package com.contrastsecurity.agent.plugins.frameworks.d;

import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.plugins.c.n;
import com.contrastsecurity.agent.plugins.frameworks.AbstractC0163t;
import com.contrastsecurity.agent.plugins.frameworks.X;
import com.contrastsecurity.agent.plugins.frameworks.Y;
import com.contrastsecurity.agent.plugins.security.model.SourceEvent;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.plugins.security.policy.u;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.ArrayUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collections;
import java.util.Set;

/* compiled from: CXFSupporter.java */
@Singleton
/* renamed from: com.contrastsecurity.agent.plugins.frameworks.d.a, reason: case insensitive filesystem */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/d/a.class */
public final class C0110a extends AbstractC0163t implements X {
    private static final String b = "reflected-xss";
    private static final Set<String> a = Collections.singleton("cxf-url-param");
    private static final String c = " org.apache.cxf.jaxrs.model.Parameter".substring(1);
    private static final String d = " org.apache.cxf.jaxrs.model.ParameterType".substring(1);
    private static final String e = " org.apache.cxf.jaxrs.utils.".substring(1);
    private static final Logger f = LoggerFactory.getLogger((Class<?>) C0110a.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: CXFSupporter.java */
    /* renamed from: com.contrastsecurity.agent.plugins.frameworks.d.a$a, reason: collision with other inner class name */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/d/a$a.class */
    public enum EnumC0014a {
        PATH,
        QUERY,
        MATRIX,
        HEADER,
        COOKIE,
        FORM,
        BEAN,
        REQUEST_BODY,
        CONTEXT,
        UNKNOWN
    }

    @Inject
    public C0110a() {
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public boolean b(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        com.contrastsecurity.agent.plugins.security.model.j c2 = aVar.c();
        u j = c2.j();
        String id = j != null ? j.getId() : null;
        if (!(id != null && id.startsWith("cxf-")) || !Y.a(a, j)) {
            return true;
        }
        Object a2 = a(aVar.l());
        EnumC0014a a3 = a(a2);
        if (EnumC0014a.HEADER == a3) {
            if (n.HEADER_REFERER.a(b(a2))) {
                return true;
            }
            c2.l();
            return true;
        }
        if (EnumC0014a.COOKIE != a3) {
            return true;
        }
        c2.l();
        return true;
    }

    private Object a(Object[] objArr) {
        if (ArrayUtils.isEmpty(objArr) || objArr[0] == null) {
            return null;
        }
        Object obj = objArr[0];
        if (c.equals(obj.getClass().getName())) {
            return obj;
        }
        return null;
    }

    private EnumC0014a a(Object obj) {
        if (obj == null) {
            return EnumC0014a.UNKNOWN;
        }
        Method b2 = com.contrastsecurity.agent.m.d.b(obj.getClass(), "getType", (Class<?>[]) new Class[0]);
        if (b2 == null || Modifier.isStatic(b2.getModifiers())) {
            return EnumC0014a.UNKNOWN;
        }
        try {
            Object invoke = b2.invoke(obj, new Object[0]);
            if (invoke == null || !d.equals(invoke.getClass().getName())) {
                return EnumC0014a.UNKNOWN;
            }
            String valueOf = String.valueOf(invoke);
            try {
                return EnumC0014a.valueOf(valueOf);
            } catch (Exception e2) {
                com.contrastsecurity.agent.logging.a.a("CXF_PARAM_TYPE_ENUM_MISMATCH", f, "Name of CXF ParameterType {} is not recognized.", e2, new Object[]{valueOf});
                return EnumC0014a.UNKNOWN;
            }
        } catch (Exception e3) {
            return EnumC0014a.UNKNOWN;
        }
    }

    private String b(Object obj) {
        Method b2;
        if (obj == null || (b2 = com.contrastsecurity.agent.m.d.b(obj.getClass(), "getName", (Class<?>[]) new Class[0])) == null || Modifier.isStatic(b2.getModifiers()) || !String.class.equals(b2.getReturnType())) {
            return null;
        }
        try {
            return (String) b2.invoke(obj, new Object[0]);
        } catch (Exception e2) {
            return null;
        }
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public boolean a(Application application, Rule rule, Object obj, Object[] objArr, Object obj2) {
        return true;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public void a(Application application, Trace trace, Rule rule, Object obj, Object[] objArr, Object obj2) {
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public boolean a(Application application, Trace trace, Rule rule, SourceEvent sourceEvent, int i, HttpRequest httpRequest, com.contrastsecurity.agent.apps.exclusions.g gVar) {
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.frameworks.X
    public boolean a(Trace trace, Rule rule) {
        return a(rule) && a(trace);
    }

    private boolean a(Rule rule) {
        return rule.getId().equals("reflected-xss");
    }

    private boolean a(Trace trace) {
        return trace.getEvents().size() > 1 && a(trace.getFirstEvent());
    }

    private boolean a(CodeEvent codeEvent) {
        return codeEvent.getMethodName().startsWith(e);
    }
}
