package oracle.xdo.common.xml;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Properties;
import oracle.xdo.XDOException;
import oracle.xdo.common.config.PropertyConstants;
import oracle.xdo.common.lang.StringUtil;
import oracle.xdo.common.log.Logger;
import oracle.xdo.common.net.URLFactory;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:oracle/xdo/common/xml/SecureEntityResolver.class */
public class SecureEntityResolver implements EntityResolver {
    public static final String RTF2XSL_PROTOCOL = "rtf2xsl";
    private boolean mIsSecureMode;
    private URL mBaseURL = null;
    private Properties mProps;

    public SecureEntityResolver(boolean z, Properties properties) {
        this.mIsSecureMode = true;
        this.mIsSecureMode = z;
        this.mProps = properties;
    }

    public void setBaseURL(URL url) {
        this.mBaseURL = url;
    }

    @Override // org.xml.sax.EntityResolver
    public InputSource resolveEntity(String str, String str2) throws SAXException, IOException {
        int indexOf;
        String str3 = str2;
        URL url = this.mBaseURL;
        if (str != null) {
            str = str.trim();
            if (str.length() <= 0) {
                str = null;
            } else {
                try {
                    url = URLFactory.createURL(str);
                } catch (Exception e) {
                    url = this.mBaseURL;
                }
            }
        }
        URL createURL = URLFactory.createURL(url, str2);
        if (isSecureMode()) {
            URL url2 = createURL;
            str3 = str2.trim();
            if (str3.toLowerCase().startsWith("rtf2xsl") && (indexOf = str3.indexOf("_")) >= 0) {
                str3 = str3.substring("rtf2xsl".length() + 3, indexOf) + ":" + str3.substring(indexOf + 1, str3.length());
                url2 = URLFactory.createURL(url, str3);
            }
            if (!URLFactory.isInternal(url2) && !checkRules(url2)) {
                String str4 = "Disallowed access URL '" + url2.toExternalForm() + "'.";
                Logger.log(str4, 5);
                throw new MalformedURLException(str4);
            }
        }
        InputSource inputSource = new InputSource(createURL.openStream());
        inputSource.setPublicId(str);
        inputSource.setSystemId(str3);
        return inputSource;
    }

    private boolean checkRules(URL url) {
        int i = 0;
        boolean z = true;
        while (z) {
            i++;
            String str = PropertyConstants.XDK_SECURE_ALLOW_ACCESS + StringUtil.IntToStrLPad(i, 2, '0');
            String property = this.mProps.getProperty(str, null);
            if (property == null) {
                String str2 = PropertyConstants.XDK_SECURE_PROHIBIT_ACCESS + StringUtil.IntToStrLPad(i, 2, '0');
                String property2 = this.mProps.getProperty(str2, null);
                if (property2 != null) {
                    try {
                        if (new UrlRule(property2, str2).isCovered(url)) {
                            return false;
                        }
                    } catch (XDOException e) {
                        Logger.log(e.getMessage(), 5);
                    }
                } else {
                    z = false;
                }
            } else {
                try {
                    if (new UrlRule(property, str).isCovered(url)) {
                        return true;
                    }
                } catch (XDOException e2) {
                    Logger.log(e2.getMessage(), 5);
                }
            }
        }
        return false;
    }

    public boolean isSecureMode() {
        return this.mIsSecureMode;
    }
}
