package com.contrastsecurity.agent.plugins.frameworks.jersey;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.exclusions.h;
import com.contrastsecurity.agent.commons.l;
import com.contrastsecurity.agent.config.ContrastProperties;
import com.contrastsecurity.agent.config.g;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.i.c;
import com.contrastsecurity.agent.instr.InstrumentationContext;
import com.contrastsecurity.agent.instr.i;
import com.contrastsecurity.agent.messages.app.info.HTTPRoute;
import com.contrastsecurity.agent.plugins.frameworks.K;
import com.contrastsecurity.agent.plugins.frameworks.L;
import com.contrastsecurity.agent.plugins.frameworks.M;
import com.contrastsecurity.agent.plugins.frameworks.O;
import com.contrastsecurity.agent.plugins.frameworks.P;
import com.contrastsecurity.agent.plugins.frameworks.Q;
import com.contrastsecurity.agent.plugins.frameworks.S;
import com.contrastsecurity.agent.plugins.frameworks.v;
import com.contrastsecurity.agent.plugins.frameworks.x;
import com.contrastsecurity.agent.plugins.http.o;
import com.contrastsecurity.agent.plugins.http.r;
import com.contrastsecurity.agent.plugins.http.s;
import com.contrastsecurity.agent.plugins.http.t;
import com.contrastsecurity.agent.plugins.http.v;
import com.contrastsecurity.agent.plugins.rasp.rules.f.e;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.model.j;
import com.contrastsecurity.agent.plugins.security.policy.InheritancePreference;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.plugins.security.policy.u;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.agent.trace.UniqueMethod;
import com.contrastsecurity.agent.util.E;
import com.contrastsecurity.thirdparty.com.rabbitmq.client.ConnectionFactory;
import com.contrastsecurity.thirdparty.org.objectweb.asm.ClassVisitor;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* compiled from: JerseySupporter.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/jersey/b.class */
public final class b extends v implements K, P, S, x {
    private final g e;
    private final i<ContrastAssessDispatcherLocator> f;
    private static final Set<String> g = new HashSet();
    private static final Set<String> h;
    public static final Set<String> b;
    private static final Map<String, Set<String>> i;
    static final UniqueMethod c;
    public static final String d = "/policies/jersey.xml";
    private static final int j;
    private static final Logger k;

    public b(g gVar, i<ContrastAssessDispatcherLocator> iVar) {
        this.e = (g) l.a(gVar, "config");
        this.f = (i) l.a(iVar, "assessDispatcherAccessor");
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean b(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        j d2 = aVar.d();
        u j2 = d2.j();
        if (!L.a(aVar.p(), this) || !Q.a(g, j2) || O.a(d2)) {
            return true;
        }
        d2.l();
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.v
    public ClassVisitor onClassTransform(ClassVisitor classVisitor, InstrumentationContext instrumentationContext) {
        if (!c.getDeclaringClassType().equals(instrumentationContext.getClassName())) {
            return classVisitor;
        }
        instrumentationContext.setRequiresTransforming(true);
        instrumentationContext.getChanger().addAdapter("JerseyHttpHeaderReaderClassVisitor");
        return new a(classVisitor, this.f);
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Rule rule, Object obj, Object[] objArr, Object obj2) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public void a(Application application, Trace trace, Rule rule, Object obj, Object[] objArr, Object obj2) {
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Trace trace, Rule rule) {
        boolean z = false;
        if (a(rule)) {
            z = a(trace);
        }
        return z;
    }

    private boolean a(Trace trace) {
        boolean z = false;
        if (trace.getEvents().size() > 1) {
            CodeEvent firstEvent = trace.getFirstEvent();
            CodeEvent lastEvent = trace.getLastEvent();
            if (b(firstEvent)) {
                z = !a(lastEvent);
            }
        }
        return z;
    }

    private boolean a(CodeEvent codeEvent) {
        return codeEvent.getMethodName().startsWith("com.github.mustachejava");
    }

    private boolean b(CodeEvent codeEvent) {
        return codeEvent.getMethodName().startsWith("org.glassfish.jersey.server.internal");
    }

    private boolean a(Rule rule) {
        return rule.getId().equals(e.b);
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.x
    public String a() {
        return "/hierarchies/jersey-hierarchy.xml";
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.P
    public boolean a(Application application, Trace trace, Rule rule, SourceEvent sourceEvent, int i2, HttpRequest httpRequest, h hVar) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public String getPolicyLocation() {
        String str = null;
        if (this.e.e(ContrastProperties.SUPPORTER_JERSEY)) {
            str = d;
        }
        return str;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public boolean isMatchingPolicyLocation(M m) {
        return L.a(m, this);
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.K
    public int getPolicyId() {
        return j;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public Collection<com.contrastsecurity.agent.plugins.http.l> provideLifecycleWatchers() {
        return Collections.emptyList();
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public Collection<r> provideHeaderWatchers() {
        return Collections.emptyList();
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public o provideParameterWatcher() {
        return null;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public Collection<t> provideRouteObservationWatchers() {
        return com.contrastsecurity.agent.commons.g.a(new t.a().a(b.class).a(t.b.ON_METHOD_EXIT).b("org.glassfish.jersey.server.ServerRuntime").a("void process(org.glassfish.jersey.server.ContainerRequest)").a(new s() { // from class: com.contrastsecurity.agent.plugins.frameworks.jersey.b.1
            @Override // com.contrastsecurity.agent.plugins.http.s
            public HTTPRoute a(Object obj, Object[] objArr, Object obj2, HttpRequest httpRequest) throws InvocationTargetException, IllegalAccessException {
                Object obj3 = objArr[0];
                if (obj3 == null) {
                    c.a("JERSEY_ROUTE_OBSERVATION_INVALID_PARAMS", b.k, "Cannot observe route since the Jersey ContainerRequest is null.");
                    return null;
                }
                Method a = E.a(obj3.getClass(), "getUriRoutingContext", (Class<?>[]) new Class[0]);
                if (a == null) {
                    b.k.warn("Could not find method [getUriRoutingContext] on object [{}]. ", obj);
                    return null;
                }
                Object invoke = a.invoke(obj3, new Object[0]);
                if (invoke == null) {
                    return null;
                }
                Class<?> cls = invoke.getClass();
                Method b2 = E.b(cls, "getMatchedResourceMethod", new Class[0]);
                if (b2 == null) {
                    b.k.warn("Could not find method [getMatchedResourceMethod] on object [{}]. ", obj);
                    return null;
                }
                Object invoke2 = b2.invoke(invoke, new Object[0]);
                Method b3 = E.b(cls, "getPath", new Class[0]);
                if (b3 == null) {
                    b.k.warn("Could not find method [getPath] on object [{}]. ", obj);
                    return null;
                }
                Object invoke3 = b3.invoke(invoke, new Object[0]);
                if (invoke3 instanceof String) {
                    return b.this.a(b.b((String) invoke3), invoke2);
                }
                b.k.warn("getPath did not return a String");
                return null;
            }

            @Override // com.contrastsecurity.agent.plugins.http.s
            public boolean a() {
                return false;
            }
        }));
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public Collection<com.contrastsecurity.agent.plugins.http.v> provideRouteRegistrationWatchers() {
        com.contrastsecurity.agent.plugins.http.u uVar = new com.contrastsecurity.agent.plugins.http.u() { // from class: com.contrastsecurity.agent.plugins.frameworks.jersey.b.2
            @Override // com.contrastsecurity.agent.plugins.http.u
            public Collection<HTTPRoute> a(Object obj, Object[] objArr, Object obj2) throws InvocationTargetException, IllegalAccessException {
                if (obj2 == null) {
                    c.a("JERSEY_ROUTE_DISCOVERY_INVALID_PARAMS", b.k, "Cannot discover route since the Jersey ResourceModel is null.");
                    return Collections.emptyList();
                }
                Method b2 = E.b(obj2.getClass(), "getResources", new Class[0]);
                if (b2 == null) {
                    b.k.warn("Could not find method [getResources] on object [{}]. ", obj);
                    return Collections.emptyList();
                }
                Object invoke = b2.invoke(obj2, new Object[0]);
                if (!(invoke instanceof List)) {
                    return Collections.emptyList();
                }
                HashSet hashSet = new HashSet();
                Iterator it = ((List) invoke).iterator();
                while (it.hasNext()) {
                    hashSet.addAll(b.this.a(it.next(), ""));
                }
                return hashSet;
            }
        };
        return com.contrastsecurity.agent.commons.g.a(new v.a().a(b.class).a(InheritancePreference.NONE).b("org.glassfish.jersey.server.ApplicationHandler").a("org.glassfish.jersey.server.model.ResourceModel processResourceModel(org.glassfish.jersey.server.model.ResourceModel)").a(uVar), new v.a().a("Jersey2.6AndAfter").a(InheritancePreference.NONE).b("org.glassfish.jersey.server.ResourceModelConfigurator").a("org.glassfish.jersey.server.model.ResourceModel processResourceModel(java.util.Collection,org.glassfish.jersey.server.model.ResourceModel,org.glassfish.jersey.server.ResourceConfig)").a(uVar));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Collection<HTTPRoute> a(Object obj, String str) throws InvocationTargetException, IllegalAccessException {
        if (obj == null) {
            return Collections.emptySet();
        }
        Class<?> cls = obj.getClass();
        Method b2 = E.b(cls, "getPath", new Class[0]);
        if (b2 == null) {
            k.warn("Could not find method [getPath] on object [{}]. ", obj);
            return Collections.emptySet();
        }
        Object invoke = b2.invoke(obj, new Object[0]);
        if (!(invoke instanceof String)) {
            k.warn("getPath did not return a String");
            return Collections.emptySet();
        }
        String b3 = b(str + invoke);
        int indexOf = b3.indexOf(ConnectionFactory.DEFAULT_VHOST, 1);
        if (h.contains(indexOf != -1 ? b3.substring(0, indexOf) : b3)) {
            return Collections.emptySet();
        }
        Method b4 = E.b(cls, "getResourceMethods", new Class[0]);
        if (b4 == null) {
            k.warn("Could not find method [getResourceMethods] on object [{}]. ", obj);
            return Collections.emptySet();
        }
        HashSet hashSet = new HashSet();
        Object invoke2 = b4.invoke(obj, new Object[0]);
        if (invoke2 instanceof List) {
            Iterator it = ((List) invoke2).iterator();
            while (it.hasNext()) {
                HTTPRoute a = a(b3, it.next());
                if (a != null) {
                    hashSet.add(a);
                }
            }
        }
        Method b5 = E.b(cls, "getChildResources", new Class[0]);
        if (b5 == null) {
            return Collections.unmodifiableSet(hashSet);
        }
        Object invoke3 = b5.invoke(obj, new Object[0]);
        if (!(invoke3 instanceof List)) {
            return Collections.unmodifiableSet(hashSet);
        }
        Iterator it2 = ((List) invoke3).iterator();
        while (it2.hasNext()) {
            hashSet.addAll(a(it2.next(), b3));
        }
        return Collections.unmodifiableSet(hashSet);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String b(String str) {
        if (str != null) {
            return str.startsWith(ConnectionFactory.DEFAULT_VHOST) ? str : ConnectionFactory.DEFAULT_VHOST + str;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HTTPRoute a(String str, Object obj) throws InvocationTargetException, IllegalAccessException {
        if (obj == null) {
            return null;
        }
        Method b2 = E.b(obj.getClass(), "getHttpMethod", new Class[0]);
        if (b2 == null) {
            k.warn("Could not find method [getHttpMethod] on object [{}]. ", obj);
            return null;
        }
        Object invoke = b2.invoke(obj, new Object[0]);
        if (!(invoke instanceof String)) {
            return null;
        }
        String str2 = (String) invoke;
        Method b3 = E.b(obj.getClass(), "getInvocable", new Class[0]);
        if (b3 == null) {
            k.warn("Could not find method [getInvocable] on object [{}]. ", obj);
            return null;
        }
        Object invoke2 = b3.invoke(obj, new Object[0]);
        Method b4 = E.b(invoke2.getClass(), "getHandlingMethod", new Class[0]);
        if (b4 == null) {
            k.warn("Could not find method [getHandlingMethod] on object [{}]. ", invoke2);
            return null;
        }
        Object invoke3 = b4.invoke(invoke2, new Object[0]);
        if (!(invoke3 instanceof Method)) {
            return null;
        }
        Method method = (Method) invoke3;
        Set<String> set = i.get(str);
        if (set != null && set.contains(method.getDeclaringClass().getName())) {
            return null;
        }
        return HTTPRoute.of(str2, str, com.contrastsecurity.agent.plugins.http.x.a(method));
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.S
    public List<String> getViewstateParameterNames() {
        return Collections.emptyList();
    }

    static {
        g.add("jersey-message-1");
        h = com.contrastsecurity.agent.commons.o.b("/lifecycle", "/tenant-monitoring", "/elasticity-monitoring", "/weblogic", "/wls");
        b = com.contrastsecurity.agent.commons.o.b("org.glassfish.admin.rest.resources.admin.CommandResource", "org.glassfish.jersey.server.wadl.processor.OptionsMethodProcessor$GenericOptionsInflector", "org.glassfish.jersey.server.wadl.processor.OptionsMethodProcessor$PlainTextOptionsInflector");
        i = com.contrastsecurity.agent.commons.h.a().a("//{command:.*}/", b).a("//{command:.*}/manpage", b).a();
        c = UniqueMethod.getMethod(" org.glassfish.jersey.message.internal.HttpHeaderReader".substring(1), "readAcceptMediaType", "(Ljava/lang/String;)Ljava/util/List;", 0);
        j = d.hashCode();
        k = LoggerFactory.getLogger(b.class);
    }
}
