package org.owasp.esapi.reference;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.text.DateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.Encoder;
import org.owasp.esapi.Logger;
import org.owasp.esapi.ValidationErrorList;
import org.owasp.esapi.ValidationRule;
import org.owasp.esapi.Validator;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.errors.ValidationAvailabilityException;
import org.owasp.esapi.errors.ValidationException;
import org.owasp.esapi.reference.validation.CreditCardValidationRule;
import org.owasp.esapi.reference.validation.DateValidationRule;
import org.owasp.esapi.reference.validation.HTMLValidationRule;
import org.owasp.esapi.reference.validation.IntegerValidationRule;
import org.owasp.esapi.reference.validation.NumberValidationRule;
import org.owasp.esapi.reference.validation.StringValidationRule;

/* loaded from: input_file:WEB-INF/lib/esapi-2.5.5.0.jar:org/owasp/esapi/reference/DefaultValidator.class */
public class DefaultValidator implements Validator {
    private static Logger logger = ESAPI.log();
    private static volatile Validator instance = null;
    private static boolean alreadyLogged = false;
    private static String deprecationWarning = "WARNING: You are using the Validator.isValidSafeHTML interface, which has been deprecated and should be avoided. See GitHub Security Advisory https://github.com/ESAPI/esapi-java-legacy/security/advisories/GHSA-r68h-jhhj-9jvm for details.";
    private Map<String, ValidationRule> rules = new HashMap();
    private Encoder encoder;
    private static Validator fileValidator;

    public static Validator getInstance() {
        if (instance == null) {
            synchronized (Validator.class) {
                if (instance == null) {
                    instance = new DefaultValidator();
                }
            }
        }
        return instance;
    }

    public DefaultValidator() {
        this.encoder = null;
        this.encoder = ESAPI.encoder();
    }

    public DefaultValidator(Encoder encoder) {
        this.encoder = null;
        this.encoder = encoder;
    }

    @Override // org.owasp.esapi.Validator
    public void addRule(ValidationRule validationRule) {
        this.rules.put(validationRule.getTypeName(), validationRule);
    }

    @Override // org.owasp.esapi.Validator
    public ValidationRule getRule(String str) {
        return this.rules.get(str);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInput(String str, String str2, String str3, int i, boolean z) throws IntrusionException {
        return isValidInput(str, str2, str3, i, z, true);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInput(String str, String str2, String str3, int i, boolean z, ValidationErrorList validationErrorList) {
        return isValidInput(str, str2, str3, i, z, true, validationErrorList);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInput(String str, String str2, String str3, int i, boolean z, boolean z2) {
        try {
            getValidInput(str, str2, str3, i, z, z2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInput(String str, String str2, String str3, int i, boolean z, boolean z2, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidInput(str, str2, str3, i, z, z2);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidInput(String str, String str2, String str3, int i, boolean z) throws ValidationException {
        return getValidInput(str, str2, str3, i, z, true);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidInput(String str, String str2, String str3, int i, boolean z, boolean z2) throws ValidationException {
        StringValidationRule stringValidationRule = new StringValidationRule(str3, this.encoder);
        Pattern validationPattern = ESAPI.securityConfiguration().getValidationPattern(str3);
        if (validationPattern == null) {
            throw new IllegalArgumentException("The selected type [" + str3 + "] was not set via the ESAPI validation configuration");
        }
        stringValidationRule.addWhitelistPattern(validationPattern);
        stringValidationRule.setMaximumLength(i);
        stringValidationRule.setAllowNull(z);
        stringValidationRule.setCanonicalize(z2);
        return stringValidationRule.getValid(str, str2);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidInput(String str, String str2, String str3, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        return getValidInput(str, str2, str3, i, z, true, validationErrorList);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidInput(String str, String str2, String str3, int i, boolean z, boolean z2, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidInput(str, str2, str3, i, z, z2);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return "";
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDate(String str, String str2, DateFormat dateFormat, boolean z) {
        try {
            getValidDate(str, str2, dateFormat, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDate(String str, String str2, DateFormat dateFormat, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        getValidDate(str, str2, dateFormat, z, validationErrorList);
        return validationErrorList.isEmpty();
    }

    @Override // org.owasp.esapi.Validator
    public Date getValidDate(String str, String str2, DateFormat dateFormat, boolean z) throws ValidationException, IntrusionException {
        ValidationErrorList validationErrorList = new ValidationErrorList();
        Date validDate = getValidDate(str, str2, dateFormat, z, validationErrorList);
        if (validationErrorList.isEmpty()) {
            return validDate;
        }
        throw validationErrorList.errors().get(0);
    }

    @Override // org.owasp.esapi.Validator
    public Date getValidDate(String str, String str2, DateFormat dateFormat, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        DateValidationRule dateValidationRule = new DateValidationRule("SimpleDate", this.encoder, dateFormat);
        dateValidationRule.setAllowNull(z);
        Date sanitize = dateValidationRule.sanitize(str, str2, validationErrorList);
        if (!validationErrorList.isEmpty()) {
            sanitize = null;
        }
        return sanitize;
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidSafeHTML(String str, String str2, int i, boolean z) {
        if (!alreadyLogged) {
            logger.always(Logger.SECURITY_AUDIT, deprecationWarning);
            alreadyLogged = true;
        }
        try {
            getValidSafeHTML(str, str2, i, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidSafeHTML(String str, String str2, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        if (!alreadyLogged) {
            logger.always(Logger.SECURITY_AUDIT, deprecationWarning);
            alreadyLogged = true;
        }
        try {
            getValidSafeHTML(str, str2, i, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidSafeHTML(String str, String str2, int i, boolean z) throws ValidationException, IntrusionException {
        HTMLValidationRule hTMLValidationRule = new HTMLValidationRule("safehtml", this.encoder);
        hTMLValidationRule.setMaximumLength(i);
        hTMLValidationRule.setAllowNull(z);
        return hTMLValidationRule.getValid(str, str2);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidSafeHTML(String str, String str2, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidSafeHTML(str, str2, i, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return "";
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidCreditCard(String str, String str2, boolean z) {
        try {
            getValidCreditCard(str, str2, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidCreditCard(String str, String str2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidCreditCard(str, str2, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidCreditCard(String str, String str2, boolean z) throws ValidationException, IntrusionException {
        CreditCardValidationRule creditCardValidationRule = new CreditCardValidationRule("creditcard", this.encoder);
        creditCardValidationRule.setAllowNull(z);
        return creditCardValidationRule.getValid(str, str2);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidCreditCard(String str, String str2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidCreditCard(str, str2, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return "";
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDirectoryPath(String str, String str2, File file, boolean z) {
        try {
            getValidDirectoryPath(str, str2, file, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDirectoryPath(String str, String str2, File file, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidDirectoryPath(str, str2, file, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidDirectoryPath(String str, String str2, File file, boolean z) throws ValidationException, IntrusionException {
        try {
            if (isEmpty(str2)) {
                if (z) {
                    return null;
                }
                throw new ValidationException(str + ": Input directory path required", "Input directory path required: context=" + str + ", input=" + str2, str);
            }
            File file2 = new File(str2);
            if (!file2.exists()) {
                throw new ValidationException(str + ": Invalid directory name", "Invalid directory, does not exist: context=" + str + ", input=" + str2);
            }
            if (!file2.isDirectory()) {
                throw new ValidationException(str + ": Invalid directory name", "Invalid directory, not a directory: context=" + str + ", input=" + str2);
            }
            if (!file.exists()) {
                throw new ValidationException(str + ": Invalid directory name", "Invalid directory, specified parent does not exist: context=" + str + ", input=" + str2 + ", parent=" + file);
            }
            if (!file.isDirectory()) {
                throw new ValidationException(str + ": Invalid directory name", "Invalid directory, specified parent is not a directory: context=" + str + ", input=" + str2 + ", parent=" + file);
            }
            if (!file2.getCanonicalFile().toPath().startsWith(file.getCanonicalFile().toPath())) {
                throw new ValidationException(str + ": Invalid directory name", "Invalid directory, not inside specified parent: context=" + str + ", input=" + str2 + ", parent=" + file);
            }
            String validInput = fileValidator.getValidInput(str, file2.getCanonicalPath(), "DirectoryName", 255, false);
            if (validInput.equals(str2)) {
                return validInput;
            }
            throw new ValidationException(str + ": Invalid directory name", "Invalid directory name does not match the canonical path: context=" + str + ", input=" + str2 + ", canonical=" + validInput, str);
        } catch (Exception e) {
            throw new ValidationException(str + ": Invalid directory name", "Failure to validate directory path: context=" + str + ", input=" + str2, e, str);
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidDirectoryPath(String str, String str2, File file, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidDirectoryPath(str, str2, file, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return "";
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileName(String str, String str2, boolean z) throws IntrusionException {
        return isValidFileName(str, str2, ESAPI.securityConfiguration().getAllowedFileExtensions(), z);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileName(String str, String str2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        return isValidFileName(str, str2, ESAPI.securityConfiguration().getAllowedFileExtensions(), z, validationErrorList);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileName(String str, String str2, List<String> list, boolean z) {
        try {
            getValidFileName(str, str2, list, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileName(String str, String str2, List<String> list, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidFileName(str, str2, list, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidFileName(String str, String str2, List<String> list, boolean z) throws ValidationException, IntrusionException {
        if (list == null || list.isEmpty()) {
            throw new ValidationException("Internal Error", "getValidFileName called with an empty or null list of allowed Extensions, therefore no files can be uploaded");
        }
        try {
            if (isEmpty(str2)) {
                if (z) {
                    return null;
                }
                throw new ValidationException(str + ": Input file name required", "Input required: context=" + str + ", input=" + str2, str);
            }
            String name = new File(str2).getCanonicalFile().getName();
            getValidInput(str, str2, "FileName", 255, true);
            String canonicalPath = new File(name).getCanonicalPath();
            if (!str2.equals(canonicalPath.substring(canonicalPath.lastIndexOf(File.separator) + 1))) {
                throw new ValidationException(str + ": Invalid file name", "Invalid directory name does not match the canonical path: context=" + str + ", input=" + str2 + ", canonical=" + name, str);
            }
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                if (str2.toLowerCase().endsWith(it.next().toLowerCase())) {
                    return name;
                }
            }
            throw new ValidationException(str + ": Invalid file name does not have valid extension ( " + list + ")", "Invalid file name does not have valid extension ( " + list + "): context=" + str + ", input=" + str2, str);
        } catch (IOException e) {
            throw new ValidationException(str + ": Invalid file name", "Invalid file name does not exist: context=" + str + ", canonical=", e, str);
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidFileName(String str, String str2, List<String> list, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidFileName(str, str2, list, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return "";
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidNumber(String str, String str2, long j, long j2, boolean z) {
        try {
            getValidNumber(str, str2, j, j2, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidNumber(String str, String str2, long j, long j2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidNumber(str, str2, j, j2, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public Double getValidNumber(String str, String str2, long j, long j2, boolean z) throws ValidationException, IntrusionException {
        return getValidDouble(str, str2, new Double(j).doubleValue(), new Double(j2).doubleValue(), z);
    }

    @Override // org.owasp.esapi.Validator
    public Double getValidNumber(String str, String str2, long j, long j2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidNumber(str, str2, j, j2, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return null;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDouble(String str, String str2, double d, double d2, boolean z) {
        try {
            getValidDouble(str, str2, d, d2, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidDouble(String str, String str2, double d, double d2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidDouble(str, str2, d, d2, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public Double getValidDouble(String str, String str2, double d, double d2, boolean z) throws ValidationException, IntrusionException {
        NumberValidationRule numberValidationRule = new NumberValidationRule("number", this.encoder, d, d2);
        numberValidationRule.setAllowNull(z);
        return numberValidationRule.getValid(str, str2);
    }

    @Override // org.owasp.esapi.Validator
    public Double getValidDouble(String str, String str2, double d, double d2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidDouble(str, str2, d, d2, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return new Double(Double.NaN);
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInteger(String str, String str2, int i, int i2, boolean z) throws IntrusionException {
        try {
            getValidInteger(str, str2, i, i2, z);
            return true;
        } catch (ValidationException e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidInteger(String str, String str2, int i, int i2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidInteger(str, str2, i, i2, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public Integer getValidInteger(String str, String str2, int i, int i2, boolean z) throws ValidationException, IntrusionException {
        IntegerValidationRule integerValidationRule = new IntegerValidationRule("number", this.encoder, i, i2);
        integerValidationRule.setAllowNull(z);
        return integerValidationRule.getValid(str, str2);
    }

    @Override // org.owasp.esapi.Validator
    public Integer getValidInteger(String str, String str2, int i, int i2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidInteger(str, str2, i, i2, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return null;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileContent(String str, byte[] bArr, int i, boolean z) {
        try {
            getValidFileContent(str, bArr, i, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileContent(String str, byte[] bArr, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidFileContent(str, bArr, i, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public byte[] getValidFileContent(String str, byte[] bArr, int i, boolean z) throws ValidationException, IntrusionException {
        if (isEmpty(bArr)) {
            if (z) {
                return null;
            }
            throw new ValidationException(str + ": Input required", "Input required: context=" + str + ", input=" + Arrays.toString(bArr), str);
        }
        long allowedFileUploadSize = ESAPI.securityConfiguration().getAllowedFileUploadSize();
        if (bArr.length > allowedFileUploadSize) {
            throw new ValidationException(str + ": Invalid file content can not exceed " + allowedFileUploadSize + " bytes", "Exceeded ESAPI max length", str);
        }
        if (bArr.length > i) {
            throw new ValidationException(str + ": Invalid file content can not exceed " + i + " bytes", "Exceeded maxBytes ( " + bArr.length + ")", str);
        }
        return bArr;
    }

    @Override // org.owasp.esapi.Validator
    public byte[] getValidFileContent(String str, byte[] bArr, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidFileContent(str, bArr, i, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return new byte[0];
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileUpload(String str, String str2, String str3, File file, byte[] bArr, int i, boolean z) throws IntrusionException {
        return isValidFileName(str, str3, z) && isValidDirectoryPath(str, str2, file, z) && isValidFileContent(str, bArr, i, z);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidFileUpload(String str, String str2, String str3, File file, byte[] bArr, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        return isValidFileName(str, str3, z, validationErrorList) && isValidDirectoryPath(str, str2, file, z, validationErrorList) && isValidFileContent(str, bArr, i, z, validationErrorList);
    }

    @Override // org.owasp.esapi.Validator
    public void assertValidFileUpload(String str, String str2, String str3, File file, byte[] bArr, int i, List<String> list, boolean z) throws ValidationException, IntrusionException {
        getValidFileName(str, str3, list, z);
        getValidDirectoryPath(str, str2, file, z);
        getValidFileContent(str, bArr, i, z);
    }

    @Override // org.owasp.esapi.Validator
    public void assertValidFileUpload(String str, String str2, String str3, File file, byte[] bArr, int i, List<String> list, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            assertValidFileUpload(str, str2, str3, file, bArr, i, list, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidListItem(String str, String str2, List<String> list) {
        try {
            getValidListItem(str, str2, list);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidListItem(String str, String str2, List<String> list, ValidationErrorList validationErrorList) {
        try {
            getValidListItem(str, str2, list);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidListItem(String str, String str2, List<String> list) throws ValidationException, IntrusionException {
        if (list.contains(str2)) {
            return str2;
        }
        throw new ValidationException(str + ": Invalid list item", "Invalid list item: context=" + str + ", input=" + str2, str);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidListItem(String str, String str2, List<String> list, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidListItem(str, str2, list);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return str2;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidHTTPRequestParameterSet(String str, HttpServletRequest httpServletRequest, Set<String> set, Set<String> set2) {
        try {
            assertValidHTTPRequestParameterSet(str, httpServletRequest, set, set2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidHTTPRequestParameterSet(String str, HttpServletRequest httpServletRequest, Set<String> set, Set<String> set2, ValidationErrorList validationErrorList) {
        try {
            assertValidHTTPRequestParameterSet(str, httpServletRequest, set, set2);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public void assertValidHTTPRequestParameterSet(String str, HttpServletRequest httpServletRequest, Set<String> set, Set<String> set2) throws ValidationException, IntrusionException {
        Set keySet = httpServletRequest.getParameterMap().keySet();
        HashSet hashSet = new HashSet(set);
        hashSet.removeAll(keySet);
        if (hashSet.size() > 0) {
            throw new ValidationException(str + ": Invalid HTTP request missing parameters", "Invalid HTTP request missing parameters " + hashSet + ": context=" + str, str);
        }
        HashSet hashSet2 = new HashSet(keySet);
        hashSet2.removeAll(set);
        hashSet2.removeAll(set2);
        if (hashSet2.size() > 0) {
            throw new ValidationException(str + ": Invalid HTTP request extra parameters " + hashSet2, "Invalid HTTP request extra parameters " + hashSet2 + ": context=" + str, str);
        }
    }

    @Override // org.owasp.esapi.Validator
    public void assertValidHTTPRequestParameterSet(String str, HttpServletRequest httpServletRequest, Set<String> set, Set<String> set2, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            assertValidHTTPRequestParameterSet(str, httpServletRequest, set, set2);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidPrintable(String str, char[] cArr, int i, boolean z) {
        try {
            getValidPrintable(str, cArr, i, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidPrintable(String str, char[] cArr, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidPrintable(str, cArr, i, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public char[] getValidPrintable(String str, char[] cArr, int i, boolean z) throws ValidationException, IntrusionException {
        if (isEmpty(cArr)) {
            if (z) {
                return null;
            }
            throw new ValidationException(str + ": Input bytes required", "Input bytes required: HTTP request is null", str);
        }
        if (cArr.length > i) {
            throw new ValidationException(str + ": Input bytes can not exceed " + i + " bytes", "Input exceeds maximum allowed length of " + i + " by " + (cArr.length - i) + " bytes: context=" + str + ", input=" + new String(cArr), str);
        }
        for (int i2 = 0; i2 < cArr.length; i2++) {
            if (cArr[i2] <= ' ' || cArr[i2] >= '~') {
                throw new ValidationException(str + ": Invalid input bytes: context=" + str, "Invalid non-ASCII input bytes, context=" + str + ", input=" + new String(cArr), str);
            }
        }
        return cArr;
    }

    @Override // org.owasp.esapi.Validator
    public char[] getValidPrintable(String str, char[] cArr, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidPrintable(str, cArr, i, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return cArr;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidPrintable(String str, String str2, int i, boolean z) {
        try {
            getValidPrintable(str, str2, i, z);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidPrintable(String str, String str2, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            getValidPrintable(str, str2, i, z);
            return true;
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return false;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidPrintable(String str, String str2, int i, boolean z) throws ValidationException {
        try {
            return new String(getValidPrintable(str, this.encoder.canonicalize(str2).toCharArray(), i, z));
        } catch (Exception e) {
            throw new ValidationException(str + ": Invalid printable input", "Invalid encoding of printable input, context=" + str + ", input=" + str2, e, str);
        }
    }

    @Override // org.owasp.esapi.Validator
    public String getValidPrintable(String str, String str2, int i, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidPrintable(str, str2, i, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return str2;
        }
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidRedirectLocation(String str, String str2, boolean z) throws IntrusionException {
        return ESAPI.validator().isValidInput(str, str2, "Redirect", ESAPI.securityConfiguration().getIntProp("HttpUtilities.maxRedirectLength"), z);
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidRedirectLocation(String str, String str2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        return ESAPI.validator().isValidInput(str, str2, "Redirect", ESAPI.securityConfiguration().getIntProp("HttpUtilities.maxRedirectLength"), z, validationErrorList);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidRedirectLocation(String str, String str2, boolean z) throws ValidationException, IntrusionException {
        return ESAPI.validator().getValidInput(str, str2, "Redirect", ESAPI.securityConfiguration().getIntProp("HttpUtilities.maxRedirectLength"), z);
    }

    @Override // org.owasp.esapi.Validator
    public String getValidRedirectLocation(String str, String str2, boolean z, ValidationErrorList validationErrorList) throws IntrusionException {
        try {
            return getValidRedirectLocation(str, str2, z);
        } catch (ValidationException e) {
            validationErrorList.addError(str, e);
            return str2;
        }
    }

    @Override // org.owasp.esapi.Validator
    public String safeReadLine(InputStream inputStream, int i) throws ValidationException {
        if (i <= 0) {
            throw new ValidationAvailabilityException("Invalid input", "Invalid readline. Must read a positive number of bytes from the stream");
        }
        StringBuilder sb = new StringBuilder();
        int i2 = 0;
        while (true) {
            try {
                int read = inputStream.read();
                if (read != -1) {
                    if (read == 10 || read == 13) {
                        break;
                    }
                    i2++;
                    if (i2 > i) {
                        throw new ValidationAvailabilityException("Invalid input", "Invalid readLine. Read more than maximum characters allowed (" + i + ")");
                    }
                    sb.append((char) read);
                } else if (sb.length() == 0) {
                    return null;
                }
            } catch (IOException e) {
                throw new ValidationAvailabilityException("Invalid input", "Invalid readLine. Problem reading from input stream", e);
            }
        }
        return sb.toString();
    }

    private final boolean isEmpty(String str) {
        return str == null || str.trim().length() == 0;
    }

    private final boolean isEmpty(byte[] bArr) {
        return bArr == null || bArr.length == 0;
    }

    private final boolean isEmpty(char[] cArr) {
        return cArr == null || cArr.length == 0;
    }

    @Override // org.owasp.esapi.Validator
    public boolean isValidURI(String str, String str2, boolean z) {
        boolean z2 = false;
        boolean z3 = str2 == null || "".equals(str2);
        Encoder encoder = ESAPI.encoder();
        try {
            URI uri = null == str2 ? new URI("") : getRfcCompliantURI(str2);
            if (null != uri && str2 != null) {
                String canonicalizedURI = encoder.getCanonicalizedURI(uri);
                logger.debug(Logger.SECURITY_SUCCESS, "We did not detect any mixed or multiple encoding in the uri:[" + str2 + "]");
                ESAPI.validator();
                Pattern validationPattern = ESAPI.securityConfiguration().getValidationPattern("URL");
                if (validationPattern != null) {
                    z2 = validationPattern.matcher(canonicalizedURI).matches();
                } else {
                    logger.error(Logger.EVENT_FAILURE, "Invalid regex pulled from configuration.  Check the regex for URL and correct.");
                }
            } else if (z && z3) {
                z2 = true;
            }
        } catch (URISyntaxException e) {
            logger.error(Logger.EVENT_FAILURE, e.getMessage());
        } catch (IntrusionException e2) {
            logger.error(Logger.SECURITY_FAILURE, e2.getMessage());
            z2 = false;
        }
        return z2;
    }

    @Override // org.owasp.esapi.Validator
    public URI getRfcCompliantURI(String str) {
        URI uri = null;
        try {
            uri = new URI(str);
        } catch (URISyntaxException e) {
            logger.error(Logger.EVENT_FAILURE, e.getMessage());
        }
        return uri;
    }

    static {
        fileValidator = null;
        ArrayList arrayList = new ArrayList();
        arrayList.add("HTMLEntityCodec");
        arrayList.add("PercentCodec");
        fileValidator = new DefaultValidator(new DefaultEncoder(arrayList));
    }
}
