].toString());
                }
                for (int i18 = 0; i18 < this.attributeSrcHrefList.length; i18++) {
                    if (i18 != 0) {
                        stringBuffer11.append(", ");
                    }
                    stringBuffer11.append(this.attributeSrcHrefList[i18].toString());
                }
                log.info("Setting new attributeSrcHrefList: {}) (was: {})", stringBuffer12.toString(), stringBuffer11.toString());
                this.attributeSrcHrefList = stringArray6;
            }
        }
        String[] stringArray7 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_ELEMENT_REPLACEMENT_LIST), DEFAULT_ELEMENT_REPLACEMENT_LIST);
        boolean z7 = false;
        if (stringArray7.length == this.elementReplacementList.length) {
            for (int i19 = 0; i19 < stringArray7.length; i19++) {
                if (!stringArray7[i19].equals(this.elementReplacementList[i19])) {
                    z7 = true;
                }
            }
            if (z7) {
                StringBuffer stringBuffer13 = new StringBuffer();
                StringBuffer stringBuffer14 = new StringBuffer();
                for (int i20 = 0; i20 < stringArray7.length; i20++) {
                    if (i20 != 0) {
                        stringBuffer14.append(", ");
                    }
                    stringBuffer14.append(stringArray7[i20].toString());
                }
                for (int i21 = 0; i21 < this.elementReplacementList.length; i21++) {
                    if (i21 != 0) {
                        stringBuffer13.append(", ");
                    }
                    stringBuffer13.append(this.elementReplacementList[i21].toString());
                }
                log.info("Setting new elementReplacementList: {}) (was: {})", stringBuffer14.toString(), stringBuffer13.toString());
                this.elementReplacementList = stringArray7;
            }
        }
        String[] stringArray8 = OsgiUtil.toStringArray(componentContext.getProperties().get(PARAM_STYLE_CONTENT_LIST), DEFAULT_STYLE_CONTENT_LIST);
        boolean z8 = false;
        if (stringArray8.length == this.styleContentList.length) {
            for (int i22 = 0; i22 < stringArray8.length; i22++) {
                if (!stringArray8[i22].equals(this.styleContentList[i22])) {
                    z8 = true;
                }
            }
            if (z8) {
                StringBuffer stringBuffer15 = new StringBuffer();
                StringBuffer stringBuffer16 = new StringBuffer();
                for (int i23 = 0; i23 < stringArray8.length; i23++) {
                    if (i23 != 0) {
                        stringBuffer16.append(", ");
                    }
                    stringBuffer16.append(stringArray8[i23].toString());
                }
                for (int i24 = 0; i24 < this.styleContentList.length; i24++) {
                    if (i24 != 0) {
                        stringBuffer15.append(", ");
                    }
                    stringBuffer15.append(this.styleContentList[i24].toString());
                }
                log.info("Setting new styleContentList: {}) (was: {})", stringBuffer16.toString(), stringBuffer15.toString());
                this.styleContentList = stringArray8;
            }
        }
        try {
            this.parser = new XSSParser(this.elementRemovalList, this.attributeNameRemovalList, this.attributeNameStartList, this.attributeTypeValueStartList, this.attributeSrcHrefList, this.elementReplacementList, this.styleContentList);
        } catch (SAXNotRecognizedException e) {
            log.error("Parser init error: ", e);
        } catch (SAXNotSupportedException e2) {
            log.error("Parser init error: ", e2);
        }
        this.session = this.repository.loginAdministrative((String) null);
        if (this.repository.getDescriptor("option.observation.supported").equals("true")) {
            this.observationManager = this.session.getWorkspace().getObservationManager();
            for (int i25 = 0; i25 < this.contentPathes.length; i25++) {
                XSSRemoveEventListener xSSRemoveEventListener = new XSSRemoveEventListener(this);
                this.observationManager.addEventListener(xSSRemoveEventListener, 28, this.contentPathes[i25], true, (String[]) null, new String[]{"nt:resource"}, true);
                this.eventListeners.add(xSSRemoveEventListener);
                XSSRemoveEventListener xSSRemoveEventListener2 = new XSSRemoveEventListener(this);
                this.observationManager.addEventListener(xSSRemoveEventListener2, 2, this.contentPathes[i25], true, (String[]) null, new String[]{"nt:file"}, true);
                this.eventListeners.add(xSSRemoveEventListener2);
            }
        }
    }

    public void deactivate(ComponentContext componentContext) throws RepositoryException {
        if (this.observationManager != null) {
            Iterator<XSSRemoveEventListener> it = this.eventListeners.iterator();
            while (it.hasNext()) {
                this.observationManager.removeEventListener(it.next());
            }
        }
        if (this.session == null || !this.session.isLive()) {
            return;
        }
        this.session.logout();
    }

    boolean isValidMimeType(Node node) throws RepositoryException {
        if (!node.getNode("jcr:content").hasProperty("jcr:mimeType")) {
            return false;
        }
        String string = node.getNode("jcr:content").getProperty("jcr:mimeType").getString();
        for (int i = 0; i < this.supportedMimeTypes.length; i++) {
            if (string.equals(this.supportedMimeTypes[i])) {
                return true;
            }
        }
        return false;
    }

    @Override // org.liveSense.service.xssRemove.XSSRemove
    public void removeXSSsecurityVulnerability(String str, String str2) throws RepositoryException, Exception {
        if (!this.session.isLive()) {
            this.session = this.repository.loginAdministrative((String) null);
        }
        Node node = this.session.getRootNode().getNode(str + "/" + str2);
        if (isValidMimeType(node)) {
            log.info("Removing XSS Vulnerability codes for node {}", node.getPath());
            StringWriter stringWriter = new StringWriter();
            XMLWriter xMLWriter = new XMLWriter(stringWriter);
            xMLWriter.setOutputProperty(XMLWriter.OMIT_XML_DECLARATION, "yes");
            xMLWriter.setOutputProperty(XMLWriter.ENCODING, this.configurator.getEncoding());
            this.parser.setContentHandler(xMLWriter);
            this.parser.parse(new InputSource(new InputStreamReader(node.getNode("jcr:content").getProperty("jcr:data").getStream(), this.configurator.getEncoding())));
            node.getNode("jcr:content").setProperty("jcr:data", new ByteArrayInputStream(stringWriter.toString().getBytes(this.configurator.getEncoding())));
        } else {
            log.info("No XSS  Vulnerability remove, not a HTML: {} - {}", node.getPath(), node.getNode("jcr:content").getProperty("jcr:mimeType"));
        }
        this.session.save();
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindConfigurator(Configurator configurator) {
        this.configurator = configurator;
    }

    protected void unbindConfigurator(Configurator configurator) {
        if (this.configurator == configurator) {
            this.configurator = null;
        }
    }
}
