package org.apache.nifi.security.xml;

import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.configuration2.HierarchicalConfiguration;
import org.apache.commons.configuration2.XMLConfiguration;
import org.apache.commons.configuration2.ex.ConfigurationException;
import org.apache.commons.configuration2.io.FileLocator;
import org.apache.commons.configuration2.tree.ImmutableNode;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.11.3.jar:org/apache/nifi/security/xml/SafeXMLConfiguration.class */
public class SafeXMLConfiguration extends XMLConfiguration {
    private static final String JAXP_SCHEMA_LANGUAGE = "http://java.sun.com/xml/jaxp/properties/schemaLanguage";
    private static final String W3C_XML_SCHEMA = "http://www.w3.org/2001/XMLSchema";
    private static final String DISALLOW_DOCTYPES = "http://apache.org/xml/features/disallow-doctype-decl";
    private static final String ALLOW_EXTERNAL_GENERAL_ENTITIES = "http://xml.org/sax/features/external-general-entities";
    private static final String ALLOW_EXTERNAL_PARAM_ENTITIES = "http://xml.org/sax/features/external-parameter-entities";
    private static final String ALLOW_EXTERNAL_DTD = "http://apache.org/xml/features/nonvalidating/load-external-dtd";
    private static final String XXE_ERROR_MESSAGE = "XML configuration file contained an external entity. To prevent XXE vulnerabilities, NiFi has external entity processing disabled.";

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.11.3.jar:org/apache/nifi/security/xml/SafeXMLConfiguration$XMLReader.class */
    public interface XMLReader {
        void read() throws ConfigurationException, IOException;
    }

    public SafeXMLConfiguration() {
    }

    public SafeXMLConfiguration(HierarchicalConfiguration<ImmutableNode> hierarchicalConfiguration) {
        super(hierarchicalConfiguration);
    }

    @Override // org.apache.commons.configuration2.XMLConfiguration, org.apache.commons.configuration2.io.FileLocatorAware
    public void initFileLocator(FileLocator fileLocator) {
        super.initFileLocator(fileLocator);
    }

    @Override // org.apache.commons.configuration2.XMLConfiguration
    public DocumentBuilder createDocumentBuilder() throws ParserConfigurationException {
        if (getDocumentBuilder() != null) {
            return getDocumentBuilder();
        }
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        if (isValidating()) {
            newInstance.setValidating(true);
            if (isSchemaValidation()) {
                newInstance.setNamespaceAware(true);
                newInstance.setAttribute(JAXP_SCHEMA_LANGUAGE, W3C_XML_SCHEMA);
            }
        }
        newInstance.setAttribute(DISALLOW_DOCTYPES, true);
        newInstance.setAttribute(ALLOW_EXTERNAL_GENERAL_ENTITIES, false);
        newInstance.setAttribute(ALLOW_EXTERNAL_PARAM_ENTITIES, false);
        newInstance.setAttribute(ALLOW_EXTERNAL_DTD, false);
        DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
        newDocumentBuilder.setEntityResolver(super.getEntityResolver());
        if (isValidating()) {
            newDocumentBuilder.setErrorHandler(new DefaultHandler() { // from class: org.apache.nifi.security.xml.SafeXMLConfiguration.1
                @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ErrorHandler
                public void error(SAXParseException sAXParseException) throws SAXException {
                    throw sAXParseException;
                }
            });
        }
        return newDocumentBuilder;
    }

    @Override // org.apache.commons.configuration2.XMLConfiguration, org.apache.commons.configuration2.io.FileBased
    public void read(Reader reader) throws ConfigurationException, IOException {
        delegateRead(() -> {
            super.read(reader);
        });
    }

    @Override // org.apache.commons.configuration2.XMLConfiguration, org.apache.commons.configuration2.io.InputStreamSupport
    public void read(InputStream inputStream) throws ConfigurationException, IOException {
        delegateRead(() -> {
            super.read(inputStream);
        });
    }

    private void delegateRead(XMLReader xMLReader) throws ConfigurationException, IOException {
        try {
            xMLReader.read();
        } catch (ConfigurationException e) {
            if (!isXXERelatedException(e)) {
                throw e;
            }
            throw new ConfigurationException(XXE_ERROR_MESSAGE, e);
        }
    }

    private boolean isXXERelatedException(ConfigurationException configurationException) {
        return (configurationException.getCause() instanceof SAXParseException) && configurationException.getCause().getMessage().contains("DOCTYPE is disallowed");
    }
}
