package com.mogic.util.xml;

import com.mogic.util.annotation.AnnotationUtils;
import com.thoughtworks.xstream.XStream;
import com.thoughtworks.xstream.io.xml.DomDriver;
import javax.xml.parsers.DocumentBuilderFactory;

/* loaded from: input_file:com/mogic/util/xml/XmlUtils.class */
public class XmlUtils {
    public static String objectToXml(Object obj, String str) {
        XStream xStream = new XStream(new DomDriver(str));
        xStream.alias(AnnotationUtils.getXml(obj.getClass()), obj.getClass());
        return xStream.toXML(obj);
    }

    public static <T> T xmlToObject(String str, Class<T> cls, String str2) throws IllegalAccessException, InstantiationException {
        try {
            str = filterXXE(str);
        } catch (Exception e) {
            e.printStackTrace();
        }
        if (null == str || "".equals(str)) {
            return null;
        }
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        newInstance.setFeature("http://xml.org/sax/features/external-general-entities", false);
        newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        newInstance.setXIncludeAware(false);
        newInstance.setExpandEntityReferences(false);
        T newInstance2 = cls.newInstance();
        XStream xStream = new XStream(new DomDriver(str2));
        xStream.ignoreUnknownElements();
        xStream.alias(AnnotationUtils.getXml(cls), cls);
        return (T) xStream.fromXML(str, newInstance2);
    }

    public static String filterXXE(String str) {
        return str.replace("DOCTYPE", "").replace("SYSTEM", "").replace("ENTITY", "").replace("PUBLIC", "");
    }
}
