package io.gravitee.policy.threatprotection.xml;

import com.ctc.wstx.stax.WstxInputFactory;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import io.gravitee.common.http.MediaType;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.buffer.Buffer;
import io.gravitee.gateway.api.stream.BufferedReadWriteStream;
import io.gravitee.gateway.api.stream.ReadWriteStream;
import io.gravitee.gateway.api.stream.SimpleReadWriteStream;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyConfiguration;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequestContent;
import java.io.InputStream;
import java.io.StringReader;
import java.time.Duration;
import java.util.Collections;
import java.util.concurrent.ExecutionException;
import java.util.regex.Pattern;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLResolver;
import javax.xml.stream.XMLStreamException;

/* loaded from: input_file:io/gravitee/policy/threatprotection/xml/XmlThreatProtectionPolicy.class */
public class XmlThreatProtectionPolicy {
    private static final String SERVER_ERROR = "Server error";
    private static final String BAD_REQUEST = "Bad Request";
    private static final String XML_THREAT_DETECTED_KEY = "XML_THREAT_DETECTED";
    private static final String XML_THREAT_MAX_ATTRIBUTES_KEY = "XML_THREAT_MAX_ATTRIBUTES";
    private static final String XML_THREAT_MAX_ATTRIBUTE_VALUE_LENGTH_KEY = "XML_THREAT_MAX_ATTRIBUTE_VALUE_LENGTH";
    private static final String XML_THREAT_MAX_ELEMENTS_KEY = "XML_THREAT_MAX_ELEMENTS";
    private static final String XML_THREAT_MAX_ENTITIES_KEY = "XML_THREAT_MAX_ENTITIES";
    private static final String XML_THREAT_MAX_DEPTH_KEY = "XML_THREAT_MAX_DEPTH";
    private static final String XML_THREAT_MAX_ENTITY_DEPTH_KEY = "XML_THREAT_MAX_ENTITY_DEPTH";
    private static final String XML_THREAT_MAX_CHILD_ELEMENTS_KEY = "XML_THREAT_MAX_CHILD_ELEMENTS";
    private static final String XML_THREAT_MAX_LENGTH_KEY = "XML_THREAT_MAX_LENGTH";
    private static final String XML_THREAT_MAX_TEXT_VALUE_LENGTH_KEY = "XML_THREAT_MAX_TEXT_VALUE_LENGTH";
    private static final String XML_THREAT_EXTERNAL_ENTITY_FORBIDDEN_KEY = "XML_THREAT_EXTERNAL_ENTITY_FORBIDDEN";
    private static final int CACHE_EXPIRATION_HOURS = 1;
    private static final int CACHE_MAXIMUM_SIZE = 1000;
    private final XmlThreatProtectionPolicyConfiguration configuration;
    private static final Pattern EXCEPTION_PATTERN_MAX_ATTRIBUTES = Pattern.compile(".*Attribute limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_ATTRIBUTE_VALUE_LENGTH = Pattern.compile(".*Maximum attribute size limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_ELEMENTS = Pattern.compile(".*Maximum Element Count limit \\(\\d+\\) Exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_ENTITIES = Pattern.compile(".*Maximum entity expansion count limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_DEPTH = Pattern.compile(".*Maximum Element Depth limit \\(\\d*\\) Exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_ENTITY_DEPTH = Pattern.compile(".*Maximum entity expansion depth limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_CHILD_ELEMENTS = Pattern.compile(".*Maximum Number of Child Elements limit \\(\\d+\\) Exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_LENGTH = Pattern.compile(".*Maximum document characters limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_MAX_TEXT_VALUE_LENGTH = Pattern.compile(".*Text size limit \\(\\d+\\) exceeded.*", 2);
    private static final Pattern EXCEPTION_PATTERN_EXTERNAL_ENTITY_FORBIDDEN = Pattern.compile(".*Encountered a reference to external entity .* but stream reader has feature \"javax\\.xml\\.stream\\.isSupportingExternalEntities\" disabled.*", 34);
    private static final Cache<PolicyConfiguration, XMLInputFactory> factories = CacheBuilder.newBuilder().maximumSize(1000).expireAfterAccess(Duration.ofHours(1)).build();

    public XmlThreatProtectionPolicy(XmlThreatProtectionPolicyConfiguration xmlThreatProtectionPolicyConfiguration) {
        this.configuration = xmlThreatProtectionPolicyConfiguration;
    }

    private XMLInputFactory getXmlFactory() throws RuntimeException {
        try {
            return (XMLInputFactory) factories.get(this.configuration, () -> {
                WstxInputFactory wstxInputFactory = new WstxInputFactory();
                wstxInputFactory.setXMLResolver(new XMLResolver() { // from class: io.gravitee.policy.threatprotection.xml.XmlThreatProtectionPolicy.1
                    public Object resolveEntity(String str, String str2, String str3, String str4) throws XMLStreamException {
                        return InputStream.nullInputStream();
                    }
                });
                wstxInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", Boolean.valueOf(this.configuration.isAllowExternalEntities()));
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxAttributeSize", this.configuration.getMaxAttributeValueLength());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxTextLength", this.configuration.getMaxTextValueLength());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxAttributesPerElement", this.configuration.getMaxAttributesPerElement());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxChildrenPerElement", this.configuration.getMaxChildrenPerElement());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxElementCount", this.configuration.getMaxElements());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxElementDepth", this.configuration.getMaxDepth());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxEntityCount", this.configuration.getMaxEntities());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxEntityDepth", this.configuration.getMaxEntityDepth());
                setXmlFactoryProperty(wstxInputFactory, "com.ctc.wstx.maxCharacters", this.configuration.getMaxLength());
                return wstxInputFactory;
            });
        } catch (ExecutionException e) {
            throw new RuntimeException(e);
        }
    }

    @OnRequestContent
    public ReadWriteStream<Buffer> onRequestContent(Request request, final PolicyChain policyChain) {
        if (request.headers().getOrDefault("Content-Type", Collections.emptyList()).stream().anyMatch(str -> {
            return str.endsWith(MediaType.MEDIA_TEXT_XML.getSubtype());
        })) {
            return new BufferedReadWriteStream() { // from class: io.gravitee.policy.threatprotection.xml.XmlThreatProtectionPolicy.2
                final Buffer buffer = Buffer.buffer();

                /* renamed from: write, reason: merged with bridge method [inline-methods] */
                public SimpleReadWriteStream<Buffer> m1write(Buffer buffer) {
                    this.buffer.appendBuffer(buffer);
                    return this;
                }

                public void end() {
                    try {
                        XmlThreatProtectionPolicy.this.validateXml(this.buffer.toString());
                        if (this.buffer.length() > 0) {
                            super.write(this.buffer);
                        }
                        super.end();
                    } catch (XmlException e) {
                        policyChain.streamFailWith(PolicyResult.failure(e.getKey(), 400, XmlThreatProtectionPolicy.BAD_REQUEST, "text/plain"));
                    } catch (Exception e2) {
                        policyChain.streamFailWith(PolicyResult.failure(500, XmlThreatProtectionPolicy.SERVER_ERROR, "text/plain"));
                    }
                }
            };
        }
        return null;
    }

    private void validateXml(String str) throws XmlException {
        XMLEventReader xMLEventReader = null;
        try {
            try {
                xMLEventReader = getXmlFactory().createXMLEventReader(new StringReader(str));
                while (xMLEventReader.hasNext()) {
                    xMLEventReader.nextEvent();
                }
                if (xMLEventReader != null) {
                    try {
                        xMLEventReader.close();
                    } catch (Exception e) {
                    }
                }
            } catch (XMLStreamException e2) {
                throw convert(e2);
            }
        } catch (Throwable th) {
            if (xMLEventReader != null) {
                try {
                    xMLEventReader.close();
                } catch (Exception e3) {
                }
            }
            throw th;
        }
    }

    private void setXmlFactoryProperty(XMLInputFactory xMLInputFactory, String str, Integer num) {
        if (num == null || num.intValue() < 0) {
            xMLInputFactory.setProperty(str, Integer.MAX_VALUE);
        } else {
            xMLInputFactory.setProperty(str, num);
        }
    }

    private static XmlException convert(XMLStreamException xMLStreamException) {
        return EXCEPTION_PATTERN_MAX_LENGTH.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_LENGTH_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_TEXT_VALUE_LENGTH.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_TEXT_VALUE_LENGTH_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_ATTRIBUTES.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_ATTRIBUTES_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_ATTRIBUTE_VALUE_LENGTH.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_ATTRIBUTE_VALUE_LENGTH_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_ELEMENTS.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_ELEMENTS_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_ENTITIES.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_ENTITIES_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_DEPTH.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_DEPTH_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_ENTITY_DEPTH.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_ENTITY_DEPTH_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_MAX_CHILD_ELEMENTS.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_MAX_CHILD_ELEMENTS_KEY, xMLStreamException.getMessage()) : EXCEPTION_PATTERN_EXTERNAL_ENTITY_FORBIDDEN.matcher(xMLStreamException.getMessage()).matches() ? new XmlException(XML_THREAT_EXTERNAL_ENTITY_FORBIDDEN_KEY, xMLStreamException.getMessage()) : new XmlException(XML_THREAT_DETECTED_KEY, xMLStreamException.getMessage());
    }
}
