package com.contrastsecurity.agent.plugins.protect.g;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.core.ContrastAgent;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.logging.d;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.ProtectRuleSampleDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.details.UserInputDTM;
import com.contrastsecurity.agent.messages.server.activity.protect.ServerProtectActivityDTM;
import com.contrastsecurity.agent.messages.server.features.protect.IPFilterDTM;
import com.contrastsecurity.agent.messages.server.features.protect.LogEnhancerDTM;
import com.contrastsecurity.agent.messages.server.features.protect.LogLevel;
import com.contrastsecurity.agent.messages.server.features.protect.LogType;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.agent.plugins.protect.ac;
import com.contrastsecurity.agent.u;
import com.contrastsecurity.agent.u.C0463z;
import com.contrastsecurity.agent.util.N;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.ref.WeakReference;
import java.net.InetAddress;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.Locale;
import java.util.Objects;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;

/* compiled from: LogEnhancer.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/g/c.class */
public final class c implements d.a {
    private final ApplicationManager k;
    private final com.contrastsecurity.agent.config.e l;
    private final HttpManager m;

    @u
    public String a;
    private final n n;
    private final com.contrastsecurity.agent.commons.c o;
    private final ScheduledExecutorService p;
    private final C0463z q;
    private ScheduledFuture<?> r;
    private boolean s;
    private boolean t;
    private boolean u = true;
    private static final int w = 200;
    private static final String x = "-";
    private static final String y = "CEF:0|Contrast Security|Contrast Agent Java|";
    private static final char z = '|';
    private static final String A = "bli";
    private static final String B = "vpi";
    private static final String C = "bbi";
    private static final String D = "lei";
    private static final String E = "pri";
    private static final String F = "src";
    private static final String G = "spt";
    private static final String H = "request";
    private static final String I = "requestMethod";
    private static final String J = "app";
    private static final String K = "dvchost";
    private static final String L = "outcome=";
    private static final String M = "INEFFECTIVE";
    private static final String N = "EXPLOITED";
    private static final String O = "SUSPICIOUS";
    private static final String P = "BLOCKED";
    private static final String Q = "outcome=success";
    private static final String R = " - ";
    static final String b = " had a value that successfully exploited ";
    static final String c = " had a value that that was marked suspicious ";
    static final String d = " had a value that matched a signature for, but did not successfully exploit, ";
    static final String e = " had a value that matched an attack signature for ";
    static final String f = " had a value worth watching for an attack signature for ";
    static final String g = " had a safe value that did not match an attack signature for ";
    static final String h = "An effective attack was detected against ";
    static final String i = "An unsuccessful attack was detected against ";
    static final String j = "Coming from Contrast";
    private static final DateTimeFormatter v = DateTimeFormatter.ofPattern("MMM dd yyyy HH:mm:ss.SSSZ").withLocale(Locale.getDefault()).withZone(ZoneId.systemDefault());
    private static final Logger S = LoggerFactory.getLogger((Class<?>) c.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: LogEnhancer.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/g/c$a.class */
    public static final class a implements Runnable {
        private final com.contrastsecurity.agent.commons.c a;
        private final WeakReference<n> b;
        private final String c;

        a(com.contrastsecurity.agent.commons.c cVar, WeakReference<n> weakReference, String str) {
            this.a = cVar;
            this.b = weakReference;
            this.c = str;
        }

        @Override // java.lang.Runnable
        public void run() {
            n nVar = this.b.get();
            if (nVar == null) {
                return;
            }
            nVar.d(c.a(this.a, LogType.HEARTBEAT, c.j, this.c).toString());
        }
    }

    @Inject
    public c(ApplicationManager applicationManager, com.contrastsecurity.agent.config.e eVar, HttpManager httpManager, n nVar, ScheduledExecutorService scheduledExecutorService, C0463z c0463z, com.contrastsecurity.agent.commons.c cVar) {
        this.k = applicationManager;
        this.l = eVar;
        this.m = httpManager;
        this.p = scheduledExecutorService;
        this.n = nVar;
        this.o = cVar;
        this.q = c0463z;
        a(this.n, eVar);
    }

    void a(n nVar, com.contrastsecurity.agent.config.e eVar) {
        boolean c2 = eVar.c(ConfigProperty.CEF_SYSLOGGER_ENABLE);
        boolean c3 = eVar.c(ConfigProperty.CEF_SYSLOGGER_HEARTBEAT);
        if (this.u) {
            this.u = false;
        } else if (this.s != c2 || this.t != c3) {
            S.info("The syslog and/or heartbeat configuration has changed.  Syslog enabled: previous: {} new: {}  Heartbeat enabled: previous: {} new: {}", Boolean.valueOf(this.s), Boolean.valueOf(c2), Boolean.valueOf(this.t), Boolean.valueOf(c3));
        }
        this.s = c2;
        this.t = c3;
        a();
        if (c2 && c3) {
            int d2 = eVar.d(ConfigProperty.CEF_SYSLOGGER_HEARTBEAT_INTERVAL);
            if (d2 <= 0) {
                S.error("Syslog heartbeat disabled (interval was <= 0, requires a positive value)");
                return;
            }
            synchronized (this.p) {
                if (this.r == null) {
                    S.info("Syslog heartbeat starting");
                    this.r = this.p.scheduleAtFixedRate(new a(this.o, new WeakReference(nVar), b()), 0L, d2, TimeUnit.MILLISECONDS);
                }
            }
        }
    }

    @u
    void a() {
        synchronized (this.p) {
            if (this.r != null) {
                this.r.cancel(true);
                this.r = null;
                S.info("Syslog heartbeat disabled");
            }
        }
    }

    @Override // com.contrastsecurity.agent.logging.d.a
    public void a(com.contrastsecurity.agent.config.e eVar) {
        a(this.n, (com.contrastsecurity.agent.config.e) Objects.requireNonNull(eVar));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(LogEnhancerDTM logEnhancerDTM, String str, String str2, Object obj, Object[] objArr, String str3, Object obj2) {
        LogLevel level = logEnhancerDTM.getLevel();
        LogType type = logEnhancerDTM.getType();
        if (this.n.a(level, type)) {
            this.n.a(level, type, b(logEnhancerDTM, str, str2, obj, objArr, str3, obj2));
        }
    }

    public <T> void a(ProtectRuleId protectRuleId, ProtectRuleSampleDTM<T> protectRuleSampleDTM) {
        if (this.n.a()) {
            String a2 = a(protectRuleId, protectRuleSampleDTM.getResult(), protectRuleSampleDTM.getInput(), true);
            if (protectRuleSampleDTM.isBlocked()) {
                this.n.b(a2);
            } else {
                this.n.a(a2);
            }
        }
    }

    public void a(ProtectRuleId protectRuleId, UserInputDTM userInputDTM, AttackResult attackResult) {
        if (this.n.a()) {
            this.n.c(a(protectRuleId, attackResult, userInputDTM, false));
        }
    }

    public void a(ProtectRuleId protectRuleId, String str, String str2, String str3) {
        if (this.n.a(LogLevel.DEBUG, LogType.AUDIT)) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.DEBUG, str + ' ' + ac.a(str2) + e + protectRuleId + R + ac.a(str3), E, protectRuleId.id());
            a2.append(' ');
            a2.append(Q);
            this.n.a(LogLevel.DEBUG, LogType.AUDIT, a2.toString());
        }
    }

    public void b(ProtectRuleId protectRuleId, String str, String str2, String str3) {
        if (this.n.a(LogLevel.DEBUG, LogType.AUDIT)) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.DEBUG, str + ' ' + ac.a(str2) + f + protectRuleId + R + ac.a(str3), E, protectRuleId.id());
            a2.append(' ');
            a2.append(Q);
            this.n.a(LogLevel.DEBUG, LogType.AUDIT, a2.toString());
        }
    }

    public void c(ProtectRuleId protectRuleId, String str, String str2, String str3) {
        if (this.n.a(LogLevel.TRACE, LogType.AUDIT)) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.TRACE, str + ' ' + ac.a(str2) + g + protectRuleId + R + ac.a(str3), E, protectRuleId.id());
            a2.append(' ');
            a2.append(Q);
            this.n.a(LogLevel.TRACE, LogType.AUDIT, a2.toString());
        }
    }

    public void a(IPFilterDTM iPFilterDTM, String str) {
        if (this.n.a()) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.WARN, b(iPFilterDTM, str), A, String.valueOf(iPFilterDTM.getId()));
            a2.append(' ');
            a2.append(Q);
            this.n.b(a2.toString());
        }
    }

    private String b(IPFilterDTM iPFilterDTM, String str) {
        return "IP Address " + str + " matched the disallowed value " + iPFilterDTM.getIp() + " in the IP Denylist " + iPFilterDTM.getUuid();
    }

    public void a(String str) {
        if (this.n.a()) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.WARN, "The Virtual Patch " + str + " was triggered.", B, str);
            a2.append(' ');
            a2.append(Q);
            this.n.b(a2.toString());
        }
    }

    public void a(String str, String str2) {
        if (this.n.a()) {
            StringBuilder a2 = a(LogType.SECURITY, LogLevel.WARN, b(str, str2), C, str2);
            a2.append(' ');
            a2.append(Q);
            this.n.b(a2.toString());
        }
    }

    private String b(String str, String str2) {
        return "User Agent " + str + " matched the disallowed value " + str2 + " in the bot blocker";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(long j2, ServerProtectActivityDTM serverProtectActivityDTM) {
        serverProtectActivityDTM.getLogEnhancers().computeIfAbsent(Long.valueOf(j2), l -> {
            return new AtomicInteger(1);
        }).getAndIncrement();
    }

    @u
    static String a(UserInputDTM.InputType inputType) {
        switch (inputType) {
            case BODY:
                return "The body segment";
            case COOKIE_NAME:
            case COOKIE_VALUE:
                return "The cookie";
            case HEADER:
                return "The header";
            case PARAMETER_NAME:
            case PARAMETER_VALUE:
                return "The parameter";
            case QUERYSTRING:
                return "The querystring";
            case URI:
                return "The URI";
            case SOCKET:
                return "The socket";
            case JSON_VALUE:
            case JSON_ARRAYED_VALUE:
                return "The JSON";
            case MULTIPART_CONTENT_TYPE:
                return "The content-type of the multipart";
            case MULTIPART_VALUE:
                return "The value of the multipart";
            case DWR_VALUE:
                return "The DWR parameter";
            case MULTIPART_FIELD_NAME:
                return "The multipart field name";
            case MULTIPART_NAME:
                return "The multipart name";
            case XML_VALUE:
                return "The XML";
            default:
                return "The input";
        }
    }

    @u
    <T> String a(ProtectRuleId protectRuleId, AttackResult attackResult, UserInputDTM userInputDTM, boolean z2) {
        StringBuilder sb = new StringBuilder(256);
        String id = protectRuleId.id();
        if (userInputDTM != null) {
            sb.append(a(userInputDTM.getType()));
            sb.append(' ');
            String name = userInputDTM.getName();
            if (name == null) {
                name = userInputDTM.getType().toString();
            }
            sb.append(ac.a(name));
            if (attackResult == AttackResult.SUSPICIOUS) {
                sb.append(c);
            } else if (attackResult == AttackResult.PROBED) {
                sb.append(d);
            } else {
                sb.append(b);
            }
            sb.append(id);
            sb.append(R);
            sb.append(ac.a(userInputDTM.getValue()));
        } else if (z2) {
            sb.append(h);
            sb.append(id);
        } else {
            sb.append(i);
            sb.append(id);
        }
        StringBuilder a2 = a(LogType.SECURITY, LogLevel.WARN, sb.toString(), E, id);
        a2.append(' ');
        a2.append(L);
        if (attackResult == AttackResult.SUSPICIOUS) {
            a2.append(O);
        } else if (attackResult == AttackResult.PROBED) {
            a2.append(M);
        } else if (attackResult == AttackResult.EXPLOITED) {
            a2.append(N);
        } else {
            a2.append(P);
        }
        return a2.toString();
    }

    @u
    String b(LogEnhancerDTM logEnhancerDTM, String str, String str2, Object obj, Object[] objArr, String str3, Object obj2) {
        StringBuilder a2 = a(logEnhancerDTM.getType(), logEnhancerDTM.getLevel(), ac.a(m.a(logEnhancerDTM, str, str2, obj, objArr, str3, obj2)), D, String.valueOf(logEnhancerDTM.getId()));
        a2.append(' ');
        a2.append(Q);
        return a2.toString();
    }

    @u
    public StringBuilder a(LogType logType, LogLevel logLevel, String str, String str2, String str3) {
        if (str == null) {
            str = "";
        }
        if (!StringUtils.isEmpty(str)) {
            str = str.replace("\\", "\\\\").replace("|", "\\|").replace("=", "\\=");
        }
        Application current = this.k.current();
        String str4 = "-";
        if (current != null) {
            String name = current.getName();
            if (StringUtils.isNotBlank(name)) {
                str4 = name;
            }
        }
        HttpRequest currentRequest = this.m.getCurrentRequest();
        String str5 = "-";
        String str6 = "-";
        String str7 = "-";
        String str8 = "-";
        if (currentRequest != null) {
            str5 = currentRequest.getUri().replace(" ", "<space>");
            String[] xForwardedFor = currentRequest.getXForwardedFor();
            str6 = xForwardedFor != null ? N.a(xForwardedFor) : currentRequest.getRemoteIp();
            str7 = String.valueOf(currentRequest.getPort());
            str8 = currentRequest.getMethod();
        }
        StringBuilder a2 = a(this.o, logType, str, b());
        a2.append('|');
        a2.append(logLevel);
        a2.append('|');
        a2.append(str2);
        a2.append('=');
        a2.append(str3);
        a2.append(' ');
        a2.append(F);
        a2.append('=');
        a2.append(str6);
        a2.append(' ');
        a2.append(G);
        a2.append('=');
        a2.append(str7);
        a2.append(' ');
        a2.append(H);
        a2.append('=');
        a2.append(str5);
        a2.append(' ');
        a2.append(I);
        a2.append('=');
        a2.append(str8);
        a2.append(' ');
        a2.append(J);
        a2.append('=');
        a2.append(str4);
        if (this.l.c(ConfigProperty.CEF_SYSLOGGER_SERVER_INFO_ENABLE)) {
            a2.append(' ');
            a2.append("contrastAgentServer");
            a2.append('=');
            a2.append(this.q.a());
            a2.append(' ');
            a2.append(K);
            a2.append('=');
            a2.append(this.q.e());
        }
        return a2;
    }

    @u
    static StringBuilder a(com.contrastsecurity.agent.commons.c cVar, LogType logType, String str, String str2) {
        return new StringBuilder(200 + str.length()).append(v.format(Instant.ofEpochMilli(cVar.a()))).append(' ').append(str2).append(' ').append(y).append(ContrastAgent.getBuildVersion()).append('|').append(logType).append('|').append(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v2 */
    /* JADX WARN: Type inference failed for: r0v4, types: [com.contrastsecurity.agent.plugins.protect.g.c] */
    private String b() {
        ?? r0 = this.a;
        if (r0 == 0) {
            try {
                r0 = this;
                r0.a = InetAddress.getLocalHost().getHostAddress();
            } catch (Exception e2) {
                Throwables.throwIfCritical(e2);
                this.a = "-";
            }
        }
        return this.a;
    }
}
