package com.contrastsecurity.agent.plugins.frameworks.cxf;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.exclusions.g;
import com.contrastsecurity.agent.commons.m;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.i;
import com.contrastsecurity.agent.plugins.frameworks.P;
import com.contrastsecurity.agent.plugins.frameworks.Q;
import com.contrastsecurity.agent.plugins.frameworks.v;
import com.contrastsecurity.agent.plugins.http.f;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.model.j;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.agent.util.E;
import com.contrastsecurity.thirdparty.jregex.WildcardPattern;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.ArrayUtils;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collections;
import java.util.Set;

/* compiled from: CXFSupporter.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/cxf/a.class */
public final class a extends v implements P {
    private final i<ContrastHttpDispatcherLocator> a;
    private static final String c = "reflected-xss";
    private static final Set<String> b = Collections.singleton("cxf-url-param");
    private static final String d = "org#apache#cxf.jaxrs.impl.UriInfoImpl".replace("#", WildcardPattern.ANY_CHAR);
    private static final String e = "org#apache#cxf.transport.http_jetty.JettyHTTPDestination".replace("#", WildcardPattern.ANY_CHAR);
    private static final String f = " org.apache.cxf.jaxrs.model.Parameter".substring(1);
    private static final String g = " org.apache.cxf.jaxrs.model.ParameterType".substring(1);
    private static final String h = " org.apache.cxf.jaxrs.utils.".substring(1);
    private static final Logger i = LoggerFactory.getLogger(a.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: CXFSupporter.java */
    /* renamed from: com.contrastsecurity.agent.plugins.frameworks.cxf.a$a, reason: collision with other inner class name */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/cxf/a$a.class */
    public enum EnumC0009a {
        PATH,
        QUERY,
        MATRIX,
        HEADER,
        COOKIE,
        FORM,
        BEAN,
        REQUEST_BODY,
        CONTEXT,
        UNKNOWN
    }

    public a(i<ContrastHttpDispatcherLocator> iVar) {
        m.a(iVar, "dispatcherAccessor");
        this.a = iVar;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.v
    public ClassVisitor onClassTransform(ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (instrumentationContext.getCodeSource() != null) {
            if (b(instrumentationContext)) {
                instrumentationContext.getChanger().addAdapter("JettyCXFDispatcherAdapter");
                instrumentationContext.setRequiresTransforming(true);
                classVisitor = new b(classVisitor, instrumentationContext, this.a);
            } else if (a(instrumentationContext)) {
                instrumentationContext.getChanger().addAdapter("QueryParameterResolutionAdapter");
                instrumentationContext.setRequiresTransforming(true);
                classVisitor = new c(classVisitor, instrumentationContext, this.a);
            }
        }
        return classVisitor;
    }

    private boolean a(InstrumentationContext instrumentationContext) {
        return d.equals(instrumentationContext.getClassName());
    }

    private boolean b(InstrumentationContext instrumentationContext) {
        return e.equals(instrumentationContext.getClassName());
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean b(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        j d2 = aVar.d();
        com.contrastsecurity.agent.plugins.security.policy.v j = d2.j();
        String id = j != null ? j.getId() : null;
        if (!(id != null && id.startsWith("cxf-")) || !Q.a(b, j)) {
            return true;
        }
        Object a = a(aVar.l());
        EnumC0009a a2 = a(a);
        if (EnumC0009a.HEADER == a2) {
            if (f.HEADER_REFERER.a(b(a))) {
                return true;
            }
            d2.l();
            return true;
        }
        if (EnumC0009a.COOKIE != a2) {
            return true;
        }
        d2.l();
        return true;
    }

    private Object a(Object[] objArr) {
        if (ArrayUtils.isEmpty(objArr) || objArr[0] == null) {
            return null;
        }
        Object obj = objArr[0];
        if (f.equals(obj.getClass().getName())) {
            return obj;
        }
        return null;
    }

    private EnumC0009a a(Object obj) {
        if (obj == null) {
            return EnumC0009a.UNKNOWN;
        }
        Method b2 = E.b(obj.getClass(), "getType", new Class[0]);
        if (b2 == null || Modifier.isStatic(b2.getModifiers())) {
            return EnumC0009a.UNKNOWN;
        }
        try {
            Object invoke = b2.invoke(obj, new Object[0]);
            if (invoke == null || !g.equals(invoke.getClass().getName())) {
                return EnumC0009a.UNKNOWN;
            }
            String valueOf = String.valueOf(invoke);
            try {
                return EnumC0009a.valueOf(valueOf);
            } catch (Exception e2) {
                com.contrastsecurity.agent.i.c.a("CXF_PARAM_TYPE_ENUM_MISMATCH", i, "Name of CXF ParameterType {} is not recognized.", e2, new Object[]{valueOf});
                return EnumC0009a.UNKNOWN;
            }
        } catch (Exception e3) {
            return EnumC0009a.UNKNOWN;
        }
    }

    private String b(Object obj) {
        Method b2;
        if (obj == null || (b2 = E.b(obj.getClass(), "getName", new Class[0])) == null || Modifier.isStatic(b2.getModifiers()) || !String.class.equals(b2.getReturnType())) {
            return null;
        }
        try {
            return (String) b2.invoke(obj, new Object[0]);
        } catch (Exception e2) {
            return null;
        }
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Rule rule, Object obj, Object[] objArr, Object obj2) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public void a(Application application, Trace trace, Rule rule, Object obj, Object[] objArr, Object obj2) {
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Trace trace, Rule rule, SourceEvent sourceEvent, int i2, HttpRequest httpRequest, g gVar) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Trace trace, Rule rule) {
        return a(rule) && a(trace);
    }

    private boolean a(Rule rule) {
        return rule.getId().equals("reflected-xss");
    }

    private boolean a(Trace trace) {
        return trace.getEvents().size() > 1 && a(trace.getFirstEvent());
    }

    private boolean a(CodeEvent codeEvent) {
        return codeEvent.getMethodName().startsWith(h);
    }
}
