package com.contrastsecurity.agent.plugins.protect.d;

import com.contrastsecurity.agent.commons.Lists;
import com.contrastsecurity.agent.commons.Memoizer;
import com.contrastsecurity.agent.commons.Pair;
import com.contrastsecurity.agent.commons.Sets;
import com.contrastsecurity.agent.commons.Suppliers;
import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.plugins.protect.AttackBlockedException;
import com.contrastsecurity.agent.plugins.protect.H;
import com.contrastsecurity.agent.plugins.protect.ProtectContext;
import com.contrastsecurity.agent.plugins.protect.ProtectRuleId;
import com.contrastsecurity.thirdparty.com.google.gson.stream.JsonReader;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.IXMLParser;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.StdXMLReader;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLElement;
import com.contrastsecurity.thirdparty.net.n3.nanoxml.XMLException;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
import java.util.Set;
import java.util.function.Supplier;
import java.util.zip.CRC32;

/* compiled from: DocumentScanningManager.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/d/u.class */
public class u {
    private final t a;
    private final H b;
    private final ThreadLocal<IXMLParser> c = ThreadLocal.withInitial(() -> {
        ?? a2;
        try {
            a2 = com.contrastsecurity.agent.y.i.a();
            return a2;
        } catch (Exception e2) {
            Throwables.throwIfCritical(e2);
            g.error("Can't create XML parser for scanning parameter values", (Throwable) a2);
            return null;
        }
    });
    private static final String d = "ROOT";
    private static final byte[] e = "document.scanning.".getBytes();
    private static final Set<String> f = Sets.of("script", "object", "style", "iframe", "embed", "applet");
    private static final Logger g = LoggerFactory.getLogger((Class<?>) u.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: DocumentScanningManager.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/d/u$a.class */
    public enum a {
        NORMAL,
        OBVIOUS_SCRIPT_TAG
    }

    public u(H h, t tVar) {
        this.b = (H) Objects.requireNonNull(h, (Supplier<String>) () -> {
            return "ProtectManager parameter cannot be null";
        });
        this.a = (t) Objects.requireNonNull(tVar, (Supplier<String>) () -> {
            return "DocumentScanningListener parameter cannot be null";
        });
    }

    public boolean a(String str) {
        return (str == null || !str.startsWith("<") || this.c.get() == null) ? false : true;
    }

    public Object a(byte[] bArr, Charset charset, ProtectContext protectContext) throws XMLException {
        String a2 = a(bArr);
        Object obj = protectContext.get(a2);
        if (obj == null) {
            IXMLParser iXMLParser = this.c.get();
            iXMLParser.setReader(charset != null ? new StdXMLReader(new InputStreamReader(new ByteArrayInputStream(bArr), charset)) : new StdXMLReader(new InputStreamReader(new ByteArrayInputStream(bArr))));
            obj = iXMLParser.parse();
            protectContext.put(a2, obj);
        }
        return obj;
    }

    private String a(byte[] bArr) {
        CRC32 crc32 = new CRC32();
        crc32.update(e);
        crc32.update(bArr);
        return String.valueOf(crc32.getValue());
    }

    @com.contrastsecurity.agent.t
    public void a(com.contrastsecurity.agent.plugins.protect.rules.n nVar, com.contrastsecurity.agent.plugins.protect.e.a aVar, String str) {
        String a2 = aVar.a();
        String c = aVar.c();
        this.a.a(nVar, aVar.b(), aVar.f(), c, a2, str);
    }

    public boolean a(com.contrastsecurity.agent.plugins.protect.e.a aVar, Iterable<com.contrastsecurity.agent.plugins.protect.rules.n> iterable) {
        return a(aVar, Lists.of((Iterable) iterable));
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [java.lang.Throwable, com.contrastsecurity.agent.plugins.protect.ProtectContext] */
    public boolean a(com.contrastsecurity.agent.plugins.protect.e.a aVar, List<com.contrastsecurity.agent.plugins.protect.rules.n> list) {
        boolean z;
        if (list.isEmpty()) {
            return false;
        }
        ?? currentContext = this.b.currentContext();
        try {
            Object a2 = a(aVar.g(), aVar.h(), (ProtectContext) currentContext);
            if (a2 instanceof XMLElement) {
                aVar.d("ROOT");
                z = a(list, a(aVar, (XMLElement) a2, list));
            } else {
                z = false;
                g.warn("Unexpected XML parse return type {}", a2.getClass().getName());
            }
        } catch (AttackBlockedException e2) {
            throw e2;
        } catch (Exception e3) {
            Throwables.throwIfCritical(e3);
            z = false;
            g.debug("Problem scanning XML input", (Throwable) currentContext);
        }
        return z;
    }

    public boolean a(com.contrastsecurity.agent.plugins.protect.e.a aVar, com.contrastsecurity.agent.plugins.protect.rules.n nVar) {
        return a(aVar, Lists.of(nVar));
    }

    private boolean a(List<com.contrastsecurity.agent.plugins.protect.rules.n> list, Pair<a, String> pair) {
        if (!a.OBVIOUS_SCRIPT_TAG.equals(pair.left())) {
            return true;
        }
        Iterator<com.contrastsecurity.agent.plugins.protect.rules.n> it = list.iterator();
        while (it.hasNext()) {
            if (ProtectRuleId.XSS == it.next().getRuleId()) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v4, types: [com.contrastsecurity.thirdparty.org.slf4j.Logger] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    public boolean b(com.contrastsecurity.agent.plugins.protect.e.a aVar, Iterable<com.contrastsecurity.agent.plugins.protect.rules.n> iterable) {
        boolean hasNext = iterable.iterator().hasNext();
        if (!hasNext) {
            return false;
        }
        try {
            JsonReader jsonReader = new JsonReader(new InputStreamReader(new ByteArrayInputStream(aVar.g()), aVar.h() != null ? aVar.h() : StandardCharsets.UTF_8));
            aVar.d("ROOT");
            a(aVar, jsonReader, Lists.of((Iterable) iterable));
            g.debug("Successfully scanned {} as JSON: {}", aVar.b(), aVar.a());
            aVar.e();
            hasNext = true;
            return true;
        } catch (AttackBlockedException e2) {
            throw e2;
        } catch (Throwable th) {
            Throwables.throwIfCritical(th);
            g.debug("Problem scanning JSON input", hasNext);
            return false;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String a(com.contrastsecurity.agent.plugins.protect.e.a aVar, JsonReader jsonReader, Iterable<com.contrastsecurity.agent.plugins.protect.rules.n> iterable) throws IOException {
        switch (jsonReader.peek()) {
            case BEGIN_ARRAY:
                int i = 0;
                jsonReader.beginArray();
                while (jsonReader.hasNext()) {
                    int i2 = i;
                    i++;
                    aVar.c(Integer.toString(i2));
                    String a2 = a(aVar, jsonReader, iterable);
                    if (a2 != null) {
                        Memoizer memoize = Suppliers.memoize(() -> {
                            return com.contrastsecurity.agent.plugins.protect.k.d.a(a2, aVar.b());
                        });
                        Iterator<com.contrastsecurity.agent.plugins.protect.rules.n> it = iterable.iterator();
                        while (it.hasNext()) {
                            a(it.next(), aVar, (String) memoize.get());
                        }
                    }
                    aVar.d();
                }
                jsonReader.endArray();
                return null;
            case BEGIN_OBJECT:
                jsonReader.beginObject();
                while (jsonReader.hasNext()) {
                    aVar.d(jsonReader.nextName());
                    String a3 = a(aVar, jsonReader, iterable);
                    if (a3 != null) {
                        Memoizer memoize2 = Suppliers.memoize(() -> {
                            return com.contrastsecurity.agent.plugins.protect.k.d.a(a3, aVar.b());
                        });
                        Iterator<com.contrastsecurity.agent.plugins.protect.rules.n> it2 = iterable.iterator();
                        while (it2.hasNext()) {
                            a(it2.next(), aVar, (String) memoize2.get());
                        }
                    }
                    aVar.d();
                }
                jsonReader.endObject();
                return null;
            case STRING:
                return jsonReader.nextString();
            case NUMBER:
            case BOOLEAN:
            case NULL:
                jsonReader.skipValue();
                return null;
            case END_DOCUMENT:
            case NAME:
            case END_OBJECT:
            case END_ARRAY:
            default:
                throw new IOException("Improperly formatted JSON document");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Pair<a, String> a(com.contrastsecurity.agent.plugins.protect.e.a aVar, XMLElement xMLElement, List<com.contrastsecurity.agent.plugins.protect.rules.n> list) {
        Properties attributes = xMLElement.getAttributes();
        String name = xMLElement.getName();
        if (b(name)) {
            return Pair.of(a.OBVIOUS_SCRIPT_TAG, name);
        }
        for (String str : attributes.keySet()) {
            String attribute = xMLElement.getAttribute(str, (String) null);
            if (!StringUtils.isEmpty(attribute)) {
                aVar.c(str);
                Memoizer memoize = Suppliers.memoize(() -> {
                    return com.contrastsecurity.agent.plugins.protect.k.d.a(attribute, aVar.b());
                });
                g.debug("Scanning doc {} (path={}[{}]): {}", aVar.a(), aVar.c(), str, attribute);
                Iterator<com.contrastsecurity.agent.plugins.protect.rules.n> it = list.iterator();
                while (it.hasNext()) {
                    a(it.next(), aVar, (String) memoize.get());
                }
                aVar.d();
            }
        }
        String content = xMLElement.getContent();
        if (!StringUtils.isEmpty(content)) {
            Memoizer memoize2 = Suppliers.memoize(() -> {
                return com.contrastsecurity.agent.plugins.protect.k.d.a(content, aVar.b());
            });
            g.debug("Scanning content: {}", content);
            Iterator<com.contrastsecurity.agent.plugins.protect.rules.n> it2 = list.iterator();
            while (it2.hasNext()) {
                a(it2.next(), aVar, (String) memoize2.get());
            }
        }
        Iterator it3 = xMLElement.getChildren().iterator();
        while (it3.hasNext()) {
            Object next = it3.next();
            if (next instanceof XMLElement) {
                XMLElement xMLElement2 = (XMLElement) next;
                String name2 = xMLElement2.getName();
                if (b(name2)) {
                    return Pair.of(a.OBVIOUS_SCRIPT_TAG, name2);
                }
                aVar.d(xMLElement2.getName());
                Pair<a, String> a2 = a(aVar, xMLElement2, list);
                if (a2.left() == a.OBVIOUS_SCRIPT_TAG) {
                    return a2;
                }
                aVar.d();
            }
        }
        return Pair.of(a.NORMAL, "");
    }

    private boolean b(String str) {
        if (str == null) {
            return false;
        }
        return f.contains(str.toLowerCase());
    }
}
