package org.keycloak.saml.processing.core.util;

import com.sun.xml.bind.v2.util.XmlFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.List;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.Source;
import javax.xml.transform.stax.StAXSource;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import org.keycloak.saml.common.PicketLinkLogger;
import org.keycloak.saml.common.PicketLinkLoggerFactory;
import org.keycloak.saml.common.constants.GeneralConstants;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.common.util.SecurityActions;
import org.keycloak.saml.common.util.StaxParserUtil;
import org.keycloak.saml.common.util.SystemPropertiesUtil;
import org.w3c.dom.Node;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:WEB-INF/lib/keycloak-saml-core-13.0.1.jar:org/keycloak/saml/processing/core/util/JAXPValidationUtil.class */
public class JAXPValidationUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    protected static Validator validator;
    protected static SchemaFactory schemaFactory;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/keycloak-saml-core-13.0.1.jar:org/keycloak/saml/processing/core/util/JAXPValidationUtil$CustomErrorHandler.class */
    public static class CustomErrorHandler implements ErrorHandler {
        private CustomErrorHandler() {
        }

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            logException(sAXParseException);
            if (!sAXParseException.getMessage().contains("null")) {
                throw sAXParseException;
            }
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            logException(sAXParseException);
            throw sAXParseException;
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
            logException(sAXParseException);
        }

        private void logException(SAXParseException sAXParseException) {
            StringBuilder sb = new StringBuilder();
            if (JAXPValidationUtil.logger.isTraceEnabled()) {
                sb.append("[line:").append(sAXParseException.getLineNumber()).append(",").append("::col=").append(sAXParseException.getColumnNumber()).append("]");
                sb.append("[publicID:").append(sAXParseException.getPublicId()).append(",systemId=").append(sAXParseException.getSystemId()).append("]");
                sb.append(":").append(sAXParseException.getLocalizedMessage());
                JAXPValidationUtil.logger.trace(sb.toString());
            }
        }
    }

    public static void validate(InputStream inputStream) throws SAXException, IOException {
        try {
            validator().validate(new StAXSource(StaxParserUtil.getXMLEventReader(inputStream)));
        } catch (XMLStreamException e) {
            throw new IOException((Throwable) e);
        }
    }

    public static void checkSchemaValidation(Node node) throws ProcessingException {
        if (SecurityActions.getSystemProperty("picketlink.schema.validate", "false").equalsIgnoreCase("true")) {
            try {
                validate(DocumentUtil.getNodeAsStream(node));
            } catch (Exception e) {
                throw logger.processingError(e);
            }
        }
    }

    public static Validator validator() throws SAXException, IOException {
        SystemPropertiesUtil.ensure();
        if (validator == null) {
            Schema schema = getSchema();
            if (schema == null) {
                throw logger.nullValueError("schema");
            }
            validator = schema.newValidator();
            boolean property = setProperty(validator, XmlFactory.ACCESS_EXTERNAL_DTD, "") & setProperty(validator, XmlFactory.ACCESS_EXTERNAL_SCHEMA, "");
            boolean feature = setFeature(validator, DocumentUtil.feature_disallow_doctype_decl, true) & setFeature(validator, "http://xml.org/sax/features/external-general-entities", false) & setFeature(validator, "http://xml.org/sax/features/external-parameter-entities", false);
            if (!property && !feature) {
                logger.warn("Cannot disable external access in XML validator");
            }
            validator.setErrorHandler(new CustomErrorHandler());
        }
        return validator;
    }

    private static boolean setProperty(Validator validator2, String str, String str2) {
        try {
            validator2.setProperty(str, str2);
            return true;
        } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
            logger.debug("Cannot set " + str);
            return false;
        }
    }

    private static boolean setFeature(Validator validator2, String str, boolean z) {
        try {
            validator2.setFeature(str, z);
            return true;
        } catch (SAXNotRecognizedException | SAXNotSupportedException e) {
            logger.debug("Cannot set " + str);
            return false;
        }
    }

    private static Schema getSchema() throws IOException {
        boolean equalsIgnoreCase = SystemPropertiesUtil.getSystemProperty(GeneralConstants.TCCL_JAXP, "false").equalsIgnoreCase("true");
        ClassLoader tccl = SecurityActions.getTCCL();
        if (equalsIgnoreCase) {
            try {
                SecurityActions.setTCCL(JAXPValidationUtil.class.getClassLoader());
            } catch (Throwable th) {
                if (equalsIgnoreCase) {
                    SecurityActions.setTCCL(tccl);
                }
                throw th;
            }
        }
        schemaFactory = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
        schemaFactory.setResourceResolver(new IDFedLSInputResolver());
        schemaFactory.setErrorHandler(new CustomErrorHandler());
        if (equalsIgnoreCase) {
            SecurityActions.setTCCL(tccl);
        }
        Schema schema = null;
        try {
            schema = schemaFactory.newSchema(sources());
        } catch (SAXException e) {
            logger.xmlCouldNotGetSchema(e);
        }
        return schema;
    }

    private static Source[] sources() throws IOException {
        List<String> schemas = SchemaManagerUtil.getSchemas();
        Source[] sourceArr = new Source[schemas.size()];
        int i = 0;
        for (String str : schemas) {
            URL loadResource = SecurityActions.loadResource(JAXPValidationUtil.class, str);
            if (loadResource == null) {
                throw logger.nullValueError("schema url:" + str);
            }
            int i2 = i;
            i++;
            sourceArr[i2] = new StreamSource(loadResource.openStream());
        }
        return sourceArr;
    }
}
