package com.jsql.util;

import com.jsql.model.InjectionModel;
import com.jsql.model.exception.JSqlException;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.regex.Pattern;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:com/jsql/util/SoapUtil.class */
public class SoapUtil {
    private static final Logger LOGGER = Logger.getRootLogger();
    private InjectionModel injectionModel;

    public SoapUtil(InjectionModel injectionModel) {
        this.injectionModel = injectionModel;
    }

    public boolean testParameters() {
        boolean z = false;
        if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isCheckingAllSoapParam() && this.injectionModel.getMediatorUtils().getParameterUtil().isRequestSoap()) {
            try {
                Document convertToDocument = convertToDocument(this.injectionModel.getMediatorUtils().getParameterUtil().getRawRequest());
                LOGGER.trace("Parsing SOAP from Request...");
                z = injectTextNodes(convertToDocument, convertToDocument.getDocumentElement());
            } catch (Exception e) {
                LOGGER.trace("SOAP not detected");
            }
        }
        return z;
    }

    public static Document convertToDocument(String str) throws ParserConfigurationException, SAXException, IOException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", StringUtils.EMPTY);
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalSchema", StringUtils.EMPTY);
        newInstance.setAttribute("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE);
        newInstance.setExpandEntityReferences(false);
        return newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(str)));
    }

    public boolean injectTextNodes(Document document, Node node) {
        NodeList childNodes = node.getChildNodes();
        boolean z = false;
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                z = injectTextNodes(document, item);
                if (z) {
                    return true;
                }
            } else if (item.getNodeType() == 3) {
                removeInjectionPoint(document, document.getDocumentElement());
                item.setTextContent(item.getTextContent().replace(InjectionModel.STAR, StringUtils.EMPTY) + InjectionModel.STAR);
                this.injectionModel.getMediatorUtils().getParameterUtil().initializeRequest(convertDocumentToString(document));
                try {
                    LOGGER.info("Checking SOAP Request injection for " + item.getParentNode().getNodeName() + "=" + item.getTextContent().replace(InjectionModel.STAR, StringUtils.EMPTY));
                    this.injectionModel.getMediatorMethod().getRequest().testParameters();
                    return true;
                } catch (JSqlException e) {
                    LOGGER.warn("No SOAP Request injection for " + item.getParentNode().getNodeName() + "=" + item.getTextContent().replace(InjectionModel.STAR, StringUtils.EMPTY), e);
                }
            } else {
                continue;
            }
        }
        return z;
    }

    public static void removeInjectionPoint(Document document, Node node) {
        NodeList childNodes = node.getChildNodes();
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                removeInjectionPoint(document, item);
            } else if (item.getNodeType() == 3) {
                item.setTextContent(item.getTextContent().replaceAll(Pattern.quote(InjectionModel.STAR) + "*$", StringUtils.EMPTY));
            }
        }
    }

    private static String convertDocumentToString(Document document) {
        TransformerFactory newInstance = TransformerFactory.newInstance();
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalDTD", StringUtils.EMPTY);
        newInstance.setAttribute("http://javax.xml.XMLConstants/property/accessExternalStylesheet", StringUtils.EMPTY);
        String str = null;
        try {
            Transformer newTransformer = newInstance.newTransformer();
            StringWriter stringWriter = new StringWriter();
            newTransformer.transform(new DOMSource(document), new StreamResult(stringWriter));
            str = stringWriter.getBuffer().toString();
        } catch (TransformerException e) {
        }
        return str;
    }
}
