package com.contrastsecurity.agent.plugins.frameworks.e;

import com.contrastsecurity.agent.A;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.commons.m;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.plugins.frameworks.K;
import com.contrastsecurity.agent.plugins.frameworks.M;
import com.contrastsecurity.agent.plugins.frameworks.N;
import com.contrastsecurity.agent.plugins.frameworks.P;
import com.contrastsecurity.agent.plugins.frameworks.e.c;
import com.contrastsecurity.agent.plugins.frameworks.v;
import com.contrastsecurity.agent.plugins.rasp.rules.xxe.XXEProtectRule;
import com.contrastsecurity.agent.plugins.security.SecurityPlugin;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.propagators.Propagator;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.agent.util.C0205c;
import com.contrastsecurity.agent.util.E;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.agent.util.ObjectShare;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import javax.xml.parsers.DocumentBuilder;

/* compiled from: JAXBSupporter.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/e/f.class */
public final class f extends v implements K, N, P {
    private static final String c = "oracle.xdkjava.security.resolveEntityDefault";
    private static final String d = "oracle.xml.parser.XMLParser.ExpandEntityRef";
    private static final String h = "javax.xml.transform.sax.SAXSource";
    private static final String i = "javax.xml.bind.Unmarshaller";
    private final com.contrastsecurity.agent.config.g l;
    private final com.contrastsecurity.agent.plugins.security.controller.propagate.c m;
    public static final String b = "policies/jaxb.xml";
    private static final int e = b.hashCode();
    private static final String f = " org.apache.xerces.parsers.XMLParser".substring(1);
    private static final String g = " com.sun.org.apache.xerces.internal.parsers.XMLParser".substring(1);
    private static final Logger j = LoggerFactory.getLogger(f.class);
    private static final b[] k = {new e(), new h(), new g(), new k(), new i()};

    public f(com.contrastsecurity.agent.config.g gVar) {
        this(gVar, null);
    }

    @A
    f(com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.plugins.security.controller.propagate.c cVar) {
        m.a(gVar);
        this.l = gVar;
        this.m = cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Rule rule, Object obj, Object[] objArr, Object obj2) {
        if (!XXEProtectRule.ID.equals(rule.getId())) {
            return true;
        }
        if (j.isDebugEnabled()) {
            j.debug("Analyzing parser {}", L.a(obj));
        }
        if (c(objArr)) {
            return z(objArr[0]);
        }
        if (C(obj)) {
            return z(obj);
        }
        if (D(obj)) {
            return y(obj);
        }
        if (E(obj)) {
            return A(obj);
        }
        if (f(obj)) {
            Object g2 = g(obj);
            return g2 == null || e(g2) || n(g2);
        }
        if (v(obj)) {
            switch (t(obj)) {
                case DISALLOWED:
                    return false;
                case ALLOWED:
                    return true;
                case UNKNOWN:
                    if (i(obj)) {
                        Object h2 = h(obj);
                        return h2 == null || t(h2) != j.DISALLOWED;
                    }
                    if (k(obj)) {
                        Object j2 = j(obj);
                        return j2 == null || t(j2) != j.DISALLOWED;
                    }
                    if (l(obj)) {
                        return m(obj) != j.DISALLOWED;
                    }
                    break;
            }
        }
        if (s(obj)) {
            return b(obj, objArr);
        }
        if (a(obj)) {
            return n(obj);
        }
        if (x(obj)) {
            return a(obj, objArr);
        }
        if (d(obj)) {
            return n(obj);
        }
        if (!j.isDebugEnabled()) {
            return true;
        }
        j.debug("Ignoring JAXB analysis for object={}, params={}, ret={}", L.a(obj), StringUtils.join(objArr), L.a(obj2));
        return true;
    }

    private boolean b(Object obj, Object[] objArr) {
        Object r = r(obj);
        if (r == null) {
            return true;
        }
        if (c(obj, objArr)) {
            return false;
        }
        return n(r);
    }

    private boolean c(Object obj, Object[] objArr) {
        return "com.ibm.ws.webservices.engine.utils.WebServicesParser".equals(obj.getClass().getName()) && a(objArr);
    }

    private boolean a(Object[] objArr) {
        if (objArr == null || objArr.length < 2) {
            return false;
        }
        return "com.ibm.ws.webservices.engine.events.P2DConverter".equals(objArr[1] == null ? null : objArr[1].getClass().getName());
    }

    private boolean d(Object obj) {
        if (obj == null) {
            return false;
        }
        return C0205c.b(obj.getClass(), "org.xml.sax.XMLReader");
    }

    private boolean e(Object obj) {
        return obj.getClass().getName().contains("nu.xom.XML1");
    }

    private boolean f(Object obj) {
        boolean z = false;
        if (obj != null) {
            z = obj.getClass().getName().endsWith("nu.xom.Builder");
        }
        return z;
    }

    private Object g(Object obj) {
        Object obj2 = null;
        try {
            Field a = a(obj.getClass(), "parser");
            if (a != null) {
                obj2 = a.get(obj);
            }
        } catch (IllegalAccessException e2) {
            j.debug("Problem reflecting xom XMLReader", (Throwable) e2);
        }
        return obj2;
    }

    private Object h(Object obj) {
        try {
            return E.b(obj, "builder").get(obj);
        } catch (IllegalAccessException e2) {
            j.debug("Problem reflecting builder out of saml", (Throwable) e2);
            return null;
        } catch (NoSuchFieldException e3) {
            j.debug("Couldn't find builder field on DocumentBuilder proxy");
            return null;
        }
    }

    private boolean i(Object obj) {
        boolean z = false;
        if (obj != null && obj.getClass().getName().contains("$DocumentBuilderProxy")) {
            z = true;
        }
        return z;
    }

    private static Object j(Object obj) {
        Field b2 = E.b(obj.getClass(), "builder");
        if (b2 == null) {
            return null;
        }
        try {
            return b2.get(obj);
        } catch (IllegalAccessException e2) {
            j.debug("Failed to inspect RegistryDocumentBuilder", (Throwable) e2);
            return null;
        }
    }

    private static boolean k(Object obj) {
        if (obj == null) {
            return false;
        }
        return obj.getClass().getName().equals("weblogic.xml.jaxp.RegistryDocumentBuilder");
    }

    private static boolean l(Object obj) {
        if (obj == null) {
            return false;
        }
        return obj.getClass().getName().equals("oracle.xml.jaxp.JXDocumentBuilder");
    }

    private static j m(Object obj) {
        Field a = a(obj.getClass(), "domParser");
        if (a == null) {
            return j.UNKNOWN;
        }
        try {
            Object obj2 = a.get(obj);
            if (obj2 == null) {
                return j.UNKNOWN;
            }
            Method a2 = E.a(obj2.getClass(), "getAttribute", (Class<?>[]) new Class[]{String.class});
            if (j.isDebugEnabled()) {
                j.debug("Invoking getAttribute() on {}", L.a(obj2));
            }
            return (a(obj2, a2, d, true) && a(obj2, a2, c, true)) ? j.UNKNOWN : j.DISALLOWED;
        } catch (IllegalAccessException e2) {
            j.debug("Failed to inspect WebLogicJXDocumentBuilder", (Throwable) e2);
            return j.UNKNOWN;
        }
    }

    private static boolean a(Object obj, Method method, String str, boolean z) {
        Object valueOf = Boolean.valueOf(z);
        try {
            valueOf = method.invoke(obj, str);
        } catch (IllegalAccessException e2) {
            j.debug("Problem reflecting JXDocumentBuilderFactory#getAttribute() call", (Throwable) e2);
        } catch (InvocationTargetException e3) {
            j.debug("Problem reflecting JXDocumentBuilderFactory#getAttribute() call", (Throwable) e3);
        }
        if (valueOf != null && (valueOf instanceof Boolean)) {
            return ((Boolean) valueOf).booleanValue();
        }
        return z;
    }

    private boolean a(Object obj, Class<?> cls) throws IllegalAccessException {
        j.debug("Inspecting reader {}", obj);
        Class<?> cls2 = obj.getClass();
        if (!u(obj).a()) {
            return false;
        }
        Field a = a(cls2, "fConfiguration");
        if (a == null) {
            j.error("Couldn't find configuration field from {} -- assuming supports external entities", cls);
            return true;
        }
        Object obj2 = a.get(obj);
        if (obj2 == null) {
            j.debug("Encountered null Unmarshaller#reader#fConfiguration");
            return true;
        }
        Field a2 = a(obj2.getClass(), "fEntityManager");
        if (a2 == null) {
            j.error("Couldn't find entity manager field from {} -- assuming supports external entities", cls);
            return true;
        }
        Object obj3 = a2.get(obj2);
        if (obj3 != null) {
            return w(obj3).g();
        }
        j.debug("Entity manager field was null -- assuming supports external entities");
        return true;
    }

    private boolean n(Object obj) {
        boolean z = true;
        if (!a(d.EXTERNAL_GENERAL, obj) && !a(d.EXTERNAL_PARAMETER, obj) && !a(d.LOAD_EXTERNAL_DTD, obj) && !a(d.XINCLUDE_AWARE, obj)) {
            j.debug("general, parameter entities, and external DTD features turned off -- not vulnerable");
            z = false;
        }
        if (z) {
            try {
                z = o(obj);
            } catch (IllegalAccessException e2) {
                j.debug("Failed to read private fields and determine if XMLReader supports external entities", (Throwable) e2);
            } catch (NoSuchFieldException e3) {
                j.debug("Failed to find private fields and determine if XMLReader supports external entities");
            }
        }
        if (z) {
            z = p(obj);
            if (!z) {
                z = q(obj);
            }
        }
        return z;
    }

    private boolean o(Object obj) throws IllegalAccessException {
        Field a = a(obj.getClass(), "fConfiguration");
        Object obj2 = a != null ? a.get(obj) : null;
        if (obj2 == null || !a(d.DISALLOW_DOCTYPE, obj2) || a(d.XINCLUDE_AWARE, obj2)) {
            return true;
        }
        j.debug("disallow-doctype feature turned on -- not vulnerable");
        return false;
    }

    private boolean p(Object obj) throws IllegalAccessException {
        Field a;
        Field a2 = a(obj.getClass(), "fDocumentSource");
        Object obj2 = a2 != null ? a2.get(obj) : null;
        if (obj2 == null || (a = a(obj2.getClass(), "fAccessExternalDTD")) == null) {
            return true;
        }
        Object obj3 = a.get(obj2);
        return ((obj3 instanceof String) && "".equals((String) obj3)) ? false : true;
    }

    private boolean q(Object obj) throws IllegalAccessException, NoSuchFieldException {
        Field a = a(obj.getClass(), "fContentHandler");
        Object obj2 = a != null ? a.get(obj) : null;
        if (obj2 == null) {
            return true;
        }
        Field a2 = a(obj2.getClass(), "_xsltc");
        Object obj3 = a2 != null ? a2.get(obj2) : null;
        if (obj3 == null) {
            return false;
        }
        Field a3 = a(obj3.getClass(), "_accessExternalStylesheet");
        return a3 == null || !"".equals(a3.get(obj3));
    }

    private Object r(Object obj) {
        Object obj2 = null;
        try {
            obj2 = E.f(obj.getClass(), "getXMLReader").invoke(obj, (Object[]) null);
        } catch (IllegalAccessException e2) {
            j.debug("Failed to get access to getXMLReader method on SAXParser", (Throwable) e2);
        } catch (NoSuchMethodException e3) {
            j.debug("Failed to find getXMLReader method on SAXParser", (Throwable) e3);
        } catch (InvocationTargetException e4) {
            j.debug("Failed to invokte getXMLReader method on SAXParser", (Throwable) e4);
        }
        return obj2;
    }

    private Object b(Object[] objArr) {
        Object obj = null;
        for (Object obj2 : objArr) {
            if (obj2 != null) {
                Class<?> cls = obj2.getClass();
                if (h.equals(cls.getName())) {
                    try {
                        obj = E.f(cls, "getXMLReader").invoke(obj2, (Object[]) null);
                    } catch (IllegalAccessException e2) {
                        j.debug("Failed to get access to getXMLReader method on SAXSource", (Throwable) e2);
                    } catch (NoSuchMethodException e3) {
                        j.debug("Failed to find getXMLReader method on SAXSource", (Throwable) e3);
                    } catch (InvocationTargetException e4) {
                        j.debug("Failed to invoke getXMLReader method on SAXSource", (Throwable) e4);
                    }
                }
            }
        }
        return obj;
    }

    private boolean s(Object obj) {
        if (obj == null) {
            return false;
        }
        return C0205c.a(obj.getClass().getSuperclass(), "javax.xml.parsers.SAXParser");
    }

    boolean a(Object obj) {
        if (obj == null) {
            return false;
        }
        return C0205c.a(obj.getClass(), f) || C0205c.a(obj.getClass(), g);
    }

    private j t(Object obj) {
        Object obj2;
        Field a;
        Object obj3;
        try {
            Field a2 = a(obj.getClass(), "domParser");
            if (a2 != null && (obj2 = a2.get(obj)) != null && (a = a(obj2.getClass(), "fConfiguration")) != null && (obj3 = a.get(obj2)) != null) {
                Class<?> cls = obj3.getClass();
                if (cls.getName().contains(".XIncludeAwareParserConfiguration")) {
                    if (a(d.XINCLUDE_AWARE, obj3)) {
                        return j.ALLOWED;
                    }
                    if (a(d.DISALLOW_DOCTYPE, obj3)) {
                        return j.DISALLOWED;
                    }
                    if (!a(d.EXTERNAL_GENERAL, obj3) && !a(d.EXTERNAL_PARAMETER, obj3) && !a(d.LOAD_EXTERNAL_DTD, obj3)) {
                        return j.DISALLOWED;
                    }
                }
                Field a3 = a(cls, "fEntityManager");
                return a3 == null ? j.UNKNOWN : j.a(w(a3.get(obj3)).g());
            }
            return j.UNKNOWN;
        } catch (IllegalAccessException e2) {
            j.debug("failed to get access to document builder", (Throwable) e2);
            return j.UNKNOWN;
        }
    }

    private j u(Object obj) {
        Method a;
        try {
            a = E.a(obj.getClass(), "getProperty", (Class<?>[]) new Class[]{String.class});
        } catch (IllegalAccessException e2) {
            j.debug("Access denied when reflecting XIncludeAwareParserConfig#getFeature() call", (Throwable) e2);
        } catch (InvocationTargetException e3) {
            j.debug("Problem reflecting XIncludeAwareParserConfig#getFeature() call", (Throwable) e3);
        }
        if (a == null) {
            j.debug("failed to find getProperty() on {}", L.a(obj));
            return j.UNKNOWN;
        }
        if (j.isDebugEnabled()) {
            j.debug("Invoking getProperty() on {}", L.a(obj));
        }
        Object invoke = a.invoke(obj, d.ACCESS_EXTERNAL_DTD.a()[0]);
        if (invoke instanceof String) {
            return ((String) invoke).isEmpty() ? j.DISALLOWED : j.ALLOWED;
        }
        return j.UNKNOWN;
    }

    private boolean a(d dVar, Object obj) {
        return dVar.a(a(dVar.a(), obj));
    }

    private j a(Object[] objArr, Object obj) {
        Method a;
        j jVar = j.UNKNOWN;
        try {
            a = E.a(obj.getClass(), "getFeature", (Class<?>[]) new Class[]{String.class});
        } catch (IllegalAccessException e2) {
            j.debug("Access denied when reflecting XIncludeAwareParserConfig#getFeature() call", (Throwable) e2);
        } catch (InvocationTargetException e3) {
            j.debug("Problem reflecting XIncludeAwareParserConfig#getFeature() call", (Throwable) e3);
        }
        if (a == null) {
            j.debug("failed to find getFeature() on {}", L.a(obj));
            return jVar;
        }
        if (j.isDebugEnabled()) {
            j.debug("Invoking getFeature() on {}", L.a(obj));
        }
        Object invoke = a.invoke(obj, objArr);
        if (invoke instanceof Boolean) {
            jVar = ((Boolean) invoke).booleanValue() ? j.ALLOWED : j.DISALLOWED;
        }
        return jVar;
    }

    private boolean v(Object obj) {
        boolean z = false;
        if (obj != null) {
            try {
                if (obj instanceof DocumentBuilder) {
                    z = true;
                }
            } catch (NoClassDefFoundError e2) {
                j.debug("failed to load javax.xml.parsers.DocumentBuilder class");
            }
            if (!z && obj.getClass().getName().contains(".DocumentBuilderImpl")) {
                z = true;
            }
        }
        return z;
    }

    boolean a(Object obj, Object[] objArr) {
        try {
            Class<?> cls = obj.getClass();
            Object b2 = b(objArr);
            if (b2 != null) {
                return n(b2);
            }
            Object b3 = b(obj, cls);
            if (b3 != null) {
                return a(b3, cls);
            }
            return true;
        } catch (IllegalAccessException e2) {
            j.debug("Couldn't get access to confirm whether JAXB Unmarshaller supported external entities", (Throwable) e2);
            return true;
        } catch (InvocationTargetException e3) {
            j.debug("Failed to invoke method to get JAXB XMLReader", (Throwable) e3);
            return true;
        }
    }

    private Object b(Object obj, Class<?> cls) throws IllegalAccessException, InvocationTargetException {
        Method a = E.a(cls, "getXMLReader", (Class<?>[]) new Class[0]);
        if (a == null) {
            j.error("Couldn't find getXMLReader method from {}, looking for an XMLReader in the arguments now", cls);
            return null;
        }
        Object invoke = a.invoke(obj, new Object[0]);
        if (invoke == null) {
            j.debug("Encountered null Unmarshaller#getXMLReader, looking for an XMLReader in the arguments now");
        }
        return invoke;
    }

    private c w(Object obj) {
        c.a f2 = c.f();
        for (b bVar : k) {
            try {
                bVar.a(obj, f2);
            } catch (ClassNotFoundException e2) {
                j.debug("Problem with finding class to confirm support for external entities on XMLEntityManager", (Throwable) e2);
            } catch (IllegalAccessException e3) {
                j.debug("Problem getting access to reflected data to confirm support for external entities on XMLEntityManager", (Throwable) e3);
            } catch (NoSuchMethodException e4) {
                j.debug("Problem with finding reflected method to confirm support for external entities on XMLEntityManager", (Throwable) e4);
            } catch (InvocationTargetException e5) {
                j.debug("Problem invoking reflected method to confirm support for external entities on XMLEntityManager", (Throwable) e5);
            }
        }
        c a = f2.a();
        j.debug("Inspection results: {}", a);
        return a;
    }

    private static Field a(Class<?> cls, String str) {
        if (cls == null || cls == Object.class) {
            return null;
        }
        try {
            return E.d(cls, str);
        } catch (NoSuchFieldException e2) {
            Class<? super Object> superclass = cls.getSuperclass();
            j.trace("Looking up the JAXB superclass to {} to check for {} field", superclass, str);
            return a((Class<?>) superclass, str);
        }
    }

    private boolean x(Object obj) {
        boolean z = false;
        if (obj != null) {
            try {
                z = obj.getClass().isAssignableFrom(Class.forName(i));
            } catch (ClassNotFoundException e2) {
            }
            if (!z) {
                z = obj.getClass().getName().endsWith(".UnmarshallerImpl");
            }
        }
        return z;
    }

    private boolean y(Object obj) {
        Field b2 = E.b(obj.getClass(), "fStreamReader");
        if (b2 == null) {
            return true;
        }
        try {
            Object obj2 = b2.get(obj);
            Field b3 = E.b(obj2.getClass(), "fProperties");
            if (b3 == null) {
                return true;
            }
            try {
                Object obj3 = b3.get(obj2);
                if (!a(obj3, "supportDTD", true)) {
                    return false;
                }
                Object a = E.a(obj3, "externalDTDPropertyValue");
                if ((a instanceof String) && ((String) a).isEmpty()) {
                    return false;
                }
                return a(obj3, "isSupportingExternalEntities", true);
            } catch (IllegalAccessException e2) {
                j.error("Failed to access field, but expected all fields to be accessible", (Throwable) e2);
                return true;
            }
        } catch (IllegalAccessException e3) {
            j.error("Failed to access field, but expected all fields to be accessible", (Throwable) e3);
            return true;
        }
    }

    private boolean z(Object obj) {
        Object a = E.a(obj, "fEntityManager");
        if (a != null) {
            Object a2 = E.a(a, "fAccessExternalDTD");
            if ((a2 instanceof String) && ((String) a2).isEmpty()) {
                return false;
            }
        }
        Field b2 = E.b(obj.getClass(), "fPropertyManager");
        if (b2 == null) {
            return true;
        }
        try {
            return B(b2.get(obj));
        } catch (IllegalAccessException e2) {
            j.error("Failed to access field, but expected all fields to be accessible", (Throwable) e2);
            return true;
        }
    }

    private boolean A(Object obj) {
        if (obj.getClass().getName().contains(".Woodstox4StreamReaderWrapper")) {
            return a(obj, ".DisallowDoctypeDeclStreamReaderWrapper") == null;
        }
        Field a = E.a(obj.getClass(), "mConfig");
        if (a == null) {
            return true;
        }
        try {
            return B(a.get(obj));
        } catch (IllegalAccessException e2) {
            j.error("Failed to access field, but expected all fields to be accessible", (Throwable) e2);
            return true;
        }
    }

    private boolean B(Object obj) {
        Method a = E.a(obj.getClass(), "getProperty", ObjectShare.SINGLE_STRING_ARRAY);
        if (a == null) {
            return true;
        }
        if (a(a, obj, "javax.xml.stream.supportDTD", true)) {
            return a(a, obj, "javax.xml.stream.isSupportingExternalEntities", true);
        }
        return false;
    }

    private boolean c(Object[] objArr) {
        return objArr.length > 0 && objArr[0] != null && objArr[0].getClass().getName().contains(".XMLStreamReader");
    }

    private boolean C(Object obj) {
        return obj.getClass().getName().contains(".XMLStreamReader");
    }

    private boolean D(Object obj) {
        return obj.getClass().getName().contains(".XMLInputFactoryImpl$XMLStreamReaderProxy");
    }

    private boolean E(Object obj) {
        return obj.getClass().getName().contains(".BasicStreamReader") || obj.getClass().getName().contains(".ValidatingStreamReader") || obj.getClass().getName().contains(".TypedStreamReader") || obj.getClass().getName().contains(".Woodstox4StreamReaderWrapper");
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean b(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public void a(Application application, Trace trace, Rule rule, Object obj, Object[] objArr, Object obj2) {
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Trace trace, Rule rule, SourceEvent sourceEvent, int i2, HttpRequest httpRequest, com.contrastsecurity.agent.apps.exclusions.g gVar) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Trace trace, Rule rule) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public String getPolicyLocation() {
        String str = null;
        if (this.l.e(ConfigProperty.SUPPORTER_JAXB)) {
            str = b;
        }
        return str;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public boolean isMatchingPolicyLocation(M m) {
        return com.contrastsecurity.agent.plugins.frameworks.L.a(m, this);
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public int getPolicyId() {
        return e;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.N
    public boolean a(Propagator propagator, Class<?> cls, Object obj, Object[] objArr, int[] iArr, Class<?> cls2, Object obj2) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.N
    public boolean a(com.contrastsecurity.agent.plugins.security.model.h hVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.N
    public void b(com.contrastsecurity.agent.plugins.security.model.h hVar) {
        String id = hVar.e().getId();
        if (id == null || !id.startsWith("xmlif-reader-")) {
            return;
        }
        Object b2 = hVar.b();
        if (j.isDebugEnabled()) {
            j.debug("Analyzing XMLInputFactory {}", L.a(b2));
        }
        if (!b(b2)) {
            j.debug("Expected XMLInputFactory for propagator {}", hVar.e().getId());
            return;
        }
        if (c(b2)) {
            return;
        }
        String[] strArr = {"R"};
        String[] strArr2 = {"xmlif-validated-xxe"};
        String[] strArr3 = new String[0];
        try {
            a().a(hVar.f().getName(), hVar.f().getDesc(), hVar.f().getModifiers(), hVar.b(), hVar.g(), hVar.c(), hVar.d(), false, strArr, strArr2, strArr3);
        } catch (Exception e2) {
            j.debug("Exception un/tagging targets {} with tags {} and untags {} in propagator {}", strArr, strArr2, strArr3, hVar.e().getId());
        }
    }

    private com.contrastsecurity.agent.plugins.security.controller.propagate.c a() {
        return this.m != null ? this.m : SecurityPlugin.getSecurityServiceProvider().getContrastDataFlowTaggingService();
    }

    @A
    boolean b(Object obj) {
        return obj != null && C0205c.a(obj.getClass(), "javax.xml.stream.XMLInputFactory");
    }

    @A
    boolean c(Object obj) {
        boolean z = true;
        Class<?> cls = obj.getClass();
        if (cls.getName().contains(".ImmutableXMLInputFactory")) {
            Object a = a(obj, ".NormalizingXMLInputFactoryWrapper");
            return a == null || a(a, ".DisallowDoctypeDeclInputFactoryWrapper") == null;
        }
        Method a2 = E.a(cls, "isPropertySupported", ObjectShare.SINGLE_STRING_ARRAY);
        Method a3 = E.a(cls, "getProperty", ObjectShare.SINGLE_STRING_ARRAY);
        try {
            Boolean a4 = a(a2, a3, obj, "javax.xml.stream.supportDTD");
            if (a4 == null || a4.booleanValue()) {
                Boolean a5 = a(a2, a3, obj, "javax.xml.stream.isSupportingExternalEntities");
                if (a5 != null) {
                    z = a5.booleanValue();
                }
            } else {
                z = false;
            }
        } catch (IllegalAccessException e2) {
            j.debug("Couldn't get access to confirm whether XMLInputFactory supported external entities", (Throwable) e2);
        } catch (InvocationTargetException e3) {
            j.debug("Couldn't confirm whether XMLInputFactory supported external ent", (Throwable) e3);
        }
        return z;
    }

    private Boolean a(Method method, Method method2, Object obj, String str) throws InvocationTargetException, IllegalAccessException {
        if (method == null || method2 == null) {
            return null;
        }
        Boolean bool = null;
        Object invoke = method.invoke(obj, str);
        if ((invoke instanceof Boolean) && ((Boolean) invoke).booleanValue()) {
            Object invoke2 = method2.invoke(obj, str);
            if (invoke2 instanceof Boolean) {
                bool = (Boolean) invoke2;
            }
        }
        return bool;
    }

    private Object a(Object obj, String str) {
        Field a = E.a(obj.getClass(), "parent");
        if (a == null) {
            return null;
        }
        try {
            Object obj2 = a.get(obj);
            if (obj2 == null) {
                return null;
            }
            if (obj2.getClass().getName().endsWith(str)) {
                return obj2;
            }
            return null;
        } catch (IllegalAccessException e2) {
            return null;
        }
    }

    private boolean a(Object obj, String str, boolean z) {
        Field b2 = E.b(obj.getClass(), str);
        if (b2 == null) {
            return z;
        }
        try {
            Object obj2 = b2.get(obj);
            return obj2 instanceof Boolean ? ((Boolean) obj2).booleanValue() : z;
        } catch (IllegalAccessException e2) {
            j.error("Failed to access field, but expected all fields to be accessible", (Throwable) e2);
            return z;
        }
    }

    private boolean a(Method method, Object obj, String str, boolean z) {
        try {
            Object invoke = method.invoke(obj, str);
            return invoke instanceof Boolean ? ((Boolean) invoke).booleanValue() : z;
        } catch (IllegalAccessException e2) {
            j.error("Failed to access method, but expected method to be accessible", (Throwable) e2);
            return z;
        } catch (InvocationTargetException e3) {
            Throwable targetException = e3.getTargetException();
            com.contrastsecurity.agent.commons.v.a(targetException);
            j.debug("Failed to call getProperty(\"" + str + "\")", targetException);
            return z;
        }
    }
}
