package oracle.spatial.esapi;

import java.io.ByteArrayInputStream;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Logger;
import org.w3c.dom.Document;
import org.xml.sax.ErrorHandler;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:web.war:WEB-INF/lib/sdoesapi.jar:oracle/spatial/esapi/DataValidator.class */
public class DataValidator {
    private static final Pattern SCRIPT_PATTERN = Pattern.compile("<script>(.*?)</script>", 2);
    private static final Pattern SRC_PATTERN = Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42);
    private static final Pattern END_SCRIPT_PATTERN = Pattern.compile("</script>", 2);
    private static final Pattern BEGIN_SCRIPT_PATTERN = Pattern.compile("<script(.*?)>", 42);
    private static final Pattern EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
    private static final Pattern JAVASCRIPT_PATTERN = Pattern.compile("javascript:", 2);
    private static final Pattern VBSCRIPT_PATTERN = Pattern.compile("vbscript:", 2);
    private static final Pattern ON_LOAD_PATTERN = Pattern.compile("onload(.*?)=", 42);
    private static final Pattern DOCTYPE_PATTERN = Pattern.compile("(<!DOCTYPE((.|\\n|\\r)*?)\\]>)|(<!DOCTYPE((.|\\n|\\r)*?)>)", 42);
    public static final Map<String, String> XML_ESCAPE_CHARS = new LinkedHashMap();

    /* loaded from: input_file:web.war:WEB-INF/lib/sdoesapi.jar:oracle/spatial/esapi/DataValidator$DataType.class */
    public enum DataType {
        HTTPScheme,
        HTTPServerName,
        HTTPParameterName(32),
        HTTPParameterValue,
        HTTPCookieName(32),
        HTTPCookieValue,
        HTTPHeaderName(32),
        HTTPHeaderValue,
        HTTPContextPath,
        HTTPServletPath,
        HTTPPath,
        HTTPQueryString,
        HTTPURI,
        HTTPURL,
        HTTPJSESSIONID(32),
        FileName(255),
        DirectoryName(255);

        private int dataSize;

        DataType() {
            this.dataSize = Logger.OFF;
        }

        DataType(int i) {
            this.dataSize = Logger.OFF;
            this.dataSize = i;
        }

        public int getDataSize() {
            return this.dataSize;
        }
    }

    /* loaded from: input_file:web.war:WEB-INF/lib/sdoesapi.jar:oracle/spatial/esapi/DataValidator$SimpleErrorHandler.class */
    private static class SimpleErrorHandler implements ErrorHandler {
        private SimpleErrorHandler() {
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
        }

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            throw sAXParseException;
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            throw sAXParseException;
        }
    }

    private DataValidator() {
    }

    public static String sanitize(String str, boolean z) {
        return sanitize(str, z, null);
    }

    public static String sanitize(String str, boolean z, Map<String, String> map) {
        if (str != null) {
            str = ESAPI.encoder().canonicalize(str, false);
            if (z) {
                str = ON_LOAD_PATTERN.matcher(VBSCRIPT_PATTERN.matcher(JAVASCRIPT_PATTERN.matcher(EVAL_PATTERN.matcher(BEGIN_SCRIPT_PATTERN.matcher(END_SCRIPT_PATTERN.matcher(SRC_PATTERN.matcher(SCRIPT_PATTERN.matcher(str.replaceAll("��", "")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
            }
            if (map != null) {
                for (String str2 : map.keySet()) {
                    if (str2 != null) {
                        str = str.replaceAll(str2, map.get(str2));
                    }
                }
            }
        }
        return str;
    }

    public static String sanitizeXML(String str, boolean z) {
        return sanitizeXML(str, z, null);
    }

    public static String sanitizeXML(String str, boolean z, Map<String, String> map) {
        if (str == null) {
            return str;
        }
        return sanitize(DOCTYPE_PATTERN.matcher(ESAPI.encoder().canonicalize(str, false)).replaceAll(""), z, map);
    }

    public static String sanitizeXML(String str) throws Exception {
        if (str == null) {
            return null;
        }
        String replaceAll = DOCTYPE_PATTERN.matcher(str.trim()).replaceAll("");
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setValidating(false);
        newInstance.setNamespaceAware(true);
        DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
        newDocumentBuilder.setErrorHandler(new SimpleErrorHandler());
        Document parse = newDocumentBuilder.parse(new InputSource(new ByteArrayInputStream(replaceAll.getBytes(StandardCharsets.UTF_8))));
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        StreamResult streamResult = new StreamResult(new StringWriter());
        newTransformer.transform(new DOMSource(parse), streamResult);
        return streamResult.getWriter().toString();
    }

    public static boolean isValidInput(String str, DataType dataType) {
        return isValidInput(str, dataType, dataType.getDataSize());
    }

    public static boolean isValidInput(String str, DataType dataType, int i) {
        return ESAPI.validator().isValidInput("Input", str, dataType.name(), dataType.getDataSize(), true);
    }

    static {
        XML_ESCAPE_CHARS.put("&", "&#38;");
        XML_ESCAPE_CHARS.put("'", "&#39;");
    }
}
