package org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer;

import com.ctc.wstx.stax.WstxInputFactory;
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.apimgt.ballerina.threatprotection.APIMThreatAnalyzerException;
import org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.JSONConfig;
import org.wso2.carbon.apimgt.ballerina.threatprotection.configurations.XMLConfig;

/* loaded from: input_file:org/wso2/carbon/apimgt/ballerina/threatprotection/analyzer/XMLAnalyzer.class */
public class XMLAnalyzer implements APIMThreatAnalyzer {
    private static final String XML_THREAT_PROTECTION_MSG_PREFIX = "Threat Protection-XML: ";
    private XMLConfig config;
    private Logger log = LoggerFactory.getLogger(XMLAnalyzer.class);
    private XMLInputFactory factory = WstxInputFactory.newInstance();

    @Override // org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer
    public void configure(XMLConfig xMLConfig) {
        this.config = xMLConfig;
        boolean isDtdEnabled = xMLConfig.isDtdEnabled();
        boolean isExternalEntitiesEnabled = xMLConfig.isExternalEntitiesEnabled();
        int maxDepth = xMLConfig.getMaxDepth();
        int maxElementCount = xMLConfig.getMaxElementCount();
        int maxAttributeCount = xMLConfig.getMaxAttributeCount();
        int maxAttributeLength = xMLConfig.getMaxAttributeLength();
        int entityExpansionLimit = xMLConfig.getEntityExpansionLimit();
        int maxChildrenPerElement = xMLConfig.getMaxChildrenPerElement();
        this.factory.setProperty("javax.xml.stream.supportDTD", Boolean.valueOf(isDtdEnabled));
        this.factory.setProperty("javax.xml.stream.isSupportingExternalEntities", Boolean.valueOf(isExternalEntitiesEnabled));
        this.factory.setProperty("com.ctc.wstx.maxAttributeSize", Integer.valueOf(maxAttributeLength));
        this.factory.setProperty("com.ctc.wstx.maxAttributesPerElement", Integer.valueOf(maxAttributeCount));
        this.factory.setProperty("com.ctc.wstx.maxElementDepth", Integer.valueOf(maxDepth));
        this.factory.setProperty("com.ctc.wstx.maxChildrenPerElement", Integer.valueOf(maxChildrenPerElement));
        this.factory.setProperty("com.ctc.wstx.maxEntityCount", Integer.valueOf(entityExpansionLimit));
        this.factory.setProperty("com.ctc.wstx.maxElementCount", Integer.valueOf(maxElementCount));
    }

    @Override // org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer
    public void configure(JSONConfig jSONConfig) {
        throw new UnsupportedOperationException("This method is not supported on this instance");
    }

    @Override // org.wso2.carbon.apimgt.ballerina.threatprotection.analyzer.APIMThreatAnalyzer
    public void analyze(String str, String str2) throws APIMThreatAnalyzerException {
        Reader reader = null;
        XMLStreamReader xMLStreamReader = null;
        try {
            try {
                StringReader stringReader = new StringReader(str);
                XMLStreamReader createXMLStreamReader = this.factory.createXMLStreamReader(stringReader);
                while (createXMLStreamReader.hasNext()) {
                    if (createXMLStreamReader.next() == 1) {
                        int attributeCount = createXMLStreamReader.getAttributeCount();
                        if (attributeCount > this.config.getMaxAttributeCount()) {
                            throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - XML Validation Failed: Maximum attribute limit reached.");
                        }
                        for (int i = 0; i < attributeCount; i++) {
                            if (createXMLStreamReader.getAttributeValue(i).length() > this.config.getMaxAttributeLength()) {
                                throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - XML Validation Failed: Maximum attribute length reached.");
                            }
                        }
                    }
                }
                if (createXMLStreamReader != null) {
                    try {
                        createXMLStreamReader.close();
                    } catch (XMLStreamException e) {
                        this.log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - Failed to close XMLEventReader", e);
                        return;
                    } catch (IOException e2) {
                        this.log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - Failed to close payload StringReader", e2);
                        return;
                    }
                }
                if (stringReader != null) {
                    stringReader.close();
                }
            } catch (XMLStreamException e3) {
                this.log.error(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - XML Validation Failed: " + e3.getMessage(), e3);
                throw new APIMThreatAnalyzerException(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - XML Validation Failed: " + e3.getMessage(), e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    xMLStreamReader.close();
                } catch (XMLStreamException e4) {
                    this.log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - Failed to close XMLEventReader", e4);
                    throw th;
                } catch (IOException e5) {
                    this.log.warn(XML_THREAT_PROTECTION_MSG_PREFIX + str2 + " - Failed to close payload StringReader", e5);
                    throw th;
                }
            }
            if (0 != 0) {
                reader.close();
            }
            throw th;
        }
    }
}
