package io.inugami.commons.security;

import io.inugami.api.constants.JvmKeyValues;
import io.inugami.api.exceptions.Asserts;
import java.util.Collection;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.function.UnaryOperator;
import java.util.regex.Pattern;
import org.apache.commons.lang.StringEscapeUtils;

/* loaded from: input_file:WEB-INF/lib/inugami_commons-3.3.5.jar:io/inugami/commons/security/SecurityTools.class */
public final class SecurityTools {
    private static final Pattern REGEX_INJECT = Pattern.compile(JvmKeyValues.SECURITY_SQL_INJECT_REGEX.or("(['\\-;=\\?$/]+)|([<>])"));

    private SecurityTools() {
    }

    public static String checkInjection(String str) {
        if (Asserts.checkIsBlank(str) || !(REGEX_INJECT.matcher(str).matches() || str.contains("'") || str.contains("\\"))) {
            return StringEscapeUtils.escapeSql(str);
        }
        throw new SecurityException("invalide query! (" + str + ")");
    }

    public static String escapeSql(String str) {
        return StringEscapeUtils.escapeSql(str);
    }

    public static String escapeJavaScriptAndHtml(String str) {
        return escape(str, StringEscapeUtils::escapeJavaScript, StringEscapeUtils::escapeHtml);
    }

    public static String escape(String str, UnaryOperator<String>... unaryOperatorArr) {
        String str2 = str;
        if (str2 != null) {
            for (UnaryOperator<String> unaryOperator : unaryOperatorArr) {
                str2 = (String) unaryOperator.apply(str2);
            }
        }
        return str2;
    }

    public static void secureSql(Supplier<String> supplier, Consumer<String> consumer) {
        secureEntity(supplier, consumer, StringEscapeUtils::escapeSql);
    }

    public static void secureJavaScript(Supplier<String> supplier, Consumer<String> consumer) {
        secureEntity(supplier, consumer, StringEscapeUtils::escapeJavaScript);
    }

    public static void secureXml(Supplier<String> supplier, Consumer<String> consumer) {
        secureEntity(supplier, consumer, StringEscapeUtils::escapeXml);
    }

    public static void secureHtml(Supplier<String> supplier, Consumer<String> consumer) {
        secureEntity(supplier, consumer, StringEscapeUtils::escapeHtml);
    }

    public static void secureJavaScriptAndHtml(Supplier<String> supplier, Consumer<String> consumer) {
        secureEntity(supplier, consumer, StringEscapeUtils::escapeJavaScript, StringEscapeUtils::escapeHtml);
    }

    public static <T> void secureJavaScriptAndHtml(Collection<T> collection, ItemProcessor<T>... itemProcessorArr) {
        if (collection == null || itemProcessorArr == null) {
            return;
        }
        for (T t : collection) {
            for (ItemProcessor<T> itemProcessor : itemProcessorArr) {
                String apply = itemProcessor.getExtractor().apply(t);
                if (t != null) {
                    itemProcessor.getSetter().accept(t, escapeJavaScriptAndHtml(apply));
                }
            }
        }
    }

    public static void secureEntity(Supplier<String> supplier, Consumer<String> consumer, UnaryOperator<String>... unaryOperatorArr) {
        Asserts.assertNotNull("getter is mandatory!", supplier);
        Asserts.assertNotNull("setter is mandatory!", consumer);
        Asserts.assertNotNull("processor is mandatory!", unaryOperatorArr);
        String str = supplier.get();
        if (str != null) {
            for (UnaryOperator<String> unaryOperator : unaryOperatorArr) {
                str = (String) unaryOperator.apply(str);
            }
            consumer.accept(escapeSql(str));
        }
    }
}
