package org.egov.infra.security.utils;

import org.apache.commons.lang.StringUtils;
import org.egov.infra.exception.ApplicationRuntimeException;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/egov-egi-2.0.0-SNAPSHOT-FW.jar:org/egov/infra/security/utils/VirtualSanitizer.class */
public final class VirtualSanitizer {
    private static final Logger LOG = LoggerFactory.getLogger(VirtualSanitizer.class);
    private static Policy policy;
    private static AntiSamy antiSamy;

    private static AntiSamy getAntiSamy() throws PolicyException {
        if (antiSamy == null) {
            policy = getPolicy("antisamy-myspace-1.4.3.xml");
            antiSamy = new AntiSamy();
        }
        return antiSamy;
    }

    private static Policy getPolicy(String str) throws PolicyException {
        return Policy.getInstance(VirtualSanitizer.class.getResource(str));
    }

    public static String sanitize(String str) {
        try {
            if (StringUtils.isBlank(str)) {
                return str;
            }
            CleanResults scan = getAntiSamy().scan(str, policy);
            if (scan.getErrorMessages().size() <= 0) {
                return str;
            }
            LOG.error(scan.getErrorMessages().toString());
            throw new ApplicationRuntimeException("Found security threat in user input : " + scan.getErrorMessages());
        } catch (Exception e) {
            LOG.error(e.getMessage());
            throw new ApplicationRuntimeException("Error occurred while validating inputs", e);
        }
    }
}
