package com.contrastsecurity.agent.plugins.security.policy.rules.providers.internal.f;

import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.DoNothingHttpWatcher;
import com.contrastsecurity.agent.plugins.security.policy.rules.providers.ProviderUtil;
import com.contrastsecurity.agent.plugins.security.x;
import com.contrastsecurity.agent.util.L;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.org.apache.commons.lang.StringUtils;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.util.zip.CRC32;

/* compiled from: HttpAuthWatcher.java */
/* loaded from: input_file:com/contrastsecurity/agent/plugins/security/policy/rules/providers/internal/f/c.class */
public class c extends DoNothingHttpWatcher {
    private final ProviderUtil a;
    private final x.f b;
    private final x.e c;
    private static final String d = "WWW-Authenticate";
    private static final String e = "Basic";
    private static final String f = "Digest";
    private static final String g = "insecure-auth-protocol";
    private static final Logger h = LoggerFactory.getLogger((Class<?>) c.class);

    @Inject
    public c(ProviderUtil providerUtil, x xVar) {
        this.a = providerUtil;
        this.b = xVar.h();
        this.c = xVar.g();
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher
    public void onHeaderSet(String str, String str2, HttpRequest httpRequest) {
        if (!StringUtils.isEmpty(str2) && "WWW-Authenticate".equalsIgnoreCase(str)) {
            if (str2.startsWith("Basic") || str2.startsWith("Digest")) {
                h.debug("Found WWW-Authenticate Basic header - value {}", str2);
                this.a.reportFinding(g, "WWW-Authenticate: " + L.a((CharSequence) str2, 20), this.b.a(g, httpRequest));
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.security.policy.rules.providers.HttpWatcher
    public long getRuleRequestHash(HttpRequest httpRequest, CRC32 crc32) {
        return this.c.a(crc32, g, httpRequest);
    }
}
