package com.contrastsecurity.agent.plugins.frameworks.l;

import com.contrastsecurity.agent.plugins.frameworks.l.c;
import com.contrastsecurity.agent.u;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.security.AccessController;

/* compiled from: SecuritySupportInspector.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/l/j.class */
final class j implements b {
    private static final String d = "com.sun.org.apache.xerces.internal.utils.SecuritySupport";
    private static final String e = "com.sun.org.apache.xalan.internal.utils.SecuritySupport";
    private static final String f = "com.sun.org.apache.xerces";
    private static final String g = "com.sun.org.apache.xalan";
    private static final String h = "fAccessExternalDTD";
    private static final Class<?>[] a = {String.class, String.class, String.class};
    private static final String b = " org.apache.xerces.internal.impl.XMLEntityManager".substring(1);
    private static final String c = " org.apache.xerces.impl.XMLEntityManager".substring(1);
    private static final Logger i = LoggerFactory.getLogger((Class<?>) j.class);

    @Override // com.contrastsecurity.agent.plugins.frameworks.l.b
    public void a(Object obj, c.a aVar) throws InvocationTargetException, IllegalAccessException, NoSuchMethodException, ClassNotFoundException {
        String str;
        aVar.a(k.UNKNOWN);
        Class<?> cls = obj.getClass();
        String name = cls.getName();
        if (!name.endsWith(b) && !name.endsWith(c)) {
            i.debug("Entity manager class name not recognized as Xerces {}", name);
            return;
        }
        if (name.startsWith(g)) {
            str = e;
        } else {
            if (!name.startsWith(f)) {
                i.debug("Couldn't guess SecuritySupport class name based on entity manager {}", name);
                return;
            }
            str = d;
        }
        i.debug("Invoking security class {}", str);
        ClassLoader b2 = u.b(cls);
        if (b2 == null) {
            b2 = u.a(Thread.currentThread());
        }
        Class<?> loadClass = b2.loadClass(str);
        i.debug("Invoking checkAccess() method");
        String str2 = (String) com.contrastsecurity.agent.m.d.c(loadClass, "checkAccess", a).invoke(null, "file:/etc/motd", c(obj, cls), "all");
        Object b3 = b(obj, cls);
        Boolean a2 = a(obj, cls);
        i.debug("StaX entity resolver: {}. Created by resolver: {}.", b3, a2);
        if (a2 == null || a2.booleanValue() || str2 == null) {
            aVar.a(k.ALLOWED);
        } else {
            i.debug("External entities not being allowed by SecuritySupport, due to blocked {}", str2);
            aVar.a(k.DISALLOWED);
        }
    }

    private Boolean a(Object obj, Class<?> cls) {
        Boolean bool = null;
        try {
            bool = (Boolean) com.contrastsecurity.agent.m.d.d(cls, "fISCreatedByResolver").get(obj);
        } catch (Throwable th) {
            i.error("Problem resolving stax resolved boolean", th);
        }
        return bool;
    }

    private Object b(Object obj, Class<?> cls) {
        Object obj2 = null;
        try {
            obj2 = com.contrastsecurity.agent.m.d.d(cls, "fStaxEntityResolver").get(obj);
        } catch (Throwable th) {
            i.error("Problem resolving stax entity resolver", th);
        }
        return obj2;
    }

    private String c(Object obj, Class<?> cls) {
        String str = "all";
        try {
            Field d2 = com.contrastsecurity.agent.m.d.d(cls, h);
            str = (String) AccessController.doPrivileged(() -> {
                return (String) d2.get(obj);
            });
            i.debug("Protocols allowed: {}", str);
        } catch (Throwable th) {
            com.contrastsecurity.agent.commons.u.a(th);
            com.contrastsecurity.agent.logging.a.a(h, i, "Trouble accessing XMLEntityManager#fAccessExternalDTD field", th);
        }
        return str;
    }
}
