package org.owasp.esapi.reference;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Logger;
import org.owasp.esapi.codecs.Base64;
import org.owasp.esapi.codecs.CSSCodec;
import org.owasp.esapi.codecs.Codec;
import org.owasp.esapi.codecs.HTMLEntityCodec;
import org.owasp.esapi.codecs.JavaScriptCodec;
import org.owasp.esapi.codecs.PercentCodec;
import org.owasp.esapi.codecs.PushbackString;
import org.owasp.esapi.codecs.VBScriptCodec;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.errors.IntrusionException;
import sun.text.Normalizer;

/* loaded from: input_file:org/owasp/esapi/reference/DefaultEncoder.class */
public class DefaultEncoder implements Encoder {
    List codecs;
    private HTMLEntityCodec htmlCodec;
    private PercentCodec percentCodec;
    private JavaScriptCodec javaScriptCodec;
    private VBScriptCodec vbScriptCodec;
    private CSSCodec cssCodec;
    private final Logger logger;
    private static final char[] IMMUNE_HTML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_HTMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_CSS = {' '};
    private static final char[] IMMUNE_JAVASCRIPT = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_VBSCRIPT = {' '};
    private static final char[] IMMUNE_XML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_SQL = {' '};
    private static final char[] IMMUNE_OS = {'-'};
    private static final char[] IMMUNE_XMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_XPATH = {',', '.', '-', '_', ' '};

    public DefaultEncoder() {
        this.codecs = new ArrayList();
        this.htmlCodec = new HTMLEntityCodec();
        this.percentCodec = new PercentCodec();
        this.javaScriptCodec = new JavaScriptCodec();
        this.vbScriptCodec = new VBScriptCodec();
        this.cssCodec = new CSSCodec();
        this.logger = ESAPI.getLogger("Encoder");
        this.codecs.add(this.htmlCodec);
        this.codecs.add(this.percentCodec);
        this.codecs.add(this.javaScriptCodec);
    }

    public DefaultEncoder(List list) {
        this.codecs = new ArrayList();
        this.htmlCodec = new HTMLEntityCodec();
        this.percentCodec = new PercentCodec();
        this.javaScriptCodec = new JavaScriptCodec();
        this.vbScriptCodec = new VBScriptCodec();
        this.cssCodec = new CSSCodec();
        this.logger = ESAPI.getLogger("Encoder");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (!(it.next() instanceof Codec)) {
                throw new IllegalArgumentException("Codec list must contain only Codec instances");
            }
        }
        this.codecs = list;
    }

    @Override // org.owasp.esapi.Encoder
    public String canonicalize(String str) {
        if (str == null) {
            return null;
        }
        return canonicalize(str, true);
    }

    @Override // org.owasp.esapi.Encoder
    public String canonicalize(String str, boolean z) {
        if (str == null) {
            return null;
        }
        String canonicalizeOnce = canonicalizeOnce(str);
        if (!canonicalizeOnce.equals(canonicalizeOnce(canonicalizeOnce))) {
            if (z) {
                throw new IntrusionException("Input validation failure", "Double encoding detected in " + str);
            }
            this.logger.warning(Logger.SECURITY, false, "Double encoding detected in " + str);
        }
        return canonicalizeOnce;
    }

    private String canonicalizeOnce(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        PushbackString pushbackString = new PushbackString(str);
        while (pushbackString.hasNext()) {
            boolean decodeNext = decodeNext(pushbackString);
            Character next = pushbackString.next();
            if (decodeNext) {
                pushbackString.pushback(next);
            } else {
                stringBuffer.append(next);
            }
        }
        return stringBuffer.toString();
    }

    private boolean decodeNext(PushbackString pushbackString) {
        Iterator it = this.codecs.iterator();
        pushbackString.mark();
        while (it.hasNext()) {
            pushbackString.reset();
            Character decodeCharacter = ((Codec) it.next()).decodeCharacter(pushbackString);
            if (decodeCharacter != null) {
                pushbackString.pushback(decodeCharacter);
                return true;
            }
        }
        pushbackString.reset();
        return false;
    }

    @Override // org.owasp.esapi.Encoder
    public String normalize(String str) {
        return Normalizer.normalize(str, Normalizer.DECOMP, 0).replaceAll("[^\\p{ASCII}]", "");
    }

    private String encode(char c, Codec codec, char[] cArr, char[] cArr2) {
        return (isContained(cArr, c) || isContained(cArr2, c)) ? "" + c : codec.encodeCharacter(new Character(c));
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForHTML(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt == '\t' || charAt == '\n' || charAt == '\r') {
                stringBuffer.append(charAt);
            } else if (charAt <= 31 || (charAt >= 127 && charAt <= 159)) {
                this.logger.warning(Logger.SECURITY, false, "Attempt to HTML entity encode illegal character: " + ((int) charAt) + " (skipping)");
                stringBuffer.append(' ');
            } else {
                stringBuffer.append(encode(charAt, this.htmlCodec, CHAR_ALPHANUMERICS, IMMUNE_HTML));
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForHTMLAttribute(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.htmlCodec, CHAR_ALPHANUMERICS, IMMUNE_HTMLATTR));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForCSS(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            if (charAt != 0) {
                stringBuffer.append(encode(charAt, this.cssCodec, CHAR_ALPHANUMERICS, IMMUNE_CSS));
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForJavaScript(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.javaScriptCodec, CHAR_ALPHANUMERICS, IMMUNE_JAVASCRIPT));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForVBScript(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.vbScriptCodec, CHAR_ALPHANUMERICS, IMMUNE_VBSCRIPT));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForSQL(Codec codec, String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), codec, CHAR_ALPHANUMERICS, IMMUNE_SQL));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForOS(Codec codec, String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), codec, CHAR_ALPHANUMERICS, IMMUNE_OS));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForLDAP(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForDN(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str.length() > 0 && (str.charAt(0) == ' ' || str.charAt(0) == '#')) {
            stringBuffer.append('\\');
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    stringBuffer.append("\\\"");
                    break;
                case '+':
                    stringBuffer.append("\\+");
                    break;
                case ',':
                    stringBuffer.append("\\,");
                    break;
                case ';':
                    stringBuffer.append("\\;");
                    break;
                case '<':
                    stringBuffer.append("\\<");
                    break;
                case '>':
                    stringBuffer.append("\\>");
                    break;
                case '\\':
                    stringBuffer.append("\\\\");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        if (str.length() > 1 && str.charAt(str.length() - 1) == ' ') {
            stringBuffer.insert(stringBuffer.length() - 1, '\\');
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForXPath(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.htmlCodec, CHAR_ALPHANUMERICS, IMMUNE_XPATH));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForXML(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.htmlCodec, CHAR_ALPHANUMERICS, IMMUNE_XML));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForXMLAttribute(String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), this.htmlCodec, CHAR_ALPHANUMERICS, IMMUNE_XMLATTR));
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForURL(String str) throws EncodingException {
        try {
            return URLEncoder.encode(str, ESAPI.securityConfiguration().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Encoding failure", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Encoding failure", "Problem URL decoding input", e2);
        }
    }

    @Override // org.owasp.esapi.Encoder
    public String decodeFromURL(String str) throws EncodingException {
        try {
            return URLDecoder.decode(canonicalize(str), ESAPI.securityConfiguration().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Decoding failed", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Decoding failed", "Problem URL decoding input", e2);
        }
    }

    @Override // org.owasp.esapi.Encoder
    public String encodeForBase64(byte[] bArr, boolean z) {
        int i = 0;
        if (!z) {
            i = 0 | 8;
        }
        return Base64.encodeBytes(bArr, i);
    }

    @Override // org.owasp.esapi.Encoder
    public byte[] decodeFromBase64(String str) throws IOException {
        return Base64.decode(str);
    }

    protected boolean isContained(char[] cArr, char c) {
        for (char c2 : cArr) {
            if (c == c2) {
                return true;
            }
        }
        return false;
    }

    static {
        Arrays.sort(IMMUNE_HTML);
        Arrays.sort(IMMUNE_HTMLATTR);
        Arrays.sort(IMMUNE_JAVASCRIPT);
        Arrays.sort(IMMUNE_VBSCRIPT);
        Arrays.sort(IMMUNE_XML);
        Arrays.sort(IMMUNE_XMLATTR);
        Arrays.sort(IMMUNE_XPATH);
        Arrays.sort(CHAR_LOWERS);
        Arrays.sort(CHAR_UPPERS);
        Arrays.sort(CHAR_DIGITS);
        Arrays.sort(CHAR_SPECIALS);
        Arrays.sort(CHAR_LETTERS);
        Arrays.sort(CHAR_ALPHANUMERICS);
        Arrays.sort(CHAR_PASSWORD_LOWERS);
        Arrays.sort(CHAR_PASSWORD_UPPERS);
        Arrays.sort(CHAR_PASSWORD_DIGITS);
        Arrays.sort(CHAR_PASSWORD_SPECIALS);
        Arrays.sort(CHAR_PASSWORD_LETTERS);
    }
}
