package com.aurel.track.security;

import com.aurel.track.GeneralSettings;
import com.aurel.track.exchange.docx.exporter.StyleUtil;
import com.aurel.track.macro.field.MacroFieldBL;
import com.aurel.track.macro.issue.MacroIssue;
import com.aurel.track.prop.ApplicationBean;
import com.aurel.track.versionControl.bl.VersionControlConfigBL;
import org.apache.axiom.soap.SOAP12Constants;
import org.apache.axis2.Constants;
import org.apache.axis2.util.CommandLineOptionConstants;
import org.apache.commons.lang3.StringEscapeUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.safety.Whitelist;

/* loaded from: input_file:lib/tp-core-5.6.0.jar:com/aurel/track/security/XssCleaner.class */
public class XssCleaner {
    private static final Logger LOGGER = LogManager.getLogger((Class<?>) XssCleaner.class);
    private static Whitelist htmlTextWhiteList = Whitelist.relaxed();
    private static Whitelist plainTextWhiteList;
    private static String serverBaseUrl;
    private static XssCleaner instance;

    private XssCleaner() {
    }

    public static XssCleaner getInstance() {
        if (instance == null || serverBaseUrl == null) {
            htmlTextWhiteList = Whitelist.relaxed();
            htmlTextWhiteList.addAttributes("h1", new String[]{"id"});
            htmlTextWhiteList.addAttributes("h2", new String[]{"id"});
            htmlTextWhiteList.addAttributes("h3", new String[]{"id"});
            htmlTextWhiteList.addAttributes("h4", new String[]{"id"});
            htmlTextWhiteList.addAttributes("h5", new String[]{"id"});
            htmlTextWhiteList.addAttributes("h6", new String[]{"id"});
            htmlTextWhiteList.addAttributes(CommandLineOptionConstants.WSDL2JavaConstants.PACKAGE_OPTION, new String[]{"style", "class"});
            htmlTextWhiteList.addAttributes("span", new String[]{"style", "class", "context", MacroFieldBL.PARAMETERS.FIELDID, MacroFieldBL.PARAMETERS.SHOW_LABEL, "workitemid", "personid"});
            htmlTextWhiteList.addAttributes(MacroIssue.TAG_NAME, new String[]{"style", "class", MacroFieldBL.PARAMETERS.FIELDID, "workitemid", "personid"});
            htmlTextWhiteList.addAttributes("table", new String[]{"align", "border", "cellpadding", "cellspacing", "id", "style", "class"});
            htmlTextWhiteList.addAttributes(StyleUtil.STANDARD_STYLE_NAMES.CAPTION_NAME, new String[]{"id", "style", "class"});
            htmlTextWhiteList.addAttributes("th", new String[]{"style", "class"});
            htmlTextWhiteList.addAttributes("td", new String[]{"style", "class"});
            htmlTextWhiteList.addAttributes("tr", new String[]{"style", "class"});
            htmlTextWhiteList.addAttributes(MacroIssue.TAG_NAME, new String[]{"class", "style", "workitemid", "personid"});
            serverBaseUrl = ApplicationBean.getInstance().getSiteBean().getServerURL();
            htmlTextWhiteList.addAttributes(CommandLineOptionConstants.WSDL2JavaConstants.CODEGEN_ASYNC_ONLY_OPTION, new String[]{"id", "name", "accesskey", "dir", SOAP12Constants.SOAP_FAULT_TEXT_LANG_ATTR_LOCAL_NAME, "style", "tabindex", "title", "href", "target", "type"});
            htmlTextWhiteList.addProtocols(CommandLineOptionConstants.WSDL2JavaConstants.CODEGEN_ASYNC_ONLY_OPTION, "href", new String[]{"#", "http", "https", Constants.TRANSPORT_MAIL, "ftp", "ldap", "ldaps", VersionControlConfigBL.ACCESS_METHODS.SSH});
            htmlTextWhiteList.addProtocols("img", "src", new String[]{"cid"});
            htmlTextWhiteList.preserveRelativeLinks(true);
            htmlTextWhiteList.addAttributes("figure", new String[]{"class"});
            htmlTextWhiteList.addAttributes("figcaption", new String[]{"class"});
            plainTextWhiteList = Whitelist.basic();
            instance = new XssCleaner();
        }
        return instance;
    }

    public String cleanNonHtmlIfXssOn(String str) {
        boolean isXSSParameterCleaning = GeneralSettings.isXSSParameterCleaning();
        LOGGER.debug("The xss parameter cleaning is enabled: " + isXSSParameterCleaning);
        return isXSSParameterCleaning ? cleanNonHtml(str) : str;
    }

    public String cleanNonHtml(String str) {
        if (str != null) {
            try {
                String clean = Jsoup.clean(str, plainTextWhiteList);
                if (clean != null && !clean.isEmpty()) {
                    return StringEscapeUtils.unescapeHtml4(clean);
                }
            } catch (Exception e) {
                LOGGER.error("Failed to clean plain input against XSS!");
                LOGGER.error(e);
            }
        }
        return str;
    }

    public String cleanHtmlIfXssOn(String str) {
        boolean isXSSParameterCleaning = GeneralSettings.isXSSParameterCleaning();
        LOGGER.debug("The xss parameter cleaning is enabled: " + isXSSParameterCleaning);
        return isXSSParameterCleaning ? cleanHtml(str) : str;
    }

    public String cleanHtml(String str) {
        if (str != null) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Cleaning input: " + str + " serverBaseUrl: " + serverBaseUrl);
            }
            try {
                Document.OutputSettings outputSettings = new Document.OutputSettings();
                outputSettings.prettyPrint(false);
                String clean = Jsoup.clean(str, serverBaseUrl, htmlTextWhiteList, outputSettings);
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Cleaned result:" + clean);
                }
                return clean;
            } catch (Exception e) {
                LOGGER.error("Failed to clean HTML input against XSS!");
                LOGGER.error(e);
            }
        }
        return str;
    }
}
