package io.vertx.ext.web.api.validation.impl;

import io.vertx.ext.web.api.validation.impl.XMLTypeValidator;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.junit.Assert;
import org.junit.Test;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:io/vertx/ext/web/api/validation/impl/XMLTypeValidatorTest.class */
public class XMLTypeValidatorTest {
    @Test
    public void isValidPattern() throws IOException {
        File createTempFile = File.createTempFile("xml-", "-xxe");
        createTempFile.deleteOnExit();
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        Throwable th = null;
        try {
            try {
                fileOutputStream.write("<appinfo>you should not see me!!!</appinfo>".getBytes(StandardCharsets.UTF_8));
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                try {
                    XMLTypeValidator.XMLTypeValidatorFactory.createXMLTypeValidator("<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n<!DOCTYPE foo [ <!ELEMENT foo ANY >\n<!ENTITY xxe SYSTEM \"file://" + createTempFile.getCanonicalPath() + "\" >]>\n<creds>\n    <user>&xxe;</user>\n    <pass>mypass</pass>\n</creds>");
                } catch (Throwable th3) {
                    if (th3.getCause() instanceof SAXParseException) {
                        SAXParseException sAXParseException = (SAXParseException) th3.getCause();
                        String message = sAXParseException.getMessage();
                        if (sAXParseException.getSystemId() == null && message.contains(createTempFile.getName()) && message.contains("accessExternalDTD")) {
                            return;
                        }
                        Assert.fail("XML got access to FS: " + message);
                    }
                }
            } catch (Throwable th4) {
                th = th4;
                throw th4;
            }
        } catch (Throwable th5) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th5;
        }
    }
}
