package com.contrastsecurity.agent.plugins.frameworks.d.a;

import com.contrastsecurity.agent.commons.Throwables;
import com.contrastsecurity.agent.plugins.security.I;
import com.contrastsecurity.agent.plugins.security.policy.rules.Rule;
import com.contrastsecurity.agent.trace.CodeEvent;
import com.contrastsecurity.agent.trace.Trace;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.ArrayUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.util.Collections;
import java.util.Set;

/* compiled from: CxfTraceListener.java */
@Singleton
/* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/d/a/b.class */
public final class b implements I {
    private static final String b = "reflected-xss";
    private static final String c = "org.apache.cxf.jaxrs.model.Parameter";
    private static final String d = "org.apache.cxf.jaxrs.model.ParameterType";
    private static final String e = "org.apache.cxf.jaxrs.utils.";
    private static final Set<String> a = Collections.singleton("cxf-url-param");
    private static final Logger f = LoggerFactory.getLogger((Class<?>) b.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: CxfTraceListener.java */
    /* loaded from: input_file:com/contrastsecurity/agent/plugins/frameworks/d/a/b$a.class */
    public enum a {
        PATH,
        QUERY,
        MATRIX,
        HEADER,
        COOKIE,
        FORM,
        BEAN,
        REQUEST_BODY,
        CONTEXT,
        UNKNOWN
    }

    @Inject
    public b() {
    }

    @Override // com.contrastsecurity.agent.plugins.security.I
    public boolean a(com.contrastsecurity.agent.plugins.security.controller.a aVar) {
        if (!aVar.b().startsWith("cxf-") || !a(a, aVar.a())) {
            return true;
        }
        Object a2 = a(aVar.e());
        a a3 = a(a2);
        if (a.HEADER == a3) {
            if (com.contrastsecurity.agent.plugins.b.c.HEADER_REFERER.a(b(a2))) {
                return true;
            }
            aVar.s();
            return true;
        }
        if (a.COOKIE != a3) {
            return true;
        }
        aVar.s();
        return true;
    }

    private Object a(Object[] objArr) {
        if (ArrayUtils.isEmpty(objArr) || objArr[0] == null) {
            return null;
        }
        Object obj = objArr[0];
        if (c.equals(obj.getClass().getName())) {
            return obj;
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v14, types: [com.contrastsecurity.agent.plugins.frameworks.d.a.b$a] */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v19 */
    /* JADX WARN: Type inference failed for: r0v23, types: [com.contrastsecurity.agent.plugins.frameworks.d.a.b$a] */
    /* JADX WARN: Type inference failed for: r0v8, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v9 */
    /* JADX WARN: Type inference failed for: r4v1, types: [java.lang.Object[]] */
    private a a(Object obj) {
        if (obj == null) {
            return a.UNKNOWN;
        }
        Method b2 = com.contrastsecurity.agent.reflection.a.b(obj.getClass(), "getType", (Class<?>[]) new Class[0]);
        if (b2 == null || (r0 = Modifier.isStatic(b2.getModifiers())) != 0) {
            return a.UNKNOWN;
        }
        try {
            Object invoke = b2.invoke(obj, new Object[0]);
            if (invoke == null || !d.equals(invoke.getClass().getName())) {
                ?? isStatic = a.UNKNOWN;
                return isStatic;
            }
            Throwable valueOf = String.valueOf(invoke);
            try {
                valueOf = a.valueOf(valueOf);
                return valueOf;
            } catch (Exception e2) {
                Throwables.throwIfCritical(e2);
                com.contrastsecurity.agent.logging.a.a("CXF_PARAM_TYPE_ENUM_MISMATCH", f, "Name of CXF ParameterType {} is not recognized.", valueOf, new Object[]{valueOf});
                return a.UNKNOWN;
            }
        } catch (Exception e3) {
            Throwables.throwIfCritical(e3);
            return a.UNKNOWN;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v11, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v13 */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.lang.String] */
    private String b(Object obj) {
        Method b2;
        if (obj == null || (b2 = com.contrastsecurity.agent.reflection.a.b(obj.getClass(), "getName", (Class<?>[]) new Class[0])) == null || Modifier.isStatic(b2.getModifiers()) || (r0 = String.class.equals(b2.getReturnType())) == 0) {
            return null;
        }
        try {
            ?? equals = (String) b2.invoke(obj, new Object[0]);
            return equals;
        } catch (Exception e2) {
            Throwables.throwIfCritical(e2);
            return null;
        }
    }

    @Override // com.contrastsecurity.agent.plugins.security.I
    public boolean a(Trace trace, Rule rule) {
        return a(rule) && a(trace);
    }

    private boolean a(Rule rule) {
        return rule.getId().equals(b);
    }

    private boolean a(Trace trace) {
        return trace.getEvents().size() > 1 && a(trace.getFirstEvent());
    }

    private boolean a(CodeEvent codeEvent) {
        return codeEvent.getMethodName().startsWith(e);
    }
}
