package org.jahia.modules.htmlfiltering;

import java.util.Collections;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.apache.commons.lang.StringUtils;
import org.jahia.osgi.BundleUtils;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRStoreService;
import org.jahia.services.content.decorator.JCRSiteNode;
import org.jahia.services.content.interceptor.BaseInterceptor;
import org.jahia.services.content.nodetypes.ExtendedPropertyDefinition;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.owasp.html.HtmlChangeListener;
import org.owasp.html.PolicyFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true)
/* loaded from: input_file:org/jahia/modules/htmlfiltering/HtmlFilteringInterceptor.class */
public class HtmlFilteringInterceptor extends BaseInterceptor {
    private static Logger logger = LoggerFactory.getLogger(HtmlFilteringInterceptor.class);
    private JCRStoreService jcrStoreService;

    @Activate
    public void start() {
        setRequiredTypes(Collections.singleton("String"));
        setSelectors(Collections.singleton("RichText"));
        this.jcrStoreService.addInterceptor(this);
    }

    @Deactivate
    public void stop() {
        this.jcrStoreService.removeInterceptor(this);
    }

    @Reference
    public void setJcrStoreService(JCRStoreService jCRStoreService) {
        this.jcrStoreService = jCRStoreService;
    }

    public Value beforeSetValue(JCRNodeWrapper jCRNodeWrapper, String str, ExtendedPropertyDefinition extendedPropertyDefinition, Value value) throws RepositoryException {
        if (valueIsEmpty(value)) {
            return value;
        }
        JCRSiteNode resolveSite = jCRNodeWrapper.getResolveSite();
        HTMLFilteringInterface hTMLFilteringInterface = (HTMLFilteringInterface) BundleUtils.getOsgiService(HTMLFilteringInterface.class, (String) null);
        if (!resolveSite.isHtmlMarkupFilteringEnabled() || hTMLFilteringInterface == null) {
            return value;
        }
        PolicyFactory mergedOwaspPolicyFactory = hTMLFilteringInterface.getMergedOwaspPolicyFactory(HTMLFilteringInterface.DEFAULT_POLICY_KEY, resolveSite.getSiteKey());
        if (mergedOwaspPolicyFactory == null) {
            return value;
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Performing HTML tag filtering for {}/{}", jCRNodeWrapper.getPath(), str);
            if (logger.isTraceEnabled()) {
                logger.trace("Original value: {}", value.getString());
            }
        }
        String string = value.getString();
        String path = jCRNodeWrapper.hasProperty(extendedPropertyDefinition.getName()) ? jCRNodeWrapper.getProperty(extendedPropertyDefinition.getName()).getRealProperty().getPath() : jCRNodeWrapper.getPath();
        if (dryRun(hTMLFilteringInterface, resolveSite, path, mergedOwaspPolicyFactory, string)) {
            return value;
        }
        String sanitize = mergedOwaspPolicyFactory.sanitize(string);
        logger.warn("Sanitized [{}]", path);
        return getModifiedValue(jCRNodeWrapper, preservePlaceholders(sanitize), string, value);
    }

    @NotNull
    private static String preservePlaceholders(String str) {
        return str.replace("%7bmode%7d", "{mode}").replace("%7blang%7d", "{lang}").replace("%7bworkspace%7d", "{workspace}");
    }

    private static Value getModifiedValue(JCRNodeWrapper jCRNodeWrapper, String str, String str2, Value value) throws RepositoryException {
        if (str.equals(str2)) {
            if (logger.isDebugEnabled()) {
                logger.debug("The value does not contain HTML tags that needs to be removed. The content remains unchanged.");
            }
            return value;
        }
        Value createValue = jCRNodeWrapper.getSession().getValueFactory().createValue(str);
        if (logger.isDebugEnabled()) {
            logger.debug("Done filtering of \"unwanted\" HTML tags.");
            if (logger.isTraceEnabled()) {
                logger.trace("Modified value: {}", str);
            }
        }
        return createValue;
    }

    private static boolean valueIsEmpty(Value value) throws RepositoryException {
        if (!StringUtils.isEmpty(value.getString()) && value.getString().contains("<")) {
            return false;
        }
        if (!logger.isDebugEnabled()) {
            return true;
        }
        logger.debug("The value does not contain any HTML tags. Skip filtering.");
        return true;
    }

    private static boolean dryRun(HTMLFilteringInterface hTMLFilteringInterface, JCRSiteNode jCRSiteNode, String str, PolicyFactory policyFactory, String str2) {
        if (!hTMLFilteringInterface.htmlSanitizerDryRun(jCRSiteNode.getSiteKey())) {
            return false;
        }
        logger.info("Dry run: Skipping Sanitization of [{}]", str);
        policyFactory.sanitize(str2, new HtmlChangeListener<Object>() { // from class: org.jahia.modules.htmlfiltering.HtmlFilteringInterceptor.1
            @Override // org.owasp.html.HtmlChangeListener
            public void discardedTag(@Nullable Object obj, String str3) {
                HtmlFilteringInterceptor.logger.info(String.format("Removed tag: %s", str3));
            }

            @Override // org.owasp.html.HtmlChangeListener
            public void discardedAttributes(@Nullable Object obj, String str3, String... strArr) {
                HtmlFilteringInterceptor.logger.info(String.format("Removed attributes %s for tag %s", String.join(", ", strArr), str3));
            }
        }, null);
        return true;
    }

    public Value[] beforeSetValues(JCRNodeWrapper jCRNodeWrapper, String str, ExtendedPropertyDefinition extendedPropertyDefinition, Value[] valueArr) throws RepositoryException {
        Value[] valueArr2 = new Value[valueArr.length];
        for (int i = 0; i < valueArr.length; i++) {
            valueArr2[i] = beforeSetValue(jCRNodeWrapper, str, extendedPropertyDefinition, valueArr[i]);
        }
        return valueArr2;
    }
}
