package org.opennms.core.utils;

import java.beans.PropertyDescriptor;
import java.lang.reflect.InvocationTargetException;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.xml.serializer.SerializerConstants;
import org.springframework.beans.BeanWrapperImpl;

/* loaded from: input_file:org/opennms/core/utils/WebSecurityUtils.class */
public abstract class WebSecurityUtils {
    private static final Pattern ILLEGAL_IN_INTEGER = Pattern.compile("[^0-9+-]");
    private static final Pattern ILLEGAL_IN_FLOAT = Pattern.compile("[^0-9.Ee+-]");
    private static final Pattern ILLEGAL_IN_COLUMN_NAME_PATTERN = Pattern.compile("[^A-Za-z0-9_]");
    private static final Pattern scriptPattern = Pattern.compile("script", 2);

    public static String[] sanitizeString(String[] strArr) {
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = sanitizeString(strArr[i]);
        }
        return strArr;
    }

    public static String sanitizeString(String str) {
        return sanitizeString(str, false);
    }

    public static String sanitizeString(String str, boolean z) {
        if (str == null || str.length() == 0) {
            return str;
        }
        String replaceAll = scriptPattern.matcher(str).replaceAll("&#x73;cript");
        if (!z) {
            replaceAll = replaceAll.replaceAll("<", SerializerConstants.ENTITY_LT).replaceAll(">", SerializerConstants.ENTITY_GT).replaceAll("\"", SerializerConstants.ENTITY_QUOT);
        }
        return replaceAll;
    }

    public static int[] safeParseInt(String[] strArr) throws NumberFormatException {
        int[] iArr = new int[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            iArr[i] = Integer.parseInt(ILLEGAL_IN_INTEGER.matcher(strArr[i]).replaceAll(""));
        }
        return iArr;
    }

    public static int safeParseInt(String str) throws NumberFormatException {
        return Integer.parseInt(ILLEGAL_IN_INTEGER.matcher(str).replaceAll(""));
    }

    public static long safeParseLong(String str) throws NumberFormatException {
        return Long.parseLong(ILLEGAL_IN_INTEGER.matcher(str).replaceAll(""));
    }

    public static float safeParseFloat(String str) throws NumberFormatException {
        return Float.parseFloat(ILLEGAL_IN_FLOAT.matcher(str).replaceAll(""));
    }

    public static double safeParseDouble(String str) throws NumberFormatException {
        return Double.parseDouble(ILLEGAL_IN_FLOAT.matcher(str).replaceAll(""));
    }

    public static String sanitizeDbColumnName(String str) {
        return ILLEGAL_IN_COLUMN_NAME_PATTERN.matcher(str).replaceAll("");
    }

    public static <T> T sanitizeBeanStringProperties(T t, Set<String> set) {
        for (PropertyDescriptor propertyDescriptor : new BeanWrapperImpl(t.getClass()).getPropertyDescriptors()) {
            if (propertyDescriptor.getReadMethod().getReturnType().equals(String.class)) {
                boolean z = false;
                if (set != null) {
                    try {
                        if (set.contains(propertyDescriptor.getName().toLowerCase())) {
                            z = true;
                        }
                    } catch (IllegalAccessException e) {
                        LogUtils.errorf(WebSecurityUtils.class, "Illegal access by sanitize object %s on property %s. Error %s", propertyDescriptor.getName(), t.getClass(), e.getMessage());
                    } catch (IllegalArgumentException e2) {
                        LogUtils.errorf(WebSecurityUtils.class, "Illegal argument by sanitize object %s on property %s. Error %s", propertyDescriptor.getName(), t.getClass(), e2.getMessage());
                    } catch (InvocationTargetException e3) {
                        LogUtils.errorf(WebSecurityUtils.class, "Invocation target exception by sanitize object %s on property %s. Error %s", propertyDescriptor.getName(), t.getClass(), e3.getMessage());
                    }
                }
                LogUtils.debugf(WebSecurityUtils.class, "Try to sanitize string %s in %s with html %b", propertyDescriptor.getName(), t.getClass(), Boolean.valueOf(z));
                propertyDescriptor.getWriteMethod().invoke(t, sanitizeString((String) propertyDescriptor.getReadMethod().invoke(t, new Object[0]), z));
            }
        }
        return t;
    }
}
