package com.sap.security.core.server.csi.test;

import com.businessobjects.report.web.shared.StaticStrings;
import com.sap.security.core.server.csi.URLChecker;
import com.sap.security.core.server.csi.XSSEncoder;
import com.sap.security.core.server.csi.util.URLEncoder;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.util.Locale;
import org.apache.axis2.Constants;
import org.apache.xml.serializer.SerializerConstants;

/* loaded from: input_file:lib/sap.com~tc~sec~csi.jar:com/sap/security/core/server/csi/test/URLTester.class */
public final class URLTester {
    public static String[] _goodURLs = {"http://hostname:50000/dtr/ws/N1XMOD..                                          ", "http://www.test.de                                                             ", "HTTP://WWW.TEST.DE                                                             ", "Http://WWW.Test.De                                                             ", "http:www.test.de                                                               ", "http://www.test.de#last?id=me                                                  ", "http://www.test.de/My%20Documents.html                                         ", "http://www.test.de?%253c%2520script%3a%3e%20%20                                ", "http://www.test.de?me=%2527scrip%20t%2527                                      ", "http://www.test.de?me=%2527script%2527%26you=23                                ", "http://www.test.de?me=1%2b1                                                    ", "/sap/../lang/package-summary.html#charenc                                      ", "Http://www.test.de/one/two/../../four?#Idontknow                               ", "com.sap.eu&param4=%3A+%21%22%C2%A7%24%25%26%2F%28%29%3F%C3%BC%C3%B6%C3%A4%C3   ", "../../resources/WebDynpro/global/SSR                                           ", "news:                                                                          ", "mailto:                                                                        ", null};
    public static String[] _badURLs = {"http://example.test/index.cgi?cgi-bin/index.cgi%00.html                        ", "file://a/.././g?<script></script>                                              ", "file://a/../../../.././test                                                    ", "javascript:alert('s');                                                         ", "about:blank                                                                    ", "http://www.hallo.de/ich.html?test=<script>alert('Hi')</script>                 ", "http://www.hallo.de/ich.html?test=%3cscript%3ealert(%27hello%27)%3c%2fscript%3e", "Http://www.test.de/one/two/../../../four?#Idontknow                            ", null};
    public static String[] _nowGoodUURLs = {"about:blank                                                                    ", "flash://test.de/                                                               ", "mailto:addr1%2C%20addr2                                                        ", "mailto:                                                                        ", "MailTo:                                                                        ", "mailto:addr1%2C%20addr2                                                        ", "http://www.sap.com                                                             ", "http://sap.com                                                                 ", null};
    public static String[] _whiteCheckURLs = {"http://www.sap.com/?kkk=d                                                      ", "http://www.sap.de/?kkk=d                                                       ", "www.sap.de?test=%3cscript%3ealert(%27hello%27)%3c%2fscript%3e                  ", null};

    public static void main(String[] strArr) {
        URLChecker uRLChecker = new URLChecker();
        URLChecker uRLChecker2 = new URLChecker();
        URLChecker uRLChecker3 = new URLChecker();
        URLChecker uRLChecker4 = new URLChecker();
        for (int i = 0; i < _goodURLs.length; i++) {
            System.out.print(new StringBuffer().append("Check good URL: ").append(_goodURLs[i]).toString());
            try {
                if (uRLChecker.isValid(_goodURLs[i] == null ? null : _goodURLs[i].trim())) {
                    System.out.print(" OK\n");
                } else {
                    System.out.print(" NOT OK\n");
                }
            } catch (MalformedURLException e) {
                System.out.print(" NOT OK\n");
            }
        }
        for (int i2 = 0; i2 < _badURLs.length; i2++) {
            System.out.print(new StringBuffer().append("Check bad  URL: ").append(_badURLs[i2]).toString());
            try {
                if (uRLChecker2.isValid(_badURLs[i2] == null ? null : _badURLs[i2].trim())) {
                    System.out.print(" NOT OK\n");
                } else {
                    System.out.print(" OK\n");
                }
            } catch (MalformedURLException e2) {
                System.out.print(new StringBuffer().append(" OK, error: ").append(e2.getLocalizedMessage()).append("\n").toString());
            }
        }
        uRLChecker3.addProtocol("flash");
        uRLChecker3.addProtocol("about");
        uRLChecker3.addProtocol(Constants.TRANSPORT_MAIL);
        uRLChecker3.setHosts(new String[]{"www.sap.com", "sap.com", "test.de"});
        for (int i3 = 0; i3 < _nowGoodUURLs.length; i3++) {
            System.out.print(new StringBuffer().append("Check cust URL: ").append(_nowGoodUURLs[i3]).toString());
            try {
                if (uRLChecker3.isValid(_nowGoodUURLs[i3] == null ? null : _nowGoodUURLs[i3].trim())) {
                    System.out.print(" OK\n");
                } else {
                    System.out.print(" NOT OK\n");
                }
            } catch (MalformedURLException e3) {
                System.out.print(" NOT OK\n");
            }
        }
        uRLChecker4.setWhiteURLPattern("(.*)www\\.sap\\.com*");
        uRLChecker4.addWhiteURLPattern("(.*)\\.de");
        for (int i4 = 0; i4 < _whiteCheckURLs.length; i4++) {
            System.out.print(new StringBuffer().append("Check whit URL: ").append(_whiteCheckURLs[i4]).toString());
            try {
                if (uRLChecker4.isValid(_whiteCheckURLs[i4] == null ? null : _whiteCheckURLs[i4].trim())) {
                    System.out.print(" OK\n");
                } else {
                    System.out.print(" NOT OK\n");
                }
            } catch (MalformedURLException e4) {
                System.out.print(new StringBuffer().append(" NOT OK, error: ").append(e4.getLocalizedMessage()).append("\n").toString());
            }
        }
        System.out.println("Start Excaping");
        try {
            checkXSSMLEscaping(false);
            checkXSSMLEscaping(true);
            System.out.println("XML / HTML Excaping Done");
            checkXSSURLEscaping(false);
            checkXSSURLEscaping(true);
            System.out.println("URL Excaping Done");
            checkXSSJSEscaping(false);
            checkXSSJSEscaping(true);
            System.out.println("JavaScript Excaping Done");
            checkXSSCSSEscaping(false);
            checkXSSCSSEscaping(true);
            System.out.println("CSS Excaping Done");
        } catch (UnsupportedEncodingException e5) {
            System.out.print(new StringBuffer().append("Escaping error: ").append(e5).append("\n").toString());
        }
    }

    public static boolean checkDynamic(String str) {
        try {
            URLChecker uRLChecker = new URLChecker(str);
            uRLChecker.setDefaultProtocol(Constants.TRANSPORT_HTTPS);
            return uRLChecker.isValid();
        } catch (Exception e) {
            return false;
        }
    }

    private static void checkXSSMLEscaping(boolean z) throws UnsupportedEncodingException {
        for (int i = 0; i < 256; i++) {
            String encodeHTML = XSSEncoder.encodeHTML(new Character((char) i).toString(), z);
            if (i < 0 || i >= 32) {
                if (i < 32 || i >= 44) {
                    if (i < 44 || i >= 58) {
                        if (i < 58 || i >= 65) {
                            if (i >= 65 && i < 91) {
                                checkValue(encodeHTML, new String(new char[]{(char) i}));
                            } else if (i < 91 || i >= 97) {
                                if (i >= 97 && i < 123) {
                                    checkValue(encodeHTML, new String(new char[]{(char) i}));
                                } else if (i >= 123 && i < 127) {
                                    checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                                } else if (i >= 127 && i < 160) {
                                    checkValue(encodeHTML, "&#xfffd;");
                                } else if (i >= 160 && i < 256) {
                                    checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                                }
                            } else if (i == 95) {
                                checkValue(encodeHTML, new String(new char[]{(char) i}));
                            } else {
                                checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                            }
                        } else if (i == 60) {
                            checkValue(encodeHTML, SerializerConstants.ENTITY_LT);
                        } else if (i == 62) {
                            checkValue(encodeHTML, SerializerConstants.ENTITY_GT);
                        } else {
                            checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                        }
                    } else if (i == 47) {
                        checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                    } else {
                        checkValue(encodeHTML, new String(new char[]{(char) i}));
                    }
                } else if (i == 34) {
                    checkValue(encodeHTML, SerializerConstants.ENTITY_QUOT);
                } else if (i == 38) {
                    checkValue(encodeHTML, SerializerConstants.ENTITY_AMP);
                } else {
                    checkValue(encodeHTML, new StringBuffer().append("&#x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(";").toString());
                }
            } else if (i == 9) {
                checkValue(encodeHTML, "&#x9;");
            } else if (i == 10) {
                checkValue(encodeHTML, "&#xa;");
            } else if (i == 13) {
                checkValue(encodeHTML, "&#xd;");
            } else {
                checkValue(encodeHTML, "&#xfffd;");
            }
        }
        for (int i2 = 8232; i2 < 8234; i2++) {
            checkValue(XSSEncoder.encodeHTML(new Character((char) i2).toString(), z), new StringBuffer().append("&#x").append(Integer.toHexString(i2).toLowerCase(Locale.ENGLISH)).append(";").toString());
        }
        for (int i3 = 256; i3 < 5000; i3++) {
            String encodeHTML2 = XSSEncoder.encodeHTML(new Character((char) i3).toString(), z);
            if (z) {
                checkValue(encodeHTML2, new StringBuffer().append("&#x").append(Integer.toHexString(i3).toLowerCase(Locale.ENGLISH)).append(";").toString());
            } else {
                checkValue(encodeHTML2, new String(new char[]{(char) i3}));
            }
        }
        for (int i4 = 20000; i4 < 21000; i4++) {
            String encodeHTML3 = XSSEncoder.encodeHTML(new Character((char) i4).toString(), z);
            if (z) {
                checkValue(encodeHTML3, new StringBuffer().append("&#x").append(Integer.toHexString(i4).toLowerCase(Locale.ENGLISH)).append(";").toString());
            } else {
                checkValue(encodeHTML3, new String(new char[]{(char) i4}));
            }
        }
        checkValue(XSSEncoder.encodeHTML((String) null, z));
        checkValue(XSSEncoder.encodeHTML((CharSequence) null, z));
    }

    private static void checkXSSURLEscaping(boolean z) throws UnsupportedEncodingException {
        for (int i = 0; i < 256; i++) {
            String encodeURL = XSSEncoder.encodeURL(new Character((char) i).toString(), z);
            if (i >= 0 && i < 16) {
                checkValue(encodeURL, new StringBuffer().append("%0").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
            } else if (i < 16 || i >= 48) {
                if (i >= 48 && i < 58) {
                    checkValue(encodeURL, new String(new char[]{(char) i}));
                } else if (i >= 58 && i < 65) {
                    checkValue(encodeURL, new StringBuffer().append("%").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                } else if (i >= 65 && i < 91) {
                    checkValue(encodeURL, new String(new char[]{(char) i}));
                } else if (i < 91 || i >= 97) {
                    if (i >= 97 && i < 123) {
                        checkValue(encodeURL, new String(new char[]{(char) i}));
                    } else if (i < 123 || i >= 127) {
                        checkValue(encodeURL, URLEncoder.encode(new String(new char[]{(char) i}), "UTF-8").toLowerCase(Locale.ENGLISH));
                    } else {
                        checkValue(encodeURL, new StringBuffer().append("%").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                    }
                } else if (i == 95) {
                    checkValue(encodeURL, new String(new char[]{(char) i}));
                } else {
                    checkValue(encodeURL, new StringBuffer().append("%").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                }
            } else if (i == 42) {
                checkValue(encodeURL, new String(new char[]{(char) i}));
            } else if (i == 45) {
                checkValue(encodeURL, new String(new char[]{(char) i}));
            } else if (i == 46) {
                checkValue(encodeURL, new String(new char[]{(char) i}));
            } else {
                checkValue(encodeURL, new StringBuffer().append("%").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
            }
        }
        for (int i2 = 8232; i2 < 8234; i2++) {
            checkValue(XSSEncoder.encodeURL(new Character((char) i2).toString(), z), URLEncoder.encode(new String(new char[]{(char) i2}), "UTF-8").toLowerCase(Locale.ENGLISH));
        }
        for (int i3 = 256; i3 < 5000; i3++) {
            checkValue(XSSEncoder.encodeURL(new Character((char) i3).toString(), z), URLEncoder.encode(new String(new char[]{(char) i3}), "UTF-8").toLowerCase(Locale.ENGLISH));
        }
        for (int i4 = 20000; i4 < 21000; i4++) {
            checkValue(XSSEncoder.encodeURL(new Character((char) i4).toString(), z), URLEncoder.encode(new String(new char[]{(char) i4}), "UTF-8").toLowerCase(Locale.ENGLISH));
        }
        checkValue(XSSEncoder.encodeURL((String) null, z));
        checkValue(XSSEncoder.encodeURL((CharSequence) null, z));
    }

    private static void checkXSSJSEscaping(boolean z) throws UnsupportedEncodingException {
        for (int i = 0; i < 256; i++) {
            String encodeJavaScript = XSSEncoder.encodeJavaScript(new Character((char) i).toString(), z);
            if (i >= 0 && i < 16) {
                checkValue(encodeJavaScript, new StringBuffer().append("\\x0").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
            } else if (i < 16 || i >= 48) {
                if (i >= 48 && i < 58) {
                    checkValue(encodeJavaScript, new String(new char[]{(char) i}));
                } else if (i >= 58 && i < 65) {
                    checkValue(encodeJavaScript, new StringBuffer().append("\\x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                } else if (i >= 65 && i < 91) {
                    checkValue(encodeJavaScript, new String(new char[]{(char) i}));
                } else if (i < 91 || i >= 97) {
                    if (i >= 97 && i < 123) {
                        checkValue(encodeJavaScript, new String(new char[]{(char) i}));
                    } else if (i < 123 || i >= 127) {
                        checkValue(encodeJavaScript, new StringBuffer().append("\\x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                    } else {
                        checkValue(encodeJavaScript, new StringBuffer().append("\\x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                    }
                } else if (i == 95) {
                    checkValue(encodeJavaScript, new String(new char[]{(char) i}));
                } else {
                    checkValue(encodeJavaScript, new StringBuffer().append("\\x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
                }
            } else if (i == 44) {
                checkValue(encodeJavaScript, new String(new char[]{(char) i}));
            } else if (i == 46) {
                checkValue(encodeJavaScript, new String(new char[]{(char) i}));
            } else {
                checkValue(encodeJavaScript, new StringBuffer().append("\\x").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).toString());
            }
        }
        for (int i2 = 8232; i2 < 8234; i2++) {
            checkValue(XSSEncoder.encodeJavaScript(new Character((char) i2).toString(), z), new StringBuffer().append("\\u").append(Integer.toHexString(i2).toLowerCase(Locale.ENGLISH)).toString());
        }
        for (int i3 = 256; i3 < 5000; i3++) {
            String encodeJavaScript2 = XSSEncoder.encodeJavaScript(new Character((char) i3).toString(), z);
            if (!z) {
                checkValue(encodeJavaScript2, new String(new char[]{(char) i3}));
            } else if (i3 < 4096) {
                checkValue(encodeJavaScript2, new StringBuffer().append("\\u0").append(Integer.toHexString(i3).toLowerCase(Locale.ENGLISH)).toString());
            } else {
                checkValue(encodeJavaScript2, new StringBuffer().append("\\u").append(Integer.toHexString(i3).toLowerCase(Locale.ENGLISH)).toString());
            }
        }
        for (int i4 = 20000; i4 < 21000; i4++) {
            String encodeJavaScript3 = XSSEncoder.encodeJavaScript(new Character((char) i4).toString(), z);
            if (z) {
                checkValue(encodeJavaScript3, new StringBuffer().append("\\u").append(Integer.toHexString(i4).toLowerCase(Locale.ENGLISH)).toString());
            } else {
                checkValue(encodeJavaScript3, new String(new char[]{(char) i4}));
            }
        }
        checkValue(XSSEncoder.encodeJavaScript((String) null, z));
        checkValue(XSSEncoder.encodeJavaScript((CharSequence) null, z));
    }

    private static void checkXSSCSSEscaping(boolean z) throws UnsupportedEncodingException {
        for (int i = 0; i < 256; i++) {
            String encodeCSS = XSSEncoder.encodeCSS(new Character((char) i).toString(), z);
            if (i >= 0 && i < 16) {
                checkValue(encodeCSS, new StringBuffer().append("\\0").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else if (i >= 16 && i < 48) {
                checkValue(encodeCSS, new StringBuffer().append("\\").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else if (i >= 48 && i < 58) {
                checkValue(encodeCSS, new String(new char[]{(char) i}));
            } else if (i >= 58 && i < 65) {
                checkValue(encodeCSS, new StringBuffer().append("\\").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else if (i >= 65 && i < 91) {
                checkValue(encodeCSS, new String(new char[]{(char) i}));
            } else if (i >= 91 && i < 97) {
                checkValue(encodeCSS, new StringBuffer().append("\\").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else if (i >= 97 && i < 123) {
                checkValue(encodeCSS, new String(new char[]{(char) i}));
            } else if (i < 123 || i >= 127) {
                checkValue(encodeCSS, new StringBuffer().append("\\").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else {
                checkValue(encodeCSS, new StringBuffer().append("\\").append(Integer.toHexString(i).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            }
        }
        for (int i2 = 8232; i2 < 8234; i2++) {
            checkValue(XSSEncoder.encodeCSS(new Character((char) i2).toString(), z), new StringBuffer().append("\\").append(Integer.toHexString(i2).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
        }
        for (int i3 = 256; i3 < 5000; i3++) {
            String encodeCSS2 = XSSEncoder.encodeCSS(new Character((char) i3).toString(), z);
            if (z) {
                checkValue(encodeCSS2, new StringBuffer().append("\\").append(Integer.toHexString(i3).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else {
                checkValue(encodeCSS2, new String(new char[]{(char) i3}));
            }
        }
        for (int i4 = 20000; i4 < 21000; i4++) {
            String encodeCSS3 = XSSEncoder.encodeCSS(new Character((char) i4).toString(), z);
            if (z) {
                checkValue(encodeCSS3, new StringBuffer().append("\\").append(Integer.toHexString(i4).toLowerCase(Locale.ENGLISH)).append(StaticStrings.Space).toString());
            } else {
                checkValue(encodeCSS3, new String(new char[]{(char) i4}));
            }
        }
        checkValue(XSSEncoder.encodeCSS((String) null, z));
        checkValue(XSSEncoder.encodeCSS((CharSequence) null, z));
    }

    private static void checkValue(CharSequence charSequence, String str) throws UnsupportedEncodingException {
        if (charSequence == null) {
            throw new UnsupportedEncodingException("Null encoding");
        }
        if (0 != charSequence.toString().compareTo(str)) {
            throw new UnsupportedEncodingException(new StringBuffer().append("Wrong output encoding, expected: ").append(str).toString());
        }
    }

    private static void checkValue(CharSequence charSequence) {
        if (charSequence != null) {
            throw new IllegalArgumentException("Input 'null' - output 'not null'");
        }
        System.out.println("OK - 'null'");
    }
}
