package com.openexchange.dav.caldav.bugs;

import com.openexchange.dav.caldav.CalDAVTest;
import com.openexchange.groupware.importexport.SizedInputStreamTest;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.OutputStream;
import java.util.UUID;
import org.apache.commons.httpclient.methods.EntityEnclosingMethod;
import org.apache.commons.httpclient.methods.RequestEntity;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:com/openexchange/dav/caldav/bugs/Bug30359Test.class */
public class Bug30359Test extends CalDAVTest {
    @Test
    public void testExternalEntities() throws Exception {
        EntityEnclosingMethod entityEnclosingMethod = new EntityEnclosingMethod(getBaseUri() + "/caldav/" + getDefaultFolderID() + "/") { // from class: com.openexchange.dav.caldav.bugs.Bug30359Test.1
            public String getName() {
                return "REPORT";
            }
        };
        String str = "my-password-is-" + UUID.randomUUID().toString();
        File createTempFile = File.createTempFile("Bug30359Test", ".txt");
        createTempFile.deleteOnExit();
        BufferedWriter bufferedWriter = new BufferedWriter(new FileWriter(createTempFile));
        bufferedWriter.write(str);
        bufferedWriter.close();
        final String str2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE C:calendar-multiget [<!ENTITY foo SYSTEM \"" + createTempFile.toURI().toURL().toExternalForm() + "\">]><C:calendar-multiget xmlns:D=\"DAV:\" xmlns:C=\"urn:ietf:params:xml:ns:caldav\"><D:prop><D:getetag/><C:calendar-data/></D:prop><D:href>/caldav/" + getDefaultFolderID() + "/&foo;</D:href></C:calendar-multiget>";
        entityEnclosingMethod.setRequestEntity(new RequestEntity() { // from class: com.openexchange.dav.caldav.bugs.Bug30359Test.2
            public void writeRequest(OutputStream outputStream) throws IOException {
                outputStream.write(str2.getBytes(SizedInputStreamTest.ENCODING));
            }

            public boolean isRepeatable() {
                return true;
            }

            public String getContentType() {
                return "text/xml; charst=\"utf-8\"";
            }

            public long getContentLength() {
                return str2.length();
            }
        });
        Assert.assertEquals(207L, getWebDAVClient().executeMethod(entityEnclosingMethod));
        String responseBodyAsString = entityEnclosingMethod.getResponseBodyAsString();
        Assert.assertNotNull(responseBodyAsString);
        Assert.assertFalse(responseBodyAsString, responseBodyAsString.contains(str));
    }
}
