package com.contrastsecurity.agent.plugins.frameworks.j2ee.jsp.assess;

import com.contrastsecurity.agent.context.ExecutionContext;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.i.a.au;
import com.contrastsecurity.agent.plugins.frameworks.j2ee.J2EEHttpRequest;
import com.contrastsecurity.agent.plugins.security.controller.EventContext;
import com.contrastsecurity.agent.plugins.security.policy.PolicyNode;
import com.contrastsecurity.agent.plugins.security.policy.SourceNode;
import com.contrastsecurity.agent.plugins.security.policy.u;
import com.contrastsecurity.agent.reflection.Reflect;
import com.contrastsecurity.agent.scope.BinaryScopeProvider;
import com.contrastsecurity.agent.scope.ScopeGeneral;
import com.contrastsecurity.agent.trace.TagRange;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* compiled from: JspIncludeHandler.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/j2ee/jsp/assess/f.class */
public final class f {
    private final BinaryScopeProvider b = new BinaryScopeProvider();
    private final HttpManager c;
    private final EventContext d;
    private static final String e = "javax.servlet.include.query_string";
    private static final String f = "jakarta.servlet.include.query_string";
    public static final ExecutionContext.b<a> a = ExecutionContext.b.a(a.class);
    private static final Logger g = LoggerFactory.getLogger((Class<?>) f.class);

    /* compiled from: JspIncludeHandler.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/j2ee/jsp/assess/f$a.class */
    public static final class a {
        private final List<Set<String>> a = new ArrayList(2);

        public a() {
            this.a.add(null);
        }

        public void a() {
            this.a.add(new HashSet());
        }

        public Set<String> a(ScopeGeneral scopeGeneral) {
            return this.a.get(scopeGeneral.value());
        }
    }

    @Inject
    public f(HttpManager httpManager, EventContext eventContext) {
        this.c = httpManager;
        this.d = eventContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Object a() {
        ScopeGeneral scope = this.b.scope();
        scope.enterScope();
        HttpRequest currentRequest = this.c.getCurrentRequest();
        if (currentRequest != null) {
            ((a) currentRequest.context().getOrComputeIfAbsent(a, a::new)).a();
        }
        return scope;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Object obj) {
        (obj instanceof ScopeGeneral ? (ScopeGeneral) obj : this.b.scope()).leaveScope();
    }

    public void b(Object obj) {
        Trace trace;
        if (obj == null) {
            return;
        }
        String asNullableString = Reflect.reflect(obj, g).invoke("getAttribute", e).asNullableString();
        if (asNullableString == null) {
            asNullableString = Reflect.reflect(obj, g).invoke("getAttribute", f).asNullableString();
        }
        if (asNullableString == null || (trace = this.d.getTraceMap().get(asNullableString)) == null) {
            return;
        }
        HttpRequest currentRequest = this.c.getCurrentRequest();
        if (currentRequest instanceof J2EEHttpRequest) {
            String[] split = asNullableString.split("&");
            if (split.length == 0) {
                return;
            }
            ArrayList arrayList = new ArrayList(split.length);
            for (String str : split) {
                String[] split2 = str.split("=");
                if (split2.length == 2) {
                    String str2 = split2[1];
                    if (!str2.isEmpty()) {
                        arrayList.add(str2);
                    }
                }
            }
            ScopeGeneral scope = this.b.scope();
            Set<String> set = null;
            Iterator<TagRange> it = trace.getTagRanges().iterator();
            while (it.hasNext()) {
                TagRange next = it.next();
                String substring = asNullableString.substring(next.getStart(), next.getStop());
                if (!substring.isEmpty()) {
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        if (((String) it2.next()).equals(substring)) {
                            if (set == null) {
                                set = ((a) currentRequest.context().getOrComputeIfAbsent(a, a::new)).a(scope);
                            }
                            try {
                                set.add(URLDecoder.decode(substring, "UTF-8"));
                            } catch (UnsupportedEncodingException e2) {
                            }
                        }
                    }
                }
            }
        }
    }

    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar, String str) {
        a aVar2;
        ScopeGeneral scope = this.b.scope();
        if (!scope.inScope() || scope.inOutermostScope()) {
            return true;
        }
        PolicyNode q = aVar.q();
        if (!(q instanceof SourceNode) || !com.contrastsecurity.agent.q.a.a(q, au.a)) {
            return true;
        }
        SourceNode sourceNode = (SourceNode) q;
        if (!sourceNode.isSignatureBased() || !str.equals(((u) sourceNode.getMethodMatcher()).a().b())) {
            return true;
        }
        HttpRequest currentRequest = this.c.getCurrentRequest();
        if (!(currentRequest instanceof J2EEHttpRequest) || (aVar2 = (a) currentRequest.context().get(a)) == null) {
            return true;
        }
        Set<String> a2 = aVar2.a(scope);
        if (a2.isEmpty()) {
            return false;
        }
        Object o = aVar.o();
        if (o instanceof String) {
            return a2.contains((String) o);
        }
        if (!(o instanceof String[])) {
            return false;
        }
        for (String str2 : (String[]) o) {
            if (a2.contains(str2)) {
                return true;
            }
        }
        return false;
    }
}
