package org.owasp.esapi;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.text.Normalizer;
import java.util.HashMap;
import org.apache.commons.io.IOUtils;
import org.owasp.esapi.errors.EncodingException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.interfaces.IEncoder;
import org.owasp.esapi.interfaces.ILogger;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/Encoder.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Encoder.class */
public class Encoder implements IEncoder {
    public static final int NO_ENCODING = 0;
    public static final int URL_ENCODING = 1;
    public static final int PERCENT_ENCODING = 2;
    public static final int ENTITY_ENCODING = 3;
    private static final BASE64Encoder base64Encoder = new BASE64Encoder();
    private static final BASE64Decoder base64Decoder = new BASE64Decoder();
    private static final Encoder instance = new Encoder();
    private static final char[] IMMUNE_HTML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_HTMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_JAVASCRIPT = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_VBSCRIPT = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_XML = {',', '.', '-', '_', ' '};
    private static final char[] IMMUNE_XMLATTR = {',', '.', '-', '_'};
    private static final char[] IMMUNE_XPATH = {',', '.', '-', '_', ' '};
    private static final Logger logger = Logger.getLogger("ESAPI", "Encoder");
    static final char[] CHAR_LOWERS = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};
    static final char[] CHAR_UPPERS = {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0'};
    static final char[] CHAR_DIGITS = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
    static final char[] CHAR_SPECIALS = {'.', '-', '_', '!', '@', '$', '^', '*', '=', '~', '|', '+', '?'};
    static final char[] CHAR_LETTERS = Randomizer.union(CHAR_LOWERS, CHAR_UPPERS);
    static final char[] CHAR_ALPHANUMERICS = Randomizer.union(CHAR_LETTERS, CHAR_DIGITS);
    static final char[] CHAR_PASSWORD = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', '2', '3', '4', '5', '6', '7', '8', '9', '.', '!', '@', '$', '*', '=', '?'};
    private static HashMap characterToEntityMap;
    private static HashMap entityToCharacterMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:ESAPI/build/classes/org/owasp/esapi/Encoder$EncodedCharacter.class
     */
    /* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Encoder$EncodedCharacter.class */
    public class EncodedCharacter {
        String raw;
        char character;
        int originalEncoding;

        public EncodedCharacter(char c) {
            this.raw = "";
            this.character = (char) 0;
            this.raw = new StringBuilder().append(c).toString();
            this.character = c;
        }

        public boolean isEncoded() {
            return this.raw.length() != 1;
        }

        public EncodedCharacter(String str, char c, int i) {
            this.raw = "";
            this.character = (char) 0;
            this.raw = str;
            this.character = c;
            this.originalEncoding = i;
        }

        public char getUnencoded() {
            return this.character;
        }

        public String getEncoded(int i) {
            switch (i) {
                case Encoder.NO_ENCODING /* 0 */:
                    return new StringBuilder().append(this.character).toString();
                case Encoder.URL_ENCODING /* 1 */:
                    return Character.isWhitespace(this.character) ? "+" : Character.isLetterOrDigit(this.character) ? new StringBuilder().append(this.character).toString() : "%" + ((int) this.character);
                case Encoder.PERCENT_ENCODING /* 2 */:
                    return "%" + ((int) this.character);
                case Encoder.ENTITY_ENCODING /* 3 */:
                    String str = (String) Encoder.characterToEntityMap.get(new Character(this.character));
                    return str != null ? "&" + str + ";" : "&#" + ((int) this.character) + ";";
                default:
                    return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:ESAPI/build/classes/org/owasp/esapi/Encoder$EncodedStringReader.class
     */
    /* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/Encoder$EncodedStringReader.class */
    public class EncodedStringReader {
        String input;
        int nextCharacter = 0;
        int testCharacter = 0;

        public EncodedStringReader(String str) {
            this.input = null;
            if (str == null) {
                this.input = "";
            } else {
                this.input = str;
            }
        }

        public boolean hasNext() {
            return this.nextCharacter < this.input.length();
        }

        public EncodedCharacter getNextCharacter() {
            this.testCharacter = this.nextCharacter;
            EncodedCharacter peekNextCharacter = peekNextCharacter(this.input.charAt(this.nextCharacter));
            this.nextCharacter = this.testCharacter;
            if (peekNextCharacter == null) {
                return null;
            }
            if (peekNextCharacter.isEncoded()) {
                System.out.println("Found " + peekNextCharacter.getUnencoded() + " - searching for double-encoding");
                this.testCharacter--;
                EncodedCharacter peekNextCharacter2 = peekNextCharacter(peekNextCharacter.getUnencoded());
                if (peekNextCharacter2 != null) {
                    System.out.println(String.valueOf(this.nextCharacter) + "  - GOT B: " + peekNextCharacter2.getUnencoded());
                    if (peekNextCharacter2.isEncoded()) {
                        throw new IntrusionException("Validation error", "Input contains double encoded characters.");
                    }
                    System.out.println("Not double-encoded");
                }
            }
            return peekNextCharacter;
        }

        private EncodedCharacter peekNextCharacter(char c) {
            EncodedCharacter parsePercent;
            if (this.testCharacter == this.input.length() - 1) {
                this.testCharacter++;
                return new EncodedCharacter(c);
            }
            if (c == '&') {
                return parseEntity(this.input, this.testCharacter);
            }
            if (c == '%' && (parsePercent = parsePercent(this.input, this.testCharacter)) != null) {
                return parsePercent;
            }
            this.testCharacter++;
            return new EncodedCharacter(c);
        }

        public EncodedCharacter parsePercent(String str, int i) {
            String substring = str.substring(i + 1, i + 3);
            try {
                int parseInt = Integer.parseInt(substring, 16);
                this.testCharacter += 3;
                return new EncodedCharacter("%" + substring, (char) parseInt, 2);
            } catch (NumberFormatException e) {
                System.out.println("Found % but there was no encoded character following it");
                return null;
            }
        }

        public EncodedCharacter parseEntity(String str, int i) {
            int indexOf = this.input.indexOf(";", i + 1);
            if (indexOf != -1 && indexOf - i <= 8) {
                String lowerCase = this.input.substring(i + 1, indexOf).toLowerCase();
                Character ch = (Character) Encoder.entityToCharacterMap.get(lowerCase);
                if (ch != null) {
                    this.testCharacter += lowerCase.length() + 2;
                    return new EncodedCharacter("&" + lowerCase + ";", ch.charValue(), 3);
                }
                if (lowerCase.charAt(0) == '#') {
                    this.testCharacter += lowerCase.length() + 2;
                    try {
                        int parseInt = Integer.parseInt(lowerCase.substring(1));
                        return new EncodedCharacter("&#" + ((char) parseInt) + ";", (char) parseInt, 3);
                    } catch (NumberFormatException e) {
                        Encoder.logger.logWarning(ILogger.SECURITY, "Invalid numeric entity encoding &" + lowerCase + ";");
                    }
                }
            }
            System.out.println("Found & but there was no entity following it");
            this.testCharacter++;
            return new EncodedCharacter("&", '&', 0);
        }
    }

    private Encoder() {
        initializeMaps();
    }

    public static Encoder getInstance() {
        return instance;
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String canonicalize(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        EncodedStringReader encodedStringReader = new EncodedStringReader(str);
        while (encodedStringReader.hasNext()) {
            EncodedCharacter nextCharacter = encodedStringReader.getNextCharacter();
            if (nextCharacter != null) {
                stringBuffer.append(nextCharacter.getUnencoded());
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String normalize(String str) {
        return Normalizer.normalize(str, Normalizer.Form.NFD).replaceAll("[^\\p{ASCII}]", "");
    }

    private boolean isContained(char[] cArr, char c) {
        for (char c2 : cArr) {
            if (c == c2) {
                return true;
            }
        }
        return false;
    }

    private String entityEncode(String str, char[] cArr, char[] cArr2) {
        StringBuffer stringBuffer = new StringBuffer();
        EncodedStringReader encodedStringReader = new EncodedStringReader(str);
        while (encodedStringReader.hasNext()) {
            EncodedCharacter nextCharacter = encodedStringReader.getNextCharacter();
            if (nextCharacter != null) {
                if (isContained(cArr, nextCharacter.getUnencoded()) || isContained(cArr2, nextCharacter.getUnencoded())) {
                    stringBuffer.append(nextCharacter.getUnencoded());
                } else {
                    stringBuffer.append(nextCharacter.getEncoded(3));
                }
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForHTML(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_HTML).replace("\r", "<BR>").replace(IOUtils.LINE_SEPARATOR_UNIX, "<BR>");
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForHTMLAttribute(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_HTMLATTR);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForJavascript(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_JAVASCRIPT);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForVBScript(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_VBSCRIPT);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForSQL(String str) {
        return getInstance().canonicalize(str).replace("'", "''");
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForLDAP(String str) {
        String canonicalize = getInstance().canonicalize(str);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < canonicalize.length(); i++) {
            char charAt = canonicalize.charAt(i);
            switch (charAt) {
                case NO_ENCODING /* 0 */:
                    stringBuffer.append("\\00");
                    break;
                case '(':
                    stringBuffer.append("\\28");
                    break;
                case ')':
                    stringBuffer.append("\\29");
                    break;
                case '*':
                    stringBuffer.append("\\2a");
                    break;
                case IOUtils.DIR_SEPARATOR_WINDOWS /* 92 */:
                    stringBuffer.append("\\5c");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForDN(String str) {
        String canonicalize = getInstance().canonicalize(str);
        StringBuffer stringBuffer = new StringBuffer();
        if (canonicalize.length() > 0 && (canonicalize.charAt(0) == ' ' || canonicalize.charAt(0) == '#')) {
            stringBuffer.append('\\');
        }
        for (int i = 0; i < canonicalize.length(); i++) {
            char charAt = canonicalize.charAt(i);
            switch (charAt) {
                case '\"':
                    stringBuffer.append("\\\"");
                    break;
                case '+':
                    stringBuffer.append("\\+");
                    break;
                case ',':
                    stringBuffer.append("\\,");
                    break;
                case ';':
                    stringBuffer.append("\\;");
                    break;
                case '<':
                    stringBuffer.append("\\<");
                    break;
                case '>':
                    stringBuffer.append("\\>");
                    break;
                case IOUtils.DIR_SEPARATOR_WINDOWS /* 92 */:
                    stringBuffer.append("\\\\");
                    break;
                default:
                    stringBuffer.append(charAt);
                    break;
            }
        }
        if (canonicalize.length() > 1 && canonicalize.charAt(str.length() - 1) == ' ') {
            stringBuffer.insert(stringBuffer.length() - 1, '\\');
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForXPath(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_XPATH);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForXML(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_XML);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForXMLAttribute(String str) {
        return entityEncode(str, CHAR_ALPHANUMERICS, IMMUNE_XMLATTR);
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForURL(String str) throws EncodingException {
        try {
            return URLEncoder.encode(getInstance().canonicalize(str), SecurityConfiguration.getInstance().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Encoding failure", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Encoding failure", "Problem URL decoding input", e2);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String decodeFromURL(String str) throws EncodingException {
        try {
            return URLDecoder.decode(getInstance().canonicalize(str), SecurityConfiguration.getInstance().getCharacterEncoding());
        } catch (UnsupportedEncodingException e) {
            throw new EncodingException("Decoding failed", "Encoding not supported", e);
        } catch (Exception e2) {
            throw new EncodingException("Decoding failed", "Problem URL decoding input", e2);
        }
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public String encodeForBase64(byte[] bArr, boolean z) {
        String encode = base64Encoder.encode(bArr);
        if (!z) {
            encode = encode.replace("\r", "").replace(IOUtils.LINE_SEPARATOR_UNIX, "");
        }
        return encode;
    }

    @Override // org.owasp.esapi.interfaces.IEncoder
    public byte[] decodeFromBase64(String str) throws IOException {
        return base64Decoder.decodeBuffer(str);
    }

    private void initializeMaps() {
        String[] strArr = {"quot", "amp", "lt", "gt", "nbsp", "iexcl", "cent", "pound", "curren", "yen", "brvbar", "sect", "uml", "copy", "ordf", "laquo", "not", "shy", "reg", "macr", "deg", "plusmn", "sup2", "sup3", "acute", "micro", "para", "middot", "cedil", "sup1", "ordm", "raquo", "frac14", "frac12", "frac34", "iquest", "Agrave", "Aacute", "Acirc", "Atilde", "Auml", "Aring", "AElig", "Ccedil", "Egrave", "Eacute", "Ecirc", "Euml", "Igrave", "Iacute", "Icirc", "Iuml", "ETH", "Ntilde", "Ograve", "Oacute", "Ocirc", "Otilde", "Ouml", "times", "Oslash", "Ugrave", "Uacute", "Ucirc", "Uuml", "Yacute", "THORN", "szlig", "agrave", "aacute", "acirc", "atilde", "auml", "aring", "aelig", "ccedil", "egrave", "eacute", "ecirc", "euml", "igrave", "iacute", "icirc", "iuml", "eth", "ntilde", "ograve", "oacute", "ocirc", "otilde", "ouml", "divide", "oslash", "ugrave", "uacute", "ucirc", "uuml", "yacute", "thorn", "yuml", "OElig", "oelig", "Scaron", "scaron", "Yuml", "fnof", "circ", "tilde", "Alpha", "Beta", "Gamma", "Delta", "Epsilon", "Zeta", "Eta", "Theta", "Iota", "Kappa", "Lambda", "Mu", "Nu", "Xi", "Omicron", "Pi", "Rho", "Sigma", "Tau", "Upsilon", "Phi", "Chi", "Psi", "Omega", "alpha", "beta", "gamma", "delta", "epsilon", "zeta", "eta", "theta", "iota", "kappa", "lambda", "mu", "nu", "xi", "omicron", "pi", "rho", "sigmaf", "sigma", "tau", "upsilon", "phi", "chi", "psi", "omega", "thetasym", "upsih", "piv", "ensp", "emsp", "thinsp", "zwnj", "zwj", "lrm", "rlm", "ndash", "mdash", "lsquo", "rsquo", "sbquo", "ldquo", "rdquo", "bdquo", "dagger", "Dagger", "bull", "hellip", "permil", "prime", "Prime", "lsaquo", "rsaquo", "oline", "frasl", "euro", "image", "weierp", "real", "trade", "alefsym", "larr", "uarr", "rarr", "darr", "harr", "crarr", "lArr", "uArr", "rArr", "dArr", "hArr", "forall", "part", "exist", "empty", "nabla", "isin", "notin", "ni", "prod", "sum", "minus", "lowast", "radic", "prop", "infin", "ang", "and", "or", "cap", "cup", "int", "there4", "sim", "cong", "asymp", "ne", "equiv", "le", "ge", "sub", "sup", "nsub", "sube", "supe", "oplus", "otimes", "perp", "sdot", "lceil", "rceil", "lfloor", "rfloor", "lang", "rang", "loz", "spades", "clubs", "hearts", "diams"};
        char[] cArr = {'\"', '&', '<', '>', 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 338, 339, 352, 353, 376, 402, 710, 732, 913, 914, 915, 916, 917, 918, 919, 920, 921, 922, 923, 924, 925, 926, 927, 928, 929, 931, 932, 933, 934, 935, 936, 937, 945, 946, 947, 948, 949, 950, 951, 952, 953, 954, 955, 956, 957, 958, 959, 960, 961, 962, 963, 964, 965, 966, 967, 968, 969, 977, 978, 982, 8194, 8195, 8201, 8204, 8205, 8206, 8207, 8211, 8212, 8216, 8217, 8218, 8220, 8221, 8222, 8224, 8225, 8226, 8230, 8240, 8242, 8243, 8249, 8250, 8254, 8260, 8364, 8465, 8472, 8476, 8482, 8501, 8592, 8593, 8594, 8595, 8596, 8629, 8656, 8657, 8658, 8659, 8660, 8704, 8706, 8707, 8709, 8711, 8712, 8713, 8715, 8719, 8721, 8722, 8727, 8730, 8733, 8734, 8736, 8743, 8744, 8745, 8746, 8747, 8756, 8764, 8773, 8776, 8800, 8801, 8804, 8805, 8834, 8835, 8836, 8838, 8839, 8853, 8855, 8869, 8901, 8968, 8969, 8970, 8971, 9001, 9002, 9674, 9824, 9827, 9829, 9830};
        characterToEntityMap = new HashMap(strArr.length);
        entityToCharacterMap = new HashMap(cArr.length);
        for (int i = 0; i < strArr.length; i++) {
            String str = strArr[i];
            Character ch = new Character(cArr[i]);
            entityToCharacterMap.put(str, ch);
            characterToEntityMap.put(ch, str);
        }
    }

    public static void main(String[] strArr) {
        try {
            System.out.println(">>" + new Encoder().encodeForHTML("test &#01;&#02;&#03;&#04; test"));
        } catch (Exception e) {
            System.out.println("   !" + e.getMessage());
        }
    }
}
