package com.contrastsecurity.agent.plugins.security.policy;

import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.contrastapi_v1_0.settings.server.ServerSettingsAssessDTM;
import com.contrastsecurity.agent.plugins.frameworks.U;
import com.contrastsecurity.agent.plugins.security.policy.ContrastPolicy;
import com.contrastsecurity.agent.plugins.security.policy.propagators.Propagator;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.plugins.security.policy.sources.AbstractClassMatcher;
import com.contrastsecurity.agent.plugins.security.policy.sources.DynamicSource;
import com.contrastsecurity.agent.plugins.security.policy.sources.IMethodExcluder;
import com.contrastsecurity.agent.util.AESUtil;
import com.contrastsecurity.agent.util.E;
import com.contrastsecurity.agent.util.O;
import com.contrastsecurity.agent.util.PerfUtil;
import com.contrastsecurity.agent.util.T;
import com.contrastsecurity.agent.z;
import com.contrastsecurity.thirdparty.io.micrometer.core.instrument.binder.BaseUnits;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.time.StopWatch;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.core.lookup.StructuredDataLookup;
import com.contrastsecurity.thirdparty.org.apache.logging.log4j.util.ProcessIdUtil;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;

/* compiled from: ContrastPolicyReader.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/policy/d.class */
public final class d {
    private final com.contrastsecurity.agent.features.c a;
    private final com.contrastsecurity.agent.plugins.security.policy.b.b b;
    private final i c;
    private final l d;
    private final com.contrastsecurity.agent.plugins.security.policy.propagators.c e;
    private final v f;
    private final y g;
    private final com.contrastsecurity.agent.plugins.security.policy.propagators.a h;
    private final com.contrastsecurity.agent.config.g i;
    private static final String j = "R";
    private static final String k = "Unknown Framework";
    private static final Logger l = LoggerFactory.getLogger((Class<?>) d.class);

    @Inject
    public d(com.contrastsecurity.agent.features.c cVar, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.plugins.security.policy.propagators.c cVar2, com.contrastsecurity.agent.plugins.security.policy.propagators.a aVar) {
        this(cVar, gVar, cVar2, new l(), new i(), new com.contrastsecurity.agent.plugins.security.policy.b.b(), new v(), new y(), aVar);
    }

    @z
    public d(com.contrastsecurity.agent.features.c cVar, com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.plugins.security.policy.propagators.c cVar2, l lVar, i iVar, com.contrastsecurity.agent.plugins.security.policy.b.b bVar, v vVar, y yVar, com.contrastsecurity.agent.plugins.security.policy.propagators.a aVar) {
        Objects.requireNonNull(cVar);
        Objects.requireNonNull(gVar);
        Objects.requireNonNull(bVar);
        Objects.requireNonNull(iVar);
        Objects.requireNonNull(lVar);
        Objects.requireNonNull(cVar2);
        Objects.requireNonNull(vVar);
        Objects.requireNonNull(yVar);
        Objects.requireNonNull(aVar);
        this.i = gVar;
        this.a = cVar;
        this.b = bVar;
        this.c = iVar;
        this.d = lVar;
        this.e = cVar2;
        this.f = vVar;
        this.g = yVar;
        this.h = aVar;
    }

    @z
    public ContrastPolicy a(U... uArr) throws p {
        return a(Arrays.asList(uArr));
    }

    public ContrastPolicy a(List<U> list) throws p {
        ContrastPolicy.Builder builder = ContrastPolicy.builder(0, "master", this.h);
        builder.cache();
        a(builder, list);
        ServerSettingsAssessDTM b = this.a.b();
        if (b != null) {
            l.info("Applying rule customizations...");
            builder.applyFeatures(b);
            l.info("Done applying rule customizations...");
        }
        return builder.build();
    }

    private void a(ContrastPolicy.Builder builder, List<U> list) throws p {
        Iterator<U> it = list.iterator();
        while (it.hasNext()) {
            a(builder, it.next());
        }
    }

    private void a(ContrastPolicy.Builder builder, U u) throws p {
        byte[] a = a(u);
        StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        a(builder, u, a);
        stopWatch.stop();
        if (PerfUtil.isProfilingStartup()) {
            E.a("\t\t" + stopWatch + " to translate from XML objects to policy objects");
        } else {
            l.debug("Took {} to translate from XML objects to policy objects", stopWatch);
        }
    }

    @z
    public byte[] a(U u) throws p {
        byte[] d = u.d();
        if (u.e()) {
            StopWatch stopWatch = new StopWatch();
            stopWatch.start();
            try {
                try {
                    d = AESUtil.decrypt(d);
                    stopWatch.stop();
                    if (PerfUtil.isProfilingStartup()) {
                        E.a("\t\t" + stopWatch + " to decrypt");
                    } else {
                        l.debug("Took {} to decrypt policy", stopWatch);
                    }
                } catch (GeneralSecurityException e) {
                    throw new p("Couldn't decrypt hardcoded policy " + u.c(), e);
                }
            } catch (Throwable th) {
                stopWatch.stop();
                if (PerfUtil.isProfilingStartup()) {
                    E.a("\t\t" + stopWatch + " to decrypt");
                } else {
                    l.debug("Took {} to decrypt policy", stopWatch);
                }
                throw th;
            }
        }
        return d;
    }

    XMLElement a(U u, byte[] bArr) throws p {
        InputStreamReader inputStreamReader = new InputStreamReader(new ByteArrayInputStream(bArr));
        StopWatch stopWatch = new StopWatch();
        stopWatch.start();
        try {
            XMLElement a = com.contrastsecurity.agent.s.i.a(inputStreamReader);
            stopWatch.stop();
            if (PerfUtil.isProfilingStartup()) {
                E.a("\t\t" + stopWatch + " to parse");
            }
            return a;
        } catch (Exception e) {
            throw new p("Failed to parse policy as XML " + u, e);
        }
    }

    ContrastPolicy.Builder a(U u, XMLElement xMLElement) throws p {
        if (xMLElement != null && "policies".equals(xMLElement.getName())) {
            xMLElement = T.a(xMLElement, "policy");
        }
        if (xMLElement == null || !xMLElement.getName().equals("policy")) {
            throw new p(u + " does not contain a <policy> element");
        }
        return b(u, xMLElement);
    }

    @z
    public void a(ContrastPolicy.Builder builder, U u, byte[] bArr) throws p {
        ContrastPolicy.Builder a = a(u, a(u, bArr));
        a.cache();
        builder.applyOverrides(a);
        builder.cache();
    }

    private ContrastPolicy.Builder b(U u, XMLElement xMLElement) throws p {
        XMLElement a;
        XMLElement a2;
        XMLElement a3;
        XMLElement a4;
        XMLElement a5;
        l.debug("Scanning policy {} with id {}", u.c(), Integer.valueOf(u.b()));
        ContrastPolicy.Builder builder = new ContrastPolicy.Builder(u.b(), u.c(), this.h);
        String c = this.i.c(ConfigProperty.DISABLEDSOURCES);
        String c2 = this.i.c(ConfigProperty.DISABLEDPROPAGATORS);
        if (this.i.f(ConfigProperty.ENABLE_PROPERTIES) && (a5 = T.a(xMLElement, "properties")) != null) {
            Enumeration enumerateChildren = a5.enumerateChildren();
            while (enumerateChildren.hasMoreElements()) {
                XMLElement xMLElement2 = (XMLElement) enumerateChildren.nextElement();
                builder.addProperty(xMLElement2.getName(), xMLElement2.getContent());
            }
        }
        if (this.i.f(ConfigProperty.TAGS)) {
            for (XMLElement xMLElement3 : T.b(T.a(xMLElement, "tag-lists"), "tag-list")) {
                ArrayList arrayList = new ArrayList();
                String attribute = xMLElement3.getAttribute(StructuredDataLookup.ID_KEY, (String) null);
                String attribute2 = xMLElement3.getAttribute("name", (String) null);
                List<XMLElement> b = T.b(xMLElement3, "method");
                String[] a6 = O.a(xMLElement3.getAttribute("tags", (String) null));
                String[] a7 = O.a(xMLElement3.getAttribute("untags", (String) null));
                TagList tagList = new TagList();
                tagList.setId(attribute);
                tagList.setName(attribute2);
                tagList.setTagListTags(a6);
                tagList.setUntags(a7);
                tagList.setTaggers(arrayList);
                int i = 0;
                for (XMLElement xMLElement4 : b) {
                    String a8 = c.a(xMLElement4.getAttribute("signature", (String) null), builder.getPropertiesMap());
                    String attribute3 = xMLElement4.getAttribute("target", (String) null);
                    if (attribute3 == null) {
                        attribute3 = "R";
                    }
                    Tagger tagger = new Tagger(builder.getId(), builder.getLocation(), attribute + ProcessIdUtil.DEFAULT_PROCESSID + i, m.b(attribute3), new s(t.a(a8, false, false)));
                    tagger.setUnwantedInheritors(this.c.g(xMLElement4));
                    tagger.setDeep("true".equalsIgnoreCase(xMLElement4.getAttribute("deep", (String) null)));
                    tagger.setSourceFilter("true".equalsIgnoreCase(xMLElement4.getAttribute("source-filter", (String) null)));
                    tagger.setGroupId(attribute);
                    tagger.setMethodGroup(tagList);
                    arrayList.add(tagger);
                    i++;
                }
                builder.addMethodList(tagList);
            }
        }
        if (this.i.f(ConfigProperty.RULES)) {
            Iterator<XMLElement> it = T.b(T.a(xMLElement, "rules"), "rule").iterator();
            while (it.hasNext()) {
                Rule a9 = new q(this.i).a(builder.getId(), it.next(), builder.getPropertiesMap());
                if (a9 != null) {
                    builder.addRule(a9);
                }
            }
        }
        if (this.i.f(ConfigProperty.PROPAGATORS)) {
            Iterator<XMLElement> it2 = T.b(T.a(xMLElement, "propagators"), "method").iterator();
            while (it2.hasNext()) {
                try {
                    Propagator a10 = this.e.a(builder.getId(), builder.getLocation(), builder.getPropertiesMap(), it2.next());
                    if (a10.isEnabled() && (c2 == null || !c2.contains(a10.getId()))) {
                        builder.addPropagators(Collections.singletonList(a10));
                    }
                } catch (Exception e) {
                    l.error("Problem parsing propagator", (Throwable) e);
                }
            }
        }
        if (this.i.f(ConfigProperty.ANNOTATIONS) && (a4 = T.a(xMLElement, "framework-annotations")) != null) {
            String attribute4 = a4.getAttribute("framework-name", k);
            if (attribute4.equals(k)) {
                l.debug("Adding request annotations, but not parameter annotations, for unknown framework.");
            } else {
                XMLElement a11 = T.a(a4, "param-annotations");
                if (a11 != null) {
                    Iterator<XMLElement> it3 = T.b(a11, "param-annotation").iterator();
                    while (it3.hasNext()) {
                        String attribute5 = it3.next().getAttribute("annotation", (String) null);
                        if (!StringUtils.isEmpty(attribute5)) {
                            builder.addParameterAnnotation(attribute4, attribute5);
                        }
                    }
                }
            }
            Iterator<XMLElement> it4 = T.b(a4, "method").iterator();
            while (it4.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.b.a a12 = this.b.a(builder.getId(), it4.next());
                if (a12 != null) {
                    a12.c(attribute4);
                    builder.addFrameworkAnnotation(a12);
                }
            }
        }
        if (this.i.f(ConfigProperty.DEADZONES)) {
            Iterator<XMLElement> it5 = T.b(T.a(xMLElement, "deadzones"), "method").iterator();
            while (it5.hasNext()) {
                builder.addDeadzone(a(it5.next(), builder));
            }
        }
        if (this.i.f(ConfigProperty.SOURCES)) {
            boolean z = !this.i.f(ConfigProperty.WEBSERVICE_RESPONSE_TRACK);
            XMLElement a13 = T.a(xMLElement, "sources");
            for (XMLElement xMLElement5 : T.b(a13, "method")) {
                try {
                    u a14 = this.f.a(builder.getId(), builder.getLocation(), builder, xMLElement5);
                    if (a14.isEnabled()) {
                        Set<w> sourceTypes = a14.getSourceTypes();
                        if (!(z && sourceTypes != null && (sourceTypes.contains(w.WEBSERVICE_BODY) || sourceTypes.contains(w.WEBSERVICE_HEADER)))) {
                            if (c == null || !c.contains(a14.getId())) {
                                builder.addUntrustedDataSource(a14);
                            }
                        }
                    }
                } catch (Exception e2) {
                    l.error("Failed to parse untrusted data source: {}", xMLElement5.getAttribute(StructuredDataLookup.ID_KEY, (String) null), e2);
                }
            }
            if (this.i.f(ConfigProperty.DYNAMIC_SOURCES)) {
                for (DynamicSource dynamicSource : a(builder, a13)) {
                    if (c == null || !c.contains(dynamicSource.getId())) {
                        builder.addDynamicSource(dynamicSource);
                    }
                }
            }
        }
        if (this.i.f(ConfigProperty.VALIDATORS) && (a3 = T.a(xMLElement, "validators")) != null) {
            for (XMLElement xMLElement6 : T.b(a3, "accepted")) {
                List<XMLElement> b2 = T.b(xMLElement6, "pattern");
                ArrayList arrayList2 = new ArrayList();
                Iterator<XMLElement> it6 = b2.iterator();
                while (it6.hasNext()) {
                    arrayList2.add(it6.next().getContent());
                }
                builder.addAcceptedRegex(xMLElement6.getAttribute("tag-name", (String) null), (String[]) arrayList2.toArray(new String[0]));
            }
            for (XMLElement xMLElement7 : T.b(a3, "rejected")) {
                List<XMLElement> b3 = T.b(xMLElement7, "pattern");
                ArrayList arrayList3 = new ArrayList();
                Iterator<XMLElement> it7 = b3.iterator();
                while (it7.hasNext()) {
                    arrayList3.add(it7.next().getContent());
                }
                builder.addRejectedRegex(xMLElement7.getAttribute("tag-name", (String) null), (String[]) arrayList3.toArray(new String[0]));
            }
        }
        if (this.i.f(ConfigProperty.VALIDATOR_SCOPES) && (a2 = T.a(xMLElement, "validator-scopes")) != null) {
            for (XMLElement xMLElement8 : T.b(a2, "signature")) {
                try {
                    builder.addValidatorScope(this.g.a(builder.getId(), xMLElement8.getContent()));
                } catch (Exception e3) {
                    l.error("Problem adding validator scope: {}", xMLElement8, e3);
                }
            }
        }
        if (this.i.f(ConfigProperty.INTERN_PREVENTION_SCOPES) && (a = T.a(xMLElement, "intern-prevention-scopes")) != null) {
            for (XMLElement xMLElement9 : T.b(a, "signature")) {
                try {
                    builder.addInternPreventionScope(this.d.a(builder.getId(), xMLElement9.getContent()));
                } catch (p e4) {
                    l.error("Problem adding intern prevention scope: {}", xMLElement9, e4);
                }
            }
        }
        builder.addPatternAnalyzers(com.contrastsecurity.agent.plugins.security.pattern.a.a.a(xMLElement));
        return builder;
    }

    private h a(XMLElement xMLElement, ContrastPolicy.Builder builder) throws j {
        h hVar = new h(builder.getId(), c.a(xMLElement.getAttribute("signature", (String) null), builder.getPropertiesMap()));
        hVar.setInheritancePreference(InheritancePreference.fromString(xMLElement.getAttribute("inherit", "NONE")));
        hVar.setUnwantedInheritors(this.c.g(xMLElement));
        hVar.setEnabled(true);
        return hVar;
    }

    private static List<DynamicSource> a(ContrastPolicy.Builder builder, XMLElement xMLElement) throws p {
        ArrayList arrayList = new ArrayList();
        XMLElement a = T.a(xMLElement, "dynamic-sources");
        if (a != null) {
            Iterator<XMLElement> it = T.b(a, "dynamic-source").iterator();
            while (it.hasNext()) {
                arrayList.add(b(builder, it.next()));
            }
        }
        return arrayList;
    }

    private static DynamicSource b(ContrastPolicy.Builder builder, XMLElement xMLElement) throws p {
        String attribute = xMLElement.getAttribute(StructuredDataLookup.ID_KEY, (String) null);
        if (attribute == null) {
            throw new p("Dynamic source entry has no 'id' attribute");
        }
        DynamicSource dynamicSource = new DynamicSource(builder.getId(), attribute);
        XMLElement a = T.a(xMLElement, BaseUnits.CLASSES);
        if (a == null) {
            throw new p("Dynamic source '" + attribute + "' has no 'classes' list");
        }
        dynamicSource.setMatchers((AbstractClassMatcher[]) b(a).toArray(new AbstractClassMatcher[0]));
        ArrayList arrayList = new ArrayList();
        Iterator<XMLElement> it = T.b(xMLElement, "method-exclusion").iterator();
        while (it.hasNext()) {
            arrayList.add(a(it.next()));
        }
        dynamicSource.setExcluders((IMethodExcluder[]) arrayList.toArray(new IMethodExcluder[0]));
        return dynamicSource;
    }

    private static IMethodExcluder a(XMLElement xMLElement) throws p {
        String attribute = xMLElement.getAttribute(StructuredDataLookup.TYPE_KEY, (String) null);
        String content = xMLElement.getContent();
        if ("annotation".equals(attribute)) {
            return new com.contrastsecurity.agent.plugins.security.policy.sources.b(content);
        }
        if ("regex".equals(attribute) || attribute == null) {
            return new com.contrastsecurity.agent.plugins.security.policy.sources.e(Pattern.compile("^" + content + "$"));
        }
        throw new p("Method excluder of Dynamic Source has invalid type value '" + attribute + "'");
    }

    private static List<AbstractClassMatcher> b(XMLElement xMLElement) {
        ArrayList arrayList = new ArrayList();
        for (XMLElement xMLElement2 : T.b(xMLElement, "extends")) {
            boolean z = false;
            String attribute = xMLElement2.getAttribute("includeStatic", (String) null);
            if (attribute != null && a(attribute)) {
                z = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.c(xMLElement2.getContent(), z));
        }
        for (XMLElement xMLElement3 : T.b(xMLElement, "pattern")) {
            boolean z2 = false;
            String attribute2 = xMLElement3.getAttribute("includeStatic", (String) null);
            if (attribute2 != null && a(attribute2)) {
                z2 = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.d(Pattern.compile("^" + xMLElement3.getContent() + "$"), z2));
        }
        for (XMLElement xMLElement4 : T.b(xMLElement, "annotated")) {
            boolean z3 = false;
            String attribute3 = xMLElement4.getAttribute("includeStatic", (String) null);
            if (attribute3 != null && a(attribute3)) {
                z3 = true;
            }
            arrayList.add(new com.contrastsecurity.agent.plugins.security.policy.sources.a(xMLElement4.getContent(), z3));
        }
        return arrayList;
    }

    private static boolean a(String str) {
        return "true".equalsIgnoreCase(str) || "yes".equalsIgnoreCase(str);
    }
}
