package com.contrastsecurity.agent.plugins.security;

import com.contrastsecurity.agent.Sensor;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.apps.exclusions.c;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.contrastapi_v1_0.settings.server.ServerSettingsAssessDTM;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.server.features.assessment.InputValidatorDTM;
import com.contrastsecurity.agent.messages.server.features.assessment.SanitizerDTM;
import com.contrastsecurity.agent.plugins.ContrastPlugin;
import com.contrastsecurity.agent.plugins.security.AssessmentManager;
import com.contrastsecurity.agent.plugins.security.controller.EventContext;
import com.contrastsecurity.agent.plugins.security.controller.EventHelper;
import com.contrastsecurity.agent.plugins.security.controller.TraceController;
import com.contrastsecurity.agent.plugins.security.controller.a.C0255a;
import com.contrastsecurity.agent.plugins.security.controller.a.C0256b;
import com.contrastsecurity.agent.plugins.security.controller.a.C0257c;
import com.contrastsecurity.agent.plugins.security.controller.a.C0258d;
import com.contrastsecurity.agent.plugins.security.controller.a.C0259e;
import com.contrastsecurity.agent.plugins.security.controller.a.C0260f;
import com.contrastsecurity.agent.plugins.security.controller.trigger.ObjectCheck;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ApplicationAnalyzer;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.crossdomainpolicy.CrossDomainResponseWatcher;
import com.contrastsecurity.agent.reloadable.AgentChannelHub;
import com.contrastsecurity.agent.services.Purgeable;
import com.contrastsecurity.agent.util.PerfUtil;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.apache.http.client.methods.HttpGet;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.ContrastAssessDispatcherLocator;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;

@Singleton
@Sensor
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/SecurityPlugin.class */
public final class SecurityPlugin extends ContrastPlugin implements com.contrastsecurity.agent.instr.a.c, L {
    private static SecurityPlugin a;
    private final List<com.contrastsecurity.agent.util.z> b;
    private final com.contrastsecurity.agent.config.g c;
    private final EventHelper d;
    private final List<com.contrastsecurity.agent.plugins.a> e;
    private final com.contrastsecurity.agent.plugins.security.policy.rules.providers.c f;
    private final com.contrastsecurity.agent.plugins.security.policy.rules.providers.h g;
    private final com.contrastsecurity.agent.features.c h;
    private final List<com.contrastsecurity.agent.http.o> i;
    private final ProviderUtil j;
    private final AssessmentManager k;
    private final ApplicationManager l;
    private final EventContext m;
    private final HttpManager n;
    private final com.contrastsecurity.agent.scope.g o;
    private final TraceController p;
    private final com.contrastsecurity.agent.plugins.security.policy.rules.d q;
    private final ContrastScopeTrackerDispatcher r;
    private final com.contrastsecurity.agent.plugins.security.pattern.a.b s;
    private final C t;
    private final com.contrastsecurity.agent.plugins.security.controller.propagate.c u;
    private final com.contrastsecurity.agent.plugins.security.controller.track.a v;
    private final int w;
    private Set<String> x;
    private static final String y = "cachedCustomRules.jar";
    private static final String z = "Problem loading bootstrap rules from specified JAR. Some custom rules may not be working.";
    private static final String A = "assessment-context";
    private static final Logger B = LoggerFactory.getLogger((Class<?>) SecurityPlugin.class);

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/SecurityPlugin$a.class */
    private class a extends com.contrastsecurity.agent.util.z {
        private a() {
            super("load-assessment-policy", PerfUtil.a.SUB_SUB_STARTUP_TASK);
        }

        @Override // com.contrastsecurity.agent.util.z
        public void a() throws com.contrastsecurity.agent.plugins.f {
            try {
                SecurityPlugin.this.k.loadPolicy();
            } catch (Throwable th) {
                throw new com.contrastsecurity.agent.plugins.f(th);
            }
        }
    }

    /* loaded from: input_file:com/contrastsecurity/agent/plugins/security/SecurityPlugin$b.class */
    private class b extends com.contrastsecurity.agent.util.z {
        private b() {
            super("register-agent-telemetry", PerfUtil.a.SUB_SUB_STARTUP_TASK);
        }

        @Override // com.contrastsecurity.agent.util.z
        public void a() {
            AgentChannelHub agentChannelHub = AgentChannelHub.get();
            agentChannelHub.listenForMessage("isTracked", new com.contrastsecurity.agent.plugins.security.controller.a.B(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("isTrackedWithTag", new com.contrastsecurity.agent.plugins.security.controller.a.C(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("isTrackedWithoutTag", new com.contrastsecurity.agent.plugins.security.controller.a.E(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("isTrackedWithType", new com.contrastsecurity.agent.plugins.security.controller.a.D(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("printTagRanges", new com.contrastsecurity.agent.plugins.security.controller.a.F(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("hasFinding", new com.contrastsecurity.agent.plugins.security.controller.a.x(SecurityPlugin.this.q));
            agentChannelHub.listenForMessage("hasNoFinding", new com.contrastsecurity.agent.plugins.security.controller.a.z(SecurityPlugin.this.q));
            agentChannelHub.listenForMessage("hasEventSource", new com.contrastsecurity.agent.plugins.security.controller.a.w(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getLastFindingHash", new com.contrastsecurity.agent.plugins.security.controller.a.m(SecurityPlugin.this.q));
            agentChannelHub.listenForMessage("enableRecentFindings", new C0260f(SecurityPlugin.this.q));
            agentChannelHub.listenForMessage("clearRecentFindings", new C0257c(SecurityPlugin.this.q));
            agentChannelHub.listenForMessage("getBitSetForObject", new com.contrastsecurity.agent.plugins.security.controller.a.g(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getEventStringRepresentations", new com.contrastsecurity.agent.plugins.security.controller.a.k(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getEventOperations", new com.contrastsecurity.agent.plugins.security.controller.a.i(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getEventTaintFlags", new com.contrastsecurity.agent.plugins.security.controller.a.l(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("hasTagRange", new com.contrastsecurity.agent.plugins.security.controller.a.A(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("hasFrameworkInfo", new com.contrastsecurity.agent.plugins.security.controller.a.y(SecurityPlugin.this.n));
            agentChannelHub.listenForMessage("getTagRangeCount", new com.contrastsecurity.agent.plugins.security.controller.a.r(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getCurrentRequestInfo", new com.contrastsecurity.agent.plugins.security.controller.a.o(SecurityPlugin.this.n));
            agentChannelHub.listenForMessage("getTagRanges", new com.contrastsecurity.agent.plugins.security.controller.a.s(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("addTags", new C0256b(SecurityPlugin.this.d, SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getTags", new com.contrastsecurity.agent.plugins.security.controller.a.u(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getTagsAt", new com.contrastsecurity.agent.plugins.security.controller.a.t(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("addTagFrom", new C0255a(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getTagRangeBoundaries", new com.contrastsecurity.agent.plugins.security.controller.a.q(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("doesTagCheckPass", new C0259e(new ObjectCheck(SecurityPlugin.this.d, SecurityPlugin.this.p), SecurityPlugin.this.p, SecurityPlugin.this.k));
            agentChannelHub.listenForMessage("clearTagRanges", new C0258d(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getTriggerScope", new com.contrastsecurity.agent.plugins.security.controller.a.v(SecurityPlugin.this.m, SecurityPlugin.this.r));
            agentChannelHub.listenForMessage("getEventIdFor", new com.contrastsecurity.agent.plugins.security.controller.a.h(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getSourceEventReturn", new com.contrastsecurity.agent.plugins.security.controller.a.p(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getParentEventIdFor", new com.contrastsecurity.agent.plugins.security.controller.a.n(SecurityPlugin.this.p));
            agentChannelHub.listenForMessage("getEventStackTrace", new com.contrastsecurity.agent.plugins.security.controller.a.j(SecurityPlugin.this.k, SecurityPlugin.this.p));
            agentChannelHub.subscribe(SecurityPlugin.this.c, "clearTraceMap", SecurityPlugin.this.m);
        }
    }

    public static SecurityPlugin getGlobal() {
        if (a == null) {
            throw new IllegalStateException("Not yet initialized");
        }
        return a;
    }

    public static L getSecurityServiceProvider() {
        return getGlobal();
    }

    @Inject
    public SecurityPlugin(com.contrastsecurity.agent.config.g gVar, com.contrastsecurity.agent.features.c cVar, ApplicationManager applicationManager, HttpManager httpManager, AssessmentManager assessmentManager, EventContext eventContext, TraceController traceController, com.contrastsecurity.agent.plugins.security.policy.rules.d dVar, ProviderUtil providerUtil, EventHelper eventHelper, com.contrastsecurity.agent.scope.g gVar2, C0252a c0252a, com.contrastsecurity.agent.plugins.security.pattern.a.b bVar, Set<com.contrastsecurity.agent.config.y> set, C c, Set<com.contrastsecurity.agent.http.o> set2, ContrastDataFlowPropagationDispatcher contrastDataFlowPropagationDispatcher, com.contrastsecurity.agent.plugins.security.controller.propagate.c cVar2, com.contrastsecurity.agent.plugins.security.controller.track.a aVar, ContrastAssessDispatcherLocator contrastAssessDispatcherLocator, ContrastScopeTrackerDispatcher contrastScopeTrackerDispatcher, com.contrastsecurity.agent.plugins.security.policy.rules.providers.c cVar3, com.contrastsecurity.agent.plugins.security.policy.rules.providers.h hVar) {
        this.c = gVar;
        this.h = cVar;
        this.l = applicationManager;
        this.n = httpManager;
        this.k = assessmentManager;
        this.m = eventContext;
        this.p = traceController;
        this.q = dVar;
        this.j = providerUtil;
        this.d = eventHelper;
        this.e = com.contrastsecurity.agent.commons.h.a(c0252a);
        this.f = cVar3;
        this.g = hVar;
        this.o = gVar2;
        this.s = bVar;
        assessmentManager.a(bVar);
        assessmentManager.a((AssessmentManager.a) contrastDataFlowPropagationDispatcher);
        this.r = contrastScopeTrackerDispatcher;
        this.b = com.contrastsecurity.agent.commons.h.a(new a(), new b());
        Iterator<com.contrastsecurity.agent.config.y> it = set.iterator();
        while (it.hasNext()) {
            gVar.a(it.next());
        }
        this.t = c;
        this.i = com.contrastsecurity.agent.commons.h.a((Collection) set2);
        this.u = cVar2;
        this.v = aVar;
        ContrastAssessDispatcherLocator.Singleton.initialize(contrastAssessDispatcherLocator);
        this.w = gVar.d(ConfigProperty.MAX_REQUEST_BODY_BUFFERING_DEFAULT);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void initializeGlobalContext() {
        super.initializeGlobalContext();
        if (a != null) {
            throw new IllegalStateException("SecurityPlugin global already initialized");
        }
        a = this;
    }

    public static void setEnabled(EventContext eventContext, com.contrastsecurity.agent.scope.g gVar, boolean z2) {
        eventContext.setEnabled(z2);
        gVar.setEnabled(z2);
    }

    @Override // com.contrastsecurity.agent.instr.a.c
    public boolean preventDenylistingOf(String str) {
        if (this.x == null) {
            a(this.h.b());
        }
        return this.x.contains(str);
    }

    void a(ServerSettingsAssessDTM serverSettingsAssessDTM) {
        this.x = new HashSet();
        if (!this.c.f(ConfigProperty.ASSESS_ENABLED) || serverSettingsAssessDTM == null) {
            return;
        }
        Set<SanitizerDTM> sanitizers = serverSettingsAssessDTM.getSanitizers();
        if (sanitizers != null) {
            Iterator<SanitizerDTM> it = sanitizers.iterator();
            while (it.hasNext()) {
                String a2 = a(it.next().getApi());
                if (!StringUtils.isEmpty(a2)) {
                    B.debug("Adding {} (sanitizer) to the list of security control class names to prevent denylisting", a2);
                    this.x.add(a2);
                }
            }
        }
        Set<InputValidatorDTM> validators = serverSettingsAssessDTM.getValidators();
        if (validators != null) {
            Iterator<InputValidatorDTM> it2 = validators.iterator();
            while (it2.hasNext()) {
                String a3 = a(it2.next().getApi());
                if (!StringUtils.isEmpty(a3)) {
                    B.debug("Adding {} (validator) to the list of security control class names to prevent denylisting", a3);
                    this.x.add(a3);
                }
            }
        }
    }

    private String a(String str) {
        String str2 = null;
        try {
            str2 = com.contrastsecurity.agent.plugins.security.policy.t.a(str, false, true).a();
        } catch (Exception e) {
            B.error("Problem parsing API {} to prevent denylisting new security controls", str, e);
        }
        return str2;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.plugins.a> getClassTransformationListeners() {
        List<com.contrastsecurity.agent.plugins.a> emptyList = Collections.emptyList();
        if (this.c.f(ConfigProperty.ASSESS_ENABLED)) {
            emptyList = this.e;
        }
        return emptyList;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.http.o> getRequestLifecycleListeners() {
        return this.i;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void initialize() throws com.contrastsecurity.agent.plugins.f {
        if (!this.c.f(ConfigProperty.ASSESS_ENABLED)) {
            B.debug("Not assessing, so skipping policy lookup");
            return;
        }
        Iterator<com.contrastsecurity.agent.util.z> it = this.b.iterator();
        while (it.hasNext()) {
            it.next().b();
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onServerActivityReportingFinished() {
        this.s.a();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onCrossDomainXmlRead(Application application, String str) {
        if (this.c.f(ConfigProperty.ASSESS_ENABLED)) {
            Iterator<com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?>> it = this.g.iterator();
            while (it.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?> next = it.next();
                if (next instanceof com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.crossdomainpolicy.c) {
                    HttpWatcher c = next.c();
                    if (c instanceof CrossDomainResponseWatcher) {
                        if (B.isDebugEnabled()) {
                            B.debug("Handing analysis of crossdomain.xml to {}", c.getClass().getName());
                        }
                        try {
                            ((CrossDomainResponseWatcher) c).analyzeCrossDomainXML(application, str);
                        } catch (Throwable th) {
                            B.error("Problem during crossDomainXmlRead() for {}", next.getClass().getName(), th);
                        }
                    } else if (B.isDebugEnabled()) {
                        B.error("Problem finding the cross domain watcher");
                    }
                }
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onWebConfigurationRead(Application application, String str) {
        if (this.c.f(ConfigProperty.ASSESS_ENABLED)) {
            B.debug("Letting rule providers know about new app loaded");
            Iterator<com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?>> it = this.g.iterator();
            while (it.hasNext()) {
                com.contrastsecurity.agent.plugins.security.policy.rules.providers.f<?> next = it.next();
                ApplicationAnalyzer d = next.d();
                if (d != null) {
                    B.debug("Handing analysis of web root to {}", d.getClass().getName());
                    try {
                        d.onApplicationResolution(application, str);
                    } catch (Throwable th) {
                        B.error("Problem during onWebXmlLoaded() for {}", next.getClass().getName(), th);
                    }
                }
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return this.c.f(ConfigProperty.ASSESS_ENABLED);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresHttpRequestBodyBuffering(HttpRequest httpRequest) {
        if (!isDisabledUri(httpRequest, this.l.current(), this.c)) {
            return this.c.f(ConfigProperty.ASSESS_ENABLED);
        }
        B.debug("Uri {} is skipped from request body buffering.", httpRequest.getUri());
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresHttpRequestBodyTotalCapture(HttpRequest httpRequest) {
        if (!isDisabledUri(httpRequest, this.l.current(), this.c)) {
            return this.c.f(ConfigProperty.ASSESS_ENABLED) && !HttpGet.METHOD_NAME.equals(httpRequest.getMethod());
        }
        B.debug("Uri {} is skipped from request body total capturing.", httpRequest.getUri());
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public com.contrastsecurity.agent.plugins.b getActivityEventListener() {
        com.contrastsecurity.agent.plugins.security.policy.rules.providers.c cVar = null;
        if (this.c.f(ConfigProperty.ASSESS_ENABLED)) {
            cVar = this.f;
        }
        return cVar;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public int limitRequestBodySizeCapturing() {
        return this.w;
    }

    public void onSecurityControlsChanged() {
        this.x = null;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivated() {
        return super.isActivated() && this.c.f(ConfigProperty.ASSESS_ENABLED);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivatedForUri(Application application, HttpRequest httpRequest) {
        return isActivated() && !isDisabledUri(httpRequest, application, this.c);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void activate() {
        super.activate();
        setEnabled(this.m, this.o, true);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void deactivate() {
        super.deactivate();
        setEnabled(this.m, this.o, false);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<Purgeable> getPurgeables() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(this.m);
        return linkedList;
    }

    @Override // com.contrastsecurity.agent.plugins.security.L
    public com.contrastsecurity.agent.plugins.security.controller.propagate.c getContrastDataFlowTaggingService() {
        return this.u;
    }

    @Override // com.contrastsecurity.agent.plugins.security.L
    public com.contrastsecurity.agent.plugins.security.controller.track.a getContrastDataFlowSourceCreationService() {
        return this.v;
    }

    @Override // com.contrastsecurity.agent.plugins.security.L
    public AssessmentManager getAssessmentManager() {
        return this.k;
    }

    @Override // com.contrastsecurity.agent.plugins.security.L
    public ProviderUtil getProviderUtil() {
        return this.j;
    }

    @Override // com.contrastsecurity.agent.plugins.security.L
    public C getRouteObservationListener() {
        return this.t;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    protected boolean isDisabledUri(HttpRequest httpRequest, Application application, com.contrastsecurity.agent.config.g gVar) {
        if (application == null || httpRequest == null) {
            return false;
        }
        com.contrastsecurity.agent.apps.exclusions.g exclusionProcessor = application.getExclusionProcessor();
        boolean isDisabledByUrl = exclusionProcessor.isDisabledByUrl(c.a.ASSESS, com.contrastsecurity.agent.apps.exclusions.c.a, httpRequest.getUri());
        if (!isDisabledByUrl) {
            isDisabledByUrl = exclusionProcessor.isDisabledByUrl(c.a.ASSESS, com.contrastsecurity.agent.apps.exclusions.c.b, httpRequest.getUri());
        }
        return isDisabledByUrl;
    }
}
