package com.contrastsecurity.agent.plugins.protect;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.apps.exclusions.c;
import com.contrastsecurity.agent.commons.Lists;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.context.ExecutionContext;
import com.contrastsecurity.agent.contrastapi_v1_0.telemetry.SilentTelemetryDTM;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.http.HttpRequest;
import com.contrastsecurity.agent.messages.app.activity.protect.ApplicationProtectActivityDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackResult;
import com.contrastsecurity.agent.messages.app.activity.protect.AttackerActivityDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.ProtectRuleSampleDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.ProtectionRuleActivityDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.RuleEventsDTM;
import com.contrastsecurity.agent.messages.app.activity.protect.SourceDTM;
import com.contrastsecurity.agent.messages.server.activity.protect.ServerProtectActivityDTM;
import com.contrastsecurity.agent.plugins.ContrastPlugin;
import com.contrastsecurity.agent.plugins.apps.ApplicationSettingsUpdateEventBus;
import com.contrastsecurity.agent.plugins.protect.rules.InterfaceC0342a;
import com.contrastsecurity.agent.reloadable.ReloadableBeanManager;
import com.contrastsecurity.agent.services.a.at;
import com.contrastsecurity.agent.services.ngreporting.ActivityReportContext;
import com.contrastsecurity.agent.telemetry.metrics.TelemetryMetrics;
import com.contrastsecurity.agent.u.C0470z;
import com.contrastsecurity.agent.util.PerfUtil;
import com.contrastsecurity.thirdparty.org.slf4j.Logger;
import com.contrastsecurity.thirdparty.org.slf4j.LoggerFactory;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/protect/ProtectPlugin.class */
public class ProtectPlugin extends ContrastPlugin implements com.contrastsecurity.agent.instr.a.c {
    private final com.contrastsecurity.agent.config.e config;
    private final F protectApplicationSettingsUpdateListener;
    private final ApplicationSettingsUpdateEventBus applicationSettingsUpdateEventBus;
    private final ApplicationManager applicationManager;
    private final com.contrastsecurity.agent.plugins.protect.d.g deserializationContextService;
    private final C0331h attackListener;
    private final List<com.contrastsecurity.agent.http.p> requestLifecycleListeners;
    private final com.contrastsecurity.agent.plugins.f dbListener;
    private final ServerProtectActivityDTM serverProtectActivity;
    private final ProtectManager protectManager;
    private final boolean allowApiBodyRead;
    private final com.contrastsecurity.agent.plugins.protect.i.o sampleSettings;
    private final com.contrastsecurity.agent.plugins.protect.c.e deadzoneManager;
    private final G component;
    private final List<InterfaceC0342a> appAwareProtectRules;
    private final L instrumentation;
    public static final String APP_PROTECT_KEY = "defend";
    public static final ExecutionContext.b<C0325b> PROTECT_SETTINGS = ExecutionContext.b.a(C0325b.class);
    public static final ExecutionContext.b<com.contrastsecurity.agent.plugins.protect.i.g> APP_SOURCE_REPORTS = ExecutionContext.b.a(com.contrastsecurity.agent.plugins.protect.i.g.class);
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ProtectPlugin.class);

    public ProtectPlugin(com.contrastsecurity.agent.commons.b bVar, ProtectManager protectManager, com.contrastsecurity.agent.features.b bVar2, com.contrastsecurity.agent.plugins.frameworks.p pVar, com.contrastsecurity.agent.config.e eVar, ApplicationManager applicationManager, ApplicationSettingsUpdateEventBus applicationSettingsUpdateEventBus, com.contrastsecurity.agent.u.B b, com.contrastsecurity.agent.v.m mVar, HttpManager httpManager, com.contrastsecurity.agent.telemetry.o oVar, com.contrastsecurity.agent.logging.c cVar, at<SilentTelemetryDTM> atVar, com.contrastsecurity.agent.telemetry.h hVar, com.contrastsecurity.agent.p.b bVar3, com.contrastsecurity.agent.o.e eVar2, com.contrastsecurity.agent.services.d dVar, com.contrastsecurity.agent.h.a aVar, com.contrastsecurity.agent.f.l lVar) {
        this(eVar, protectManager, bVar2, pVar, httpManager, new com.contrastsecurity.agent.instr.e(), ReloadableBeanManager.get(), mVar, bVar, applicationManager, applicationSettingsUpdateEventBus, b, oVar.d(), oVar.g(), cVar, atVar, hVar, bVar3, eVar2, dVar, aVar, lVar);
    }

    @com.contrastsecurity.agent.t
    public ProtectPlugin(com.contrastsecurity.agent.config.e eVar, ProtectManager protectManager, com.contrastsecurity.agent.features.b bVar, com.contrastsecurity.agent.plugins.frameworks.p pVar, HttpManager httpManager, com.contrastsecurity.agent.instr.i iVar, ReloadableBeanManager reloadableBeanManager, com.contrastsecurity.agent.v.m mVar, com.contrastsecurity.agent.commons.b bVar2, ApplicationManager applicationManager, ApplicationSettingsUpdateEventBus applicationSettingsUpdateEventBus, com.contrastsecurity.agent.u.B b, TelemetryMetrics telemetryMetrics, com.contrastsecurity.agent.telemetry.errors.o oVar, com.contrastsecurity.agent.logging.c cVar, at<SilentTelemetryDTM> atVar, com.contrastsecurity.agent.telemetry.h hVar, com.contrastsecurity.agent.p.b bVar3, com.contrastsecurity.agent.o.e eVar2, com.contrastsecurity.agent.services.d dVar, com.contrastsecurity.agent.h.a aVar, com.contrastsecurity.agent.f.l lVar) {
        Objects.requireNonNull(bVar2);
        Objects.requireNonNull(iVar);
        Objects.requireNonNull(oVar);
        Objects.requireNonNull(bVar);
        Objects.requireNonNull(pVar);
        Objects.requireNonNull(httpManager);
        Objects.requireNonNull(cVar);
        Objects.requireNonNull(telemetryMetrics);
        Objects.requireNonNull(reloadableBeanManager);
        Objects.requireNonNull(atVar);
        Objects.requireNonNull(b);
        Objects.requireNonNull(mVar);
        Objects.requireNonNull(bVar3);
        this.config = (com.contrastsecurity.agent.config.e) Objects.requireNonNull(eVar);
        this.protectManager = (ProtectManager) Objects.requireNonNull(protectManager);
        this.allowApiBodyRead = eVar.c(ConfigProperty.PROTECT_API_BODY_READ);
        this.protectApplicationSettingsUpdateListener = new F();
        this.sampleSettings = new com.contrastsecurity.agent.plugins.protect.i.o(eVar);
        this.applicationManager = (ApplicationManager) Objects.requireNonNull(applicationManager);
        this.applicationSettingsUpdateEventBus = (ApplicationSettingsUpdateEventBus) Objects.requireNonNull(applicationSettingsUpdateEventBus);
        com.contrastsecurity.agent.util.J b2 = com.contrastsecurity.agent.util.K.b();
        this.component = C0385v.a().b(applicationManager).b(eVar).b(dVar).b(bVar).b(bVar2).b(pVar).b(httpManager).b(new com.contrastsecurity.agent.instr.u(iVar)).b(cVar).b(protectManager).b(mVar).b(b).b(reloadableBeanManager).b(new C0470z(b)).b(telemetryMetrics).b(oVar).b(atVar).b(bVar3).b(eVar2).b(aVar).b(lVar).a();
        this.instrumentation = this.component.o();
        this.deadzoneManager = this.component.c();
        this.appAwareProtectRules = this.component.h();
        b2.b();
        hVar.a(PerfUtil.a.SUB_SUB_SUB_SUB_STARTUP_TASK, "protect-wire-dependencies", b2);
        b2.c();
        b2.a();
        protectManager.initializeDeadzoneManager(this.component.c());
        protectManager.setRules(this.component.g());
        b2.b();
        hVar.a(PerfUtil.a.SUB_SUB_SUB_SUB_STARTUP_TASK, "protect-manager-init", b2);
        b2.c();
        b2.a();
        bVar.a("ProtectStateChangeListener", this.component.w());
        protectManager.onServerFeatureUpdate(bVar.c());
        this.dbListener = this.component.b();
        this.deserializationContextService = this.component.d();
        this.requestLifecycleListeners = Lists.copy(this.component.m());
        this.attackListener = this.component.a();
        this.serverProtectActivity = this.component.n();
        b2.b();
        hVar.a(PerfUtil.a.SUB_SUB_SUB_STARTUP_TASK, "protect-features-init", b2);
    }

    @Override // com.contrastsecurity.agent.instr.a.c
    public boolean preventDenylistingOf(String str) {
        boolean z = false;
        Set<String> targetedClasses = getTargetedClasses();
        if (targetedClasses != null) {
            z = targetedClasses.contains(str);
        }
        return z;
    }

    Set<String> getTargetedClasses() {
        Set<String> set = null;
        if (this.protectManager != null) {
            set = this.protectManager.getUserTargetedClasses();
        }
        return set;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.plugins.d> getClassTransformationListeners() {
        return this.config.c(ConfigProperty.PROTECT_ENABLED) ? Lists.of(this.component.o()) : Collections.emptyList();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public com.contrastsecurity.agent.plugins.f getActivityEventListener() {
        com.contrastsecurity.agent.plugins.f fVar = null;
        if (this.config.c(ConfigProperty.PROTECT_ENABLED)) {
            fVar = this.dbListener;
        }
        return fVar;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public int limitRequestBodySizeCapturing() {
        return this.config.d(ConfigProperty.MAX_REQUEST_BODY_BYTES_CAPTURED);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public List<com.contrastsecurity.agent.http.p> getRequestLifecycleListeners() {
        return this.requestLifecycleListeners;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresPrimordialInstrumentation(Class<?> cls) {
        return Package.class.equals(cls) || PrintWriter.class.equals(cls) || this.instrumentation.a(cls) || this.deadzoneManager.a(cls);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin, com.contrastsecurity.agent.plugins.apps.f
    public void onApplicationInventoried(Application application) {
        Iterator<InterfaceC0342a> it = this.appAwareProtectRules.iterator();
        while (it.hasNext()) {
            it.next().onApplicationProfiled(application);
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onAppActivityReportingStarting(ActivityReportContext activityReportContext, Application application, Map<String, Object> map) {
        Map<SourceDTM, List<InterfaceC0384u<?>>> b = ((com.contrastsecurity.agent.plugins.protect.i.g) application.context().getOrComputeIfAbsent(APP_SOURCE_REPORTS, com.contrastsecurity.agent.plugins.protect.i.g.a)).b();
        if (b.isEmpty()) {
            return;
        }
        preprocessActivity(activityReportContext, map, b);
    }

    private void preprocessActivity(ActivityReportContext activityReportContext, Map<String, Object> map, Map<SourceDTM, List<InterfaceC0384u<?>>> map2) {
        long currentTimeMillis = System.currentTimeMillis();
        ArrayList arrayList = new ArrayList();
        for (SourceDTM sourceDTM : map2.keySet()) {
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            for (InterfaceC0384u<?> interfaceC0384u : map2.get(sourceDTM)) {
                String b = interfaceC0384u.b();
                ProtectRuleSampleDTM<?> a = interfaceC0384u.a();
                if (b != null && a != null) {
                    ((List) ((Map) hashMap2.computeIfAbsent(b, str -> {
                        return new HashMap();
                    })).computeIfAbsent(a.getResult(), attackResult -> {
                        return new ArrayList();
                    })).add(a);
                }
            }
            for (String str2 : hashMap2.keySet()) {
                Map map3 = (Map) hashMap2.get(str2);
                ProtectionRuleActivityDTM.Builder startTime = ProtectionRuleActivityDTM.builder().startTime(currentTimeMillis);
                List list = (List) map3.get(AttackResult.BLOCKED);
                if (list != null) {
                    startTime.blocked(new RuleEventsDTM(list.subList(0, Math.min(list.size(), this.sampleSettings.c())), list.size(), currentTimeMillis));
                }
                List list2 = (List) map3.get(AttackResult.BLOCKED_AT_PERIMETER);
                if (list2 != null) {
                    startTime.blockedAtPerimeter(new RuleEventsDTM(list2.subList(0, Math.min(list2.size(), this.sampleSettings.d())), list2.size(), currentTimeMillis));
                }
                List list3 = (List) map3.get(AttackResult.EXPLOITED);
                if (list3 != null) {
                    startTime.exploited(new RuleEventsDTM(list3.subList(0, Math.min(list3.size(), this.sampleSettings.b())), list3.size(), currentTimeMillis));
                }
                List list4 = (List) map3.get(AttackResult.PROBED);
                if (list4 != null) {
                    startTime.ineffective(new RuleEventsDTM(list4.subList(0, Math.min(list4.size(), this.sampleSettings.a())), list4.size(), currentTimeMillis));
                }
                List list5 = (List) map3.get(AttackResult.SUSPICIOUS);
                if (list5 != null) {
                    startTime.suspicious(new RuleEventsDTM(list5.subList(0, Math.min(list5.size(), this.sampleSettings.e())), list5.size(), currentTimeMillis));
                }
                hashMap.put(str2, startTime.build());
            }
            arrayList.add(new AttackerActivityDTM(hashMap, sourceDTM));
        }
        activityReportContext.requiresReport();
        map.put(APP_PROTECT_KEY, new ApplicationProtectActivityDTM(arrayList, currentTimeMillis));
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onServerActivityReportingStarting(ActivityReportContext activityReportContext, Map<String, Object> map) {
        if (this.config.c(ConfigProperty.PROTECT_ENABLED)) {
            ServerProtectActivityDTM serverProtectActivityDTM = this.serverProtectActivity;
            if (isEmpty(serverProtectActivityDTM)) {
                return;
            }
            map.put(APP_PROTECT_KEY, serverProtectActivityDTM);
            activityReportContext.requiresReport();
        }
    }

    private boolean isEmpty(ServerProtectActivityDTM serverProtectActivityDTM) {
        return serverProtectActivityDTM.getIpBlacklists().isEmpty() && serverProtectActivityDTM.getLogEnhancers().isEmpty();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onServerActivityReportingFinished() {
        ServerProtectActivityDTM serverProtectActivityDTM = this.serverProtectActivity;
        serverProtectActivityDTM.getIpBlacklists().clear();
        serverProtectActivityDTM.getLogEnhancers().clear();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void activate() {
        super.activate();
        this.protectManager.activate();
        verifyApplicationSettingsEventPublisher();
        this.applicationSettingsUpdateEventBus.addListener(this.protectApplicationSettingsUpdateListener);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void deactivate() {
        this.protectManager.deactivate();
        verifyApplicationSettingsEventPublisher();
        this.applicationSettingsUpdateEventBus.removeListener(this.protectApplicationSettingsUpdateListener);
        super.deactivate();
    }

    private void verifyApplicationSettingsEventPublisher() {
        if (this.applicationSettingsUpdateEventBus == null) {
            throw new IllegalStateException("Plugin lifecycle violation: expected onApplicationServiceProviderReady to be called before activate");
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresHttpRequestBodyBuffering(HttpRequest httpRequest) {
        if (!isDisabledUri(httpRequest, this.applicationManager.current(), this.config)) {
            return isActivated() && !"GET".equals(httpRequest.getMethod());
        }
        logger.debug("Uri {} is skipped from request body buffering.", httpRequest.getUri());
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean requiresHttpRequestBodyTotalCapture(HttpRequest httpRequest) {
        if (!isDisabledUri(httpRequest, this.applicationManager.current(), this.config)) {
            return this.allowApiBodyRead && isActivated() && !"GET".equals(httpRequest.getMethod()) && httpRequest.getContentLength() > 0 && httpRequest.getContentType().c();
        }
        logger.debug("Uri {} is skipped from request body total capturing.", httpRequest.getUri());
        return false;
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onRequestBodyChunkRead(HttpRequest httpRequest, int i, byte[] bArr, int i2, int i3) {
        if (isActivated()) {
            if (!httpRequest.isCheckedForDeserializer()) {
                this.deserializationContextService.a();
                httpRequest.setCheckedForDeserializer(true);
            }
            if (this.deserializationContextService.c()) {
                return;
            }
            if (isDoneReading(httpRequest, i != -1 ? i : 0)) {
                processBodyInput(httpRequest);
            }
        }
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public void onRequestBodyChunkRead(HttpRequest httpRequest, int i) {
        if (isActivated()) {
            if (!httpRequest.isCheckedForDeserializer()) {
                httpRequest.setCheckedForDeserializer(true);
                this.deserializationContextService.a();
            }
            if (this.deserializationContextService.c()) {
                return;
            }
            if (isDoneReading(httpRequest, i != -1 ? 1 : 0)) {
                processBodyInput(httpRequest);
            }
        }
    }

    private void processBodyInput(HttpRequest httpRequest) {
        if (this.attackListener != null) {
            this.attackListener.a(httpRequest, httpRequest.getMemoryBuffer().a(httpRequest.getCharset()));
        }
    }

    private boolean isDoneReading(HttpRequest httpRequest, int i) {
        return httpRequest.getMemoryBuffer().b() == httpRequest.getContentLength();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivated() {
        return this.config.c(ConfigProperty.PROTECT_ENABLED) && super.isActivated();
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    public boolean isActivatedForUri(Application application, HttpRequest httpRequest) {
        return isActivated() && !isDisabledUri(httpRequest, application, this.config);
    }

    public G getComponent() {
        return this.component;
    }

    @com.contrastsecurity.agent.t
    public com.contrastsecurity.agent.plugins.protect.rules.s getRule(ProtectRuleId protectRuleId) {
        return this.protectManager.getRuleById(protectRuleId);
    }

    @Override // com.contrastsecurity.agent.plugins.ContrastPlugin
    protected boolean isDisabledUri(HttpRequest httpRequest, Application application, com.contrastsecurity.agent.config.e eVar) {
        if (httpRequest == null || application == null) {
            return false;
        }
        com.contrastsecurity.agent.apps.exclusions.g exclusionProcessor = application.getExclusionProcessor();
        boolean isDisabledByUrl = exclusionProcessor.isDisabledByUrl(c.a.PROTECT, com.contrastsecurity.agent.apps.exclusions.c.a, httpRequest.getUri());
        if (!isDisabledByUrl) {
            isDisabledByUrl = exclusionProcessor.isDisabledByUrl(c.a.PROTECT, com.contrastsecurity.agent.apps.exclusions.c.c, httpRequest.getUri());
        }
        return isDisabledByUrl;
    }
}
