package de.governikus.utils.secutils;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.validation.SchemaFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;

/* loaded from: input_file:de/governikus/utils/secutils/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityUtils.class);
    private static final XMLInputFactory XML_INPUT_FACTORY = XMLInputFactory.newInstance();
    private static final Map<String, Boolean> DOCUMENT_BUILDER_FACTORY_FEATURES = new HashMap();
    private static final Map<String, Object> DOCUMENT_BUILDER_FACTORY_ATTRIBUTES = new HashMap();
    private static final Map<String, Boolean> SAX_PARSER_FACTORY_FEATURES = new HashMap();
    private static final Map<String, Boolean> TRANSFORMER_FACTORY_FEATURES = new HashMap();
    private static final Map<String, Object> TRANSFORMER_FACTORY_ATTRIBUTES = new HashMap();
    private static final Map<String, Object> SCHEMA_FACTORY_PROPERTIES = new HashMap();
    private static final Map<String, Object> XML_INPUT_FACTORY_PROPERTIES = new HashMap();

    public static void protectFactoryAgainstXXE(DocumentBuilderFactory documentBuilderFactory) {
        protectDocumentBuilderFactory(documentBuilderFactory);
    }

    public static void protectFactoryAgainstXXE(SAXParserFactory sAXParserFactory) {
        protectSaxParserFactory(sAXParserFactory);
    }

    public static void protectFactoryAgainstXXE(TransformerFactory transformerFactory) {
        protectTransformerFactory(transformerFactory);
    }

    public static void protectFactoryAgainstXXE(SchemaFactory schemaFactory) {
        protectSchemaFactory(schemaFactory);
    }

    public static void protectFactoryAgainstXXE(XMLInputFactory xMLInputFactory) {
        protectXmlInputFactory(xMLInputFactory);
    }

    public static XMLStreamReader protectFileAgainstXXE(File file) throws IOException, XMLStreamException {
        if (file == null) {
            return null;
        }
        return XML_INPUT_FACTORY.createXMLStreamReader(new FileInputStream(file));
    }

    public static File createSecurePathname(String str) throws IOException {
        if (str == null) {
            return null;
        }
        return createSecurePathname(new File("."), str);
    }

    public static File createSecurePathname(File file, String str) throws IOException {
        if (file == null || str == null) {
            return null;
        }
        File canonicalFile = new File(file, str).getCanonicalFile();
        if (isChildFileEntryOf(file, canonicalFile)) {
            return canonicalFile;
        }
        throw new IOException("Potential path-slip attack detected");
    }

    public static boolean isChildFileEntryOf(File file, File file2) throws IOException {
        if (file == null || file2 == null) {
            return false;
        }
        File canonicalFile = file2.getCanonicalFile();
        File canonicalFile2 = file.getCanonicalFile();
        do {
            File parentFile = canonicalFile.getParentFile();
            canonicalFile = parentFile;
            if (parentFile == null) {
                return false;
            }
        } while (!canonicalFile.equals(canonicalFile2));
        return true;
    }

    private static void protectXmlInputFactory(XMLInputFactory xMLInputFactory) {
        if (xMLInputFactory == null) {
            return;
        }
        for (Map.Entry<String, Object> entry : XML_INPUT_FACTORY_PROPERTIES.entrySet()) {
            try {
                xMLInputFactory.setProperty(entry.getKey(), entry.getValue());
            } catch (IllegalArgumentException e) {
                LOGGER.warn("Cannot set property '" + entry.getKey() + "' to protect XMLInputFactory '" + xMLInputFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
    }

    private static void protectSchemaFactory(SchemaFactory schemaFactory) {
        if (schemaFactory == null) {
            return;
        }
        for (Map.Entry<String, Object> entry : SCHEMA_FACTORY_PROPERTIES.entrySet()) {
            try {
                schemaFactory.setProperty(entry.getKey(), entry.getValue());
            } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
                LOGGER.warn("Cannot set property '" + entry.getKey() + "' to protect SchemaFactory '" + schemaFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
    }

    private static void protectTransformerFactory(TransformerFactory transformerFactory) {
        if (transformerFactory == null) {
            return;
        }
        for (Map.Entry<String, Boolean> entry : TRANSFORMER_FACTORY_FEATURES.entrySet()) {
            try {
                transformerFactory.setFeature(entry.getKey(), entry.getValue().booleanValue());
            } catch (TransformerConfigurationException e) {
                LOGGER.warn("Cannot set feature '" + entry.getKey() + "' to protect TransformerFactory '" + transformerFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
        for (Map.Entry<String, Object> entry2 : TRANSFORMER_FACTORY_ATTRIBUTES.entrySet()) {
            try {
                transformerFactory.setAttribute(entry2.getKey(), entry2.getValue());
            } catch (IllegalArgumentException e2) {
                LOGGER.warn("Cannot set attribute '" + entry2.getKey() + "' to protect TransformerFactory '" + transformerFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
    }

    private static void protectSaxParserFactory(SAXParserFactory sAXParserFactory) {
        if (sAXParserFactory == null) {
            return;
        }
        for (Map.Entry<String, Boolean> entry : SAX_PARSER_FACTORY_FEATURES.entrySet()) {
            try {
                sAXParserFactory.setFeature(entry.getKey(), entry.getValue().booleanValue());
            } catch (ParserConfigurationException | SAXNotRecognizedException | SAXNotSupportedException e) {
                LOGGER.warn("Cannot set feature '" + entry.getKey() + "' to protect SAXParserFactory '" + sAXParserFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
        sAXParserFactory.setXIncludeAware(false);
    }

    private static void protectDocumentBuilderFactory(DocumentBuilderFactory documentBuilderFactory) {
        if (documentBuilderFactory == null) {
            return;
        }
        for (Map.Entry<String, Boolean> entry : DOCUMENT_BUILDER_FACTORY_FEATURES.entrySet()) {
            try {
                documentBuilderFactory.setFeature(entry.getKey(), entry.getValue().booleanValue());
            } catch (ParserConfigurationException e) {
                LOGGER.warn("Cannot set feature '" + entry.getKey() + "' to protect DocumentBuilderFactory '" + documentBuilderFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
        for (Map.Entry<String, Object> entry2 : DOCUMENT_BUILDER_FACTORY_ATTRIBUTES.entrySet()) {
            try {
                documentBuilderFactory.setAttribute(entry2.getKey(), entry2.getValue());
            } catch (IllegalArgumentException e2) {
                LOGGER.warn("Cannot set attribute '" + entry2.getKey() + "' to protect DocumentBuilderFactory '" + documentBuilderFactory.getClass().getName() + "' against XXE attacks!");
            }
        }
        documentBuilderFactory.setXIncludeAware(false);
        documentBuilderFactory.setExpandEntityReferences(false);
    }

    static {
        DOCUMENT_BUILDER_FACTORY_FEATURES.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        DOCUMENT_BUILDER_FACTORY_FEATURES.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.FALSE);
        DOCUMENT_BUILDER_FACTORY_FEATURES.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        DOCUMENT_BUILDER_FACTORY_FEATURES.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        DOCUMENT_BUILDER_FACTORY_FEATURES.put("http://apache.org/xml/features/nonvalidating/load-external-dtd", Boolean.FALSE);
        DOCUMENT_BUILDER_FACTORY_ATTRIBUTES.put("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
        DOCUMENT_BUILDER_FACTORY_ATTRIBUTES.put("http://javax.xml.XMLConstants/property/accessExternalSchema", "");
        SAX_PARSER_FACTORY_FEATURES.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        SAX_PARSER_FACTORY_FEATURES.put("http://apache.org/xml/features/disallow-doctype-decl", Boolean.TRUE);
        SAX_PARSER_FACTORY_FEATURES.put("http://xml.org/sax/features/external-general-entities", Boolean.FALSE);
        SAX_PARSER_FACTORY_FEATURES.put("http://xml.org/sax/features/external-parameter-entities", Boolean.FALSE);
        SAX_PARSER_FACTORY_FEATURES.put("http://apache.org/xml/features/nonvalidating/load-external-dtd", Boolean.FALSE);
        TRANSFORMER_FACTORY_FEATURES.put("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        SCHEMA_FACTORY_PROPERTIES.put("http://javax.xml.XMLConstants/property/accessExternalDTD", "");
        SCHEMA_FACTORY_PROPERTIES.put("http://javax.xml.XMLConstants/property/accessExternalSchema", "all");
        XML_INPUT_FACTORY_PROPERTIES.put("javax.xml.stream.supportDTD", Boolean.FALSE);
        XML_INPUT_FACTORY_PROPERTIES.put("javax.xml.stream.isSupportingExternalEntities", Boolean.FALSE);
        protectXmlInputFactory(XML_INPUT_FACTORY);
    }
}
