package org.opends.dsml.protocol;

import com.sun.xml.stream.buffer.sax.Features;
import jakarta.xml.bind.JAXBContext;
import jakarta.xml.bind.JAXBElement;
import jakarta.xml.bind.JAXBException;
import jakarta.xml.bind.Unmarshaller;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.parsers.SAXParserFactory;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.Node;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPConstants;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.opendj.ldap.Base64;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DereferenceAliasesPolicy;
import org.forgerock.opendj.ldap.SearchScope;
import org.opends.messages.CoreMessages;
import org.opends.server.controls.ProxiedAuthV2Control;
import org.opends.server.core.DirectoryServer;
import org.opends.server.protocols.ldap.LDAPFilter;
import org.opends.server.protocols.ldap.LDAPMessage;
import org.opends.server.protocols.ldap.SearchRequestProtocolOp;
import org.opends.server.tools.LDAPConnection;
import org.opends.server.tools.LDAPConnectionException;
import org.opends.server.tools.LDAPConnectionOptions;
import org.opends.server.tools.SSLConnectionException;
import org.opends.server.tools.SSLConnectionFactory;
import org.opends.server.types.LDAPException;
import org.w3c.dom.Document;
import org.xml.sax.Attributes;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;
import org.xml.sax.XMLReader;
import org.xml.sax.helpers.DefaultHandler;

/* loaded from: input_file:WEB-INF/classes/org/opends/dsml/protocol/DSMLServlet.class */
public class DSMLServlet extends HttpServlet {
    private static final String PKG_NAME = "org.opends.dsml.protocol";
    private static final String PORT = "ldap.port";
    private static final String HOST = "ldap.host";
    private static final String USERDN = "ldap.userdn";
    private static final String USERPWD = "ldap.userpassword";
    private static final String USESSL = "ldap.usessl";
    private static final String USESTARTTLS = "ldap.usestarttls";
    private static final String TRUSTSTOREPATH = "ldap.truststore.path";
    private static final String TRUSTSTOREPASSWORD = "ldap.truststore.password";
    private static final String TRUSTALLCERTS = "ldap.trustall";
    private static final String USEHTTPAUTHZID = "ldap.authzidtypeisid";
    private static final String EXOPSTRINGPREFIX = "ldap.exop.string.";
    private static final long serialVersionUID = -3748022009593442973L;
    private static final String MALFORMED_REQUEST = "malformedRequest";
    private static final String NOT_ATTEMPTED = "notAttempted";
    private static final String AUTHENTICATION_FAILED = "authenticationFailed";
    private static final String COULD_NOT_CONNECT = "couldNotConnect";
    private static final String GATEWAY_INTERNAL_ERROR = "gatewayInternalError";
    private static final String UNRESOLVABLE_URI = "unresolvableURI";
    private static final String ON_ERROR_EXIT = "exit";
    private static JAXBContext jaxbContext;
    private static Schema schema;
    private String hostName;
    private Integer port;
    private String userDN;
    private String userPassword;
    private Boolean useSSL;
    private Boolean useStartTLS;
    private String trustStorePathValue;
    private String trustStorePasswordValue;
    private Boolean trustAll;
    private Boolean useHTTPAuthzID;
    private final Set<String> exopStrings = new HashSet();
    private static final AtomicInteger nextMessageID = new AtomicInteger(1);
    private static final AtomicBoolean logFeatureWarnings = new AtomicBoolean(false);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/opends/dsml/protocol/DSMLServlet$DSMLContentHandler.class */
    public class DSMLContentHandler extends DefaultHandler {
        private String requestID;

        private DSMLContentHandler() {
        }

        @Override // org.xml.sax.helpers.DefaultHandler, org.xml.sax.ContentHandler
        public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
            if (this.requestID == null && str2.equals("batchRequest")) {
                this.requestID = attributes.getValue("requestID");
            }
            super.startElement(str, str2, str3, attributes);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/org/opends/dsml/protocol/DSMLServlet$SafeEntityResolver.class */
    public class SafeEntityResolver implements EntityResolver {
        private SafeEntityResolver() {
        }

        @Override // org.xml.sax.EntityResolver
        public InputSource resolveEntity(String str, String str2) {
            return new InputSource(new StringReader(""));
        }
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        URL resource;
        try {
            this.hostName = stringValue(servletConfig, HOST);
            this.port = Integer.valueOf(stringValue(servletConfig, PORT));
            this.userDN = stringValue(servletConfig, USERDN);
            this.userPassword = stringValue(servletConfig, USERPWD);
            this.useSSL = Boolean.valueOf(booleanValue(servletConfig, USESSL));
            this.useStartTLS = Boolean.valueOf(booleanValue(servletConfig, USESTARTTLS));
            this.trustStorePathValue = stringValue(servletConfig, TRUSTSTOREPATH);
            this.trustStorePasswordValue = stringValue(servletConfig, TRUSTSTOREPASSWORD);
            this.trustAll = Boolean.valueOf(booleanValue(servletConfig, TRUSTALLCERTS));
            this.useHTTPAuthzID = Boolean.valueOf(booleanValue(servletConfig, USEHTTPAUTHZID));
            Enumeration initParameterNames = servletConfig.getServletContext().getInitParameterNames();
            while (initParameterNames.hasMoreElements()) {
                String str = (String) initParameterNames.nextElement();
                if (str.startsWith(EXOPSTRINGPREFIX) && Boolean.valueOf(servletConfig.getServletContext().getInitParameter(str)).booleanValue()) {
                    this.exopStrings.add(str.substring(EXOPSTRINGPREFIX.length()));
                }
            }
            System.setProperty("mapAnyUriToUri", "true");
            if (jaxbContext == null) {
                jaxbContext = JAXBContext.newInstance(PKG_NAME, getClass().getClassLoader());
            }
            if (schema == null && (resource = getClass().getResource("/resources/DSMLv2.xsd")) != null) {
                schema = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(resource);
            }
            DirectoryServer.bootstrapClient();
        } catch (Exception e) {
            e.printStackTrace();
            throw new ServletException(e.getMessage());
        }
    }

    private boolean booleanValue(ServletConfig servletConfig, String str) {
        return Boolean.valueOf(stringValue(servletConfig, str)).booleanValue();
    }

    private String stringValue(ServletConfig servletConfig, String str) {
        return servletConfig.getServletContext().getInitParameter(str);
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0074. Please report as an issue. */
    private org.opends.server.types.Control checkAuthzControl(LDAPConnection lDAPConnection, String str) throws LDAPConnectionException {
        LinkedHashSet linkedHashSet = new LinkedHashSet(1);
        linkedHashSet.add("1.1");
        ArrayList arrayList = new ArrayList(1);
        ProxiedAuthV2Control proxiedAuthV2Control = new ProxiedAuthV2Control(true, ByteString.valueOfUtf8(str));
        arrayList.add(proxiedAuthV2Control);
        try {
            lDAPConnection.getLDAPWriter().writeMessage(new LDAPMessage(nextMessageID(), new SearchRequestProtocolOp(ByteString.empty(), SearchScope.BASE_OBJECT, DereferenceAliasesPolicy.NEVER, 0, 0, true, LDAPFilter.objectClassPresent(), linkedHashSet), arrayList));
        } catch (IOException | LDAPException e) {
            throw new LDAPConnectionException(CoreMessages.INFO_RESULT_CLIENT_SIDE_ENCODING_ERROR.get(), 91, null, e);
        }
        while (true) {
            LDAPMessage readMessage = lDAPConnection.getLDAPReader().readMessage();
            switch (readMessage.getProtocolOpType()) {
                case 101:
                    break;
            }
            switch (readMessage.getSearchResultDoneProtocolOp().getResultCode()) {
                case 0:
                    return proxiedAuthV2Control;
                default:
                    throw new LDAPConnectionException(CoreMessages.INFO_RESULT_AUTHORIZATION_DENIED.get(), 91, null);
            }
            throw new LDAPConnectionException(CoreMessages.INFO_RESULT_CLIENT_SIDE_ENCODING_ERROR.get(), 91, null, e);
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        int code;
        LDAPConnectionOptions lDAPConnectionOptions = new LDAPConnectionOptions();
        lDAPConnectionOptions.setUseSSL(this.useSSL.booleanValue());
        lDAPConnectionOptions.setStartTLS(this.useStartTLS.booleanValue());
        LDAPConnection lDAPConnection = null;
        BufferedInputStream bufferedInputStream = new BufferedInputStream(httpServletRequest.getInputStream(), 65536);
        if (bufferedInputStream.markSupported()) {
            bufferedInputStream.mark(65536);
        }
        ObjectFactory objectFactory = new ObjectFactory();
        BatchResponse createBatchResponse = objectFactory.createBatchResponse();
        List<JAXBElement<?>> batchResponses = createBatchResponse.getBatchResponses();
        Document createSafeDocument = createSafeDocument();
        MessageFactory messageFactory = null;
        String str = null;
        if (this.useSSL.booleanValue() || this.useStartTLS.booleanValue()) {
            SSLConnectionFactory sSLConnectionFactory = new SSLConnectionFactory();
            try {
                sSLConnectionFactory.init(this.trustAll.booleanValue(), null, null, null, this.trustStorePathValue, this.trustStorePasswordValue);
            } catch (SSLConnectionException e) {
                batchResponses.add(createErrorResponse(objectFactory, new LDAPException(91, LocalizableMessage.raw("Invalid SSL or TLS configuration to connect to LDAP server.", new Object[0]))));
            }
            lDAPConnectionOptions.setSSLConnectionFactory(sSLConnectionFactory);
        }
        SOAPBody sOAPBody = null;
        MimeHeaders mimeHeaders = new MimeHeaders();
        String str2 = null;
        String str3 = null;
        boolean z = false;
        boolean z2 = false;
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str4 = (String) headerNames.nextElement();
            String header = httpServletRequest.getHeader(str4);
            if (str4.equalsIgnoreCase("content-type")) {
                try {
                    if (header.startsWith("text/xml")) {
                        messageFactory = MessageFactory.newInstance("SOAP 1.1 Protocol");
                        str = "text/xml";
                    } else {
                        if (!header.startsWith("application/soap+xml")) {
                            throw new ServletException("Content-Type does not match SOAP 1.1 or SOAP 1.2");
                        }
                        messageFactory = MessageFactory.newInstance(SOAPConstants.SOAP_1_2_PROTOCOL);
                        str = "application/soap+xml";
                    }
                } catch (SOAPException e2) {
                    throw new ServletException(e2.getMessage());
                }
            } else if (str4.equalsIgnoreCase("authorization") && header.startsWith("Basic ")) {
                z = true;
                try {
                    String str5 = new String(Base64.decode(header.substring(6).trim()).toByteArray());
                    int indexOf = str5.indexOf(58);
                    if (indexOf > 0) {
                        if (this.useHTTPAuthzID.booleanValue()) {
                            lDAPConnectionOptions.setSASLMechanism("mech=PLAIN");
                            lDAPConnectionOptions.addSASLProperty("authid=u:" + str5.substring(0, indexOf).trim());
                            z2 = true;
                        } else {
                            str2 = str5.substring(0, indexOf).trim();
                        }
                        str3 = str5.substring(indexOf + 1);
                    }
                } catch (LocalizedIllegalArgumentException e3) {
                    batchResponses.add(createErrorResponse(objectFactory, new LDAPException(49, LocalizableMessage.raw(e3.getMessage(), new Object[0]))));
                }
            }
            StringTokenizer stringTokenizer = new StringTokenizer(header, ",");
            while (stringTokenizer.hasMoreTokens()) {
                mimeHeaders.addHeader(str4, stringTokenizer.nextToken().trim());
            }
        }
        if (z) {
            if (((!z2 && str2 == null) || str3 == null) && batchResponses.isEmpty()) {
                batchResponses.add(createErrorResponse(objectFactory, new LDAPException(49, LocalizableMessage.raw("Unable to retrieve credentials.", new Object[0]))));
            }
        } else if (this.userDN != null) {
            str2 = this.userDN;
            if (this.userPassword != null) {
                str3 = this.userPassword;
            } else {
                batchResponses.add(createErrorResponse(objectFactory, new LDAPException(49, LocalizableMessage.raw("Invalid configured credentials.", new Object[0]))));
            }
        } else {
            str2 = "";
            str3 = "";
        }
        if (batchResponses.isEmpty()) {
            try {
                sOAPBody = messageFactory.createMessage(mimeHeaders, bufferedInputStream).getSOAPBody();
            } catch (SOAPException e4) {
                batchResponses.add(createXMLParsingErrorResponse(bufferedInputStream, objectFactory, createBatchResponse, String.valueOf(e4.getCause())));
            }
        }
        if (sOAPBody != null) {
            Iterator<Node> childElements = sOAPBody.getChildElements();
            while (childElements.hasNext()) {
                Node next = childElements.next();
                if (next instanceof SOAPElement) {
                    SOAPElement sOAPElement = (SOAPElement) next;
                    JAXBElement jAXBElement = null;
                    try {
                        Unmarshaller createUnmarshaller = jaxbContext.createUnmarshaller();
                        createUnmarshaller.setSchema(schema);
                        jAXBElement = createUnmarshaller.unmarshal(sOAPElement, BatchRequest.class);
                    } catch (JAXBException e5) {
                        batchResponses.add(createXMLParsingErrorResponse(bufferedInputStream, objectFactory, createBatchResponse, String.valueOf(e5)));
                    }
                    if (jAXBElement != null) {
                        boolean z3 = false;
                        boolean z4 = false;
                        BatchRequest batchRequest = (BatchRequest) jAXBElement.getValue();
                        if (batchRequest.authRequest != null) {
                            if (z2) {
                                lDAPConnectionOptions.addSASLProperty("authzid=" + batchRequest.authRequest.getPrincipal());
                                z3 = true;
                            } else {
                                z4 = true;
                            }
                        }
                        createBatchResponse.setRequestID(batchRequest.getRequestID());
                        org.opends.server.types.Control control = null;
                        boolean z5 = false;
                        if (lDAPConnection == null) {
                            lDAPConnection = new LDAPConnection(this.hostName, this.port.intValue(), lDAPConnectionOptions);
                            try {
                                lDAPConnection.connectToHost(str2, str3);
                                if (z4) {
                                    control = checkAuthzControl(lDAPConnection, batchRequest.authRequest.getPrincipal());
                                }
                                if (z3 || z4) {
                                    LDAPResult createLDAPResult = objectFactory.createLDAPResult();
                                    createLDAPResult.setResultCode(ResultCodeFactory.create(objectFactory, 0));
                                    batchResponses.add(objectFactory.createBatchResponseAuthResponse(createLDAPResult));
                                }
                                z5 = true;
                            } catch (LDAPConnectionException e6) {
                                batchResponses.add(createErrorResponse(objectFactory, e6));
                            }
                        }
                        if (z5) {
                            Iterator<DsmlMessage> it = batchRequest.getBatchRequests().iterator();
                            while (it.hasNext()) {
                                JAXBElement<?> performLDAPRequest = performLDAPRequest(lDAPConnection, objectFactory, control, it.next());
                                if (performLDAPRequest != null) {
                                    batchResponses.add(performLDAPRequest);
                                }
                                Object value = performLDAPRequest.getValue();
                                if (!(value instanceof ErrorResponse)) {
                                    if ((value instanceof LDAPResult) && (code = ((LDAPResult) value).getResultCode().getCode()) != 0 && code != 10 && code != 6 && code != 5 && ON_ERROR_EXIT.equals(batchRequest.getOnError())) {
                                        break;
                                    }
                                } else if (ON_ERROR_EXIT.equals(batchRequest.getOnError())) {
                                    break;
                                }
                            }
                        }
                        if (lDAPConnection != null) {
                            lDAPConnection.close(nextMessageID);
                        }
                    }
                }
            }
        }
        try {
            jaxbContext.createMarshaller().marshal(objectFactory.createBatchResponse(createBatchResponse), createSafeDocument);
            sendResponse(createSafeDocument, messageFactory, str, httpServletResponse);
        } catch (Exception e7) {
            e7.printStackTrace();
        }
    }

    private void safeSetFeature(XMLReader xMLReader, String str, boolean z) {
        try {
            xMLReader.setFeature(str, z);
        } catch (SAXNotRecognizedException e) {
            if (logFeatureWarnings.compareAndSet(false, true)) {
                Logger.getLogger(PKG_NAME).log(Level.SEVERE, "XMLReader unrecognized feature " + str);
            }
        } catch (SAXNotSupportedException e2) {
            if (logFeatureWarnings.compareAndSet(false, true)) {
                Logger.getLogger(PKG_NAME).log(Level.SEVERE, "XMLReader unsupported feature " + str);
            }
        }
    }

    private JAXBElement<ErrorResponse> createXMLParsingErrorResponse(InputStream inputStream, ObjectFactory objectFactory, BatchResponse batchResponse, String str) {
        ErrorResponse createErrorResponse = objectFactory.createErrorResponse();
        DSMLContentHandler dSMLContentHandler = new DSMLContentHandler();
        try {
            XMLReader createSafeXMLReader = createSafeXMLReader();
            createSafeXMLReader.setContentHandler(dSMLContentHandler);
            inputStream.reset();
            createSafeXMLReader.parse(new InputSource(inputStream));
        } catch (IOException | ParserConfigurationException | SAXException e) {
        }
        if (str != null) {
            createErrorResponse.setMessage(str);
        }
        batchResponse.setRequestID(dSMLContentHandler.requestID);
        createErrorResponse.setType(MALFORMED_REQUEST);
        return objectFactory.createBatchResponseErrorResponse(createErrorResponse);
    }

    private JAXBElement<ErrorResponse> createErrorResponse(ObjectFactory objectFactory, Throwable th) {
        ErrorResponse createErrorResponse = objectFactory.createErrorResponse();
        createErrorResponse.setMessage(String.valueOf(th));
        if (th instanceof LDAPException) {
            switch (((LDAPException) th).getResultCode()) {
                case 8:
                case 48:
                case 49:
                case 123:
                    createErrorResponse.setType(AUTHENTICATION_FAILED);
                    break;
                case 53:
                    createErrorResponse.setType(NOT_ATTEMPTED);
                    break;
                case 91:
                    createErrorResponse.setType(COULD_NOT_CONNECT);
                    break;
                default:
                    createErrorResponse.setType(MALFORMED_REQUEST);
                    break;
            }
        } else if (th instanceof LDAPConnectionException) {
            createErrorResponse.setType(COULD_NOT_CONNECT);
        } else if (th instanceof IOException) {
            createErrorResponse.setType(UNRESOLVABLE_URI);
        } else {
            createErrorResponse.setType(GATEWAY_INTERNAL_ERROR);
        }
        return objectFactory.createBatchResponseErrorResponse(createErrorResponse);
    }

    private JAXBElement<?> performLDAPRequest(LDAPConnection lDAPConnection, ObjectFactory objectFactory, org.opends.server.types.Control control, DsmlMessage dsmlMessage) {
        ArrayList arrayList = new ArrayList(1);
        if (control != null) {
            arrayList.add(control);
        }
        try {
            if (dsmlMessage instanceof SearchRequest) {
                return objectFactory.createBatchResponseSearchResponse(new DSMLSearchOperation(lDAPConnection).doSearch(objectFactory, (SearchRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof AddRequest) {
                return objectFactory.createBatchResponseAddResponse(new DSMLAddOperation(lDAPConnection).doOperation(objectFactory, (AddRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof AbandonRequest) {
                new DSMLAbandonOperation(lDAPConnection).doOperation(objectFactory, (AbandonRequest) dsmlMessage, arrayList);
                return null;
            }
            if (dsmlMessage instanceof ExtendedRequest) {
                return objectFactory.createBatchResponseExtendedResponse(new DSMLExtendedOperation(lDAPConnection, this.exopStrings).doOperation(objectFactory, (ExtendedRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof DelRequest) {
                return objectFactory.createBatchResponseDelResponse(new DSMLDeleteOperation(lDAPConnection).doOperation(objectFactory, (DelRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof CompareRequest) {
                return objectFactory.createBatchResponseCompareResponse(new DSMLCompareOperation(lDAPConnection).doOperation(objectFactory, (CompareRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof ModifyDNRequest) {
                return objectFactory.createBatchResponseModDNResponse(new DSMLModifyDNOperation(lDAPConnection).doOperation(objectFactory, (ModifyDNRequest) dsmlMessage, arrayList));
            }
            if (dsmlMessage instanceof ModifyRequest) {
                return objectFactory.createBatchResponseModifyResponse(new DSMLModifyOperation(lDAPConnection).doOperation(objectFactory, (ModifyRequest) dsmlMessage, arrayList));
            }
            if (!(dsmlMessage instanceof AuthRequest)) {
                return null;
            }
            ResultCode createResultCode = objectFactory.createResultCode();
            createResultCode.setCode(7);
            LDAPResult createLDAPResult = objectFactory.createLDAPResult();
            createLDAPResult.setResultCode(createResultCode);
            return objectFactory.createBatchResponseAuthResponse(createLDAPResult);
        } catch (Throwable th) {
            return createErrorResponse(objectFactory, th);
        }
    }

    private void sendResponse(Document document, MessageFactory messageFactory, String str, HttpServletResponse httpServletResponse) throws IOException, SOAPException {
        SOAPMessage createMessage = messageFactory.createMessage();
        createMessage.getSOAPHeader().detachNode();
        SOAPBody sOAPBody = createMessage.getSOAPBody();
        httpServletResponse.setHeader("Content-Type", str);
        sOAPBody.addDocument(document);
        createMessage.saveChanges();
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        createMessage.writeTo(outputStream);
        outputStream.flush();
    }

    public static int nextMessageID() {
        int andIncrement = nextMessageID.getAndIncrement();
        if (andIncrement == Integer.MAX_VALUE) {
            nextMessageID.set(1);
        }
        return andIncrement;
    }

    private void safeSetFeature(DocumentBuilderFactory documentBuilderFactory, String str, boolean z) {
        try {
            documentBuilderFactory.setFeature(str, z);
        } catch (ParserConfigurationException e) {
            if (logFeatureWarnings.compareAndSet(false, true)) {
                Logger.getLogger(PKG_NAME).log(Level.SEVERE, "DocumentBuilderFactory unsupported feature " + str);
            }
        }
    }

    private Document createSafeDocument() throws ServletException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        try {
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        } catch (ParserConfigurationException e) {
            if (logFeatureWarnings.compareAndSet(false, true)) {
                Logger.getLogger(PKG_NAME).log(Level.SEVERE, "DocumentBuilderFactory cannot be configured securely");
            }
        }
        newInstance.setXIncludeAware(false);
        newInstance.setNamespaceAware(true);
        newInstance.setValidating(true);
        safeSetFeature(newInstance, "http://apache.org/xml/features/disallow-doctype-decl", true);
        safeSetFeature(newInstance, Features.EXTERNAL_GENERAL_ENTITIES, false);
        safeSetFeature(newInstance, Features.EXTERNAL_PARAMETER_ENTITIES, false);
        newInstance.setExpandEntityReferences(false);
        try {
            DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
            newDocumentBuilder.setEntityResolver(new SafeEntityResolver());
            return newDocumentBuilder.newDocument();
        } catch (ParserConfigurationException e2) {
            throw new ServletException(e2.getMessage());
        }
    }

    private XMLReader createSafeXMLReader() throws ParserConfigurationException, SAXException {
        SAXParserFactory newInstance = SAXParserFactory.newInstance();
        newInstance.setXIncludeAware(false);
        newInstance.setNamespaceAware(true);
        newInstance.setValidating(false);
        XMLReader xMLReader = newInstance.newSAXParser().getXMLReader();
        safeSetFeature(xMLReader, "http://javax.xml.XMLConstants/feature/secure-processing", true);
        safeSetFeature(xMLReader, "http://apache.org/xml/features/disallow-doctype-decl", true);
        safeSetFeature(xMLReader, Features.EXTERNAL_GENERAL_ENTITIES, false);
        safeSetFeature(xMLReader, Features.EXTERNAL_PARAMETER_ENTITIES, false);
        xMLReader.setEntityResolver(new SafeEntityResolver());
        return xMLReader;
    }
}
