package org.mule.runtime.module.xml.transformers.xml.xslt;

import java.io.ByteArrayInputStream;
import junit.framework.Assert;
import org.hamcrest.Matchers;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.mule.functional.junit4.FunctionalTestCase;
import org.mule.runtime.core.api.transformer.MessageTransformerException;
import org.mule.runtime.core.exception.MessagingException;
import org.mule.runtime.core.util.IOUtils;

/* loaded from: input_file:org/mule/runtime/module/xml/transformers/xml/xslt/XsltTransformerXXETestCase.class */
public class XsltTransformerXXETestCase extends FunctionalTestCase {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    protected String getConfigFile() {
        return "xslt-xxe-config.xml";
    }

    @Test
    public void xxeAsStream() throws Exception {
        String makeInput = makeInput();
        this.expectedException.expect(MessagingException.class);
        this.expectedException.expectCause(Matchers.instanceOf(MessageTransformerException.class));
        flowRunner("safeXxe").withPayload(new ByteArrayInputStream(makeInput.getBytes())).run().getMessage().getPayload().getValue();
    }

    @Test
    public void xxeAsString() throws Exception {
        String makeInput = makeInput();
        this.expectedException.expect(MessagingException.class);
        this.expectedException.expectCause(Matchers.instanceOf(MessageTransformerException.class));
        flowRunner("safeXxe").withPayload(makeInput).run().getMessage().getPayload().getValue();
    }

    @Test
    public void xxeAsByteArray() throws Exception {
        String makeInput = makeInput();
        this.expectedException.expect(MessagingException.class);
        this.expectedException.expectCause(Matchers.instanceOf(MessageTransformerException.class));
        flowRunner("safeXxe").withPayload(makeInput.getBytes()).run().getMessage().getPayload().getValue();
    }

    @Test
    public void unsafeXxeAsStream() throws Exception {
        assertUnsafe(new ByteArrayInputStream(makeInput().getBytes()));
    }

    @Test
    public void unsafeXxeAsString() throws Exception {
        assertUnsafe(makeInput());
    }

    @Test
    public void unsafeXxeAsByteArray() throws Exception {
        assertUnsafe(makeInput().getBytes());
    }

    private void assertUnsafe(Object obj) throws Exception {
        Assert.assertTrue(((String) flowRunner("unsafeXxe").withPayload(obj).run().getMessage().getPayload().getValue()).contains("secret"));
    }

    private String makeInput() {
        return String.format("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<!DOCTYPE spi_doc_type[ <!ENTITY spi_entity_ref SYSTEM 'file:%s'>]>\n<root>\n<elem>&spi_entity_ref;</elem>\n<something/>\n</root>", IOUtils.getResourceAsUrl("xxe-passwd.txt", getClass()).getPath());
    }
}
