package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.sessiontimeout;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.ScopedSensor;
import com.contrastsecurity.agent.Sensor;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.commons.s;
import com.contrastsecurity.agent.commons.t;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.config.g;
import com.contrastsecurity.agent.d.f;
import com.contrastsecurity.agent.plugins.frameworks.j2ee.c;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.plugins.security.t;
import com.contrastsecurity.agent.r.i;
import com.contrastsecurity.agent.scope.GlobalScopeProvider;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.IXMLElement;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLException;
import com.contrastsecurity.thirdparty.org.apache.commons.io.IOUtils;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.File;
import java.io.InputStream;
import java.io.InputStreamReader;

@Sensor
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/sessiontimeout/ContrastSessionTimeoutRuleDispatcherImpl.class */
public final class ContrastSessionTimeoutRuleDispatcherImpl implements ContrastSessionTimeoutRuleDispatcher {
    private static final Logger a = LoggerFactory.getLogger(ContrastSessionTimeoutRuleDispatcherImpl.class);
    private static final f.a<s> b = f.a.a(s.class);
    private final ApplicationManager c;
    private final ProviderUtil d;
    private final c e;
    private final long f;

    @Inject
    public ContrastSessionTimeoutRuleDispatcherImpl(ApplicationManager applicationManager, ProviderUtil providerUtil, c cVar, g gVar) {
        this.c = applicationManager;
        this.d = providerUtil;
        this.e = cVar;
        this.f = SessionTimeoutRule.a(gVar);
    }

    @A
    static int a(int i) {
        if (i == 0) {
            return 0;
        }
        return i % 60 == 0 ? i / 60 : i < 0 ? (i / 60) - 1 : (i / 60) + 1;
    }

    @A
    static String a(c cVar, int i, Object obj, Application application) {
        IXMLElement a2 = a(cVar, obj, application);
        if (a2 == null) {
            return null;
        }
        return a(i, a2);
    }

    private static IXMLElement a(c cVar, Object obj, Application application) {
        InputStream b2;
        Object d = cVar.d(obj);
        if (d == null || (b2 = cVar.b(d, "/WEB-INF/web.xml")) == null) {
            return null;
        }
        InputStreamReader inputStreamReader = null;
        try {
            try {
                inputStreamReader = new InputStreamReader(b2);
                XMLElement a2 = i.a(inputStreamReader);
                if (a2 == null) {
                    IOUtils.closeQuietly(b2, inputStreamReader);
                    return null;
                }
                IXMLElement firstChildNamed = a2.getFirstChildNamed("session-config");
                if (firstChildNamed == null) {
                    IOUtils.closeQuietly(b2, inputStreamReader);
                    return null;
                }
                IXMLElement firstChildNamed2 = firstChildNamed.getFirstChildNamed("session-timeout");
                IOUtils.closeQuietly(b2, inputStreamReader);
                return firstChildNamed2;
            } catch (XMLException e) {
                a.debug("Unable to parse /WEB-INF/web.xml for app with name=\"{}\" and path=\"{}\".", application.getDisplayName(), application.getResolvedPath(), e);
                IOUtils.closeQuietly(b2, inputStreamReader);
                return null;
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(b2, inputStreamReader);
            throw th;
        }
    }

    private static String a(int i, IXMLElement iXMLElement) {
        String trimToNull = StringUtils.trimToNull(iXMLElement.getContent());
        if (trimToNull == null) {
            return null;
        }
        try {
            int parseInt = Integer.parseInt(trimToNull);
            if (i == parseInt) {
                return a(iXMLElement);
            }
            if (i != 0 && i != -1) {
                return null;
            }
            if (parseInt == 0 || parseInt == -1) {
                return a(iXMLElement);
            }
            return null;
        } catch (NumberFormatException e) {
            return null;
        }
    }

    private static String a(IXMLElement iXMLElement) {
        return iXMLElement.getLineNr() + ": <" + iXMLElement.getName() + ">" + StringUtils.trimToEmpty(iXMLElement.getContent()) + "</" + iXMLElement.getName() + ">\n";
    }

    @Override // java.lang.ContrastSessionTimeoutRuleDispatcher
    @ScopedSensor
    public void onSessionObtained(final Object obj) {
        com.contrastsecurity.agent.scope.a enterScope = GlobalScopeProvider.enterScope();
        try {
            if (obj == null) {
                a.debug("Session provided to {} was null. Skipping checks for overly-long session timeout.", ContrastSessionTimeoutRuleDispatcherImpl.class.getName());
            } else {
                final Application current = this.c.current();
                if (current == null) {
                    a.debug("Current application provided to {} was null. Skipping checks for overly-long session timeout.", ContrastSessionTimeoutRuleDispatcherImpl.class.getName());
                } else if (current.getInventoryState().b()) {
                    com.contrastsecurity.agent.d.b context = current.context();
                    if (context.a(b) == null) {
                        final Integer c = this.e.c(obj);
                        if (c == null) {
                            a.debug("HttpSession.getMaxInactiveInterval() threw an error or returned null. Skipping checks for overly-long session timeout.");
                        } else {
                            context.b(b, t.a((s) new s<Void>() { // from class: com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.sessiontimeout.ContrastSessionTimeoutRuleDispatcherImpl.1
                                @Override // com.contrastsecurity.agent.commons.s
                                /* renamed from: b, reason: merged with bridge method [inline-methods] */
                                public Void a() {
                                    if (!(c.intValue() < 1) && c.intValue() <= ContrastSessionTimeoutRuleDispatcherImpl.this.f) {
                                        ContrastSessionTimeoutRuleDispatcherImpl.a.debug("Found safe session timeout value {} for application with name=\"{}\" and path=\"{}\". Session timeout values must be less than configured value of {} from {}.", c, current.getDisplayName(), current.path(), Long.valueOf(ContrastSessionTimeoutRuleDispatcherImpl.this.f), ConfigProperty.WEB_SESSION_TIMEOUT);
                                        return null;
                                    }
                                    long a2 = t.b.a("session-timeout", current.getResolvedPath() + File.separatorChar + "WEB-INF" + File.separatorChar + "web.xml");
                                    int a3 = ContrastSessionTimeoutRuleDispatcherImpl.a(c.intValue());
                                    String a4 = ContrastSessionTimeoutRuleDispatcherImpl.a(ContrastSessionTimeoutRuleDispatcherImpl.this.e, a3, obj, current);
                                    ContrastSessionTimeoutRuleDispatcherImpl.this.d.reportFinding(current, "session-timeout", a4 == null ? "servletContext.setSessionTimeout(" + a3 + ")" : a4, a2, null, false, null);
                                    ContrastSessionTimeoutRuleDispatcherImpl.a.debug("Found vulnerable session timeout value {} (a timeout of zero or less indicates an unlimited timeout) for application with name=\"{}\" and path=\"{}\". Session timeout values must be less than configured value of {} from {}.", c, current.getDisplayName(), current.path(), Long.valueOf(ContrastSessionTimeoutRuleDispatcherImpl.this.f), ConfigProperty.WEB_SESSION_TIMEOUT);
                                    return null;
                                }
                            }));
                            ((s) context.a(b)).a();
                        }
                    }
                } else {
                    a.debug("Current application with name=\"{}\" provided to {} was not resolved. Skipping checks for overly-long session timeout.", current.getDisplayName(), ContrastSessionTimeoutRuleDispatcherImpl.class.getName());
                }
            }
            th = null;
        } catch (Throwable th) {
            th = th;
        }
        enterScope.e();
        if (th != null) {
            throw th;
        }
    }
}
