package de.bos_bremen.gov2.server.filter;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.Characters;
import javax.xml.stream.events.EndElement;
import javax.xml.stream.events.StartElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:de/bos_bremen/gov2/server/filter/XMLAttackFinder.class */
public class XMLAttackFinder implements AnalyzingHandler {
    private boolean started;
    private static final String REGEX_SAFE_XPATH = "/[a-z|A-Z][a-z|A_Z|_|0-9]*(/[a-z|A-Z][a-z|A_Z|_|0-9]*\\[[1-9][0-9]*\\])*";
    private static final Log LOG = LogFactory.getLog(XMLAttackFinder.class);
    private static final QName REFERENCE = new QName("http://www.w3.org/2000/09/xmldsig#", "Reference");
    private final Map<String, String> xPathById = new HashMap();
    private final Map<String, QName> qNameByXPath = new HashMap();
    private final Set<String> knownIds = new HashSet();
    private final Set<String> coveredRefs = new HashSet();
    private final List<String> requiredSignedElements = new ArrayList();
    private final List<String> xPathSearchedForSignature = new ArrayList();
    private boolean rejectDuplicateQNames = false;
    private boolean strictIdAttribute = false;

    public void addRequiredSignedElement(String str) {
        this.requiredSignedElements.add(str);
    }

    public void addXpathSearchedForSignature(String str) {
        this.xPathSearchedForSignature.add(str);
    }

    public void setStrictIdAttribute(boolean z) {
        this.strictIdAttribute = z;
    }

    public void setRejectDuplicateQNames(boolean z) {
        this.rejectDuplicateQNames = z;
    }

    @Override // de.bos_bremen.gov2.server.filter.AnalyzingHandler
    public void startDocument() throws XMLAttackException {
        if (this.started) {
            throw new XMLAttackException("document starts twice");
        }
        this.started = true;
    }

    @Override // de.bos_bremen.gov2.server.filter.AnalyzingHandler
    public void startElement(StartElement startElement, String str) throws XMLAttackException {
        LOG.debug("reading " + str);
        this.qNameByXPath.put(str, startElement.getName());
        boolean isCheckedSignaturesReference = isCheckedSignaturesReference(str, startElement.getName());
        String str2 = null;
        Iterator attributes = startElement.getAttributes();
        while (attributes.hasNext()) {
            Attribute attribute = (Attribute) attributes.next();
            String localPart = attribute.getName().getLocalPart();
            if (!this.strictIdAttribute ? "id".equalsIgnoreCase(localPart) : "id".equals(localPart)) {
                String value = attribute.getValue();
                if (this.knownIds.contains(value)) {
                    throw new XMLAttackException("found two elements with id " + value);
                }
                this.xPathById.put(value, str);
            }
            if ("URI".equals(localPart) && isCheckedSignaturesReference) {
                if (str2 != null) {
                    throw new XMLAttackException("potential fraud detected: reference has more than one URI attribute");
                }
                str2 = attribute.getValue();
            }
        }
        if (str2 != null) {
            handleSignatureReferenceUri(str2);
        }
    }

    private boolean isCheckedSignaturesReference(String str, QName qName) {
        if (!REFERENCE.equals(qName)) {
            return false;
        }
        String replaceAll = str.replaceAll("\\[[0-9]*\\]", "");
        for (String str2 : this.xPathSearchedForSignature) {
            if (str.startsWith(str2) || replaceAll.startsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    private void handleSignatureReferenceUri(String str) throws XMLAttackException {
        if (str.charAt(0) == '#') {
            this.coveredRefs.add(str.substring(1));
        } else {
            if (!str.matches(REGEX_SAFE_XPATH)) {
                throw new XMLAttackException("insecure reference value found: " + str);
            }
            this.coveredRefs.add(str);
        }
    }

    @Override // de.bos_bremen.gov2.server.filter.AnalyzingHandler
    public void endElement(EndElement endElement) {
    }

    @Override // de.bos_bremen.gov2.server.filter.AnalyzingHandler
    public void endDocument() throws XMLAttackException {
        LOG.debug("document end reached");
        ArrayList<String> arrayList = new ArrayList();
        for (String str : this.coveredRefs) {
            String str2 = this.xPathById.get(str);
            arrayList.add(str2 == null ? str : str2);
        }
        for (String str3 : arrayList) {
            ArrayList arrayList2 = new ArrayList();
            for (String str4 : this.requiredSignedElements) {
                if (str4.startsWith(str3)) {
                    arrayList2.add(str4);
                }
            }
            this.requiredSignedElements.removeAll(arrayList2);
        }
        if (!this.requiredSignedElements.isEmpty()) {
            throw new XMLAttackException("potential fraud detected: element " + this.requiredSignedElements.get(0) + " not under a signature");
        }
        if (this.rejectDuplicateQNames) {
            HashSet hashSet = new HashSet();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                hashSet.add(this.qNameByXPath.remove((String) it.next()));
            }
            HashSet hashSet2 = new HashSet(this.qNameByXPath.values());
            hashSet2.retainAll(hashSet);
            if (!hashSet2.isEmpty()) {
                throw new XMLAttackException("potential fraud detected: signed and unsigned element " + hashSet2.iterator().next());
            }
        }
        LOG.debug("document passed as OK");
    }

    @Override // de.bos_bremen.gov2.server.filter.AnalyzingHandler
    public void characters(Characters characters) {
    }
}
