package at.gv.egiz.slbinding;

import at.buergerkarte.namespaces.securitylayer._1_2_3.ObjectFactory;
import at.gv.egiz.bku.utils.ClasspathURLStreamHandler;
import at.gv.egiz.dom.DOMUtils;
import at.gv.egiz.validation.ReportingValidationEventHandler;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URL;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.UnmarshalException;
import javax.xml.bind.Unmarshaller;
import javax.xml.bind.ValidationEvent;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/utils-1.4.1.jar:at/gv/egiz/slbinding/SLUnmarshaller.class */
public class SLUnmarshaller {
    private final Logger log = LoggerFactory.getLogger(SLUnmarshaller.class);
    protected Schema slSchema = DefaultSchema.SCHEMA;
    protected JAXBContext jaxbContext = DefaultContext.CONTEXT;

    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/utils-1.4.1.jar:at/gv/egiz/slbinding/SLUnmarshaller$DefaultContext.class */
    private static class DefaultContext {
        private static final String[] packageNames = {ObjectFactory.class.getPackage().getName(), org.w3._2000._09.xmldsig_.ObjectFactory.class.getPackage().getName(), at.buergerkarte.namespaces.cardchannel.ObjectFactory.class.getPackage().getName(), at.buergerkarte.namespaces.securitylayer._20020225_.ObjectFactory.class.getPackage().getName(), at.buergerkarte.namespaces.securitylayer._20020831_.ObjectFactory.class.getPackage().getName()};
        private static final JAXBContext CONTEXT;

        private DefaultContext() {
        }

        static {
            try {
                CONTEXT = SLUnmarshaller.createJAXBContext(Arrays.asList(packageNames));
            } catch (JAXBException e) {
                LoggerFactory.getLogger(SLUnmarshaller.class).error("Failed to setup JAXBContext security layer request/response.", (Throwable) e);
                throw new RuntimeException(e);
            }
        }
    }

    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/utils-1.4.1.jar:at/gv/egiz/slbinding/SLUnmarshaller$DefaultSchema.class */
    private static class DefaultSchema {
        public static final String[] SCHEMA_FILES = {"classpath:at/gv/egiz/bku/slschema/xml.xsd", "classpath:at/gv/egiz/bku/slschema/xmldsig-core-schema.xsd", "classpath:at/gv/egiz/bku/slschema/Core-1.2.xsd", "classpath:at/gv/egiz/bku/slschema/Core.20020225.xsd", "classpath:at/gv/egiz/bku/slschema/Core.20020831.xsd"};
        private static final Schema SCHEMA;

        private DefaultSchema() {
        }

        static {
            try {
                SCHEMA = SLUnmarshaller.createSchema(Arrays.asList(SCHEMA_FILES));
            } catch (IOException e) {
                LoggerFactory.getLogger(SLUnmarshaller.class).error("Failed to load security layer schema.", (Throwable) e);
                throw new RuntimeException(e);
            } catch (SAXException e2) {
                LoggerFactory.getLogger(SLUnmarshaller.class).error("Failed to load security layer schema.", (Throwable) e2);
                throw new RuntimeException(e2);
            }
        }
    }

    public static Collection<String> getDefaultSchemaUrls() {
        return Collections.unmodifiableList(Arrays.asList(DefaultSchema.SCHEMA_FILES));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Schema createSchema(Collection<String> collection) throws SAXException, IOException {
        Logger logger = LoggerFactory.getLogger(SLUnmarshaller.class);
        Source[] sourceArr = new Source[collection.size()];
        Iterator<String> it = collection.iterator();
        StringBuilder sb = null;
        if (logger.isDebugEnabled()) {
            sb = new StringBuilder();
            sb.append("Created schema using URLs: ");
        }
        for (int i = 0; i < sourceArr.length && it.hasNext(); i++) {
            String next = it.next();
            if (next == null || !next.startsWith("classpath:")) {
                sourceArr[i] = new StreamSource(next);
            } else {
                sourceArr[i] = new StreamSource(new URL((URL) null, next, new ClasspathURLStreamHandler()).openStream());
            }
            if (sb != null) {
                sb.append(next);
                if (it.hasNext()) {
                    sb.append(", ");
                }
            }
        }
        Schema newSchema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(sourceArr);
        if (sb != null) {
            logger.debug(sb.toString());
        }
        return newSchema;
    }

    public static Collection<String> getDefaultJAXBContextPackageNames() {
        return Collections.unmodifiableList(Arrays.asList(DefaultContext.packageNames));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static JAXBContext createJAXBContext(Collection<String> collection) throws JAXBException {
        StringBuilder sb = new StringBuilder();
        for (String str : collection) {
            if (sb.length() > 0) {
                sb.append(':');
            }
            sb.append(str);
        }
        return JAXBContext.newInstance(sb.toString());
    }

    public Schema getSlSchema() {
        return this.slSchema;
    }

    public void setSlSchema(Schema schema) {
        this.slSchema = schema;
    }

    public void setSchemaUrls(Collection<String> collection) throws SAXException, IOException {
        this.slSchema = createSchema(collection);
    }

    public JAXBContext getJaxbContext() {
        return this.jaxbContext;
    }

    public void setJaxbContext(JAXBContext jAXBContext) {
        this.jaxbContext = jAXBContext;
    }

    public void setJaxbContextPackageNames(Collection<String> collection) throws JAXBException {
        this.jaxbContext = createJAXBContext(collection);
    }

    public Object unmarshal(StreamSource streamSource) throws XMLStreamException, JAXBException {
        Reader reader = streamSource.getReader();
        if (reader instanceof InputStreamReader) {
            try {
                InputStreamReader inputStreamReader = (InputStreamReader) reader;
                String encoding = inputStreamReader.getEncoding();
                byte[] byteArray = IOUtils.toByteArray(inputStreamReader, encoding);
                DOMUtils.validateXMLAgainstXXEAndSSRFAttacks(new ByteArrayInputStream(byteArray));
                reader = new InputStreamReader(new ByteArrayInputStream(byteArray), encoding);
            } catch (IOException e) {
                this.log.error("XML data validation FAILED with msg: " + e.getMessage(), (Throwable) e);
                throw new XMLStreamException("XML data validation FAILED with msg: " + e.getMessage(), e);
            } catch (XMLStreamException e2) {
                this.log.error("XML data validation FAILED with msg: " + e2.getMessage(), (Throwable) e2);
                throw new XMLStreamException("XML data validation FAILED with msg: " + e2.getMessage(), e2);
            }
        } else {
            this.log.error("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
            this.log.error("Reader is not of type InputStreamReader -> can not make a copy of the InputStream --> extended XML validation is not possible!!! ");
            this.log.error("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!");
        }
        XMLInputFactory newInstance = XMLInputFactory.newInstance();
        newInstance.setProperty(XMLInputFactory.SUPPORT_DTD, false);
        newInstance.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
        XMLEventReader createXMLEventReader = newInstance.createXMLEventReader(reader);
        RedirectEventFilter redirectEventFilter = new RedirectEventFilter();
        XMLEventReader createFilteredReader = newInstance.createFilteredReader(createXMLEventReader, redirectEventFilter);
        Unmarshaller createUnmarshaller = this.jaxbContext.createUnmarshaller();
        ReportingValidationEventHandler reportingValidationEventHandler = new ReportingValidationEventHandler();
        createUnmarshaller.setEventHandler(reportingValidationEventHandler);
        createUnmarshaller.setListener(new RedirectUnmarshallerListener(redirectEventFilter));
        createUnmarshaller.setSchema(this.slSchema);
        try {
            this.log.trace("Before unmarshal().");
            Object unmarshal = createUnmarshaller.unmarshal(createFilteredReader);
            this.log.trace("After unmarshal().");
            return unmarshal;
        } catch (UnmarshalException e3) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("Failed to unmarshal security layer message.", (Throwable) e3);
            } else {
                this.log.info("Failed to unmarshal security layer message." + (e3.getMessage() != null ? " " + e3.getMessage() : ""));
            }
            if (reportingValidationEventHandler.getErrorEvent() != null) {
                ValidationEvent errorEvent = reportingValidationEventHandler.getErrorEvent();
                if (e3.getLinkedException() == null) {
                    e3.setLinkedException(errorEvent.getLinkedException());
                }
            }
            throw e3;
        }
    }
}
