package edu.hm.hafner.analysis;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.nio.charset.Charset;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParser;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.apache.commons.io.input.ReaderInputStream;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:edu/hm/hafner/analysis/SecureXmlParserFactory.class */
public class SecureXmlParserFactory {
    private static final String[] ENABLED_PROPERTIES = {"http://javax.xml.XMLConstants/feature/secure-processing"};
    private static final String[] DISABLED_PROPERTIES = {"http://xml.org/sax/features/external-general-entities", "http://xml.org/sax/features/external-parameter-entities", "http://xml.org/sax/features/resolve-dtd-uris", "http://xml.org/sax/features/use-entity-resolver2", "http://apache.org/xml/features/dom/create-entity-ref-nodes", "http://apache.org/xml/features/nonvalidating/load-dtd-grammar", "http://apache.org/xml/features/nonvalidating/load-external-dtd"};

    public DocumentBuilder createDocumentBuilder() {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setXIncludeAware(false);
            newInstance.setExpandEntityReferences(false);
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
            for (String str : ENABLED_PROPERTIES) {
                try {
                    newInstance.setFeature(str, true);
                } catch (ParserConfigurationException e) {
                }
            }
            for (String str2 : DISABLED_PROPERTIES) {
                try {
                    newInstance.setFeature(str2, false);
                } catch (ParserConfigurationException e2) {
                }
            }
            return newInstance.newDocumentBuilder();
        } catch (ParserConfigurationException e3) {
            throw new IllegalArgumentException("Can't create instance of DocumentBuilder", e3);
        }
    }

    public SAXParser createSaxParser() {
        try {
            SAXParserFactory newInstance = SAXParserFactory.newInstance();
            configureSaxParserFactory(newInstance);
            return newInstance.newSAXParser();
        } catch (ParserConfigurationException | SAXException e) {
            throw new IllegalArgumentException("Can't create instance of SAXParser", e);
        }
    }

    public void configureSaxParserFactory(SAXParserFactory sAXParserFactory) {
        sAXParserFactory.setValidating(false);
        sAXParserFactory.setXIncludeAware(false);
        for (String str : ENABLED_PROPERTIES) {
            try {
                sAXParserFactory.setFeature(str, true);
            } catch (ParserConfigurationException | SAXException e) {
            }
        }
        for (String str2 : DISABLED_PROPERTIES) {
            try {
                sAXParserFactory.setFeature(str2, false);
            } catch (ParserConfigurationException | SAXException e2) {
            }
        }
    }

    public XMLStreamReader createXmlStreamReader(Reader reader) {
        try {
            XMLInputFactory newInstance = XMLInputFactory.newInstance();
            newInstance.setProperty("javax.xml.stream.supportDTD", false);
            newInstance.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
            return newInstance.createXMLStreamReader(reader);
        } catch (XMLStreamException e) {
            throw new IllegalArgumentException("Can't create instance of XMLStreamReader", e);
        }
    }

    @SuppressFBWarnings(value = {"XXE_SAXPARSER"}, justification = "The parser is secured in the called method")
    public void parse(Reader reader, Charset charset, DefaultHandler defaultHandler) {
        try {
            createSaxParser().parse(createInputSource(reader, charset), defaultHandler);
        } catch (IOException | SAXException e) {
            throw new ParsingException(e);
        }
    }

    @SuppressFBWarnings(value = {"XXE_DOCUMENT"}, justification = "The parser is secured in the called method")
    public Document readDocument(Reader reader, Charset charset) {
        try {
            return createDocumentBuilder().parse(createInputSource(reader, charset));
        } catch (IOException | SAXException e) {
            throw new ParsingException(e);
        }
    }

    private InputSource createInputSource(Reader reader, Charset charset) {
        return new InputSource((InputStream) new ReaderInputStream(reader, charset));
    }
}
