package org.hpccsystems.ws.client.security;

import java.io.File;
import java.io.IOException;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPathExpressionException;
import org.hpccsystems.ws.client.utils.Utils;
import org.junit.Assert;
import org.junit.Test;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/hpccsystems/ws/client/security/XMLParsing.class */
public class XMLParsing {
    static final String externalEntityFile = "src/test/resources/security/externalentity.xml";
    static final String xxeFile = "src/test/resources/security/xxe.xml";
    static final String localfilexxe = "src/test/resources/security/localfilexxe.xml";
    static final String millionLaughsFile = "src/test/resources/security/millionlaughs.xml";

    @Test
    public void saferXXETest() throws XPathExpressionException, ParserConfigurationException, SAXException, IOException {
        try {
            Utils.newSafeXMLDocBuilder().parse(new File(xxeFile));
            Assert.fail("SAXEception expected! Ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true");
        } catch (SAXException e) {
            Assert.assertTrue("Unexpected SAXEception message detected, ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true ", e.getMessage().equals("DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true."));
        }
    }

    @Test
    public void saferExternalentityTest() throws XPathExpressionException, ParserConfigurationException, SAXException, IOException {
        try {
            Utils.newSafeXMLDocBuilder().parse(new File(externalEntityFile));
            Assert.fail("SAXEception expected! Ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true");
        } catch (SAXException e) {
            Assert.assertTrue("Unexpected SAXEception message detected, ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true ", e.getMessage().equals("DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true."));
        }
    }

    @Test(expected = SAXException.class)
    public void unsafeMillionLaughsTest() throws IOException, ParserConfigurationException, SAXException {
        DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new File(millionLaughsFile));
        Assert.fail("Unlimited XML entity expansion detected - should explicitely avoid and modern JDK should be targeted!");
    }

    @Test
    public void noEntityExpansionTest() throws XPathExpressionException, ParserConfigurationException, SAXException, IOException {
        try {
            Utils.newSafeXMLDocBuilder().parse(new File(millionLaughsFile));
            Assert.fail("SAXEception expected! Ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true");
        } catch (SAXException e) {
            Assert.assertTrue("Unexpected SAXEception message detected, ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true ", e.getMessage().equals("DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true."));
        }
    }

    @Test
    public void saferLocalFileXXETest() throws XPathExpressionException, ParserConfigurationException, SAXException, IOException {
        try {
            Utils.newSafeXMLDocBuilder().parse(new File(localfilexxe));
            Assert.fail("SAXEception expected! Ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true");
        } catch (SAXException e) {
            Assert.assertTrue("Unexpected SAXEception message detected, ensure DOCTYPE is disallowed and the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true ", e.getMessage().equals("DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true."));
        }
    }
}
