package edu.hm.hafner.util;

import com.google.errorprone.annotations.FormatMethod;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.nio.charset.Charset;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import org.apache.commons.io.input.ReaderInputStream;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:edu/hm/hafner/util/SecureXmlParserFactory.class */
public class SecureXmlParserFactory {
    private static final String SAX_FEATURE_PREFIX = "http://xml.org/sax/features/";
    private static final String XERCES_FEATURE_PREFIX = "http://apache.org/xml/features/";
    private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = "external-general-entities";
    private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "external-parameter-entities";
    private static final String RESOLVE_DTD_URIS_FEATURE = "resolve-dtd-uris";
    private static final String USE_ENTITY_RESOLVER2_FEATURE = "use-entity-resolver2";
    private static final String CREATE_ENTITY_REF_NODES_FEATURE = "dom/create-entity-ref-nodes";
    private static final String LOAD_DTD_GRAMMAR_FEATURE = "nonvalidating/load-dtd-grammar";
    private static final String LOAD_EXTERNAL_DTD_FEATURE = "nonvalidating/load-external-dtd";
    private static final String[] ENABLED_PROPERTIES = {"http://javax.xml.XMLConstants/feature/secure-processing"};
    private static final String[] DISABLED_PROPERTIES = {"http://xml.org/sax/features/external-general-entities", "http://xml.org/sax/features/external-parameter-entities", "http://xml.org/sax/features/resolve-dtd-uris", "http://xml.org/sax/features/use-entity-resolver2", "http://apache.org/xml/features/dom/create-entity-ref-nodes", "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", "http://apache.org/xml/features/nonvalidating/load-external-dtd"};
    private static final String[] DISABLED_ATTRIBUTES = {"http://javax.xml.XMLConstants/property/accessExternalDTD", "http://javax.xml.XMLConstants/property/accessExternalSchema", "http://javax.xml.XMLConstants/property/accessExternalStylesheet"};
    private static final String CLEAR_ATTRIBUTE = "";
    private static final String SUPPORTING_EXTERNAL_ENTITIES = "javax.xml.stream.isSupportingExternalEntities";

    /* loaded from: input_file:edu/hm/hafner/util/SecureXmlParserFactory$ParsingException.class */
    public static class ParsingException extends RuntimeException {
        private static final long serialVersionUID = -9016364685084958944L;

        public ParsingException(Throwable th) {
            super(createMessage(th, "Exception occurred during parsing"), th);
        }

        @FormatMethod
        public ParsingException(String str, Object... objArr) {
            super(str.formatted(objArr));
        }

        @FormatMethod
        public ParsingException(Throwable th, String str, Object... objArr) {
            super(createMessage(th, str.formatted(objArr)), th);
        }

        private static String createMessage(Throwable th, String str) {
            return "%s%n%s%n%s".formatted(str, ExceptionUtils.getMessage(th), ExceptionUtils.getStackTrace(th));
        }
    }

    public DocumentBuilder createDocumentBuilder() {
        try {
            DocumentBuilderFactory createDocumentBuilderFactory = createDocumentBuilderFactory();
            createDocumentBuilderFactory.setXIncludeAware(false);
            createDocumentBuilderFactory.setExpandEntityReferences(false);
            createDocumentBuilderFactory.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            setFeatures(createDocumentBuilderFactory);
            clearAttributes(createDocumentBuilderFactory);
            return createDocumentBuilderFactory.newDocumentBuilder();
        } catch (ParserConfigurationException e) {
            throw new IllegalArgumentException("Can't create instance of DocumentBuilder", e);
        }
    }

    @VisibleForTesting
    DocumentBuilderFactory createDocumentBuilderFactory() {
        return DocumentBuilderFactory.newInstance();
    }

    private void setFeatures(DocumentBuilderFactory documentBuilderFactory) {
        for (String str : ENABLED_PROPERTIES) {
            setFeature(documentBuilderFactory, str, true);
        }
        for (String str2 : DISABLED_PROPERTIES) {
            setFeature(documentBuilderFactory, str2, false);
        }
    }

    private void setFeature(DocumentBuilderFactory documentBuilderFactory, String str, boolean z) {
        try {
            documentBuilderFactory.setFeature(str, z);
        } catch (ParserConfigurationException e) {
        }
    }

    private void clearAttributes(DocumentBuilderFactory documentBuilderFactory) {
        for (String str : DISABLED_ATTRIBUTES) {
            try {
                documentBuilderFactory.setAttribute(str, CLEAR_ATTRIBUTE);
            } catch (IllegalArgumentException e) {
            }
        }
    }

    private void clearAttributes(TransformerFactory transformerFactory) {
        for (String str : DISABLED_ATTRIBUTES) {
            try {
                transformerFactory.setAttribute(str, CLEAR_ATTRIBUTE);
            } catch (IllegalArgumentException e) {
            }
        }
    }

    public SAXParser createSaxParser() {
        try {
            SAXParserFactory createSaxParserFactory = createSaxParserFactory();
            configureSaxParserFactory(createSaxParserFactory);
            SAXParser newSAXParser = createSaxParserFactory.newSAXParser();
            secureParser(newSAXParser);
            return newSAXParser;
        } catch (ParserConfigurationException | SAXException e) {
            throw new IllegalArgumentException("Can't create instance of SAXParser", e);
        }
    }

    @VisibleForTesting
    SAXParserFactory createSaxParserFactory() {
        return SAXParserFactory.newInstance();
    }

    private void secureParser(SAXParser sAXParser) {
        for (String str : DISABLED_ATTRIBUTES) {
            try {
                sAXParser.setProperty(str, CLEAR_ATTRIBUTE);
            } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
            }
        }
    }

    public void configureSaxParserFactory(SAXParserFactory sAXParserFactory) {
        sAXParserFactory.setValidating(false);
        sAXParserFactory.setXIncludeAware(false);
        for (String str : ENABLED_PROPERTIES) {
            try {
                sAXParserFactory.setFeature(str, true);
            } catch (ParserConfigurationException | SAXException e) {
            }
        }
        for (String str2 : DISABLED_PROPERTIES) {
            try {
                sAXParserFactory.setFeature(str2, false);
            } catch (ParserConfigurationException | SAXException e2) {
            }
        }
    }

    @SuppressFBWarnings(value = {"XXE_XMLSTREAMREADER"}, justification = "The reader is secured in the called method")
    public XMLStreamReader createXmlStreamReader(Reader reader) {
        try {
            return createSecureInputFactory().createXMLStreamReader(reader);
        } catch (XMLStreamException e) {
            throw new IllegalArgumentException("Can't create instance of XMLStreamReader", e);
        }
    }

    @SuppressFBWarnings(value = {"XXE_XMLSTREAMREADER"}, justification = "The reader is secured in the called method")
    public XMLEventReader createXmlEventReader(Reader reader) {
        try {
            return createSecureInputFactory().createXMLEventReader(reader);
        } catch (XMLStreamException e) {
            throw new IllegalArgumentException("Can't create instance of XMLEventReader", e);
        }
    }

    private XMLInputFactory createSecureInputFactory() {
        XMLInputFactory createXmlInputFactory = createXmlInputFactory();
        createXmlInputFactory.setProperty("javax.xml.stream.supportDTD", false);
        createXmlInputFactory.setProperty(SUPPORTING_EXTERNAL_ENTITIES, false);
        return createXmlInputFactory;
    }

    @VisibleForTesting
    XMLInputFactory createXmlInputFactory() {
        return XMLInputFactory.newInstance();
    }

    @SuppressFBWarnings(value = {"XXE_SAXPARSER"}, justification = "The parser is secured in the called method")
    public void parse(Reader reader, Charset charset, DefaultHandler defaultHandler) {
        try {
            createSaxParser().parse(createInputSource(reader, charset), defaultHandler);
        } catch (IOException | SAXException e) {
            throw new ParsingException(e);
        }
    }

    @SuppressFBWarnings(value = {"XXE_DOCUMENT"}, justification = "The parser is secured in the called method")
    public Document readDocument(Reader reader, Charset charset) {
        try {
            return createDocumentBuilder().parse(createInputSource(reader, charset));
        } catch (IOException | SAXException e) {
            throw new ParsingException(e);
        }
    }

    private InputSource createInputSource(Reader reader, Charset charset) throws IOException {
        return new InputSource((InputStream) ReaderInputStream.builder().setReader(reader).setCharset(charset).get());
    }

    @SuppressFBWarnings(value = {"XXE_DTD_TRANSFORM_FACTORY", "XXE_XSLT_TRANSFORM_FACTORY"}, justification = "The transformer is secured in the called method")
    public Transformer createTransformer() {
        try {
            TransformerFactory createTransformerFactory = createTransformerFactory();
            clearAttributes(createTransformerFactory);
            return createTransformerFactory.newTransformer();
        } catch (TransformerConfigurationException e) {
            throw new IllegalArgumentException("Can't create instance of Transformer", e);
        }
    }

    @SuppressFBWarnings(value = {"XXE_DTD_TRANSFORM_FACTORY", "XXE_XSLT_TRANSFORM_FACTORY"}, justification = "The transformer is secured in the called method")
    @VisibleForTesting
    TransformerFactory createTransformerFactory() {
        return TransformerFactory.newInstance();
    }
}
