package fi.vm.sade.security.xssfilter;

import com.google.common.base.Preconditions;
import java.lang.reflect.Field;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

/* loaded from: input_file:WEB-INF/lib/generic-common-9.3-SNAPSHOT.jar:fi/vm/sade/security/xssfilter/XssFilter.class */
public final class XssFilter {
    private static final String ANTISAMY_POLICY = "fi.vm.sade.antisamy.xml";
    private static final AntiSamy antiSamy;

    private XssFilter() {
    }

    public static String filter(String str) {
        if (str == null) {
            return null;
        }
        try {
            return antiSamy.scan(str.trim()).getCleanHTML();
        } catch (ScanException e) {
            throw new IllegalArgumentException("AntiSamy failed while scanning following html: '" + str + "'", e);
        } catch (PolicyException e2) {
            throw new IllegalArgumentException("AntiSamy failed due to invalid profile", e2);
        }
    }

    public static void filterAll(Object obj) {
        if (obj == null) {
            return;
        }
        try {
            filterAll(obj, obj.getClass());
        } catch (IllegalAccessException e) {
            throw new IllegalArgumentException("Unable to filter annotated field(s)", e);
        }
    }

    private static void filterAll(Object obj, Class<?> cls) throws IllegalAccessException {
        for (Field field : cls.getDeclaredFields()) {
            if ((field.getModifiers() & 8) == 0 && field.isAnnotationPresent(FilterXss.class)) {
                Preconditions.checkArgument(field.getType().equals(String.class), "Unable to filter non-string field: %s", field);
                field.setAccessible(true);
                if (field.get(obj) != null) {
                    field.set(obj, filter((String) field.get(obj)));
                }
            }
        }
        if (cls.getSuperclass() != Object.class) {
            filterAll(obj, cls.getSuperclass());
        }
    }

    static {
        try {
            antiSamy = new AntiSamy(Policy.getInstance(Thread.currentThread().getContextClassLoader().getResource(ANTISAMY_POLICY)));
        } catch (PolicyException e) {
            throw new IllegalStateException("Failed to initialized AntiSamy", e);
        }
    }
}
