package com.tplus.transform.security;

import com.tplus.transform.runtime.ascii.ASCIIDelimitedOutputWriter;
import com.tplus.transform.security.codec.Codec;
import com.tplus.transform.security.codec.UnixCodec;
import com.tplus.transform.security.codec.WindowsCodec;
import com.tplus.transform.util.ExecUtil;
import com.tplus.transform.util.bean.PropertyUtils;
import com.tplus.transform.util.log.Log;
import com.tplus.transform.util.log.LogFactory;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:com/tplus/transform/security/DefaultEncoder.class */
public class DefaultEncoder implements Encoder {
    List codecs;
    protected static Log log = LogFactory.getLog(DefaultEncoder.class);
    private static final char[] IMMUNE_HTML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_HTMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_CSS = {' '};
    private static final char[] IMMUNE_JAVASCRIPT = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_VBSCRIPT = {' '};
    private static final char[] IMMUNE_XML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_SQL = {' '};
    private static final char[] IMMUNE_OS = {'-'};
    private static final char[] IMMUNE_XMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_XPATH = {',', '.', '-', '_', ' '};

    public DefaultEncoder() {
        this.codecs = new ArrayList();
    }

    public DefaultEncoder(List list) {
        this.codecs = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            if (!(it.next() instanceof Codec)) {
                throw new IllegalArgumentException("Codec list must contain only Codec instances");
            }
        }
        this.codecs = list;
    }

    @Override // com.tplus.transform.security.Encoder
    public String canonicalize(String str) {
        if (str == null) {
            return null;
        }
        return canonicalize(str, true);
    }

    private String encode(char c, Codec codec, char[] cArr, char[] cArr2) {
        return (isContained(cArr, c) || isContained(cArr2, c)) ? "" + c : codec.encodeCharacter(new Character(c));
    }

    @Override // com.tplus.transform.security.Encoder
    public String canonicalize(String str, boolean z) {
        if (str == null) {
            return null;
        }
        String str2 = str;
        Codec codec = null;
        int i = 1;
        int i2 = 0;
        boolean z2 = false;
        while (!z2) {
            z2 = true;
            for (Codec codec2 : this.codecs) {
                String str3 = str2;
                str2 = codec2.decode(str2);
                if (!str3.equals(str2)) {
                    if (codec != null && codec != codec2) {
                        i++;
                    }
                    codec = codec2;
                    if (z2) {
                        i2++;
                    }
                    z2 = false;
                }
            }
        }
        if (i2 < 2 || i <= 1) {
            if (i2 >= 2) {
                if (z) {
                    throw new IntrusionException("Input validation failure", "Multiple (" + i2 + "x) encoding detected in " + str);
                }
            } else if (i > 1 && z) {
                throw new IntrusionException("Input validation failure", "Mixed encoding (" + i + "x) detected in " + str);
            }
        } else if (z) {
            throw new IntrusionException("Input validation failure", "Multiple (" + i2 + "x) and mixed encoding (" + i + "x) detected in " + str);
        }
        return str2;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForHTML(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForHTMLAttribute(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForCSS(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForJavaScript(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForVBScript(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForSQL(Codec codec, String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), codec, CHAR_ALPHANUMERICS, IMMUNE_SQL));
        }
        return stringBuffer.toString();
    }

    public static Codec getOSCodec() {
        return ExecUtil.isWindows() ? new WindowsCodec() : new UnixCodec();
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForOS(Codec codec, String str) {
        if (str == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(encode(str.charAt(i), codec, CHAR_ALPHANUMERICS, IMMUNE_OS));
        }
        return stringBuffer.toString();
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForLDAP(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case 0:
                    stringBuffer.append("\\00");
                    break;
                case PropertyUtils.MAPPED_DELIM /* 40 */:
                    stringBuffer.append("\\28");
                    break;
                case PropertyUtils.MAPPED_DELIM2 /* 41 */:
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case '\\':
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForDN(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str.length() > 0 && (str.charAt(0) == ' ' || str.charAt(0) == '#')) {
            stringBuffer.append('\\');
        }
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case ASCIIDelimitedOutputWriter.DOUBLE_QUOTE /* 34 */:
                    stringBuffer.append("\\\"");
                    break;
                case '+':
                    stringBuffer.append("\\+");
                    break;
                case ',':
                    stringBuffer.append("\\,");
                    break;
                case ';':
                    stringBuffer.append("\\;");
                    break;
                case '<':
                    stringBuffer.append("\\<");
                    break;
                case '>':
                    stringBuffer.append("\\>");
                    break;
                case '\\':
                    stringBuffer.append("\\\\");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        if (str.length() > 1 && str.charAt(str.length() - 1) == ' ') {
            stringBuffer.insert(stringBuffer.length() - 1, '\\');
        }
        return stringBuffer.toString();
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForXPath(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForXML(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForXMLAttribute(String str) {
        return str;
    }

    @Override // com.tplus.transform.security.Encoder
    public String encodeForURL(String str) throws EncodingException {
        try {
            return URLEncoder.encode(str, getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Encoding failure", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Encoding failure", "Problem URL decoding input", e2);
        }
    }

    private String getCharacterEncoding() {
        return "utf-8";
    }

    @Override // com.tplus.transform.security.Encoder
    public String decodeFromURL(String str) throws EncodingException {
        try {
            return URLDecoder.decode(canonicalize(str), getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Decoding failed", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Decoding failed", "Problem URL decoding input", e2);
        }
    }

    protected boolean isContained(char[] cArr, char c) {
        for (char c2 : cArr) {
            if (c == c2) {
                return true;
            }
        }
        return false;
    }

    static {
        Arrays.sort(IMMUNE_HTML);
        Arrays.sort(IMMUNE_HTMLATTR);
        Arrays.sort(IMMUNE_JAVASCRIPT);
        Arrays.sort(IMMUNE_VBSCRIPT);
        Arrays.sort(IMMUNE_XML);
        Arrays.sort(IMMUNE_XMLATTR);
        Arrays.sort(IMMUNE_XPATH);
        Arrays.sort(CHAR_LOWERS);
        Arrays.sort(CHAR_UPPERS);
        Arrays.sort(CHAR_DIGITS);
        Arrays.sort(CHAR_SPECIALS);
        Arrays.sort(CHAR_LETTERS);
        Arrays.sort(CHAR_ALPHANUMERICS);
        Arrays.sort(CHAR_PASSWORD_LOWERS);
        Arrays.sort(CHAR_PASSWORD_UPPERS);
        Arrays.sort(CHAR_PASSWORD_DIGITS);
        Arrays.sort(CHAR_PASSWORD_SPECIALS);
        Arrays.sort(CHAR_PASSWORD_LETTERS);
    }
}
