package com.eviware.soapui.security.scan;

import com.eviware.soapui.SoapUI;
import com.eviware.soapui.config.SecurityScanConfig;
import com.eviware.soapui.config.XmlBombSecurityScanConfig;
import com.eviware.soapui.impl.wsdl.WsdlRequest;
import com.eviware.soapui.impl.wsdl.teststeps.WsdlTestRequestStepResult;
import com.eviware.soapui.model.ModelItem;
import com.eviware.soapui.model.iface.Attachment;
import com.eviware.soapui.model.security.SecurityCheckedParameter;
import com.eviware.soapui.model.testsuite.TestCaseRunner;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.security.SecurityTestRunner;
import com.eviware.soapui.security.ui.XmlBombSecurityScanConfigPanel;
import com.eviware.soapui.support.types.StringToStringMap;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.swing.JComponent;
import org.apache.xmlbeans.XmlException;

/* loaded from: input_file:soapui-4.0-beta2.jar:com/eviware/soapui/security/scan/XmlBombSecurityScan.class */
public class XmlBombSecurityScan extends AbstractSecurityScanWithProperties {
    public static final String TYPE = "XmlBombSecurityScan";
    public static final String NAME = "XML Bomb";
    private static final String DEFAULT_PREFIX = "xmlbomb";
    private int currentIndex;
    private XmlBombSecurityScanConfig xmlBombConfig;
    private Map<SecurityCheckedParameter, ArrayList<String>> parameterMutations;
    private boolean mutation;

    public XmlBombSecurityScan(SecurityScanConfig securityScanConfig, ModelItem modelItem, String str, TestStep testStep) {
        super(testStep, securityScanConfig, modelItem, str);
        this.currentIndex = 0;
        this.parameterMutations = new HashMap();
        if (securityScanConfig.getConfig() == null || !(securityScanConfig.getConfig() instanceof XmlBombSecurityScanConfig)) {
            initXmlBombConfig();
        } else {
            this.xmlBombConfig = (XmlBombSecurityScanConfig) securityScanConfig.getConfig();
        }
        getExecutionStrategy().setImmutable(true);
    }

    private void initXmlBombConfig() {
        ((SecurityScanConfig) getConfig()).setConfig(XmlBombSecurityScanConfig.Factory.newInstance());
        this.xmlBombConfig = (XmlBombSecurityScanConfig) ((SecurityScanConfig) getConfig()).getConfig();
        this.xmlBombConfig.setAttachXmlBomb(false);
        this.xmlBombConfig.setXmlAttachmentPrefix(DEFAULT_PREFIX);
        initDefaultVectors();
    }

    private void initDefaultVectors() {
        try {
            InputStream resourceAsStream = SoapUI.class.getResourceAsStream("/com/eviware/soapui/resources/security/xmlbomb/BillionLaughsAttack.xml.txt");
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream));
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                } else {
                    stringBuffer.append(readLine).append('\n');
                }
            }
            resourceAsStream.close();
            this.xmlBombConfig.addNewXmlBombs().setStringValue(stringBuffer.toString());
        } catch (Exception e) {
            SoapUI.logError(e);
        }
        try {
            InputStream resourceAsStream2 = SoapUI.class.getResourceAsStream("/com/eviware/soapui/resources/security/xmlbomb/QuadraticBlowup.xml.txt");
            BufferedReader bufferedReader2 = new BufferedReader(new InputStreamReader(resourceAsStream2));
            StringBuffer stringBuffer2 = new StringBuffer();
            while (true) {
                String readLine2 = bufferedReader2.readLine();
                if (readLine2 == null) {
                    break;
                } else {
                    stringBuffer2.append(readLine2).append('\n');
                }
            }
            resourceAsStream2.close();
            this.xmlBombConfig.addNewXmlBombs().setStringValue(stringBuffer2.toString());
        } catch (Exception e2) {
            SoapUI.logError(e2);
        }
        try {
            InputStream resourceAsStream3 = SoapUI.class.getResourceAsStream("/com/eviware/soapui/resources/security/xmlbomb/ExternalEntity.dtd.txt");
            BufferedReader bufferedReader3 = new BufferedReader(new InputStreamReader(resourceAsStream3));
            StringBuffer stringBuffer3 = new StringBuffer();
            while (true) {
                String readLine3 = bufferedReader3.readLine();
                if (readLine3 == null) {
                    resourceAsStream3.close();
                    this.xmlBombConfig.addNewXmlBombs().setStringValue(stringBuffer3.toString());
                    return;
                }
                stringBuffer3.append(readLine3).append('\n');
            }
        } catch (Exception e3) {
            SoapUI.logError(e3);
        }
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected void execute(SecurityTestRunner securityTestRunner, TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        try {
            StringToStringMap update = update(testStep, securityTestRunContext);
            addAttachement(testStep);
            WsdlTestRequestStepResult wsdlTestRequestStepResult = (WsdlTestRequestStepResult) testStep.run((TestCaseRunner) securityTestRunner, securityTestRunContext);
            wsdlTestRequestStepResult.setRequestContent("", false);
            createMessageExchange(update, wsdlTestRequestStepResult, securityTestRunContext);
        } catch (XmlException e) {
            SoapUI.logError(e, "[XmlBombSecurityScan]XPath seems to be invalid!");
            reportSecurityScanException("Property value is not XML or XPath is wrong!");
        } catch (Exception e2) {
            SoapUI.logError(e2, "[XmlBombSecurityScan]Property value is not valid xml!");
            reportSecurityScanException("Property value is not XML or XPath is wrong!");
        }
    }

    private StringToStringMap update(TestStep testStep, SecurityTestRunContext securityTestRunContext) throws XmlException, Exception {
        StringToStringMap stringToStringMap = new StringToStringMap();
        if (this.parameterMutations.size() == 0) {
            mutateParameters(testStep, securityTestRunContext);
        }
        Iterator<SecurityCheckedParameter> it = getParameterHolder().getParameterList().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityCheckedParameter next = it.next();
            ArrayList<String> arrayList = this.parameterMutations.get(next);
            if (arrayList != null && !arrayList.isEmpty()) {
                testStep.getProperties().get(next.getName()).setValue(arrayList.get(0));
                stringToStringMap.put((StringToStringMap) next.getLabel(), arrayList.get(0));
                arrayList.remove(0);
                break;
            }
        }
        return stringToStringMap;
    }

    private void mutateParameters(TestStep testStep, SecurityTestRunContext securityTestRunContext) throws XmlException, Exception {
        this.mutation = true;
        for (SecurityCheckedParameter securityCheckedParameter : getParameterHolder().getParameterList()) {
            if (securityCheckedParameter.isChecked()) {
                for (String str : this.xmlBombConfig.getXmlBombsList()) {
                    if (!this.parameterMutations.containsKey(securityCheckedParameter)) {
                        this.parameterMutations.put(securityCheckedParameter, new ArrayList<>());
                    }
                    this.parameterMutations.get(securityCheckedParameter).add(str);
                }
            }
        }
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public JComponent getAdvancedSettingsPanel() {
        return new XmlBombSecurityScanConfigPanel(this);
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getType() {
        return TYPE;
    }

    public boolean isAttachXmlBomb() {
        return this.xmlBombConfig.getAttachXmlBomb();
    }

    public void setAttachXmlBomb(boolean z) {
        this.xmlBombConfig.setAttachXmlBomb(z);
    }

    private Attachment addAttachement(TestStep testStep) {
        Attachment attachment = null;
        if (isAttachXmlBomb()) {
            WsdlRequest wsdlRequest = (WsdlRequest) getRequest(testStep);
            if (this.currentIndex < getXmlBombList().size()) {
                String str = getXmlBombList().get(this.currentIndex);
                try {
                    File createTempFile = File.createTempFile(getAttachmentPrefix(), ".xml");
                    BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile));
                    bufferedWriter.write(str);
                    bufferedWriter.flush();
                    wsdlRequest.setInlineFilesEnabled(false);
                    attachment = wsdlRequest.attachFile(createTempFile, false);
                    attachment.setContentType("text/xml;");
                    this.currentIndex++;
                } catch (IOException e) {
                    SoapUI.logError(e);
                }
            }
        }
        return attachment;
    }

    public List<String> getXmlBombList() {
        return this.xmlBombConfig.getXmlBombsList();
    }

    protected void setBombList(List<String> list) {
        this.xmlBombConfig.setXmlBombsArray((String[]) list.toArray(new String[1]));
    }

    public String getAttachmentPrefix() {
        return this.xmlBombConfig.getXmlAttachmentPrefix();
    }

    public void setAttachmentPrefix(String str) {
        this.xmlBombConfig.setXmlAttachmentPrefix(str);
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected boolean hasNext(TestStep testStep, SecurityTestRunContext securityTestRunContext) {
        boolean z = false;
        if ((this.parameterMutations != null && this.parameterMutations.size() != 0) || this.mutation) {
            Iterator<SecurityCheckedParameter> it = this.parameterMutations.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (this.parameterMutations.get(it.next()).size() > 0) {
                    z = true;
                    break;
                }
            }
        } else {
            z = getParameterHolder().getParameterList().size() > 0;
        }
        if (isAttachXmlBomb()) {
            z = this.currentIndex < getXmlBombList().size();
        }
        if (!z) {
            this.parameterMutations.clear();
            this.mutation = false;
            this.currentIndex = 0;
        }
        return z;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan
    protected void clear() {
        this.parameterMutations.clear();
        this.mutation = false;
        this.currentIndex = 0;
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigDescription() {
        return "Configures Xml bomb security scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getConfigName() {
        return "XML Bomb Security Scan";
    }

    @Override // com.eviware.soapui.security.scan.AbstractSecurityScan, com.eviware.soapui.model.security.SecurityScan
    public String getHelpURL() {
        return "http://soapui.org/Security/xml-bomb.html";
    }
}
