package spray.can;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants;
import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.security.schema.AgentMetaData;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.StringUtils;
import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
import scala.collection.Iterator;
import scala.collection.immutable.List;
import spray.http.HttpEntity;
import spray.http.HttpHeader;
import spray.http.HttpRequest;
import spray.http.HttpResponse;
import spray.http.Uri;

/* loaded from: input_file:newrelic-security-agent.jar:instrumentation-security/spray-can-1.3.1-1.0.jar:spray/can/SprayHttpUtils.class */
public class SprayHttpUtils {
    public static final String QUESTION_MARK = "?";
    private static final String X_FORWARDED_FOR = "x-forwarded-for";
    public static final String SPRAY_CAN_1_3_1 = "SPRAY-CAN-1.3.1";

    public static String getNrSecCustomAttribName() {
        return "SPRAY-CAN-" + Thread.currentThread().getId();
    }

    public static String getNrSecCustomAttribNameForResponse() {
        return "SPRAY-CAN-RXSS" + Thread.currentThread().getId();
    }

    public static void preProcessRequestHook(HttpRequest httpRequest) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
                com.newrelic.api.agent.security.schema.HttpRequest request = securityMetaData.getRequest();
                if (request.isRequestParsed()) {
                    return;
                }
                securityMetaData.getMetaData();
                request.setMethod(httpRequest.method().name());
                request.setProtocol(httpRequest.uri().scheme());
                request.setUrl(processURL(httpRequest.uri()));
                request.setServerPort(httpRequest.uri().effectivePort());
                processHttpRequestHeader(httpRequest.headers(), request);
                securityMetaData.setTracingHeaderValue(getTraceHeader(request.getHeaders()));
                if (!httpRequest.entity().isEmpty()) {
                    if (httpRequest.entity() instanceof HttpEntity.NonEmpty) {
                        request.setContentType(httpRequest.entity().contentType().value());
                    }
                    request.setBody(new StringBuilder(httpRequest.entity().data().asString(StandardCharsets.UTF_8)));
                }
                StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
                securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, 2, stackTrace.length));
                request.setRequestParsed(true);
            }
        } catch (Exception e) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, SPRAY_CAN_1_3_1, e.getMessage()), e, SprayHttpUtils.class.getName());
        }
    }

    public static String getTraceHeader(Map<String, String> map) {
        String str = "";
        if (map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) {
            str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER);
            if (str == null || str.trim().isEmpty()) {
                str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase());
            }
        }
        return str;
    }

    private static void processHttpRequestHeader(List<HttpHeader> list, com.newrelic.api.agent.security.schema.HttpRequest httpRequest) {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            HttpHeader httpHeader = (HttpHeader) it.next();
            String lowercaseName = httpHeader.lowercaseName();
            String value = httpHeader.value();
            boolean z = false;
            AgentPolicy currentPolicy = NewRelicSecurity.getAgent().getCurrentPolicy();
            AgentMetaData metaData = NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData();
            if (currentPolicy != null && currentPolicy.getProtectionMode().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getIpDetectViaXFF().booleanValue() && X_FORWARDED_FOR.equals(lowercaseName)) {
                z = true;
            } else if (ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID.equals(lowercaseName)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().setFuzzRequestIdentifier(ServletHelper.parseFuzzRequestIdentifierHeader(value));
            } else if (GenericHelper.CSEC_PARENT_ID.equals(lowercaseName)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.CSEC_PARENT_ID, value);
            } else if (ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST.equals(lowercaseName)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST, true);
            }
            if (z) {
                metaData.setClientDetectedFromXFF(true);
                httpRequest.setClientIP(value);
                metaData.getIps().add(httpRequest.getClientIP());
            }
            httpRequest.getHeaders().put(lowercaseName, value);
        }
    }

    private static String processURL(Uri uri) {
        String path = uri.path().toString();
        String substringAfter = StringUtils.substringAfter(uri.toString(), "?");
        return StringUtils.isBlank(substringAfter) ? path : path + "?" + substringAfter;
    }

    public static void postProcessSecurityHook(HttpResponse httpResponse, String str, String str2) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest());
                if (!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) {
                    NewRelicSecurity.getAgent().registerOperation(new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), NewRelicSecurity.getAgent().getSecurityMetaData().getResponse(), str, str2));
                }
                ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles());
            }
        } catch (Throwable th) {
            if (th instanceof NewRelicSecurityException) {
                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, SPRAY_CAN_1_3_1, th.getMessage()), th, SprayHttpUtils.class.getName());
                throw th;
            }
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SPRAY_CAN_1_3_1, th.getMessage()), th, SprayHttpUtils.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, SPRAY_CAN_1_3_1, th.getMessage()), th, SprayHttpUtils.class.getName());
        }
    }
}
