package com.sun.messaging.smime.applet.util;

import com.google.common.collect.ImmutableSet;
import com.sun.messaging.smime.applet.AppletLogger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.owasp.html.AttributePolicy;
import org.owasp.html.CssSchema;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;

/* loaded from: input_file:com/sun/messaging/smime/applet/util/HTMLSanitizer.class */
public class HTMLSanitizer {
    private static PolicyFactory htmlPolicy;
    private static final CssSchema ADDITIONAL_DEFAULT_CSS = CssSchema.withProperties(ImmutableSet.of("float", "display"));
    private static boolean enabled = false;
    private static List<String> addlWhitelist = Collections.emptyList();
    private static List<String> addlBlacklist = Collections.emptyList();
    private static List<String> addlCssWhitelist = Collections.emptyList();
    private static boolean allowUrlInStyle = false;

    public String sanitize(String str) {
        return enabled ? htmlPolicy.sanitize(str) : str;
    }

    public static synchronized void init() {
        ArrayList arrayList = new ArrayList(Arrays.asList("@a", "@abbr", "@acronym", "@address", "@area", "@article", "@aside", "@audio", "@b", "@base", "@basefont", "@bdi", "@bdo", "@big", "@blockquote", "@body", "@br", "@button", "@canvas", "@caption", "@center", "@cite", "@code", "@col", "@colgroup", "@datalist", "@dd", "@del", "@details", "@dfn", "@dir", "@div", "@dl", "@dt", "@em", "@fieldset", "@figcaption", "@figure", "@font", "@footer", "@form", "@frame", "@frameset", "@h1", "@h2", "@h3", "@h4", "@h5", "@h6", "@head", "@header", "@hr", "@html", "@i", "@iframe", "@img", "@input", "@ins", "@kbd", "@keygen", "@label", "@legend", "@li", "@main", "@map", "@mark", "@menu", "@menuitem", "@meta", "@meter", "@nav", "@noframes", "@noscript", "@ol", "@optgroup", "@option", "@output", "@p", "@param", "@pre", "@progress", "@q", "@rp", "@rt", "@ruby", "@s", "@samp", "@section", "@select", "@small", "@source", "@span", "@strike", "@strong", "@style", "@sub", "@summary", "@sup", "@table", "@tbody", "@td", "@textarea", "@tfoot", "@th", "@thead", "@time", "@title", "@tr", "@track", "@tt", "@u", "@ul", "@var", "@video", "@wbr", "attribute", "accesskey", "class", "contenteditable", "contextmenu", "data-*", "dir", "draggable", "dropzone", "hidden", "id", "lang", "name", "spellcheck", "style", "tabindex", "title", "translate", "charset@a", "coords@a", "download@a", "href@a", "hreflang@a", "media@a", "rel@a", "rev@a", "shape@a", "target@a", "type@a", "alt@area", "coords@area", "download@area", "href@area", "hreflang@area", "media@area", "nohref@area", "rel@area", "shape@area", "target@area", "type@area", "autoplay@audio", "controls@audio", "loop@audio", "muted@audio", "preload@audio", "src@audio", "href@base", "target@base", "color@font", "face@font", "size@font", "dir@bdo", "cite@blockquote", "alink@body", "background@body", "bgcolor@body", "link@body", "text@body", "vlink@body", "disabled@button", "type@button", "value@button", "height@canvas", "width@canvas", "align@caption", "align@col", "char@col", "charoff@col", "span@col", "valign@col", "width@col", "align@colgroup", "char@colgroup", "charoff@colgroup", "span@colgroup", "valign@colgroup", "width@colgroup", "cite@del", "datetime@del", "open@details", "compact@dir", "align@div", "disabled@fieldset", "form@fieldset", "name@fieldset", "color@font", "face@font", "size@font", "accept@form", "accept-charset@form", "action@form", "autocomplete@form", "enctype@form", "method@form", "novalidate@form", "target", "frameborder@frame", "longdesc@frame", "marginheight@frame", "marginwidth@frame", "name@frame", "noresize@frame", "scrolling@frame", "src@frame", "cols@frameset", "rows@frameset", "align@h1", "align@h2", "align@h3", "align@h4", "align@h5", "align@h6", "profile@head", "align@hr", "noshade@hr", "size@hr", "width@hr", "manifest@html", "xmlns@html", "align@iframe", "frameborder@iframe", "height@iframe", "longdesc@iframe", "marginheight@iframe", "marginwidth@iframe", "name@iframe", "sandbox@iframe", "scrolling@iframe", "src@iframe", "srcdoc@iframe", "width@iframe", "align@img", "alt@img", "border@img", "crossorigin@img", "height@img", "hspace@img", "ismap@img", "longdesc@img", "src@img", "usemap@img", "vspace@img", "width@img", "accept@input", "align@input", "alt@input", "autocomplete@input", "autofocus@input", "checked@input", "disabled@input", "form@input", "formaction@input", "formenctype@input", "formmethod@input", "formnovalidate@input", "formtarget@input", "height@input", "list@input", "max@input", "maxlength@input", "min@input", "multiple@input", "name@input", "pattern@input", "placeholder@input", "readonly@input", "required@input", "size@input", "src@input", "step@input", "typevalue@input", "width@input", "cite@ins", "datetime@ins", "autofocus@keygen", "challenge@keygen", "disabled@keygen", "form@keygen", "keytype@keygen", "name@keygen", "for@label", "form@label", "align@legend", "type@li", "value@li", "name@map", "label@menu", "type@menu", "checked@menuitem", "command@menuitem", "default@menuitem", "disabled@menuitem", "icon@menuitem", "label@menuitem", "radiogroup@menuitem", "type@menuitem", "charset@meta", "content@meta", "http-equiv@meta", "scheme@meta", "form@meter", "high@meter", "low@meter", "max@meter", "min@meter", "optimum@meter", "value@meter", "alink@noframes", "background@noframes", "bgcolor@noframes", "link@noframes", "text@noframes", "vlink@noframes", "align@object", "archive@object", "border@object", "classid@object", "codebase@object", "codetype@object", "data@object", "declare@object", "form@object", "height@object", "hspace@object", "name@object", "standby@object", "type@object", "usemap@object", "vspace@object", "width@object", "compact@ol", "reversed@ol", "start@ol", "type@ol", "disabled@optgroup", "label@optgroup", "disabled@option", "label@option", "selected@option", "value@option", "for@output", "form@output", "name@output", "align@p", "name@param", "type@param", "value@param", "valuetype@param", "width@pre", "max@progress", "value@progress", "cite@q", "autofocus@select", "disabled@select", "form@select", "multiple@select", "name@select", "required@select", "size@select", "media@source", "src@source", "type@source", "media@style", "scoped@style", "type@style", "align@", "bgcolor@table", "border@table", "cellpadding@table", "cellspacing@table", "frame@table", "rules@table", "sortable@table", "summary@table", "width@table", "align@tbody", "char@tbody", "charoff@tbody", "valign@tbody", "abbr@td", "align@td", "axis@td", "bgcolor@td", "char@td", "charoff@td", "colspan@td", "headers@td", "height@td", "nowrap@td", "rowspan@td", "scope@td", "valign@td", "width@td", "autofocus@textarea", "cols@textarea", "disabled@textarea", "form@textarea", "maxlength@textarea", "name@textarea", "placeholder@textarea", "readonly@textarea", "required@textarea", "rows@textarea", "wrap@textarea", "align@tfoot", "char@tfoot", "charoff@tfoot", "valign@tfoot", "abbr@th", "align@th", "axis@th", "bgcolor@th", "char@th", "charoff@th", "colspan@th", "headers@th", "height@th", "nowrap@th", "rowspan@th", "scope@th", "sorted@th", "valign@th", "width@th", "align@thead", "char@thead", "charoff@thead", "valign@thead", "datetime@time", "align@tr", "bgcolor@tr", "char@tr", "charoff@tr", "valign@tr", "default@track", "kind@track", "label@track", "src@track", "srclang@track", "compact@ul", "type@ul", "autoplay@video", "controls@video", "height@video", "loop@video", "muted@video", "poster@video", "preload@video", "src@video", "width@video", "xmlns", "signature@br", "xmlns:v@html", "xmlns:o@html", "xmlns:w@html", "xmlns:m@html"));
        arrayList.addAll(addlWhitelist);
        AppletLogger.log("HTML Sanitizer's configured additional whitelist: " + addlWhitelist);
        HtmlPolicyBuilder allowUrlProtocols = new HtmlPolicyBuilder().allowCommonBlockElements().allowStandardUrlProtocols().allowCommonInlineFormattingElements().allowUrlProtocols(new String[]{"cid", "data"});
        AppletLogger.log("HTML Sanitizer's configured additional css whitelist: " + addlCssWhitelist);
        if (addlCssWhitelist.isEmpty()) {
            try {
                allowUrlProtocols.allowStyling(CssSchema.union(new CssSchema[]{CssSchema.DEFAULT, ADDITIONAL_DEFAULT_CSS}));
            } catch (IllegalArgumentException e) {
                AppletLogger.log("Error while allowing default css, one of the property is not supported:" + e.getMessage(), e);
            }
        } else {
            try {
                allowUrlProtocols.allowStyling(CssSchema.union(new CssSchema[]{CssSchema.DEFAULT, ADDITIONAL_DEFAULT_CSS, CssSchema.withProperties(addlCssWhitelist)}));
            } catch (IllegalArgumentException e2) {
                AppletLogger.log("Error while allowing addition CSS one of the property is not supported: " + e2.getMessage(), e2);
                try {
                    allowUrlProtocols.allowStyling(CssSchema.union(new CssSchema[]{CssSchema.DEFAULT, ADDITIONAL_DEFAULT_CSS}));
                    AppletLogger.log("Allowing only default CSS properties");
                } catch (IllegalArgumentException e3) {
                    AppletLogger.log("Error while allowing default CSS, one of the property is not supported: " + e3.getMessage(), e3);
                }
            }
        }
        AppletLogger.log("HTML Sanitizer - Preparing whitelist");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            if (str.endsWith(":")) {
                allowUrlProtocols.allowUrlProtocols(new String[]{str.substring(0, str.length() - 1)});
            } else if (str.contains(AppConstants.HTML_SANITIZER_ATTRIBUTE_SEPARATOR)) {
                int indexOf = str.indexOf(AppConstants.HTML_SANITIZER_ATTRIBUTE_SEPARATOR);
                if (indexOf == 0) {
                    allowUrlProtocols.allowElements(new String[]{str.substring(1)});
                } else {
                    allowUrlProtocols.allowAttributes(new String[]{str.substring(0, indexOf)}).onElements(new String[]{str.substring(indexOf + 1)});
                }
            } else {
                allowUrlProtocols.allowAttributes(new String[]{str}).globally();
            }
        }
        AppletLogger.log("HTML Sanitizer - Preparing blacklist");
        ArrayList arrayList2 = new ArrayList(Arrays.asList("alt", "script", "t:set"));
        arrayList2.addAll(addlBlacklist);
        AppletLogger.log("HTML Sanitizer's configured additional blacklist: " + addlBlacklist);
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            String str2 = (String) it2.next();
            if (str2.endsWith(":")) {
                allowUrlProtocols.disallowUrlProtocols(new String[]{str2.substring(0, str2.length() - 1)});
            } else if (str2.contains(AppConstants.HTML_SANITIZER_ATTRIBUTE_SEPARATOR)) {
                int indexOf2 = str2.indexOf(AppConstants.HTML_SANITIZER_ATTRIBUTE_SEPARATOR);
                if (indexOf2 == 0) {
                    allowUrlProtocols.disallowElements(new String[]{str2.substring(1)});
                } else {
                    allowUrlProtocols.disallowAttributes(new String[]{str2.substring(0, indexOf2)}).onElements(new String[]{str2.substring(indexOf2 + 1)});
                }
            } else {
                allowUrlProtocols.disallowAttributes(new String[]{str2}).globally();
            }
        }
        AppletLogger.log("HTML Sanitizer: allowUrlInStyle is " + allowUrlInStyle);
        if (allowUrlInStyle) {
            allowUrlProtocols.allowUrlsInStyles(AttributePolicy.IDENTITY_ATTRIBUTE_POLICY);
        }
        htmlPolicy = allowUrlProtocols.toFactory();
    }

    public static void setEnabled(boolean z) {
        enabled = z;
        if (enabled && htmlPolicy == null) {
            init();
        }
    }

    public static boolean isEnabled() {
        return enabled;
    }

    public static void setAdditionalWhitelist(String str) {
        if (str != null) {
            addlWhitelist = new ArrayList(Arrays.asList(str.split(AppConstants.HTML_SANITIZER_TOKEN_SEPARATOR)));
        } else {
            addlWhitelist = Collections.emptyList();
        }
        init();
    }

    public static void setAdditionalBlacklist(String str) {
        if (str != null) {
            addlBlacklist = new ArrayList(Arrays.asList(str.split(AppConstants.HTML_SANITIZER_TOKEN_SEPARATOR)));
        } else {
            addlBlacklist = Collections.emptyList();
        }
        init();
    }

    public static void setAdditionalCssWhitelist(String str) {
        if (str != null) {
            addlCssWhitelist = new ArrayList(Arrays.asList(str.split(AppConstants.HTML_SANITIZER_TOKEN_SEPARATOR)));
        } else {
            addlCssWhitelist = Collections.emptyList();
        }
        init();
    }

    public static void setAllowURLInStyle(boolean z) {
        allowUrlInStyle = z;
        if (allowUrlInStyle) {
            init();
        }
    }
}
