package com.contrastsecurity.agent.plugins.rasp.d;

import com.contrastsecurity.agent.plugins.rasp.AttackBlockedException;
import com.contrastsecurity.agent.plugins.rasp.R;
import com.contrastsecurity.agent.plugins.rasp.S;
import com.contrastsecurity.thirdparty.com.google.gson.stream.JsonReader;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.IXMLParser;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.StdXMLReader;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLException;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.zip.CRC32;

/* compiled from: DocumentScanningManager.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/d/w.class */
public class w {
    private final v a;
    private final S b;
    private final ThreadLocal<IXMLParser> c = new ThreadLocal<IXMLParser>() { // from class: com.contrastsecurity.agent.plugins.rasp.d.w.1
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // java.lang.ThreadLocal
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public IXMLParser initialValue() {
            try {
                return com.contrastsecurity.agent.r.i.a();
            } catch (Exception e2) {
                w.g.error("Can't create XML parser for scanning parameter values", (Throwable) e2);
                return null;
            }
        }
    };
    private static final String d = "ROOT";
    private static final byte[] e = "document.scanning.".getBytes();
    private static final Set<String> f = com.contrastsecurity.agent.commons.p.b("script", "object", "style", "iframe", "embed", "applet");
    private static final Logger g = LoggerFactory.getLogger(w.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: DocumentScanningManager.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/rasp/d/w$a.class */
    public enum a {
        NORMAL,
        OBVIOUS_SCRIPT_TAG
    }

    public w(S s, v vVar) {
        this.b = (S) com.contrastsecurity.agent.commons.m.a(s, "ProtectManager");
        this.a = (v) com.contrastsecurity.agent.commons.m.a(vVar, "DocumentScanningListener");
    }

    public boolean a(String str) {
        return (str == null || !str.startsWith("<") || this.c.get() == null) ? false : true;
    }

    public Object a(byte[] bArr, Charset charset, R r) throws XMLException {
        String a2 = a(bArr);
        Object d2 = r.d(a2);
        if (d2 == null) {
            IXMLParser iXMLParser = this.c.get();
            iXMLParser.setReader(charset != null ? new StdXMLReader(new InputStreamReader(new ByteArrayInputStream(bArr), charset)) : new StdXMLReader(new InputStreamReader(new ByteArrayInputStream(bArr))));
            d2 = iXMLParser.parse();
            r.a(a2, d2);
        }
        return d2;
    }

    private String a(byte[] bArr) {
        CRC32 crc32 = new CRC32();
        crc32.update(e);
        crc32.update(bArr);
        return String.valueOf(crc32.getValue());
    }

    private void a(com.contrastsecurity.agent.plugins.rasp.rules.k<?> kVar, com.contrastsecurity.agent.plugins.rasp.e.a aVar, String str) {
        String a2 = aVar.a();
        String c = aVar.c();
        this.a.a(kVar, aVar.b(), aVar.d(), c, a2, str);
    }

    public boolean a(com.contrastsecurity.agent.plugins.rasp.e.a aVar, Iterable<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> iterable) {
        return a(aVar, com.contrastsecurity.agent.commons.h.a((Iterable) iterable));
    }

    public boolean a(com.contrastsecurity.agent.plugins.rasp.e.a aVar, List<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> list) {
        boolean z;
        try {
            Object a2 = a(aVar.e(), aVar.f(), this.b.currentContext());
            if (a2 instanceof XMLElement) {
                aVar.c("ROOT");
                z = a(list, a(aVar, (XMLElement) a2, list));
            } else {
                z = false;
                g.warn("Unexpected XML parse return type {}", a2.getClass().getName());
            }
        } catch (AttackBlockedException e2) {
            throw e2;
        } catch (Exception e3) {
            z = false;
            g.error("Problem scanning XML input", (Throwable) e3);
        }
        return z;
    }

    public boolean a(com.contrastsecurity.agent.plugins.rasp.e.a aVar, com.contrastsecurity.agent.plugins.rasp.rules.k<?> kVar) {
        return a(aVar, com.contrastsecurity.agent.commons.h.a(kVar));
    }

    private boolean a(List<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> list, com.contrastsecurity.agent.commons.l<a, String> lVar) {
        if (!a.OBVIOUS_SCRIPT_TAG.equals(lVar.a())) {
            return true;
        }
        Iterator<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> it = list.iterator();
        while (it.hasNext()) {
            if (com.contrastsecurity.agent.plugins.rasp.rules.e.g.b.equals(it.next().getRuleId().a())) {
                return false;
            }
        }
        return true;
    }

    public boolean b(com.contrastsecurity.agent.plugins.rasp.e.a aVar, Iterable<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> iterable) {
        try {
            JsonReader jsonReader = new JsonReader(new InputStreamReader(new ByteArrayInputStream(aVar.e()), aVar.f() != null ? aVar.f() : Charset.forName("UTF-8")));
            aVar.c("ROOT");
            a(aVar, jsonReader, com.contrastsecurity.agent.commons.h.a((Iterable) iterable));
            g.debug("Successfully scanned {} as JSON: {}", aVar.b(), aVar.a());
            return true;
        } catch (AttackBlockedException e2) {
            throw e2;
        } catch (Throwable th) {
            g.error("Problem scanning JSON input", th);
            return false;
        }
    }

    private String a(final com.contrastsecurity.agent.plugins.rasp.e.a aVar, JsonReader jsonReader, Iterable<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> iterable) throws IOException {
        String c = aVar.c();
        switch (jsonReader.peek()) {
            case BEGIN_ARRAY:
                int i = 0;
                jsonReader.beginArray();
                while (jsonReader.hasNext()) {
                    int i2 = i;
                    i++;
                    aVar.c(c + " [" + i2 + "]");
                    final String a2 = a(aVar, jsonReader, iterable);
                    if (a2 != null) {
                        com.contrastsecurity.agent.commons.s a3 = com.contrastsecurity.agent.commons.t.a((com.contrastsecurity.agent.commons.s) new com.contrastsecurity.agent.commons.s<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.d.w.2
                            @Override // com.contrastsecurity.agent.commons.s
                            /* renamed from: b, reason: merged with bridge method [inline-methods] */
                            public String a() {
                                return com.contrastsecurity.agent.plugins.rasp.j.d.a(a2, aVar.b());
                            }
                        });
                        Iterator<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> it = iterable.iterator();
                        while (it.hasNext()) {
                            a(it.next(), aVar, (String) a3.a());
                        }
                    }
                }
                jsonReader.endArray();
                aVar.c(c);
                return null;
            case BEGIN_OBJECT:
                jsonReader.beginObject();
                while (jsonReader.hasNext()) {
                    aVar.c(c + " / " + jsonReader.nextName());
                    final String a4 = a(aVar, jsonReader, iterable);
                    if (a4 != null) {
                        com.contrastsecurity.agent.commons.s a5 = com.contrastsecurity.agent.commons.t.a((com.contrastsecurity.agent.commons.s) new com.contrastsecurity.agent.commons.s<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.d.w.3
                            @Override // com.contrastsecurity.agent.commons.s
                            /* renamed from: b, reason: merged with bridge method [inline-methods] */
                            public String a() {
                                return com.contrastsecurity.agent.plugins.rasp.j.d.a(a4, aVar.b());
                            }
                        });
                        Iterator<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> it2 = iterable.iterator();
                        while (it2.hasNext()) {
                            a(it2.next(), aVar, (String) a5.a());
                        }
                    }
                }
                jsonReader.endObject();
                aVar.c(c);
                return null;
            case STRING:
                return jsonReader.nextString();
            case NUMBER:
            case BOOLEAN:
            case NULL:
                jsonReader.skipValue();
                return null;
            case END_DOCUMENT:
            case NAME:
            case END_OBJECT:
            case END_ARRAY:
            default:
                throw new IOException("Improperly formatted JSON document");
        }
    }

    private com.contrastsecurity.agent.commons.l<a, String> a(final com.contrastsecurity.agent.plugins.rasp.e.a aVar, XMLElement xMLElement, List<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> list) {
        Properties attributes = xMLElement.getAttributes();
        String c = aVar.c();
        String name = xMLElement.getName();
        if (b(name)) {
            return com.contrastsecurity.agent.commons.l.a(a.OBVIOUS_SCRIPT_TAG, name);
        }
        for (String str : attributes.keySet()) {
            final String attribute = xMLElement.getAttribute(str, (String) null);
            if (!StringUtils.isEmpty(attribute)) {
                aVar.c(c + "[" + str + "]");
                com.contrastsecurity.agent.commons.s a2 = com.contrastsecurity.agent.commons.t.a((com.contrastsecurity.agent.commons.s) new com.contrastsecurity.agent.commons.s<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.d.w.4
                    @Override // com.contrastsecurity.agent.commons.s
                    /* renamed from: b, reason: merged with bridge method [inline-methods] */
                    public String a() {
                        return com.contrastsecurity.agent.plugins.rasp.j.d.a(attribute, aVar.b());
                    }
                });
                g.debug("Scanning doc {} (path={}[{}]): {}", aVar.a(), aVar.c(), str, attribute);
                Iterator<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> it = list.iterator();
                while (it.hasNext()) {
                    a(it.next(), aVar, (String) a2.a());
                }
            }
        }
        aVar.c(c);
        final String content = xMLElement.getContent();
        if (!StringUtils.isEmpty(content)) {
            com.contrastsecurity.agent.commons.s a3 = com.contrastsecurity.agent.commons.t.a((com.contrastsecurity.agent.commons.s) new com.contrastsecurity.agent.commons.s<String>() { // from class: com.contrastsecurity.agent.plugins.rasp.d.w.5
                @Override // com.contrastsecurity.agent.commons.s
                /* renamed from: b, reason: merged with bridge method [inline-methods] */
                public String a() {
                    return com.contrastsecurity.agent.plugins.rasp.j.d.a(content, aVar.b());
                }
            });
            g.debug("Scanning content: {}", content);
            Iterator<com.contrastsecurity.agent.plugins.rasp.rules.k<?>> it2 = list.iterator();
            while (it2.hasNext()) {
                a(it2.next(), aVar, (String) a3.a());
            }
        }
        Iterator it3 = xMLElement.getChildren().iterator();
        while (it3.hasNext()) {
            Object next = it3.next();
            if (next instanceof XMLElement) {
                XMLElement xMLElement2 = (XMLElement) next;
                String name2 = xMLElement2.getName();
                if (b(name2)) {
                    return com.contrastsecurity.agent.commons.l.a(a.OBVIOUS_SCRIPT_TAG, name2);
                }
                aVar.c(c + " / " + xMLElement2.getName());
                com.contrastsecurity.agent.commons.l<a, String> a4 = a(aVar, xMLElement2, list);
                if (a4.a() == a.OBVIOUS_SCRIPT_TAG) {
                    return a4;
                }
            }
        }
        aVar.c(c);
        return com.contrastsecurity.agent.commons.l.a(a.NORMAL, "");
    }

    private boolean b(String str) {
        if (str == null) {
            return false;
        }
        return f.contains(str.toLowerCase());
    }
}
