package com.contrastsecurity.agent.plugins.rasp.i;

import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.u;
import com.contrastsecurity.agent.plugins.rasp.ah;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.agent.util.ObjectShare;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.ref.WeakReference;
import java.lang.reflect.InvocationTargetException;
import java.security.ProtectionDomain;

/* compiled from: SpringSessionContext.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/i/f.class */
public class f extends c {
    private WeakReference<Class<?>> c;
    private WeakReference<Class<?>> d;
    private static final String e = "SpringSesionContext.getUserDetailsClass";
    private static final String f = "SpringSesionContext.getSecurityContextHolderClass";
    private static final String g = "SpringSesionContext.getUsername";
    private static final String h = "org.springframework.security.core.context.SecurityContextHolder";
    private static final String i = "org.springframework.security.core.userdetails.UserDetails";
    static final String b = "SPRING_SECURITY_CONTEXT";
    private static final Logger j = LoggerFactory.getLogger(f.class);

    @Override // com.contrastsecurity.agent.plugins.rasp.i.c
    public void a(String str, ClassLoader classLoader, ProtectionDomain protectionDomain) {
        if (this.a || !h.equals(str)) {
            return;
        }
        this.a = true;
    }

    private Class<?> b() {
        if (this.c == null || this.c.get() == null) {
            try {
                this.c = new WeakReference<>(Class.forName(h, true, Thread.currentThread().getContextClassLoader()));
            } catch (Throwable th) {
                com.contrastsecurity.agent.h.e.a(f, j, "Unable to reflect out SecurityContextHolder for Spring Session analysis.", th);
                return null;
            }
        }
        return this.c.get();
    }

    private Class<?> c() {
        if (this.d == null || this.d.get() == null) {
            try {
                this.d = new WeakReference<>(Class.forName(i, true, Thread.currentThread().getContextClassLoader()));
            } catch (Throwable th) {
                com.contrastsecurity.agent.h.e.a(e, j, "Unable to reflect out UserDetails for Spring Session analysis. Could be that different Details are used.", th);
                return null;
            }
        }
        return this.d.get();
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.i.c
    public String a(HttpRequest httpRequest, u uVar) {
        Object a;
        Object b2;
        String str = null;
        Object obj = null;
        try {
            if (uVar != null) {
                obj = uVar.a(b);
            } else {
                Class<?> b3 = b();
                if (b3 != null) {
                    obj = a(b3);
                }
            }
            if (obj != null && (a = a(obj)) != null && (b2 = b(a)) != null) {
                str = c(b2);
            }
        } catch (Throwable th) {
            com.contrastsecurity.agent.h.e.a(g, j, "Unable to reflect Session out of Spring SecurityContextHolder", th);
        }
        return str;
    }

    private Object a(Class<?> cls) throws ClassNotFoundException, NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        return N.d(cls, "getContext").invoke(null, ObjectShare.EMPTY_OBJ_ARRAY);
    }

    private Object a(Object obj) throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        return N.d(obj.getClass(), "getAuthentication").invoke(obj, ObjectShare.EMPTY_OBJ_ARRAY);
    }

    private Object b(Object obj) throws NoSuchMethodException, SecurityException, IllegalAccessException, IllegalArgumentException, InvocationTargetException {
        return N.d(obj.getClass(), "getPrincipal").invoke(obj, ObjectShare.EMPTY_OBJ_ARRAY);
    }

    private String c(Object obj) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
        Class<?> c = c();
        return (c == null || !c.isInstance(obj)) ? ah.a(obj) : (String) N.d(obj.getClass(), "getUsername").invoke(obj, ObjectShare.EMPTY_OBJ_ARRAY);
    }
}
