package com.predic8.membrane.core.interceptor.xmlprotection;

import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.util.Iterator;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLEventWriter;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.DTD;
import javax.xml.stream.events.StartElement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-4.8.7.jar:com/predic8/membrane/core/interceptor/xmlprotection/XMLProtector.class */
public class XMLProtector {
    private static Logger log = LoggerFactory.getLogger(XMLProtector.class.getName());
    private static XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();
    private XMLEventWriter writer;
    private final int maxAttibuteCount;
    private final int maxElementNameLength;
    private final boolean removeDTD;

    public XMLProtector(OutputStreamWriter outputStreamWriter, boolean z, int i, int i2) throws Exception {
        this.writer = XMLOutputFactory.newInstance().createXMLEventWriter(outputStreamWriter);
        this.removeDTD = z;
        this.maxElementNameLength = i;
        this.maxAttibuteCount = i2;
        if (z) {
            return;
        }
        xmlInputFactory.setProperty("javax.xml.stream.supportDTD", true);
    }

    public boolean protect(InputStreamReader inputStreamReader) {
        XMLEventReader createXMLEventReader;
        try {
            synchronized (xmlInputFactory) {
                createXMLEventReader = xmlInputFactory.createXMLEventReader(inputStreamReader);
            }
            while (createXMLEventReader.hasNext()) {
                StartElement nextEvent = createXMLEventReader.nextEvent();
                if (nextEvent.isStartElement()) {
                    StartElement startElement = nextEvent;
                    if (this.maxElementNameLength != -1 && startElement.getName().getLocalPart().length() > this.maxElementNameLength) {
                        log.warn("Element name length: Limit exceeded.");
                        return false;
                    }
                    if (this.maxAttibuteCount != -1) {
                        Iterator attributes = startElement.getAttributes();
                        int i = 0;
                        while (attributes.hasNext()) {
                            i++;
                            if (i == this.maxAttibuteCount) {
                                log.warn("Number of attributes per element: Limit exceeded.");
                                return false;
                            }
                            attributes.next();
                        }
                    }
                }
                if ((nextEvent instanceof DTD) && this.removeDTD) {
                    log.debug("removed DTD.");
                } else {
                    this.writer.add(nextEvent);
                }
            }
            this.writer.flush();
            return true;
        } catch (XMLStreamException e) {
            log.warn("Received not-wellformed XML.");
            return false;
        }
    }

    static {
        xmlInputFactory.setProperty("javax.xml.stream.isReplacingEntityReferences", false);
        xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
        xmlInputFactory.setProperty("javax.xml.stream.supportDTD", false);
    }
}
