package com.contrastsecurity.agent.plugins.rasp;

import com.contrastsecurity.agent.Sensor;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.apps.exclusions.f;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.messages.app.activity.defend.UserDTM;
import com.contrastsecurity.agent.messages.app.activity.defend.details.UserInputDTM;
import com.contrastsecurity.agent.messages.app.settings.defend.CommonConfigProtectionMode;
import com.contrastsecurity.agent.messages.app.settings.defend.ProtectionModeDTM;
import com.contrastsecurity.agent.messages.server.features.DefendFeatures;
import com.contrastsecurity.agent.messages.server.features.defend.LogEnhancerDTM;
import com.contrastsecurity.agent.util.C0220q;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;

@Sensor
/* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/RaspManager.class */
public class RaspManager implements U {

    @com.contrastsecurity.agent.A
    static RaspManager a;
    private ProtectionModeDTM b;
    private CommonConfigProtectionMode c;
    private boolean d;
    private final com.contrastsecurity.agent.config.g e;
    private final com.contrastsecurity.agent.commons.r<HttpManager> f;
    private final RaspPlugin g;
    private final com.contrastsecurity.agent.n.j h;
    private final com.contrastsecurity.agent.plugins.rasp.b.c i;
    private ApplicationManager j;
    private com.contrastsecurity.agent.plugins.rasp.c.e k;
    private Collection<Y<?>> l;
    private Map<String, Y<?>> m;
    private List<com.contrastsecurity.agent.plugins.rasp.rules.m<?>> n;
    private List<com.contrastsecurity.agent.plugins.rasp.rules.i<?, ?>> o;
    private List<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> p;
    private final List<com.contrastsecurity.agent.plugins.rasp.i.c> q;
    private Map<Long, LogEnhancerDTM> r;
    private List<C0101b> s;
    private Set<String> t;
    private ThreadLocal<T> u = new ThreadLocal<T>() { // from class: com.contrastsecurity.agent.plugins.rasp.RaspManager.3
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public T initialValue() {
            return new T(RaspManager.this.i);
        }
    };
    private static final Logger v = LoggerFactory.getLogger(RaspManager.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/RaspManager$a.class */
    public static final class a<T extends com.contrastsecurity.agent.plugins.rasp.rules.f<?>> implements com.contrastsecurity.agent.commons.m<T> {
        private final com.contrastsecurity.agent.commons.m<T> a;
        private final RaspManager b;
        private final com.contrastsecurity.agent.n.i c;

        private a(com.contrastsecurity.agent.commons.m<T> mVar, RaspManager raspManager, com.contrastsecurity.agent.n.i iVar) {
            this.a = mVar;
            this.b = raspManager;
            this.c = iVar;
        }

        @Override // com.contrastsecurity.agent.commons.m
        public boolean a(T t) {
            return this.a.a(t) && !this.b.a(t, this.c);
        }
    }

    /* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/RaspManager$b.class */
    private static final class b<T extends com.contrastsecurity.agent.plugins.rasp.rules.h<?>> implements com.contrastsecurity.agent.commons.m<T> {
        private final T a;
        private final UserInputDTM.InputType b;

        private b(T t, UserInputDTM.InputType inputType) {
            this.a = t;
            this.b = inputType;
        }

        @Override // com.contrastsecurity.agent.commons.m
        public boolean a(T t) {
            return t.appliesToInputType(this.b) && !this.a.b(t.getRuleId().a());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/contrast-agent-core.jar:com/contrastsecurity/agent/plugins/rasp/RaspManager$c.class */
    public static final class c<T extends com.contrastsecurity.agent.plugins.rasp.rules.f<?>> implements com.contrastsecurity.agent.commons.m<T> {
        private final RaspManager a;
        private final com.contrastsecurity.agent.n.i b;

        private c(RaspManager raspManager, com.contrastsecurity.agent.n.i iVar) {
            this.a = raspManager;
            this.b = iVar;
        }

        @Override // com.contrastsecurity.agent.commons.m
        public boolean a(T t) {
            return !this.a.a(t, this.b);
        }
    }

    public static void initialize(RaspManager raspManager) {
        if (a != null) {
            throw new IllegalStateException("already have a RaspManager");
        }
        a = raspManager;
    }

    public static RaspManager get() {
        return a;
    }

    public RaspManager(RaspPlugin raspPlugin, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.n.j jVar, com.contrastsecurity.agent.commons.r<HttpManager> rVar) {
        com.contrastsecurity.agent.commons.l.a(raspPlugin);
        com.contrastsecurity.agent.commons.l.a(gVar);
        com.contrastsecurity.agent.commons.l.a(jVar);
        com.contrastsecurity.agent.commons.l.a(rVar);
        this.g = raspPlugin;
        this.e = gVar;
        this.h = jVar;
        this.q = com.contrastsecurity.agent.commons.f.b(new com.contrastsecurity.agent.plugins.rasp.i.a(), new com.contrastsecurity.agent.plugins.rasp.i.b(), new com.contrastsecurity.agent.plugins.rasp.i.d(), new com.contrastsecurity.agent.plugins.rasp.i.e(), new com.contrastsecurity.agent.plugins.rasp.i.f());
        this.i = new com.contrastsecurity.agent.plugins.rasp.b.c();
        if (!gVar.f(ContrastProperties.DEFEND_SINKS)) {
            com.contrastsecurity.agent.util.M.a("Disabling defensive instrumentation sensors. No attacks can be blocked or confirmed exploited.");
        }
        this.f = rVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(com.contrastsecurity.agent.plugins.rasp.c.e eVar) {
        com.contrastsecurity.agent.commons.l.a(eVar);
        if (this.k != null) {
            throw new IllegalStateException("DeadzoneManager has already been initialized");
        }
        this.k = eVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(ApplicationManager applicationManager) {
        com.contrastsecurity.agent.commons.l.a(applicationManager);
        if (this.j != null) {
            throw new IllegalStateException("ApplicationManager has already been initialized");
        }
        this.j = applicationManager;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public void a(Collection<Y<?>> collection) {
        com.contrastsecurity.agent.commons.l.a(collection);
        if (this.l != null) {
            throw new IllegalStateException("rules have already been set");
        }
        if (this.k == null) {
            throw new IllegalStateException("DeadzoneManager has not yet been initialized");
        }
        this.l = collection;
        this.n = new LinkedList();
        this.o = new LinkedList();
        this.p = new LinkedList();
        this.m = new HashMap();
        for (com.contrastsecurity.agent.plugins.rasp.rules.f fVar : this.l) {
            this.m.put(fVar.getRuleId().a(), fVar);
            if (fVar instanceof com.contrastsecurity.agent.plugins.rasp.rules.m) {
                this.n.add((com.contrastsecurity.agent.plugins.rasp.rules.m) fVar);
            }
            if (fVar instanceof com.contrastsecurity.agent.plugins.rasp.rules.i) {
                com.contrastsecurity.agent.plugins.rasp.rules.i<?, ?> iVar = (com.contrastsecurity.agent.plugins.rasp.rules.i) fVar;
                this.o.add(iVar);
                String[] deadzones = iVar.getDeadzones();
                if (deadzones != null && deadzones.length > 0) {
                    this.k.a(fVar.getRuleId().a(), deadzones);
                }
            }
            if (fVar instanceof com.contrastsecurity.agent.plugins.rasp.rules.h) {
                this.p.add((com.contrastsecurity.agent.plugins.rasp.rules.h) fVar);
            }
        }
    }

    public Set<String> getUserTargetedClasses() {
        if (this.t == null && this.s != null) {
            this.t = new HashSet();
            for (int i = 0; i < this.s.size(); i++) {
                C0101b c0101b = this.s.get(i);
                if (c0101b != null) {
                    this.t.add(c0101b.b());
                }
            }
        }
        return this.t;
    }

    public void onServerFeatureUpdate(DefendFeatures defendFeatures) {
        if (defendFeatures != null) {
            List<LogEnhancerDTM> logEnhancers = defendFeatures.getLogEnhancers();
            if (logEnhancers != null) {
                this.r = b(logEnhancers);
                this.s = a(logEnhancers);
                v.info("Enabling log enhancers of size={}", Integer.valueOf(this.s.size()));
            } else {
                this.r = Collections.emptyMap();
                this.s = Collections.emptyList();
                v.info("No log enhancers provided");
            }
        }
    }

    private List<C0101b> a(List<LogEnhancerDTM> list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            for (int i = 0; i < list.size(); i++) {
                arrayList.add(new C0101b(list.get(i)));
            }
        }
        return arrayList;
    }

    private Map<Long, LogEnhancerDTM> b(List<LogEnhancerDTM> list) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < list.size(); i++) {
            LogEnhancerDTM logEnhancerDTM = list.get(i);
            hashMap.put(Long.valueOf(logEnhancerDTM.getId()), logEnhancerDTM);
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<Y<?>> a() {
        return this.l;
    }

    public Iterable<Y<?>> getEnabledRules() {
        return b(this.l);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Iterable<com.contrastsecurity.agent.plugins.rasp.rules.m<?>> b() {
        return b(this.n);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<com.contrastsecurity.agent.plugins.rasp.rules.i<?, ?>> c() {
        return this.o;
    }

    public Iterable<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> getInputAwareRules() {
        return b(this.p);
    }

    public Iterable<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> getInputAwareRules(T t, UserInputDTM.InputType inputType) {
        return getInputAwareRules(new b(t, inputType));
    }

    public Iterable<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> getInputAwareRules(com.contrastsecurity.agent.commons.m<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> mVar) {
        final a aVar = new a(mVar, this, e() ? this.h.a() : null);
        return new Iterable<com.contrastsecurity.agent.plugins.rasp.rules.h<?>>() { // from class: com.contrastsecurity.agent.plugins.rasp.RaspManager.1
            @Override // java.lang.Iterable
            public Iterator<com.contrastsecurity.agent.plugins.rasp.rules.h<?>> iterator() {
                return com.contrastsecurity.agent.commons.e.a(RaspManager.this.p, aVar);
            }
        };
    }

    public List<com.contrastsecurity.agent.plugins.rasp.i.c> getLoginContexts() {
        return this.q;
    }

    <T extends com.contrastsecurity.agent.plugins.rasp.rules.f<?>> Iterable<T> b(final Collection<T> collection) {
        return (Iterable<T>) new Iterable<T>() { // from class: com.contrastsecurity.agent.plugins.rasp.RaspManager.2
            @Override // java.lang.Iterable
            public Iterator<T> iterator() {
                return RaspManager.this.c(collection);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public <T extends com.contrastsecurity.agent.plugins.rasp.rules.f<?>> Iterator<T> c(Collection<T> collection) {
        return com.contrastsecurity.agent.commons.e.a(collection, new c(e() ? this.h.a() : null));
    }

    public boolean isDisabledByCodeExclusion(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar) {
        return isDisabledByCodeExclusion(fVar, this.h.a());
    }

    public boolean isDisabledByCodeExclusion(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar, com.contrastsecurity.agent.n.i iVar) {
        com.contrastsecurity.agent.apps.exclusions.h exclusionProcessor;
        com.contrastsecurity.agent.commons.l.a(fVar);
        com.contrastsecurity.agent.commons.l.a(iVar);
        Application current = this.j.current();
        if (current == null || (exclusionProcessor = current.getExclusionProcessor()) == null) {
            return false;
        }
        return exclusionProcessor.isCodeExclusion(f.a.DEFEND, fVar.getRuleId().a(), iVar);
    }

    private boolean e() {
        com.contrastsecurity.agent.apps.exclusions.h exclusionProcessor;
        Application current = this.j.current();
        if (current == null || (exclusionProcessor = current.getExclusionProcessor()) == null) {
            return false;
        }
        return exclusionProcessor.hasCodeExclusions();
    }

    private boolean a(String str) {
        com.contrastsecurity.agent.apps.exclusions.h exclusionProcessor;
        Application current = this.j.current();
        if (current == null || (exclusionProcessor = current.getExclusionProcessor()) == null) {
            return false;
        }
        return exclusionProcessor.hasCodeExclusion(f.a.DEFEND, str);
    }

    public Y<?> getRuleById(String str) {
        return this.m.get(str);
    }

    public boolean isSinksDisabled() {
        return !this.e.f(ContrastProperties.DEFEND_SINKS);
    }

    public boolean shouldProcessSink() {
        return this.g.isActivated() && this.e.f(ContrastProperties.DEFEND_SINKS);
    }

    public T newContext() {
        T t = new T(this.i);
        this.u.set(t);
        if (v.isDebugEnabled()) {
            v.debug("Created new context {}", com.contrastsecurity.agent.util.W.a(t));
        }
        return t;
    }

    @Override // com.contrastsecurity.agent.plugins.rasp.U
    public T currentContext() {
        return this.u.get();
    }

    public void currentContext(T t) {
        this.u.set(t);
    }

    public static Z<?> getRaspRuleAndContext(String str) {
        if (a == null) {
            v.debug("No RASP manager available for id {}", str);
            return null;
        }
        if (a.isSinksDisabled()) {
            v.debug("Ignoring sinks, returning null");
            return null;
        }
        if (!a.getPlugin().isActivated()) {
            v.debug("Plugin not activated");
            return null;
        }
        T currentContext = a.currentContext();
        if (currentContext == null) {
            v.debug("No RASP context available for id {}", str);
            return null;
        }
        Y<?> ruleById = a.getRuleById(str);
        if (ruleById != null) {
            return a(currentContext, a, ruleById);
        }
        v.debug("No {} rule available", str);
        return null;
    }

    private static <T> Z<T> a(T t, RaspManager raspManager, Y<T> y) {
        Z<T> z = new Z<>();
        z.b = t;
        z.a = raspManager;
        z.c = y;
        return z;
    }

    public LogEnhancerDTM getLogEnhancerById(long j) {
        return this.r.get(Long.valueOf(j));
    }

    public List<C0101b> getLogEnhancers() {
        return this.s;
    }

    private CommonConfigProtectionMode b(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar) {
        return d() != null ? this.c : CommonConfigProtectionMode.fromString(this.e.a(fVar.getModeOverrideKey()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProtectionModeDTM d() {
        if (!this.d) {
            this.d = true;
            String b2 = this.e.b(ContrastProperties.PROTECT_RULE_MODE_OVERRIDE);
            if (!com.contrastsecurity.agent.util.W.a(b2)) {
                this.b = (ProtectionModeDTM) C0220q.a(ProtectionModeDTM.class, b2);
                if (this.b == null) {
                    v.error("Invalid global override setting, will use defaults -- must be off,blocking or monitoring, was: {}", b2);
                } else {
                    this.c = CommonConfigProtectionMode.fromString(this.b.toString());
                }
            }
        }
        return this.b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar) {
        return a(fVar, a(fVar.getRuleId().a()) ? this.h.a() : null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean a(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar, com.contrastsecurity.agent.n.i iVar) {
        if (fVar.isAlwaysOn()) {
            return false;
        }
        if (CommonConfigProtectionMode.OFF == b(fVar) || !shouldProcessSink()) {
            return true;
        }
        T currentContext = currentContext();
        if ((currentContext != null && currentContext.b(fVar.getRuleId().a())) || this.k.a(fVar.getRuleId().a())) {
            return true;
        }
        if (iVar == null) {
            return false;
        }
        if ((fVar instanceof com.contrastsecurity.agent.plugins.rasp.rules.i) && ((com.contrastsecurity.agent.plugins.rasp.rules.i) fVar).isCodeExclusionSpecialCase()) {
            return false;
        }
        return isDisabledByCodeExclusion(fVar, iVar);
    }

    public boolean canBlock(com.contrastsecurity.agent.plugins.rasp.rules.f<?> fVar) {
        CommonConfigProtectionMode b2 = b(fVar);
        return CommonConfigProtectionMode.BLOCK.equals(b2) || CommonConfigProtectionMode.BLOCK_AT_PERIMETER.equals(b2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(com.contrastsecurity.agent.plugins.rasp.rules.h<?> hVar, UserInputDTM.InputType inputType) {
        CommonConfigProtectionMode b2 = b(hVar);
        return b2 == CommonConfigProtectionMode.BLOCK_AT_PERIMETER || (b2 == CommonConfigProtectionMode.BLOCK && hVar.shouldAlwaysBlockAtPerimeter(inputType));
    }

    public boolean hasContextAndSinksAllowed() {
        return currentContext() != null && shouldProcessSink();
    }

    public boolean isScanParameterAsAnything() {
        return this.e.f(ContrastProperties.INSPECT_PARAMETERS_AS_JSON) || this.e.f(ContrastProperties.INSPECT_PARAMETERS_AS_XML);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<com.contrastsecurity.agent.plugins.rasp.c.c> a(InstrumentationContext instrumentationContext) {
        return this.k.a(instrumentationContext);
    }

    public RaspPlugin getPlugin() {
        return this.g;
    }

    public void checkParameterAccess() {
        if (currentContext().d()) {
            throw new AttackBlockedException("Attack already detected in parameters");
        }
    }

    public UserDTM attachUserToSession() {
        UserDTM userDTM = null;
        int i = 0;
        while (true) {
            if (i >= this.q.size()) {
                break;
            }
            com.contrastsecurity.agent.plugins.rasp.i.c cVar = this.q.get(i);
            if (cVar.a()) {
                HttpRequest currentRequest = this.f.a().getCurrentRequest();
                com.contrastsecurity.agent.http.u session = currentRequest.getSession(true);
                userDTM = cVar.b(currentRequest, session);
                if (userDTM != null) {
                    session.a(com.contrastsecurity.agent.plugins.rasp.h.q.a, userDTM);
                    break;
                }
            }
            i++;
        }
        return userDTM;
    }
}
