package org.thingsboard.server.dao.service;

import com.fasterxml.jackson.databind.JsonNode;
import java.util.Optional;
import javax.validation.ConstraintValidatorContext;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.thingsboard.server.common.data.validation.NoXss;

/* loaded from: input_file:org/thingsboard/server/dao/service/NoXssValidator.class */
public class NoXssValidator implements javax.validation.ConstraintValidator<NoXss, Object> {
    private static final Logger log = LoggerFactory.getLogger(NoXssValidator.class);
    private static final AntiSamy xssChecker = new AntiSamy();
    private static Policy xssPolicy;

    public void initialize(NoXss noXss) {
        if (xssPolicy == null) {
            xssPolicy = (Policy) Optional.ofNullable(getClass().getClassLoader().getResourceAsStream("xss-policy.xml")).map(inputStream -> {
                try {
                    return Policy.getInstance(inputStream);
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).orElseThrow(() -> {
                return new IllegalStateException("XSS policy file not found");
            });
        }
    }

    public boolean isValid(Object obj, ConstraintValidatorContext constraintValidatorContext) {
        if (!(obj instanceof CharSequence) && !(obj instanceof JsonNode)) {
            return true;
        }
        String obj2 = obj.toString();
        if (obj2.isEmpty()) {
            return true;
        }
        try {
            return xssChecker.scan(obj2, xssPolicy).getNumberOfErrors() == 0;
        } catch (ScanException | PolicyException e) {
            return false;
        }
    }
}
