package blackboard.platform.security.impl;

import blackboard.base.FormattedText;
import blackboard.data.Identifiable;
import blackboard.platform.log.LogServiceFactory;
import blackboard.platform.security.Sanitize;
import blackboard.platform.security.SecurityUtil;
import blackboard.platform.security.XssFilterService;
import blackboard.util.StringUtil;
import blackboard.util.XSSUtil;
import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

/* loaded from: input_file:blackboard/platform/security/impl/XssFilterServiceImpl.class */
public class XssFilterServiceImpl implements XssFilterService {
    private final Map<Class<? extends Identifiable>, List<Sanitizer>> _definitions = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:blackboard/platform/security/impl/XssFilterServiceImpl$FormattedTextSanitizer.class */
    public static class FormattedTextSanitizer extends Sanitizer {
        protected FormattedTextSanitizer(Method method, Method method2, String str, boolean z) {
            super(method, method2, str, z);
        }

        @Override // blackboard.platform.security.impl.XssFilterServiceImpl.Sanitizer
        protected String getString(Identifiable identifiable) throws InvocationTargetException, IllegalAccessException {
            FormattedText formattedText = (FormattedText) this._readMethod.invoke(identifiable, new Object[0]);
            if (formattedText == null) {
                return null;
            }
            return formattedText.getText();
        }

        @Override // blackboard.platform.security.impl.XssFilterServiceImpl.Sanitizer
        protected void setString(Identifiable identifiable, String str) throws InvocationTargetException, IllegalAccessException {
            this._writeMethod.invoke(identifiable, new FormattedText(str, ((FormattedText) this._readMethod.invoke(identifiable, new Object[0])).getType()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:blackboard/platform/security/impl/XssFilterServiceImpl$Sanitizer.class */
    public static class Sanitizer {
        protected final Method _readMethod;
        protected final Method _writeMethod;
        protected final String _entitlement;
        protected final boolean _checkEntitlement;

        protected Sanitizer(Method method, Method method2, String str, boolean z) {
            this._readMethod = method;
            this._writeMethod = method2;
            this._entitlement = str;
            this._checkEntitlement = z;
        }

        protected void execute(Identifiable identifiable) {
            if (this._checkEntitlement && SecurityUtil.userHasEntitlement(this._entitlement)) {
                return;
            }
            try {
                String string = getString(identifiable);
                if (StringUtil.notEmpty(string)) {
                    setString(identifiable, XSSUtil.filter(string, true));
                }
            } catch (IllegalAccessException e) {
                throw new RuntimeException(e);
            } catch (InvocationTargetException e2) {
                throw new RuntimeException(e2);
            }
        }

        protected String getString(Identifiable identifiable) throws InvocationTargetException, IllegalAccessException {
            return (String) this._readMethod.invoke(identifiable, new Object[0]);
        }

        protected void setString(Identifiable identifiable, String str) throws InvocationTargetException, IllegalAccessException {
            this._writeMethod.invoke(identifiable, str);
        }
    }

    @Override // blackboard.platform.security.XssFilterService
    public void filter(Identifiable identifiable) {
        Iterator<Sanitizer> it = getSanitizers(identifiable).iterator();
        while (it.hasNext()) {
            it.next().execute(identifiable);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<Sanitizer> getSanitizers(Identifiable identifiable) {
        List<Sanitizer> list = this._definitions.get(identifiable.getClass());
        if (list == null) {
            Map<Class<? extends Identifiable>, List<Sanitizer>> map = this._definitions;
            Class<?> cls = identifiable.getClass();
            List<Sanitizer> loadSanitizers = loadSanitizers(identifiable);
            list = loadSanitizers;
            map.put(cls, loadSanitizers);
        }
        return list;
    }

    private List<Sanitizer> loadSanitizers(Identifiable identifiable) {
        Sanitize sanitize;
        try {
            BeanInfo beanInfo = Introspector.getBeanInfo(identifiable.getClass());
            ArrayList arrayList = new ArrayList();
            for (PropertyDescriptor propertyDescriptor : beanInfo.getPropertyDescriptors()) {
                Method readMethod = propertyDescriptor.getReadMethod();
                if (readMethod != null && (sanitize = (Sanitize) readMethod.getAnnotation(Sanitize.class)) != null) {
                    Class<?> returnType = readMethod.getReturnType();
                    if (returnType.equals(String.class)) {
                        arrayList.add(new Sanitizer(readMethod, propertyDescriptor.getWriteMethod(), sanitize.entitlement(), sanitize.checkEntitlement()));
                    } else if (returnType.equals(FormattedText.class)) {
                        arrayList.add(new FormattedTextSanitizer(readMethod, propertyDescriptor.getWriteMethod(), sanitize.entitlement(), sanitize.checkEntitlement()));
                    } else {
                        String format = String.format("@Sanitize annotation improperly placed on element %s of class %s", propertyDescriptor.getName(), identifiable.getClass().getCanonicalName());
                        LogServiceFactory.getInstance().logError(format, new RuntimeException(format));
                    }
                }
            }
            return arrayList;
        } catch (IntrospectionException e) {
            throw new RuntimeException((Throwable) e);
        }
    }
}
