package com.atlassian.crowd.acceptance.tests.soap;

import java.io.IOException;
import java.io.InputStream;
import javax.ws.rs.core.MediaType;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpException;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;

/* loaded from: input_file:com/atlassian/crowd/acceptance/tests/soap/SoapXmlParsingTest.class */
public class SoapXmlParsingTest extends InformationLeakingTestBase {
    HttpResponse postToSoapEndpoint(String str, String str2) throws HttpException, IOException {
        String str3 = getBaseUrl() + "/services" + str2;
        CloseableHttpClient createDefault = HttpClients.createDefault();
        HttpPost httpPost = new HttpPost(str3);
        httpPost.setEntity(new StringEntity(str, ContentType.create("application/soap+xml", "us-ascii")));
        return createDefault.execute(httpPost);
    }

    HttpResponse postToSoapEndpoint(String str) throws HttpException, IOException {
        return postToSoapEndpoint(str, "");
    }

    public void testEntityExpansionDoesNotIncludeFileContents() throws HttpException, IOException {
        runEntityExpansionTestWithPathSuffix("");
    }

    private void runEntityExpansionTestWithPathSuffix(String str) throws HttpException, IOException {
        InputStream resourceAsStream = getClass().getResourceAsStream("SoapXmlParsingTest-soap-include-external-entity.xml");
        assertNotNull(resourceAsStream);
        HttpResponse postToSoapEndpoint = postToSoapEndpoint(IOUtils.toString(resourceAsStream, "us-ascii").replace("/etc/passwd", createSecretFile().toURI().toString()), str);
        MediaType valueOf = MediaType.valueOf(postToSoapEndpoint.getFirstHeader("content-type").getValue());
        Assert.assertThat("The response should be XML", valueOf.getType() + '/' + valueOf.getSubtype(), CoreMatchers.anyOf(CoreMatchers.is("text/xml"), CoreMatchers.is("application/xml"), CoreMatchers.is("application/soap+xml")));
        Assert.assertThat(EntityUtils.toString(postToSoapEndpoint.getEntity(), "us-ascii"), CoreMatchers.not(CoreMatchers.containsString(this.secret)));
    }

    public void testValidEntitiesAreExpanded() throws Exception {
        InputStream resourceAsStream = getClass().getResourceAsStream("SoapXmlParsingTest-soap-with-amp-entity.xml");
        assertNotNull(resourceAsStream);
        HttpResponse postToSoapEndpoint = postToSoapEndpoint(IOUtils.toString(resourceAsStream, "us-ascii"));
        MediaType valueOf = MediaType.valueOf(postToSoapEndpoint.getFirstHeader("content-type").getValue());
        Assert.assertThat("The response should be XML", valueOf.getType() + '/' + valueOf.getSubtype(), CoreMatchers.anyOf(CoreMatchers.is("text/xml"), CoreMatchers.is("application/xml"), CoreMatchers.is("application/soap+xml")));
        Assert.assertThat(EntityUtils.toString(postToSoapEndpoint.getEntity(), "us-ascii"), CoreMatchers.containsString("<faultstring>&amp;</faultstring>"));
    }

    public void testEntityExpansionDoesNotCauseDenialOfService() throws Exception {
        InputStream resourceAsStream = getClass().getResourceAsStream("SoapXmlParsingTest-soap-billion-laughs.xml");
        assertNotNull(resourceAsStream);
        HttpResponse postToSoapEndpoint = postToSoapEndpoint(IOUtils.toString(resourceAsStream, "us-ascii"));
        Assert.assertThat("The response should not indicate a server memory error", EntityUtils.toString(postToSoapEndpoint.getEntity(), "us-ascii"), CoreMatchers.not(CoreMatchers.containsString("java.lang.OutOfMemoryError")));
        MediaType valueOf = MediaType.valueOf(postToSoapEndpoint.getFirstHeader("content-type").getValue());
        Assert.assertThat("The response should be XML, not HTML", valueOf.getType() + '/' + valueOf.getSubtype(), CoreMatchers.anyOf(CoreMatchers.is("text/xml"), CoreMatchers.is("application/xml"), CoreMatchers.is("application/soap+xml")));
    }

    public void testVersionedEndpointsDoNotAllowExpansion() throws Exception {
        for (String str : new String[]{"1", "2", "latest"}) {
            runEntityExpansionTestWithPathSuffix("/" + str + "/");
        }
    }
}
