package org.wso2.ei.dataservice.integration.test.jira.issues;

import java.rmi.RemoteException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.testng.Assert;
import org.testng.annotations.AfterClass;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;
import org.wso2.carbon.integration.common.admin.client.NDataSourceAdminServiceClient;
import org.wso2.carbon.ndatasource.ui.stub.core.services.xsd.WSDataSourceMetaInfo;
import org.wso2.carbon.ndatasource.ui.stub.core.services.xsd.WSDataSourceMetaInfo_WSDataSourceDefinition;
import org.wso2.ei.dataservice.integration.test.DSSIntegrationTest;

/* loaded from: input_file:org/wso2/ei/dataservice/integration/test/jira/issues/CARBON15379XMLExternalEntityAttacksTestCase.class */
public class CARBON15379XMLExternalEntityAttacksTestCase extends DSSIntegrationTest {
    private static final Log log = LogFactory.getLog(CARBON15379XMLExternalEntityAttacksTestCase.class);
    private String xmlWithAttack = "<!DOCTYPE acunetix [  <!ENTITY sampleVal SYSTEM \"file:///sample/sample\">]><configuration><url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url><username>&sampleVal;</username><password>wso2carbon</password><driverClassName>org.h2.Driver</driverClassName><maxActive>50</maxActive><maxWait>60000</maxWait><testOnBorrow>true</testOnBorrow><validationQuery>SELECT 1</validationQuery><validationInterval>30000</validationInterval></configuration>";
    private String xmlWithoutAttack = "<configuration><url>jdbc:h2:repository/database/WSO2CARBON_DB;DB_CLOSE_ON_EXIT=FALSE;LOCK_TIMEOUT=60000</url><username>wso2carbon</username><password>wso2carbon</password><driverClassName>org.h2.Driver</driverClassName><maxActive>50</maxActive><maxWait>60000</maxWait><testOnBorrow>true</testOnBorrow><validationQuery>SELECT 1</validationQuery><validationInterval>30000</validationInterval></configuration>";

    @BeforeClass(alwaysRun = true)
    public void serviceDeployment() throws Exception {
        super.init();
    }

    @Test(groups = {"wso2.dss"}, description = "Do XML External entity attack on ndatasource admin service test datasource method and see whether it rejects the requests", alwaysRun = true)
    public void xmlExternalEntityAttackOnTestDataSourceTest() throws Exception {
        NDataSourceAdminServiceClient nDataSourceAdminServiceClient = new NDataSourceAdminServiceClient(this.dssContext.getContextUrls().getBackEndUrl(), this.sessionCookie);
        Assert.assertTrue(nDataSourceAdminServiceClient.testDataSourceConnection(createWSDataSourceMetaInfo("TestDatasource1", this.xmlWithoutAttack, "RDBMS")), "Data Source connection should be successful, but failed");
        try {
            nDataSourceAdminServiceClient.testDataSourceConnection(createWSDataSourceMetaInfo("TestDatasource2", this.xmlWithAttack, "RDBMS"));
            Assert.fail("test Data source connection shouldn't be successful, but it was successful");
        } catch (Exception e) {
        } catch (RemoteException e2) {
        }
    }

    @Test(groups = {"wso2.dss"}, description = "Do XML External entity attack on ndatasource admin service add datasource call and see whether it rejects the requests", alwaysRun = true)
    public void xmlExternalEntityAttackOnAddDataSourceTest() throws Exception {
        NDataSourceAdminServiceClient nDataSourceAdminServiceClient = new NDataSourceAdminServiceClient(this.dssContext.getContextUrls().getBackEndUrl(), this.sessionCookie);
        try {
            nDataSourceAdminServiceClient.addDataSource(createWSDataSourceMetaInfo("TestDatasource3", this.xmlWithoutAttack, "RDBMS"));
        } catch (Exception e) {
            Assert.fail("Adding datasource with correct XML should have been successful, Error - " + e.getMessage());
        } catch (RemoteException e2) {
            Assert.fail("Adding datasource with correct XML should have been successful, Error - " + e2.getMessage());
        }
        try {
            nDataSourceAdminServiceClient.addDataSource(createWSDataSourceMetaInfo("TestDatasource4", this.xmlWithAttack, "RDBMS"));
        } catch (Exception e3) {
        } catch (RemoteException e4) {
        }
    }

    @AfterClass
    public void clean() throws Exception {
        cleanup();
    }

    private static WSDataSourceMetaInfo createWSDataSourceMetaInfo(String str, String str2, String str3) throws Exception {
        WSDataSourceMetaInfo wSDataSourceMetaInfo = new WSDataSourceMetaInfo();
        wSDataSourceMetaInfo.setName(str);
        wSDataSourceMetaInfo.setSystem(false);
        wSDataSourceMetaInfo.setDefinition(createCustomDS(str2, str3));
        return wSDataSourceMetaInfo;
    }

    private static WSDataSourceMetaInfo_WSDataSourceDefinition createCustomDS(String str, String str2) {
        WSDataSourceMetaInfo_WSDataSourceDefinition wSDataSourceMetaInfo_WSDataSourceDefinition = new WSDataSourceMetaInfo_WSDataSourceDefinition();
        wSDataSourceMetaInfo_WSDataSourceDefinition.setDsXMLConfiguration(str);
        wSDataSourceMetaInfo_WSDataSourceDefinition.setType(str2);
        return wSDataSourceMetaInfo_WSDataSourceDefinition;
    }
}
