package com.contrastsecurity.agent.plugins.rasp.rules.paddingoracle;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.InterfaceC0103d;
import com.contrastsecurity.agent.plugins.rasp.RaspManager;
import com.contrastsecurity.agent.plugins.rasp.Y;
import com.contrastsecurity.agent.plugins.rasp.aa;
import com.contrastsecurity.agent.plugins.rasp.rules.paddingoracle.b;
import com.contrastsecurity.agent.plugins.rasp.rules.paddingoracle.o;
import com.contrastsecurity.agent.util.W;
import com.contrastsecurity.thirdparty.com.googlecode.concurrentlinkedhashmap.ConcurrentLinkedHashMap;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpGet;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import javax.crypto.BadPaddingException;

/* compiled from: PaddingOracleRule.java */
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/rules/paddingoracle/l.class */
public final class l extends Y<PaddingOracleDetailsDTM> implements com.contrastsecurity.agent.plugins.rasp.rules.i<PaddingOracleDetailsDTM, ContrastPaddingOracleDispatcher> {
    private final b.a c;
    private final InterfaceC0103d d;
    private final com.contrastsecurity.agent.commons.c e;
    private final com.contrastsecurity.agent.instr.h<ContrastPaddingOracleDispatcher> f;
    private final HttpManager g;
    private final RaspManager h;
    private final o.a i;
    private final Set<Class<?>> j = new HashSet();
    private final Set<String> k;
    private final ConcurrentMap<a, o> l;
    private final aa<PaddingOracleDetailsDTM> m;
    public static final String b = "padding-oracle";
    private static final Logger n = LoggerFactory.getLogger(b);

    @Inject
    public l(b.a aVar, InterfaceC0103d interfaceC0103d, com.contrastsecurity.agent.commons.c cVar, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.instr.h<ContrastPaddingOracleDispatcher> hVar, HttpManager httpManager, RaspManager raspManager, o.a aVar2) {
        this.d = interfaceC0103d;
        this.e = cVar;
        this.f = hVar;
        this.h = raspManager;
        this.j.add(URL.class);
        this.j.add(BadPaddingException.class);
        this.k = new HashSet();
        this.k.add("sun.security.ssl.SSLSocketImpl");
        this.k.add("sun.security.ssl.ClientHandshaker");
        this.k.add("java.util.jar.JarVerifier");
        this.k.add("com.ibm.net.ssl.www2.protocol.https.b");
        this.g = httpManager;
        this.c = aVar;
        this.i = aVar2;
        this.l = new ConcurrentLinkedHashMap.Builder().maximumWeightedCapacity(gVar.c(ContrastProperties.PADDING_ORACLE_ATTACKERS_MAX)).initialCapacity(gVar.c(ContrastProperties.PADDING_ORACLE_ATTACKERS_MAX) / 8).build();
        this.m = aa.a(b, PaddingOracleDetailsDTM.class);
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.f
    public aa<PaddingOracleDetailsDTM> getRuleId() {
        return this.m;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Application application, String str) {
        HttpRequest currentRequest = this.g.getCurrentRequest();
        if (currentRequest == null || !a(currentRequest)) {
            return;
        }
        a a = a.a(application, this.c.a(currentRequest));
        o a2 = this.i.a();
        o putIfAbsent = this.l.putIfAbsent(a, a2);
        o oVar = putIfAbsent == null ? a2 : putIfAbsent;
        if (oVar.a().a() && oVar.b()) {
            boolean canBlock = this.h.canBlock(this);
            this.d.a(this.m, new PaddingOracleDetailsDTM(str), UserInputDTM.builder().documentType(UserInputDTM.InputDocumentType.NORMAL).time(this.e.a()).value("").type(UserInputDTM.InputType.UNKNOWN).build(), canBlock ? AttackResult.BLOCKED : AttackResult.EXPLOITED);
        }
    }

    private boolean a(HttpRequest httpRequest) {
        int contentLength = httpRequest.getContentLength();
        boolean z = httpRequest.isParametersResolved() || httpRequest.isMultipartParametersResolved();
        if (contentLength > 0 || !W.a(httpRequest.getQueryString())) {
            return !(HttpGet.METHOD_NAME.equals(httpRequest.getMethod()) || httpRequest.isFormSubmission()) || z;
        }
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onRequestStart(Application application, HttpRequest httpRequest) {
        n.debug("onRequestStart");
        if (this.h.canBlock(this)) {
            o oVar = this.l.get(a.a(application, this.c.a(httpRequest)));
            if (oVar == null || !oVar.a().b()) {
                n.debug("no-block");
            } else {
                n.debug("block");
                throw new AttackBlockedException("Padding Oracle timeout in place");
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.Y
    public void onParametersResolved(HttpRequest httpRequest) {
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.j
    public ClassVisitor onInstrumentingClass(com.contrastsecurity.agent.instr.f<ContrastPaddingOracleDispatcher> fVar, ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if ("javax.crypto.BadPaddingException".equals(instrumentationContext.getClassName())) {
            instrumentationContext.getChanger().addAdapter("BadPaddingVisitor");
            instrumentationContext.setRequiresTransforming(true);
            classVisitor = new g(fVar, instrumentationContext, classVisitor);
        }
        return classVisitor;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean isCodeExclusionSpecialCase() {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return this.j.contains(cls) || this.k.contains(cls.getName());
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public com.contrastsecurity.agent.instr.h<ContrastPaddingOracleDispatcher> getDispatcherRegistration() {
        return this.f;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.rules.i
    public String[] getDeadzones() {
        return new String[]{"java.util.jar.JarVerifier.processEntry(sun.security.util.ManifestEntryVerifier)", "sun.security.ssl.SSLSocketImpl.close", "sun.security.ssl.ClientHandshaker.processMessage", "com.ibm.net.ssl.www2.protocol.https.b.connect", "java.net.URL.openStream", "java.util.jar.JarVerifier.update", "io.netty.handler.SslHandler.decode"};
    }
}
