package org.owasp.esapi.reference.validation;

import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import org.apache.commons.configuration.ConfigurationRuntimeException;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Logger;
import org.owasp.esapi.StringUtilities;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

/* loaded from: input_file:org/owasp/esapi/reference/validation/HTMLValidationRule.class */
public class HTMLValidationRule extends StringValidationRule {
    private static Policy antiSamyPolicy;
    private static final Logger LOGGER = ESAPI.getLogger("HTMLValidationRule");

    static {
        antiSamyPolicy = null;
        try {
            InputStream resourceStream = ESAPI.securityConfiguration().getResourceStream("antisamy-esapi.xml");
            if (resourceStream != null) {
                try {
                    antiSamyPolicy = Policy.getInstance(resourceStream);
                } catch (PolicyException e) {
                    throw new ConfigurationRuntimeException("Couldn't parse antisamy policy", e);
                }
            }
        } catch (IOException e2) {
            throw new ConfigurationRuntimeException("Couldn't find antisamy-esapi.xml", e2);
        }
    }

    public HTMLValidationRule(String str) {
        super(str);
    }

    public HTMLValidationRule(String str, Encoder encoder) {
        super(str, encoder);
    }

    public HTMLValidationRule(String str, Encoder encoder, String str2) {
        super(str, encoder, str2);
    }

    @Override // org.owasp.esapi.reference.validation.StringValidationRule, org.owasp.esapi.ValidationRule
    public String getValid(String str, String str2) throws ValidationException {
        return invokeAntiSamy(str, str2);
    }

    @Override // org.owasp.esapi.reference.validation.StringValidationRule, org.owasp.esapi.reference.validation.BaseValidationRule
    public String sanitize(String str, String str2) {
        String str3 = "";
        try {
            str3 = invokeAntiSamy(str, str2);
        } catch (ValidationException e) {
        }
        return str3;
    }

    private String invokeAntiSamy(String str, String str2) throws ValidationException {
        if (StringUtilities.isEmpty(str2)) {
            if (this.allowNull) {
                return null;
            }
            throw new ValidationException(String.valueOf(str) + " is required", "AntiSamy validation error: context=" + str + ", input=" + str2, str);
        }
        try {
            CleanResults scan = new AntiSamy().scan(super.getValid(str, str2), antiSamyPolicy);
            ArrayList errorMessages = scan.getErrorMessages();
            if (!errorMessages.isEmpty()) {
                LOGGER.info(Logger.SECURITY_FAILURE, "Cleaned up invalid HTML input: " + errorMessages);
            }
            return scan.getCleanHTML().trim();
        } catch (PolicyException e) {
            throw new ValidationException(String.valueOf(str) + ": Invalid HTML input", "Invalid HTML input does not follow rules in antisamy-esapi.xml: context=" + str + " error=" + e.getMessage(), e, str);
        } catch (ScanException e2) {
            throw new ValidationException(String.valueOf(str) + ": Invalid HTML input", "Invalid HTML input: context=" + str + " error=" + e2.getMessage(), e2, str);
        }
    }
}
