package com.alipay.security.open.xssmacro;

import com.alipay.security.open.common.log.LoggerUtil;
import com.alipay.security.open.common.log.SecurityLoggerFactory;
import com.alipay.security.open.common.string.StringUtil;
import java.io.InputStream;
import java.util.Iterator;
import org.slf4j.Logger;

/* loaded from: input_file:com/alipay/security/open/xssmacro/URLRebuilder.class */
public class URLRebuilder {
    private static final Logger logger = SecurityLoggerFactory.getLogger((Class<?>) URLRebuilder.class);
    private static UrlPolicy urlPolicy;

    public static void setCustomUrlPolicy() throws Exception {
        try {
            urlPolicy = UrlPolicy.getCustomUrlPolicyInstance();
        } catch (Exception e) {
            LoggerUtil.formatError(logger, "URLRebuilder", "setCustomUrlPolicy", "setCustomUrlPolicyException", "exception=" + e.getMessage(), "设置自定义的UrlPolicy时发生异常");
            throw new Exception(e);
        }
    }

    public static void setCustomUrlPolicy(InputStream inputStream) throws Exception {
        try {
            urlPolicy = UrlPolicy.getCustomUrlPolicyInstance(inputStream);
        } catch (Exception e) {
            LoggerUtil.formatError(logger, "URLRebuilder", "setCustomUrlPolicy", "setCustomUrlPolicyException", "exception=" + e.getMessage(), "设置自定义的UrlPolicy时发生异常");
            throw new Exception(e);
        }
    }

    public static String rebuilder_strict(String str) {
        if (null == str || str.length() < 7 || str.length() > 5125) {
            LoggerUtil.formatError(logger, "URLRebuilder", "rebuilder_strict", "urlLengthError", "url=" + str, "输入的url为空,小于7位或大于5125位");
            return StringUtil.EMPTY_STRING;
        }
        String lowerCase = str.toLowerCase();
        if (!lowerCase.contains(":") || StringUtil.split(lowerCase, ":").length < 2) {
            LoggerUtil.formatError(logger, "URLRebuilder", "rebuilder_strict", "uriBuildException", "url=" + str, "输入的url中存在编码绕过风险");
            return StringUtil.EMPTY_STRING;
        }
        String str2 = StringUtil.split(lowerCase, ":")[0];
        if (StringUtil.isBlank(str2)) {
            LoggerUtil.formatError(logger, "URLRebuilder", "rebuilder_strict", "uriBuildException", "url=" + str, "输入的url中存在编码绕过风险");
            return StringUtil.EMPTY_STRING;
        }
        if (null == urlPolicy || null == urlPolicy.getAllowedPortocalList() || urlPolicy.getAllowedPortocalList().isEmpty()) {
            LoggerUtil.formatError(logger, "URLRebuilder", "rebuilder_strict", "policyisNull", "url=" + str, "输入的url中存在编码绕过风险");
            return StringUtil.EMPTY_STRING;
        }
        Iterator<String> it = urlPolicy.getAllowedPortocalList().iterator();
        while (it.hasNext()) {
            if (str2.equals(it.next())) {
                return buildUrlResult(str);
            }
        }
        LoggerUtil.formatError(logger, "URLRebuilder", "rebuilder_strict", "notAllowedUrl", "url=" + str, "输入的url中存在编码绕过风险");
        return StringUtil.EMPTY_STRING;
    }

    public static String buildUrlResult(String str) {
        String str2;
        char[] charArray = str.toCharArray();
        StringBuilder sb = null;
        for (int i = 0; i < charArray.length; i++) {
            if (charArray[i] == '<') {
                str2 = "%3C";
            } else if (charArray[i] == '>') {
                str2 = "%3E";
            } else if (charArray[i] == '\"') {
                str2 = "%22";
            } else if (charArray[i] == '\'') {
                str2 = "%27";
            } else if (charArray[i] < '\t' || charArray[i] > '\r') {
                if (sb != null) {
                    sb.append(charArray[i]);
                }
            } else {
                str2 = "&nbsp;";
            }
            if (sb == null) {
                sb = new StringBuilder(str.length() + 100);
                sb.append(new String(charArray, 0, i));
            }
            sb.append(str2);
        }
        return sb == null ? str : sb.toString();
    }

    static {
        try {
            urlPolicy = UrlPolicy.getDefaultUrlPolicyInstance();
        } catch (Exception e) {
            LoggerUtil.formatError(logger, "URLRebuilder", "staticInstance", "setDefaultUrlPolicyException", "exception=" + e.getMessage(), "构建默认的URlPolicy文件时发生异常!");
        }
    }
}
