package com.newrelic.agent.security.instrumentation.jetty9;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants;
import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.URLMappingsHelper;
import com.newrelic.api.agent.security.schema.AgentMetaData;
import com.newrelic.api.agent.security.schema.ApplicationURLMapping;
import com.newrelic.api.agent.security.schema.HttpRequest;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.ServletRegistration;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:newrelic-security-agent.jar:instrumentation-security/jetty-9-1.0.jar:com/newrelic/agent/security/instrumentation/jetty9/HttpServletHelper.class */
public class HttpServletHelper {
    private static final String X_FORWARDED_FOR = "x-forwarded-for";
    private static final String EMPTY = "";
    public static final String QUESTION_MARK = "?";
    public static final String SERVICE_METHOD_NAME = "handle";
    public static final String SERVICE_ASYNC_METHOD_NAME = "handleAsync";
    public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-";
    public static final String JETTY_9 = "JETTY-9";
    private static final String SEPARATOR = "/";
    private static final String WILDCARD = "*";

    public static void processHttpRequestHeader(HttpServletRequest httpServletRequest, HttpRequest httpRequest) {
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            boolean z = false;
            String str = (String) headerNames.nextElement();
            if (str != null) {
                str = str.toLowerCase();
            }
            AgentPolicy currentPolicy = NewRelicSecurity.getAgent().getCurrentPolicy();
            AgentMetaData metaData = NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData();
            if (currentPolicy != null && currentPolicy.getProtectionMode().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getIpDetectViaXFF().booleanValue() && X_FORWARDED_FOR.equals(str)) {
                z = true;
            } else if (ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().setFuzzRequestIdentifier(ServletHelper.parseFuzzRequestIdentifierHeader(httpServletRequest.getHeader(str)));
            } else if (GenericHelper.CSEC_PARENT_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.CSEC_PARENT_ID, httpServletRequest.getHeader(str));
            } else if (ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST, true);
            }
            String str2 = "";
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                String str3 = (String) headers.nextElement();
                if (str3 != null && !str3.trim().isEmpty()) {
                    if (z) {
                        metaData.setClientDetectedFromXFF(true);
                        httpRequest.setClientIP(str3);
                        metaData.getIps().add(httpRequest.getClientIP());
                        httpRequest.setClientPort("");
                        z = false;
                    }
                    str2 = str2.trim().isEmpty() ? str3 : String.join(";", str2, str3);
                }
            }
            httpRequest.getHeaders().put(str, str2);
        }
    }

    public static String getTraceHeader(Map<String, String> map) {
        String str = "";
        if (map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) {
            str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER);
            if (str == null || str.trim().isEmpty()) {
                str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase());
            }
        }
        return str;
    }

    public static boolean isServletLockAcquired() {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class))) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            return false;
        }
    }

    public static boolean acquireServletLockIfPossible() {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || isServletLockAcquired()) {
                return false;
            }
            NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public static void releaseServletLock() {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null);
            }
        } catch (Throwable th) {
        }
    }

    private static String getNrSecCustomAttribName() {
        return "SERVLET_LOCK-";
    }

    public static void preprocessSecurityHook(HttpServletRequest httpServletRequest) {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || httpServletRequest == null) {
                return;
            }
            SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
            HttpRequest request = securityMetaData.getRequest();
            if (request.isRequestParsed()) {
                return;
            }
            AgentMetaData metaData = securityMetaData.getMetaData();
            request.setMethod(httpServletRequest.getMethod());
            request.setClientIP(httpServletRequest.getRemoteAddr());
            request.setServerPort(httpServletRequest.getLocalPort());
            if (request.getClientIP() != null && !request.getClientIP().trim().isEmpty()) {
                metaData.getIps().add(request.getClientIP());
                request.setClientPort(String.valueOf(httpServletRequest.getRemotePort()));
            }
            processHttpRequestHeader(httpServletRequest, request);
            securityMetaData.setTracingHeaderValue(getTraceHeader(request.getHeaders()));
            request.setProtocol(httpServletRequest.getScheme());
            request.setUrl(httpServletRequest.getRequestURI());
            String queryString = httpServletRequest.getQueryString();
            if (queryString != null && !queryString.trim().isEmpty()) {
                request.setUrl(request.getUrl() + "?" + queryString);
            }
            request.setContentType(httpServletRequest.getContentType());
            StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
            securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, 2, stackTrace.length));
            request.setRequestParsed(true);
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JETTY_9, th.getMessage()), th, HttpServletHelper.class.getName());
        }
    }

    public static void postProcessSecurityHook(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest());
                if (!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) {
                    NewRelicSecurity.getAgent().registerOperation(new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), NewRelicSecurity.getAgent().getSecurityMetaData().getResponse(), str, str2));
                }
                ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles());
            }
        } catch (Throwable th) {
            if (th instanceof NewRelicSecurityException) {
                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, JETTY_9, th.getMessage()), th, HttpServletHelper.class.getName());
                throw th;
            }
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, JETTY_9, th.getMessage()), th, HttpServletHelper.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, JETTY_9, th.getMessage()), th, HttpServletHelper.class.getName());
        }
    }

    public static void gatherURLMappings(ServletContext servletContext) {
        try {
            Map servletRegistrations = servletContext.getServletRegistrations();
            getJSPMappings(servletContext, "/");
            for (ServletRegistration servletRegistration : servletRegistrations.values()) {
                Iterator it = servletRegistration.getMappings().iterator();
                while (it.hasNext()) {
                    URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping("*", (String) it.next(), servletRegistration.getClassName()));
                }
            }
        } catch (Exception e) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, JETTY_9, e.getMessage()), e, HttpServletHelper.class.getName());
        }
    }

    private static void getJSPMappings(ServletContext servletContext, String str) {
        try {
            if (str.endsWith("/")) {
                for (String str2 : servletContext.getResourcePaths(str)) {
                    if (str2.endsWith("/")) {
                        getJSPMappings(servletContext, str2);
                    } else if (str2.endsWith(".jsp") || str2.endsWith(".jspx") || str2.endsWith(".JSP") || str2.endsWith(".JSPX")) {
                        URLMappingsHelper.addApplicationURLMapping(new ApplicationURLMapping("*", str2));
                    }
                }
            }
        } catch (Exception e) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_WHILE_GETTING_APP_ENDPOINTS, JETTY_9, e.getMessage()), e, HttpServletHelper.class.getName());
        }
    }
}
