package com.contrastsecurity.agent.plugins.security;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.apps.exclusions.c;
import com.contrastsecurity.agent.commons.Lists;
import com.contrastsecurity.agent.commons.Purgeable;
import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.config.WorkingDirectories;
import com.contrastsecurity.agent.contrastapi_v1_0.settings.server.ServerSettingsAssessDTM;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.http.HttpResponse;
import com.contrastsecurity.agent.messages.routes.ObservedRoute;
import com.contrastsecurity.agent.messages.server.features.assessment.CustomRuleAPI;
import com.contrastsecurity.agent.plugins.ContrastPlugin;
import com.contrastsecurity.agent.plugins.apps.ApplicationSettingsUpdateEventBus;
import com.contrastsecurity.agent.plugins.security.controller.EventContext;
import com.contrastsecurity.agent.plugins.security.controller.EventHelper;
import com.contrastsecurity.agent.plugins.security.controller.TraceController;
import com.contrastsecurity.agent.plugins.security.controller.trigger.ObjectCheck;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.crossdomainpolicy.CrossDomainResponseWatcher;
import com.contrastsecurity.agent.reloadable.AgentChannelHub;
import com.contrastsecurity.agent.services.a.InterfaceC0397f;
import com.contrastsecurity.agent.telemetry.HeapProfiler;
import com.contrastsecurity.agent.u.C0463z;
import com.contrastsecurity.agent.util.AbstractC0489z;
import com.contrastsecurity.agent.util.C0481r;
import com.contrastsecurity.agent.util.PerfUtil;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.instrument.Instrumentation;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;

@Singleton
@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/AssessPlugin.class */
public final class AssessPlugin extends ContrastPlugin implements com.contrastsecurity.agent.instr.a.c {
    private final List<AbstractC0489z> assessInitializationTasks;
    private final com.contrastsecurity.agent.config.e config;
    private final EventHelper eventHelper;
    private final List<com.contrastsecurity.agent.plugins.d> classEventListeners;
    private final com.contrastsecurity.agent.plugins.security.policy.rules.providers.c ruleActivityListener;
    private final com.contrastsecurity.agent.plugins.security.policy.rules.providers.h ruleProviders;
    private final com.contrastsecurity.agent.features.b featureManager;
    private final List<com.contrastsecurity.agent.http.q> requestListeners;
    private final AssessmentManager assessmentManager;
    private final EventContext eventContext;
    private final HttpManager httpManager;
    private final com.contrastsecurity.agent.scope.c scopeProviderAssess;
    private final com.contrastsecurity.agent.plugins.security.b.a debugStringFactory;
    private final TraceController traceController;
    private final com.contrastsecurity.agent.plugins.security.controller.h scopeHandler;
    private final int maxRequestBodyBuffering;
    private final com.contrastsecurity.agent.plugins.security.policy.d policyManager;
    private final Purgeable heapProfilerAssessObjects;
    private Set<String> securityControlClassNames;
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AssessPlugin.class);

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/AssessPlugin$a.class */
    private class a extends AbstractC0489z {
        private a(com.contrastsecurity.agent.telemetry.e eVar) {
            super(eVar, "register-agent-telemetry", PerfUtil.a.SUB_SUB_STARTUP_TASK);
        }

        @Override // com.contrastsecurity.agent.util.AbstractC0489z
        public void a() {
            AgentChannelHub orNull = AgentChannelHub.getOrNull(AssessPlugin.this.config);
            if (orNull == null) {
                return;
            }
            orNull.listenForMessage("isTracked", new com.contrastsecurity.agent.plugins.security.controller.a.v(AssessPlugin.this.traceController));
            orNull.listenForMessage("isTrackedWithTag", new com.contrastsecurity.agent.plugins.security.controller.a.w(AssessPlugin.this.traceController));
            orNull.listenForMessage("isTrackedWithoutTag", new com.contrastsecurity.agent.plugins.security.controller.a.y(AssessPlugin.this.traceController));
            orNull.listenForMessage("isTrackedWithType", new com.contrastsecurity.agent.plugins.security.controller.a.x(AssessPlugin.this.traceController));
            orNull.listenForMessage("printTagRanges", new com.contrastsecurity.agent.plugins.security.controller.a.z(AssessPlugin.this.traceController));
            orNull.listenForMessage("hasFinding", new com.contrastsecurity.agent.plugins.security.controller.a.r(AssessPlugin.this.assessmentManager));
            orNull.listenForMessage("hasNoFinding", new com.contrastsecurity.agent.plugins.security.controller.a.t(AssessPlugin.this.assessmentManager));
            orNull.listenForMessage("hasEventSource", new com.contrastsecurity.agent.plugins.security.controller.a.q(AssessPlugin.this.traceController));
            orNull.listenForMessage("enableRecentFindings", new com.contrastsecurity.agent.plugins.security.controller.a.f(AssessPlugin.this.assessmentManager));
            orNull.listenForMessage("clearRecentFindings", new com.contrastsecurity.agent.plugins.security.controller.a.c(AssessPlugin.this.assessmentManager));
            orNull.listenForMessage("getBitSetForObject", new com.contrastsecurity.agent.plugins.security.controller.a.g(AssessPlugin.this.traceController));
            orNull.listenForMessage("getEventStringRepresentations", new com.contrastsecurity.agent.plugins.security.controller.a.j(AssessPlugin.this.traceController));
            orNull.listenForMessage("getEventOperations", new com.contrastsecurity.agent.plugins.security.controller.a.h(AssessPlugin.this.traceController));
            orNull.listenForMessage("hasTagRange", new com.contrastsecurity.agent.plugins.security.controller.a.u(AssessPlugin.this.traceController));
            orNull.listenForMessage("hasFrameworkInfo", new com.contrastsecurity.agent.plugins.security.controller.a.s(AssessPlugin.this.httpManager));
            orNull.listenForMessage("getTagRangeCount", new com.contrastsecurity.agent.plugins.security.controller.a.m(AssessPlugin.this.traceController));
            orNull.listenForMessage("getCurrentRequestInfo", new com.contrastsecurity.agent.plugins.security.controller.a.k(AssessPlugin.this.httpManager));
            orNull.listenForMessage("getTagRanges", new com.contrastsecurity.agent.plugins.security.controller.a.n(AssessPlugin.this.traceController));
            orNull.listenForMessage("addTags", new com.contrastsecurity.agent.plugins.security.controller.a.b(AssessPlugin.this.eventHelper, AssessPlugin.this.traceController));
            orNull.listenForMessage("getTags", new com.contrastsecurity.agent.plugins.security.controller.a.o(AssessPlugin.this.traceController));
            orNull.listenForMessage("addTagFrom", new com.contrastsecurity.agent.plugins.security.controller.a.a(AssessPlugin.this.traceController));
            orNull.listenForMessage("doesTagCheckPass", new com.contrastsecurity.agent.plugins.security.controller.a.e(new ObjectCheck(AssessPlugin.this.eventHelper, AssessPlugin.this.traceController), AssessPlugin.this.traceController, AssessPlugin.this.policyManager));
            orNull.listenForMessage("clearTagRanges", new com.contrastsecurity.agent.plugins.security.controller.a.d(AssessPlugin.this.traceController));
            orNull.listenForMessage("getTriggerScope", new com.contrastsecurity.agent.plugins.security.controller.a.p(AssessPlugin.this.eventContext, AssessPlugin.this.scopeHandler));
            orNull.listenForMessage("getSourceEventReturn", new com.contrastsecurity.agent.plugins.security.controller.a.l(AssessPlugin.this.traceController));
            orNull.listenForMessage("getEventStackTrace", new com.contrastsecurity.agent.plugins.security.controller.a.i(AssessPlugin.this.assessmentManager, AssessPlugin.this.traceController));
            orNull.subscribe(AssessPlugin.this.config, "clearTraceMap", AssessPlugin.this.eventContext);
        }
    }

    public AssessPlugin(InterfaceC0397f<ObservedRoute> interfaceC0397f, ApplicationManager applicationManager, AssessmentManager assessmentManager, EventContext eventContext, com.contrastsecurity.agent.instr.a.b bVar, com.contrastsecurity.agent.commons.c cVar, com.contrastsecurity.agent.config.e eVar, com.contrastsecurity.agent.plugins.security.policy.d dVar, com.contrastsecurity.agent.o.e eVar2, com.contrastsecurity.agent.services.d dVar2, com.contrastsecurity.agent.features.b bVar2, com.contrastsecurity.agent.plugins.frameworks.o oVar, com.contrastsecurity.agent.j.g gVar, HttpManager httpManager, Instrumentation instrumentation, com.contrastsecurity.agent.plugins.frameworks.j2ee.i iVar, com.contrastsecurity.agent.services.ngreporting.h hVar, com.contrastsecurity.agent.o.l lVar, com.contrastsecurity.agent.plugins.security.e.f fVar, C0463z c0463z, com.contrastsecurity.agent.v.m mVar, com.contrastsecurity.agent.telemetry.e eVar3, com.contrastsecurity.agent.telemetry.errors.o oVar2, com.contrastsecurity.agent.telemetry.b.k kVar, WorkingDirectories workingDirectories, com.contrastsecurity.agent.plugins.j jVar, ApplicationSettingsUpdateEventBus applicationSettingsUpdateEventBus, HeapProfiler heapProfiler) {
        this.eventContext = eventContext;
        InterfaceC0388g a2 = m.a().a(applicationManager).a(assessmentManager).a(this).a(eventContext).a(cVar).a(eVar).a(bVar).a(eVar2).a(dVar2).a(bVar2).a(oVar).a(gVar).a(httpManager).a(instrumentation).a(iVar).a(hVar).a(lVar).a(interfaceC0397f).a(dVar).a(fVar).a(c0463z).a(mVar).a(eVar3).a(oVar2).a(kVar).a(workingDirectories).a(jVar).a();
        this.config = eVar;
        this.featureManager = bVar2;
        this.httpManager = httpManager;
        this.assessmentManager = assessmentManager;
        this.traceController = a2.b();
        this.eventHelper = a2.c();
        this.classEventListeners = Lists.of(a2.d());
        this.ruleActivityListener = a2.h();
        this.ruleProviders = a2.i();
        applicationSettingsUpdateEventBus.addListener(a2.j());
        this.scopeProviderAssess = a2.l();
        this.debugStringFactory = a2.k();
        this.policyManager = (com.contrastsecurity.agent.plugins.security.policy.d) Objects.requireNonNull(dVar);
        dVar.a(a2.f());
        this.scopeHandler = a2.g();
        this.assessInitializationTasks = Lists.of(new a(eVar3));
        this.requestListeners = a2.e();
        this.maxRequestBodyBuffering = eVar.d(ConfigProperty.MAX_REQUEST_BODY_BUFFERING_DEFAULT);
        this.heapProfilerAssessObjects = heapProfiler.assessPurgeable();
    }

    public static void setEnabled(EventContext eventContext, com.contrastsecurity.agent.scope.c cVar, boolean z) {
        eventContext.setEnabled(z);
        cVar.setEnabled(z);
    }

    @Override // com.contrastsecurity.agent.instr.a.c
    public boolean preventDenylistingOf(String str) {
        if (this.securityControlClassNames == null) {
            buildSecurityControlClassList(this.featureManager.b());
        }
        return this.securityControlClassNames.contains(str);
    }

    void buildSecurityControlClassList(ServerSettingsAssessDTM serverSettingsAssessDTM) {
        if (!this.config.c(ConfigProperty.ASSESS_ENABLED) || serverSettingsAssessDTM == null) {
            this.securityControlClassNames = Collections.emptySet();
            return;
        }
        this.securityControlClassNames = new HashSet();
        parseSecurityControl(serverSettingsAssessDTM.getSanitizers());
        parseSecurityControl(serverSettingsAssessDTM.getValidators());
    }

    private <T extends CustomRuleAPI> void parseSecurityControl(Collection<T> collection) {
        if (collection == null || collection.isEmpty()) {
            return;
        }
        Iterator<T> it = collection.iterator();
        while (it.hasNext()) {
            Set<String> parseClassNames = parseClassNames(it.next().getApi());
            if (!parseClassNames.isEmpty()) {
                logger.debug("Adding {} to the list of security control class names to prevent denylisting", parseClassNames);
                this.securityControlClassNames.addAll(parseClassNames);
            }
        }
    }

    private Set<String> parseClassNames(String str) {
        Set<String> a2;
        try {
            a2 = com.contrastsecurity.agent.plugins.security.policy.v.a(str, Collections.emptySet(), false, true).a();
            return a2;
        } catch (Exception e) {
            Throwables.throwIfCritical(e);
            logger.error("Problem parsing API {} to prevent denylisting new security controls", str, a2);
            return Collections.emptySet();
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.plugins.d> getClassTransformationListeners() {
        return this.config.c(ConfigProperty.ASSESS_ENABLED) ? this.classEventListeners : Collections.emptyList();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.http.q> getRequestLifecycleListeners() {
        return this.requestListeners;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void initialize() throws com.contrastsecurity.agent.plugins.i {
        if (!this.config.c(ConfigProperty.ASSESS_ENABLED)) {
            logger.debug("Not assessing, so skipping policy lookup");
            return;
        }
        Iterator<AbstractC0489z> it = this.assessInitializationTasks.iterator();
        while (it.hasNext()) {
            it.next().b();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v20 */
    /* JADX WARN: Type inference failed for: r0v23, types: [com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.crossdomainpolicy.CrossDomainResponseWatcher] */
    /* JADX WARN: Type inference failed for: r0v28 */
    /* JADX WARN: Type inference failed for: r0v29 */
    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onCrossDomainXmlRead(Application application, String str) {
        if (this.config.c(ConfigProperty.ASSESS_ENABLED)) {
            Iterator<com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?>> it = this.ruleProviders.iterator();
            while (it.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?> next = it.next();
                if (next instanceof com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.crossdomainpolicy.c) {
                    HttpWatcher d = next.d();
                    if (d instanceof CrossDomainResponseWatcher) {
                        boolean isDebugEnabled = logger.isDebugEnabled();
                        Object obj = isDebugEnabled;
                        if (isDebugEnabled) {
                            Logger logger2 = logger;
                            logger2.debug("Handing analysis of crossdomain.xml to {}", d.getClass().getName());
                            obj = logger2;
                        }
                        try {
                            obj = (CrossDomainResponseWatcher) d;
                            obj.analyzeCrossDomainXML(application, str);
                        } catch (Throwable th) {
                            Throwables.throwIfCritical(th);
                            logger.error("Problem during crossDomainXmlRead() for {}", next.getClass().getName(), obj);
                        }
                    } else if (logger.isDebugEnabled()) {
                        logger.error("Problem finding the cross domain watcher");
                    }
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v15, types: [com.contrastsecurity.thirdparty.org.slf4j.Logger] */
    /* JADX WARN: Type inference failed for: r0v16 */
    /* JADX WARN: Type inference failed for: r0v18, types: [com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer] */
    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onWebConfigurationRead(Application application, String str) {
        if (this.config.c(ConfigProperty.ASSESS_ENABLED)) {
            logger.debug("Letting rule providers know about new app loaded");
            Iterator<com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?>> it = this.ruleProviders.iterator();
            while (it.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?> next = it.next();
                ApplicationAnalyzer e = next.e();
                if (e != null) {
                    Object obj = logger;
                    obj.debug("Handing analysis of web root to {}", e.getClass().getName());
                    try {
                        obj = e;
                        obj.onApplicationResolution(application, str);
                    } catch (Throwable th) {
                        Throwables.throwIfCritical(th);
                        logger.error("Problem during onWebXmlLoaded() for {}", next.getClass().getName(), obj);
                    }
                }
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return this.config.c(ConfigProperty.ASSESS_ENABLED);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresHttpResponseBuffering(HttpRequest httpRequest, HttpResponse httpResponse) {
        return (!isActivated() || C0481r.b(httpRequest) || httpRequest.getResponseWatchers().isEmpty()) ? false : true;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public com.contrastsecurity.agent.plugins.f getActivityEventListener() {
        com.contrastsecurity.agent.plugins.security.policy.rules.providers.c cVar = null;
        if (this.config.c(ConfigProperty.ASSESS_ENABLED)) {
            cVar = this.ruleActivityListener;
        }
        return cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public int limitRequestBodySizeCapturing() {
        return this.maxRequestBodyBuffering;
    }

    public void onSecurityControlsChanged() {
        this.securityControlClassNames = null;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivated() {
        return super.isActivated() && this.config.c(ConfigProperty.ASSESS_ENABLED);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivatedForUri(Application application, HttpRequest httpRequest) {
        return isActivated() && !isDisabledUri(httpRequest, application, this.config);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void activate() {
        super.activate();
        setEnabled(this.eventContext, this.scopeProviderAssess, true);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void deactivate() {
        super.deactivate();
        setEnabled(this.eventContext, this.scopeProviderAssess, false);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<Purgeable> getPurgeables() {
        return Lists.of(this.debugStringFactory, this.eventContext, this.heapProfilerAssessObjects);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    protected boolean isDisabledUri(HttpRequest httpRequest, Application application, com.contrastsecurity.agent.config.e eVar) {
        if (httpRequest == null || application == null) {
            return false;
        }
        com.contrastsecurity.agent.apps.exclusions.g exclusionProcessor = application.getExclusionProcessor();
        return exclusionProcessor.isDisabledByUrl(c.a.ASSESS, com.contrastsecurity.agent.apps.exclusions.c.a, httpRequest.getUri()) || exclusionProcessor.isDisabledByUrl(c.a.ASSESS, com.contrastsecurity.agent.apps.exclusions.c.b, httpRequest.getUri());
    }
}
