package security.io.netty400.utils;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants;
import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.security.schema.AgentMetaData;
import com.newrelic.api.agent.security.schema.HttpResponse;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.StringUtils;
import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpContent;
import io.netty.handler.codec.http.HttpRequest;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;

/* JADX WARN: Classes with same name are omitted:
  input_file:newrelic-security-agent.jar:instrumentation-security/netty-4.0.0-1.0.jar:security/io/netty400/utils/NettyUtils.class
 */
/* loaded from: input_file:newrelic-security-agent.jar:instrumentation-security/netty-4.0.8-1.0.jar:security/io/netty400/utils/NettyUtils.class */
public class NettyUtils {
    public static final String NETTY_4_0_0 = "NETTY-4.0.0";
    public static String NR_SEC_CUSTOM_ATTRIB_NAME = "NETTY-4.8-REQ-BODY-TRACKER";
    public static String NR_SEC_NETTY_OPERATIONAL_LOCK = "NR_SEC_NETTY_OPERATIONAL_LOCK_INBOUND";
    public static String NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND = "NR_SEC_NETTY_OPERATIONAL_LOCK_OUTBOUND";
    private static final String X_FORWARDED_FOR = "x-forwarded-for";
    private static final String EMPTY = "";
    public static final String WRITE_METHOD_NAME = "write";
    public static final String IO_NETTY = "io.netty.";
    private static final String ERROR_GETTING_SERVER_PORT = "Instrumentation library: %s , error while getting server port %s";
    private static final String ERROR_PARSING_HTTP_RESPONSE_DATA = "Instrumentation library: %s , error while parsing HTTP response data : %s";

    public static void processSecurityRequest(ChannelHandlerContext channelHandlerContext, Object obj, String str) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                if (obj instanceof HttpRequest) {
                    SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
                    com.newrelic.api.agent.security.schema.HttpRequest request = securityMetaData.getRequest();
                    if (!NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && request.isRequestParsed()) {
                        return;
                    }
                    request.setMethod(((HttpRequest) obj).getMethod().name());
                    request.setUrl(((HttpRequest) obj).getUri());
                    setClientAddressDetails(securityMetaData, channelHandlerContext.channel().remoteAddress().toString());
                    setServerPortDetails(request, channelHandlerContext.channel().localAddress().toString());
                    processHttpRequestHeader((HttpRequest) obj, request);
                    securityMetaData.setTracingHeaderValue(getTraceHeader(request.getHeaders()));
                    request.setProtocol(((HttpRequest) obj).getProtocolVersion().protocolName().toLowerCase());
                    request.setContentType(request.getHeaders().get("content-type"));
                    if (!securityMetaData.getMetaData().isUserLevelServiceMethodEncountered(IO_NETTY)) {
                        StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
                        securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, 2, stackTrace.length));
                    }
                    request.setRequestParsed(true);
                }
                if (obj instanceof HttpContent) {
                    Integer num = (Integer) NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(NR_SEC_CUSTOM_ATTRIB_NAME, Integer.class);
                    if (num == null) {
                        num = Integer.valueOf(channelHandlerContext.hashCode());
                        NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(NR_SEC_CUSTOM_ATTRIB_NAME, num);
                    }
                    if (num.equals(Integer.valueOf(channelHandlerContext.hashCode()))) {
                        NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().getBody().append(((HttpContent) obj).content().toString(StandardCharsets.UTF_8));
                    }
                }
            }
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_PARSING_HTTP_REQUEST_DATA, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
        }
    }

    private static void setServerPortDetails(com.newrelic.api.agent.security.schema.HttpRequest httpRequest, String str) {
        try {
            String substringAfterLast = StringUtils.substringAfterLast(str, ":");
            if (StringUtils.isBlank(substringAfterLast)) {
                return;
            }
            httpRequest.setServerPort(Integer.parseInt(substringAfterLast));
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(ERROR_GETTING_SERVER_PORT, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
        }
    }

    private static void setClientAddressDetails(SecurityMetaData securityMetaData, String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        com.newrelic.api.agent.security.schema.HttpRequest request = securityMetaData.getRequest();
        String replace = StringUtils.replace(str, "/", "");
        request.setClientIP(StringUtils.substringBeforeLast(replace, ":"));
        request.setClientPort(StringUtils.substringAfterLast(replace, ":"));
        if (StringUtils.isNotBlank(request.getClientIP())) {
            securityMetaData.getMetaData().getIps().add(request.getClientIP());
        }
    }

    public static void processHttpRequestHeader(HttpRequest httpRequest, com.newrelic.api.agent.security.schema.HttpRequest httpRequest2) {
        for (String str : httpRequest.headers().names()) {
            boolean z = false;
            if (str != null) {
                str = str.toLowerCase();
            }
            AgentPolicy currentPolicy = NewRelicSecurity.getAgent().getCurrentPolicy();
            AgentMetaData metaData = NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData();
            if (currentPolicy != null && currentPolicy.getProtectionMode().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getIpDetectViaXFF().booleanValue() && X_FORWARDED_FOR.equals(str)) {
                z = true;
            } else if (ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().setFuzzRequestIdentifier(ServletHelper.parseFuzzRequestIdentifierHeader(httpRequest.headers().get(str)));
            } else if (GenericHelper.CSEC_PARENT_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.CSEC_PARENT_ID, httpRequest.headers().get(str));
            } else if (ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST, true);
            }
            String str2 = "";
            for (String str3 : httpRequest.headers().getAll(str)) {
                if (str3 != null && !str3.trim().isEmpty()) {
                    if (z) {
                        metaData.setClientDetectedFromXFF(true);
                        httpRequest2.setClientIP(str3);
                        metaData.getIps().add(httpRequest2.getClientIP());
                        httpRequest2.setClientPort("");
                        z = false;
                    }
                    str2 = str2.trim().isEmpty() ? str3 : String.join(";", str2, str3);
                }
            }
            httpRequest2.getHeaders().put(str, str2);
        }
    }

    public static String getTraceHeader(Map<String, String> map) {
        String str = "";
        if (map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) {
            str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER);
            if (str == null || str.trim().isEmpty()) {
                str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase());
            }
        }
        return str;
    }

    public static void processSecurityResponse(ChannelHandlerContext channelHandlerContext, Object obj) {
        try {
            if (NewRelicSecurity.isHookProcessingActive() && (obj instanceof FullHttpResponse)) {
                HttpResponse response = NewRelicSecurity.getAgent().getSecurityMetaData().getResponse();
                processResponseHeaders((io.netty.handler.codec.http.HttpResponse) obj, response);
                response.setResponseContentType(((FullHttpResponse) obj).headers().get("Content-Type"));
                response.getResponseBody().append(((FullHttpResponse) obj).content().toString(StandardCharsets.UTF_8));
            }
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(ERROR_PARSING_HTTP_RESPONSE_DATA, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
        }
    }

    public static void sendRXSSEvent(ChannelHandlerContext channelHandlerContext, Object obj, String str, String str2) {
        try {
            if (NewRelicSecurity.isHookProcessingActive() && (obj instanceof FullHttpResponse)) {
                LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest());
                if (!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) {
                    NewRelicSecurity.getAgent().registerOperation(new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), NewRelicSecurity.getAgent().getSecurityMetaData().getResponse(), str, str2));
                }
                ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles());
            }
        } catch (Throwable th) {
            if (th instanceof NewRelicSecurityException) {
                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
                throw th;
            }
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, NETTY_4_0_0, th.getMessage()), th, NettyUtils.class.getName());
        }
    }

    private static void processResponseHeaders(io.netty.handler.codec.http.HttpResponse httpResponse, HttpResponse httpResponse2) {
        for (Map.Entry entry : httpResponse.headers().entries()) {
            httpResponse2.getHeaders().put(((String) entry.getKey()).toLowerCase(), (String) entry.getValue());
        }
    }

    public static boolean isNettyLockAcquired(String str) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(str + Thread.currentThread().getId(), Boolean.class))) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            return false;
        }
    }

    public static boolean acquireNettyLockIfPossible(String str) {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || isNettyLockAcquired(str)) {
                return false;
            }
            NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(str + Thread.currentThread().getId(), true);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public static void releaseNettyLock(String str) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(str + Thread.currentThread().getId(), null);
            }
        } catch (Throwable th) {
        }
    }
}
