package com.contrastsecurity.agent.plugins.security.policy;

import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.contrastapi_v1_0.settings.server.ServerSettingsAssessDTM;
import com.contrastsecurity.agent.plugins.security.policy.ContrastPolicy;
import com.contrastsecurity.agent.plugins.security.policy.propagators.Propagator;
import com.contrastsecurity.agent.plugins.security.policy.sources.AbstractClassMatcher;
import com.contrastsecurity.agent.plugins.security.policy.sources.DynamicSource;
import com.contrastsecurity.agent.plugins.security.policy.sources.IMethodExcluder;
import com.contrastsecurity.agent.util.AESUtil;
import com.contrastsecurity.agent.util.P;
import com.contrastsecurity.agent.util.Z;
import com.contrastsecurity.thirdparty.com.google.gson.Gson;
import com.contrastsecurity.thirdparty.io.micrometer.core.instrument.binder.BaseUnits;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.time.StopWatch;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.util.ProcessIdUtil;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;

/* compiled from: ContrastPolicyReader.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/policy/f.class */
public final class f {
    private final com.contrastsecurity.agent.config.e a;
    private final com.contrastsecurity.agent.plugins.security.policy.b.b b;
    private final k c;
    private final Gson d;
    private final com.contrastsecurity.agent.plugins.security.policy.propagators.a e;
    private final com.contrastsecurity.agent.plugins.security.policy.propagators.c f;
    private final x g;
    private final boolean h;
    private static final String i = "R";
    private static final String j = "Unknown Framework";
    private static final Logger k = LoggerFactory.getLogger((Class<?>) f.class);

    @Inject
    public f(com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.plugins.security.policy.propagators.c cVar, com.contrastsecurity.agent.plugins.security.policy.propagators.a aVar, Gson gson) {
        this(eVar, cVar, new k(), new com.contrastsecurity.agent.plugins.security.policy.b.b(), new x(), aVar, gson, false);
    }

    @com.contrastsecurity.agent.u
    public f(com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.plugins.security.policy.propagators.c cVar, k kVar, com.contrastsecurity.agent.plugins.security.policy.b.b bVar, x xVar, com.contrastsecurity.agent.plugins.security.policy.propagators.a aVar, Gson gson, boolean z) {
        this.a = (com.contrastsecurity.agent.config.e) Objects.requireNonNull(eVar);
        this.b = (com.contrastsecurity.agent.plugins.security.policy.b.b) Objects.requireNonNull(bVar);
        this.c = (k) Objects.requireNonNull(kVar);
        this.f = (com.contrastsecurity.agent.plugins.security.policy.propagators.c) Objects.requireNonNull(cVar);
        this.g = (x) Objects.requireNonNull(xVar);
        this.e = (com.contrastsecurity.agent.plugins.security.policy.propagators.a) Objects.requireNonNull(aVar);
        this.d = (Gson) Objects.requireNonNull(gson);
        this.h = z;
    }

    @com.contrastsecurity.agent.u
    public ContrastPolicy a(com.contrastsecurity.agent.q.d... dVarArr) throws r {
        return a((ServerSettingsAssessDTM) null, Arrays.asList(dVarArr));
    }

    @com.contrastsecurity.agent.u
    public ContrastPolicy a(ServerSettingsAssessDTM serverSettingsAssessDTM, com.contrastsecurity.agent.q.d... dVarArr) throws r {
        return a(serverSettingsAssessDTM, Arrays.asList(dVarArr));
    }

    public ContrastPolicy a(ServerSettingsAssessDTM serverSettingsAssessDTM, List<com.contrastsecurity.agent.q.d> list) throws r {
        ContrastPolicy.Builder builder = ContrastPolicy.builder(0, "master", this.e);
        a(builder, list);
        builder.applyFeatures(serverSettingsAssessDTM);
        return builder.build();
    }

    private void a(ContrastPolicy.Builder builder, List<com.contrastsecurity.agent.q.d> list) throws r {
        Iterator<com.contrastsecurity.agent.q.d> it = list.iterator();
        while (it.hasNext()) {
            a(builder, it.next());
        }
    }

    private void a(ContrastPolicy.Builder builder, com.contrastsecurity.agent.q.d dVar) throws r {
        byte[] a = a(dVar);
        StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        a(builder, dVar, a);
        stopWatch.stop();
    }

    @com.contrastsecurity.agent.u
    public byte[] a(com.contrastsecurity.agent.q.d dVar) throws r {
        byte[] d = dVar.d();
        if (dVar.e()) {
            StopWatch stopWatch = new StopWatch();
            stopWatch.start();
            try {
                try {
                    d = AESUtil.decrypt(d);
                    stopWatch.stop();
                } catch (GeneralSecurityException e) {
                    throw new r("Couldn't decrypt hardcoded policy " + dVar.c(), e);
                }
            } catch (Throwable th) {
                stopWatch.stop();
                throw th;
            }
        }
        return d;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [com.contrastsecurity.thirdparty.org.apache.commons.lang.time.StopWatch] */
    /* JADX WARN: Type inference failed for: r0v3 */
    /* JADX WARN: Type inference failed for: r0v6, types: [com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement] */
    XMLElement a(com.contrastsecurity.agent.q.d dVar, byte[] bArr) throws r {
        InputStreamReader inputStreamReader = new InputStreamReader(new ByteArrayInputStream(bArr));
        StopWatch stopWatch = new StopWatch();
        Exception exc = stopWatch;
        exc.start();
        try {
            exc = com.contrastsecurity.agent.y.i.a(inputStreamReader);
            stopWatch.stop();
            k.debug("Took {} to parse policy as XML", stopWatch);
            return exc;
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            throw new r("Failed to parse policy as XML " + dVar, exc);
        }
    }

    ContrastPolicy.Builder a(com.contrastsecurity.agent.q.d dVar, XMLElement xMLElement) throws r {
        if (xMLElement != null && "policies".equals(xMLElement.getName())) {
            xMLElement = Z.a(xMLElement, "policy");
        }
        if (xMLElement == null || !xMLElement.getName().equals("policy")) {
            throw new r(dVar + " does not contain a <policy> element");
        }
        return b(dVar, xMLElement);
    }

    @com.contrastsecurity.agent.u
    public void a(ContrastPolicy.Builder builder, com.contrastsecurity.agent.q.d dVar, byte[] bArr) throws r {
        builder.merge(a(dVar, a(dVar, bArr)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v154, types: [com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement] */
    /* JADX WARN: Type inference failed for: r0v155 */
    /* JADX WARN: Type inference failed for: r0v159, types: [com.contrastsecurity.agent.plugins.security.policy.x] */
    /* JADX WARN: Type inference failed for: r0v162, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v242, types: [com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement] */
    /* JADX WARN: Type inference failed for: r0v243 */
    /* JADX WARN: Type inference failed for: r0v247, types: [com.contrastsecurity.agent.plugins.security.policy.propagators.c] */
    /* JADX WARN: Type inference failed for: r0v250, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v67, types: [java.lang.Object, com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement] */
    /* JADX WARN: Type inference failed for: r0v68 */
    /* JADX WARN: Type inference failed for: r0v69, types: [com.contrastsecurity.thirdparty.org.slf4j.Logger] */
    /* JADX WARN: Type inference failed for: r0v76, types: [com.contrastsecurity.agent.plugins.security.policy.ContrastPolicy$Builder] */
    private ContrastPolicy.Builder b(com.contrastsecurity.agent.q.d dVar, XMLElement xMLElement) throws r {
        XMLElement a;
        XMLElement a2;
        XMLElement a3;
        XMLElement a4;
        k.debug("Scanning policy {} with id {}", dVar.c(), Integer.valueOf(dVar.b()));
        ContrastPolicy.Builder builder = new ContrastPolicy.Builder(dVar.b(), dVar.c(), this.e);
        String b = this.a.b(ConfigProperty.DISABLEDSOURCES);
        String b2 = this.a.b(ConfigProperty.DISABLEDPROPAGATORS);
        if (this.a.c(ConfigProperty.TAGS)) {
            for (XMLElement xMLElement2 : Z.b(Z.a(xMLElement, "tag-lists"), "tag-list")) {
                ArrayList arrayList = new ArrayList();
                String attribute = xMLElement2.getAttribute(StructuredDataLookup.ID_KEY, (String) null);
                String attribute2 = xMLElement2.getAttribute("name", (String) null);
                List<XMLElement> b3 = Z.b(xMLElement2, "method");
                String[] a5 = P.a(xMLElement2.getAttribute("tags", (String) null));
                String[] a6 = P.a(xMLElement2.getAttribute("untags", (String) null));
                TagList tagList = new TagList();
                tagList.setId(attribute);
                tagList.setName(attribute2);
                tagList.setTagListTags(a5);
                tagList.setUntags(a6);
                tagList.setTaggers(arrayList);
                int i2 = 0;
                for (XMLElement xMLElement3 : b3) {
                    Tagger tagger = new Tagger(builder.getId(), builder.getLocation(), attribute + ProcessIdUtil.DEFAULT_PROCESSID + i2, n.b(xMLElement3.getAttribute("target", "R")), new u(v.a(xMLElement3.getAttribute("signature", (String) null), w.a(xMLElement3), false, false)));
                    tagger.setUnwantedInheritors(this.c.i(xMLElement3));
                    tagger.setDeep("true".equalsIgnoreCase(xMLElement3.getAttribute("deep", (String) null)));
                    tagger.setSourceFilter("true".equalsIgnoreCase(xMLElement3.getAttribute("source-filter", (String) null)));
                    tagger.setGroupId(attribute);
                    tagger.setMethodGroup(tagList);
                    arrayList.add(tagger);
                    i2++;
                }
                builder.addTagList(tagList);
            }
        }
        if (this.a.c(ConfigProperty.RULES)) {
            Iterator<XMLElement> it = Z.b(Z.a(xMLElement, "rules"), "rule").iterator();
            while (it.hasNext()) {
                builder.addRule(new s(this.a, this.d).a(builder.getId(), it.next()));
            }
        }
        if (this.a.c(ConfigProperty.PROPAGATORS)) {
            for (XMLElement xMLElement4 : Z.b(Z.a(xMLElement, "propagators"), "method")) {
                try {
                    Propagator a7 = this.f.a(builder.getId(), builder.getLocation(), xMLElement4);
                    xMLElement4 = a7.isEnabled();
                    if (xMLElement4 != 0 && (b2 == null || !b2.contains(a7.getId()))) {
                        builder.addPropagators(Collections.singletonList(a7));
                    }
                } catch (Exception e) {
                    Throwables.throwIfCritical(e);
                    Exception exc = xMLElement4;
                    k.error("Problem parsing propagator", (Throwable) exc);
                    a(exc);
                }
            }
        }
        if (this.a.c(ConfigProperty.ANNOTATIONS) && (a4 = Z.a(xMLElement, "framework-annotations")) != null) {
            String attribute3 = a4.getAttribute("framework-name", j);
            if (attribute3.equals(j)) {
                k.debug("Adding request annotations, but not parameter annotations, for unknown framework.");
            } else {
                XMLElement a8 = Z.a(a4, "param-annotations");
                if (a8 != null) {
                    Iterator<XMLElement> it2 = Z.b(a8, "param-annotation").iterator();
                    while (it2.hasNext()) {
                        String attribute4 = it2.next().getAttribute("annotation", (String) null);
                        if (!StringUtils.isEmpty(attribute4)) {
                            builder.addParameterAnnotation(attribute3, attribute4);
                        }
                    }
                }
            }
            Iterator<XMLElement> it3 = Z.b(a4, "method").iterator();
            while (it3.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.b.a a9 = this.b.a(builder.getId(), it3.next());
                if (a9 != null) {
                    a9.c(attribute3);
                    builder.addFrameworkAnnotation(a9);
                }
            }
        }
        if (this.a.c(ConfigProperty.DEADZONES)) {
            Iterator<XMLElement> it4 = Z.b(Z.a(xMLElement, "deadzones"), "method").iterator();
            while (it4.hasNext()) {
                builder.addDeadzone(a(it4.next(), builder));
            }
        }
        if (this.a.c(ConfigProperty.SOURCES)) {
            boolean z = !this.a.c(ConfigProperty.WEBSERVICE_RESPONSE_TRACK);
            XMLElement a10 = Z.a(xMLElement, "sources");
            for (XMLElement xMLElement5 : Z.b(a10, "method")) {
                try {
                    SourceNode a11 = this.g.a(builder.getId(), builder.getLocation(), xMLElement5);
                    xMLElement5 = a11.isEnabled();
                    if (xMLElement5 != 0) {
                        Set<y> sourceTypes = a11.getSourceTypes();
                        if (!(z && sourceTypes != null && (sourceTypes.contains(y.WEBSERVICE_BODY) || sourceTypes.contains(y.WEBSERVICE_HEADER)))) {
                            if (b == null || !b.contains(a11.getId())) {
                                builder.addSource(a11);
                            }
                        }
                    }
                } catch (Exception e2) {
                    Throwables.throwIfCritical(e2);
                    Exception exc2 = xMLElement5;
                    k.error("Failed to parse untrusted data source: {}", xMLElement5.getAttribute(StructuredDataLookup.ID_KEY, (String) null), exc2);
                    a(exc2);
                }
            }
            if (this.a.c(ConfigProperty.DYNAMIC_SOURCES)) {
                for (DynamicSource dynamicSource : a(builder, a10)) {
                    if (b == null || !b.contains(dynamicSource.getId())) {
                        builder.addDynamicSource(dynamicSource);
                    }
                }
            }
        }
        if (this.a.c(ConfigProperty.VALIDATORS) && (a3 = Z.a(xMLElement, "validators")) != null) {
            for (XMLElement xMLElement6 : Z.b(a3, "accepted")) {
                List<XMLElement> b4 = Z.b(xMLElement6, "pattern");
                ArrayList arrayList2 = new ArrayList();
                Iterator<XMLElement> it5 = b4.iterator();
                while (it5.hasNext()) {
                    arrayList2.add(it5.next().getContent());
                }
                builder.addAcceptedRegex(xMLElement6.getAttribute("tag-name", (String) null), (String[]) arrayList2.toArray(new String[0]));
            }
            for (XMLElement xMLElement7 : Z.b(a3, "rejected")) {
                List<XMLElement> b5 = Z.b(xMLElement7, "pattern");
                ArrayList arrayList3 = new ArrayList();
                Iterator<XMLElement> it6 = b5.iterator();
                while (it6.hasNext()) {
                    arrayList3.add(it6.next().getContent());
                }
                builder.addRejectedRegex(xMLElement7.getAttribute("tag-name", (String) null), (String[]) arrayList3.toArray(new String[0]));
            }
        }
        if (this.a.c(ConfigProperty.VALIDATOR_SCOPES) && (a2 = Z.a(xMLElement, "validator-scopes")) != null) {
            for (XMLElement xMLElement8 : Z.b(a2, "signature")) {
                try {
                    ValidatorScope validatorScope = new ValidatorScope(builder.getId(), xMLElement8.getContent(), w.a(xMLElement8));
                    xMLElement8 = builder;
                    xMLElement8.addValidatorScope(validatorScope);
                } catch (Exception e3) {
                    Throwables.throwIfCritical(e3);
                    Exception exc3 = xMLElement8;
                    k.error("Problem adding validator scope: {}", xMLElement8, exc3);
                    a(exc3);
                }
            }
        }
        if (this.a.c(ConfigProperty.INTERN_PREVENTION_SCOPES) && (a = Z.a(xMLElement, "intern-prevention-scopes")) != null) {
            for (XMLElement xMLElement9 : Z.b(a, "signature")) {
                try {
                    builder.addInternPreventionScope(new m(builder.getId(), xMLElement9.getContent(), w.a(xMLElement9)));
                } catch (r e4) {
                    k.error("Problem adding intern prevention scope: {}", xMLElement9, e4);
                    a(e4);
                }
            }
        }
        return builder;
    }

    private void a(Exception exc) throws r {
        if (this.h) {
            if (!(exc instanceof r)) {
                throw new r(exc);
            }
            throw ((r) exc);
        }
    }

    private j a(XMLElement xMLElement, ContrastPolicy.Builder builder) throws l {
        j jVar = new j(builder.getId(), xMLElement.getAttribute("signature", (String) null), w.a(xMLElement));
        jVar.setInheritancePreference(InheritancePreference.fromString(xMLElement.getAttribute("inherit", "NONE")));
        jVar.setUnwantedInheritors(this.c.i(xMLElement));
        jVar.setEnabled(true);
        return jVar;
    }

    private static List<DynamicSource> a(ContrastPolicy.Builder builder, XMLElement xMLElement) throws r {
        ArrayList arrayList = new ArrayList();
        XMLElement a = Z.a(xMLElement, "dynamic-sources");
        if (a != null) {
            Iterator<XMLElement> it = Z.b(a, "dynamic-source").iterator();
            while (it.hasNext()) {
                arrayList.add(b(builder, it.next()));
            }
        }
        return arrayList;
    }

    private static DynamicSource b(ContrastPolicy.Builder builder, XMLElement xMLElement) throws r {
        String attribute = xMLElement.getAttribute(StructuredDataLookup.ID_KEY, (String) null);
        if (attribute == null) {
            throw new r("Dynamic source entry has no 'id' attribute");
        }
        DynamicSource dynamicSource = new DynamicSource(builder.getId(), attribute);
        XMLElement a = Z.a(xMLElement, BaseUnits.CLASSES);
        if (a == null) {
            throw new r("Dynamic source '" + attribute + "' has no 'classes' list");
        }
        dynamicSource.setMatchers((AbstractClassMatcher[]) b(a).toArray(new AbstractClassMatcher[0]));
        ArrayList arrayList = new ArrayList();
        Iterator<XMLElement> it = Z.b(xMLElement, "method-exclusion").iterator();
        while (it.hasNext()) {
            arrayList.add(a(it.next()));
        }
        dynamicSource.setExcluders((IMethodExcluder[]) arrayList.toArray(new IMethodExcluder[0]));
        return dynamicSource;
    }

    private static IMethodExcluder a(XMLElement xMLElement) throws r {
        String attribute = xMLElement.getAttribute(StructuredDataLookup.TYPE_KEY, (String) null);
        String content = xMLElement.getContent();
        if ("annotation".equals(attribute)) {
            return new com.contrastsecurity.agent.plugins.security.policy.sources.b(content);
        }
        if ("regex".equals(attribute) || attribute == null) {
            return new com.contrastsecurity.agent.plugins.security.policy.sources.e(Pattern.compile("^" + content + "$"));
        }
        throw new r("Method excluder of Dynamic Source has invalid type value '" + attribute + "'");
    }

    private static List<AbstractClassMatcher> b(XMLElement xMLElement) {
        ArrayList arrayList = new ArrayList();
        for (XMLElement xMLElement2 : Z.b(xMLElement, "extends")) {
            boolean z = false;
            String attribute = xMLElement2.getAttribute("includeStatic", (String) null);
            if (attribute != null && a(attribute)) {
                z = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.c(xMLElement2.getContent(), z));
        }
        for (XMLElement xMLElement3 : Z.b(xMLElement, "pattern")) {
            boolean z2 = false;
            String attribute2 = xMLElement3.getAttribute("includeStatic", (String) null);
            if (attribute2 != null && a(attribute2)) {
                z2 = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.d(Pattern.compile("^" + xMLElement3.getContent() + "$"), z2));
        }
        for (XMLElement xMLElement4 : Z.b(xMLElement, "annotated")) {
            boolean z3 = false;
            String attribute3 = xMLElement4.getAttribute("includeStatic", (String) null);
            if (attribute3 != null && a(attribute3)) {
                z3 = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.a(xMLElement4.getContent(), z3));
        }
        return arrayList;
    }

    private static boolean a(String str) {
        return "true".equalsIgnoreCase(str) || "yes".equalsIgnoreCase(str);
    }
}
