package org.owasp.esapi;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.text.DateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.errors.ValidationAvailabilityException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.interfaces.ILogger;
import org.owasp.esapi.interfaces.IValidator;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/Validator.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Validator.class */
public class Validator implements IValidator {
    private static Validator instance = new Validator();
    private static final Logger logger = Logger.getLogger("ESAPI", "Validator");

    public static Validator getInstance() {
        return instance;
    }

    private Validator() {
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public String getValidDataFromBrowser(String str, String str2) throws ValidationException {
        String canonicalize = Encoder.getInstance().canonicalize(str2);
        if (str2 == null) {
            throw new ValidationException("Bad input", "Input to validate was null");
        }
        if (str == null) {
            throw new ValidationException("Bad input", "Type to validate against was null");
        }
        Pattern validationPattern = SecurityConfiguration.getInstance().getValidationPattern(str);
        if (validationPattern == null) {
            throw new ValidationException("Bad input", "Type to validate against not configured properly: " + str);
        }
        if (validationPattern.matcher(canonicalize).matches()) {
            return canonicalize;
        }
        throw new ValidationException("Bad input", "Input [" + str2 + "] did not match type [" + str + "]");
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidDataFromBrowser(String str, String str2) {
        try {
            getValidDataFromBrowser(str, str2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public Date getValidDate(String str) {
        try {
            return DateFormat.getDateInstance().parse(str);
        } catch (Exception e) {
            return null;
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidCreditCard(String str) {
        int i;
        try {
            String validDataFromBrowser = getValidDataFromBrowser("CreditCard", str);
            StringBuffer stringBuffer = new StringBuffer();
            for (int i2 = 0; i2 < validDataFromBrowser.length(); i2++) {
                char charAt = validDataFromBrowser.charAt(i2);
                if (Character.isDigit(charAt)) {
                    stringBuffer.append(charAt);
                }
            }
            int i3 = 0;
            boolean z = false;
            for (int length = stringBuffer.length() - 1; length >= 0; length--) {
                int parseInt = Integer.parseInt(stringBuffer.substring(length, length + 1));
                if (z) {
                    i = parseInt * 2;
                    if (i > 9) {
                        i -= 9;
                    }
                } else {
                    i = parseInt;
                }
                i3 += i;
                z = !z;
            }
            return i3 % 10 == 0;
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidDirectoryPath(String str) {
        String canonicalize = Encoder.getInstance().canonicalize(str);
        try {
            String replaceAll = new File(canonicalize).getCanonicalPath().replaceAll("\\\\", "/");
            String lowerCase = replaceAll.toLowerCase();
            if (lowerCase.length() >= 2 && lowerCase.charAt(0) >= 'a' && lowerCase.charAt(0) <= 'z' && lowerCase.charAt(1) == ':') {
                replaceAll = replaceAll.substring(2);
            }
            String replaceAll2 = canonicalize.replaceAll("\\\\", "/");
            String lowerCase2 = replaceAll2.toLowerCase();
            if (lowerCase2.length() >= 2 && lowerCase2.charAt(0) >= 'a' && lowerCase2.charAt(0) <= 'z' && lowerCase2.charAt(1) == ':') {
                replaceAll2 = replaceAll2.substring(2);
            }
            return replaceAll2.equals(replaceAll.toLowerCase());
        } catch (IOException e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidFileContent(byte[] bArr) {
        return ((long) bArr.length) < ((long) SecurityConfiguration.getInstance().getAllowedFileUploadSize());
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidFileName(String str) {
        if (str == null || str.length() == 0) {
            return false;
        }
        String canonicalize = Encoder.getInstance().canonicalize(str);
        try {
            String canonicalPath = new File(canonicalize).getCanonicalPath();
            String substring = canonicalPath.substring(canonicalPath.lastIndexOf(File.separator) + 1);
            if (!str.equals(substring)) {
                throw new IntrusionException("Invalid filename", "Invalid filename (" + canonicalize + ") doesn't match canonical path (" + substring + ") and could be an injection attack");
            }
            Iterator it = SecurityConfiguration.getInstance().getAllowedFileExtensions().iterator();
            while (it.hasNext()) {
                if (str.toLowerCase().endsWith(((String) it.next()).toLowerCase())) {
                    return true;
                }
            }
            return false;
        } catch (IOException e) {
            throw new IntrusionException("Invalid filename", "Exception during filename validation", e);
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidFileUpload(String str, String str2, byte[] bArr) {
        return isValidDirectoryPath(str) && isValidFileName(str2) && isValidFileContent(bArr);
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidHTTPRequest(HttpServletRequest httpServletRequest) {
        boolean z = true;
        for (Map.Entry entry : httpServletRequest.getParameterMap().entrySet()) {
            String str = (String) entry.getKey();
            if (!isValidDataFromBrowser("HTTPParameterName", str)) {
                logger.logCritical(ILogger.SECURITY, "Parameter name (" + str + ") violates global rule");
                z = false;
            }
            for (String str2 : Arrays.asList((String[]) entry.getValue())) {
                if (!isValidDataFromBrowser("HTTPParameterValue", str2)) {
                    logger.logCritical(ILogger.SECURITY, "Parameter value (" + str + "=" + str2 + ") violates global rule");
                    z = false;
                }
            }
        }
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie : Arrays.asList(httpServletRequest.getCookies())) {
                String name = cookie.getName();
                if (!isValidDataFromBrowser("HTTPCookieName", name)) {
                    logger.logCritical(ILogger.SECURITY, "Cookie name (" + name + ") violates global rule");
                    z = false;
                }
                String value = cookie.getValue();
                if (!isValidDataFromBrowser("HTTPCookieValue", value)) {
                    logger.logCritical(ILogger.SECURITY, "Cookie value (" + name + "=" + value + ") violates global rule");
                    z = false;
                }
            }
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str3 = (String) headerNames.nextElement();
            if (str3 != null && !str3.equalsIgnoreCase("Cookie")) {
                if (!isValidDataFromBrowser("HTTPHeaderName", str3)) {
                    logger.logCritical(ILogger.SECURITY, "Header name (" + str3 + ") violates global rule");
                    z = false;
                }
                Enumeration headers = httpServletRequest.getHeaders(str3);
                while (headers.hasMoreElements()) {
                    String str4 = (String) headers.nextElement();
                    if (!isValidDataFromBrowser("HTTPHeaderValue", str4)) {
                        logger.logCritical(ILogger.SECURITY, "Header value (" + str3 + "=" + str4 + ") violates global rule");
                        z = false;
                    }
                }
            }
        }
        return z;
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidListItem(List list, String str) {
        return list.contains(str);
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidNumber(String str) {
        try {
            Double.parseDouble(str);
            return true;
        } catch (NumberFormatException e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidParameterSet(Set set, Set set2, Set set3) {
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(set3);
        if (hashSet.size() > 0) {
            return false;
        }
        HashSet hashSet2 = new HashSet(set3);
        hashSet2.removeAll(set);
        hashSet2.removeAll(set2);
        return hashSet2.size() <= 0;
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidPrintable(byte[] bArr) {
        for (int i = 0; i < bArr.length; i++) {
            if (bArr[i] < 33 || bArr[i] > 126) {
                return false;
            }
        }
        return true;
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidPrintable(String str) {
        return isValidPrintable(Encoder.getInstance().canonicalize(str).getBytes());
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidRedirectLocation(String str) {
        return getInstance().isValidDataFromBrowser("Redirect", str);
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public boolean isValidSafeHTML(String str) {
        String canonicalize = Encoder.getInstance().canonicalize(str);
        return (canonicalize.contains("<scri") || canonicalize.contains("onload")) ? false : true;
    }

    public boolean getValidSafeHTML(String str) {
        return false;
    }

    @Override // org.owasp.esapi.interfaces.IValidator
    public String safeReadLine(InputStream inputStream, int i) throws ValidationException {
        int read;
        if (i <= 0) {
            throw new ValidationAvailabilityException("Invalid input", "Must read a positive number of bytes from the stream");
        }
        StringBuffer stringBuffer = new StringBuffer();
        int i2 = 0;
        do {
            try {
                read = inputStream.read();
                if (read == -1) {
                    break;
                }
                stringBuffer.append((char) read);
                i2++;
                if (i2 > i) {
                    throw new ValidationAvailabilityException("Invalid input", "Read more than maximum characters allowed (" + i + ")");
                }
            } catch (IOException e) {
                throw new ValidationAvailabilityException("Invalid input", "Problem reading from input stream", e);
            }
        } while (read != 10);
        return stringBuffer.toString();
    }
}
