package com.newrelic.agent.security.intcodeagent.websocket;

import com.newrelic.agent.config.AgentConfigImpl;
import com.newrelic.agent.security.AgentConfig;
import com.newrelic.agent.security.AgentInfo;
import com.newrelic.agent.security.deps.org.apache.commons.lang3.StringUtils;
import com.newrelic.agent.security.deps.org.java_websocket.WebSocket;
import com.newrelic.agent.security.deps.org.java_websocket.WebSocketImpl;
import com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient;
import com.newrelic.agent.security.deps.org.java_websocket.drafts.Draft_6455;
import com.newrelic.agent.security.deps.org.java_websocket.framing.Framedata;
import com.newrelic.agent.security.deps.org.java_websocket.handshake.ServerHandshake;
import com.newrelic.agent.security.instrumentator.dispatcher.DispatcherPool;
import com.newrelic.agent.security.instrumentator.httpclient.RestRequestThreadPool;
import com.newrelic.agent.security.instrumentator.utils.INRSettingsKey;
import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessor;
import com.newrelic.agent.security.intcodeagent.controlcommand.ControlCommandProcessorThreadPool;
import com.newrelic.agent.security.intcodeagent.exceptions.SecurityNoticeError;
import com.newrelic.agent.security.intcodeagent.filelogging.FileLoggerThreadPool;
import com.newrelic.agent.security.intcodeagent.logging.IAgentConstants;
import com.newrelic.agent.security.intcodeagent.utils.ResourceUtils;
import com.newrelic.api.agent.NewRelic;
import com.newrelic.api.agent.security.instrumentation.helpers.GrpcClientRequestReplayHelper;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.management.ManagementFactory;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZoneId;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:newrelic-security-agent.jar:com/newrelic/agent/security/intcodeagent/websocket/WSClient.class */
public class WSClient extends WebSocketClient {
    private static final FileLoggerThreadPool logger = FileLoggerThreadPool.getInstance();
    public static final String SENDING_EVENT = "sending event: ";
    public static final String UNABLE_TO_SEND_EVENT = "Unable to send event : ";
    public static final String ERROR_IN_WSOCK_CONNECTION = "Error in WSock connection : ";
    public static final String CONNECTION_CLOSED_BY = "WS Connection closed by ";
    public static final String REMOTE_PEER = "remote peer.";
    public static final String LOCAL = "local.";
    public static final String CODE = " Code: ";
    public static final String REASON = " Reason: ";
    public static final String UNABLE_TO_PROCESS_INCOMING_MESSAGE = "Unable to process incoming message : ";
    public static final String DUE_TO_ERROR = " : due to error : ";
    public static final String RECONNECTING_TO_IC = "Reconnecting to validator";
    public static final String COLON_STRING = " : ";
    public static final String RECEIVED_PING_AT_S_SENDING_PONG = "received ping  at %s sending pong";
    public static final String INCOMING_CONTROL_COMMAND_S = "Incoming control command : %s";
    public static final String PROXY_HOST = "proxy_host";
    public static final String PROXY_PASS = "proxy_password";
    public static final String PROXY_PORT = "proxy_port";
    public static final String PROXY_SCHEME = "proxy_scheme";
    public static final String PROXY_USER = "proxy_user";
    private static WSClient instance;
    private WebSocketImpl connection;
    private Map<String, String> noticeErrorCustomParameters;

    private SSLContext createSSLContext() throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        LinkedList<X509Certificate> linkedList = new LinkedList();
        Set<X509Certificate> trustedCerts = CustomTrustStoreManagerUtils.getTrustedCerts();
        if (trustedCerts != null) {
            linkedList.addAll(trustedCerts);
        }
        BufferedInputStream bufferedInputStream = new BufferedInputStream(getCaBundleStream());
        Throwable th = null;
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (bufferedInputStream.available() > 0) {
                try {
                    linkedList.add((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream));
                } catch (Exception e) {
                    logger.log(LogLevel.SEVERE, "Unable to generate ca certificate. Verify the certificate format. Will not process further certs.", e, WSClient.class.getName());
                    NewRelic.noticeError((Throwable) new SecurityNoticeError("New Relic Security Agent is unable to generate CA Certificate. Verify the certificate format. Will not process further certs.", e), (Map<String, ?>) this.noticeErrorCustomParameters, true);
                }
            }
            logger.log(linkedList.size() > 0 ? LogLevel.INFO : LogLevel.SEVERE, String.format("Found %s certificates.", Integer.valueOf(linkedList.size())), WSClient.class.getName());
            this.noticeErrorCustomParameters.put("ca_bundle_count", String.valueOf(linkedList.size()));
            keyStore.load(null, null);
            int i = 1;
            for (X509Certificate x509Certificate : linkedList) {
                if (x509Certificate != null) {
                    String str = "nr_csec_ca_bundle_" + i;
                    keyStore.setCertificateEntry(str, x509Certificate);
                    logger.log(LogLevel.FINER, String.format("Installed CA certificate %s(serial %s) for subjects : %s - %s", str, x509Certificate.getSerialNumber(), x509Certificate.getSubjectDN().getName(), x509Certificate.getSubjectAlternativeNames()), WSClient.class.getName());
                }
                i++;
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
            sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
            return sSLContext;
        } finally {
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
        }
    }

    private InputStream getCaBundleStream() throws IOException {
        InputStream resourceStreamFromAgentJar;
        String str = (String) NewRelic.getAgent().getConfig().getValue("ca_bundle_path");
        if (StringUtils.isNotBlank(str)) {
            this.noticeErrorCustomParameters.put("ca_bundle_path", str);
            resourceStreamFromAgentJar = Files.newInputStream(Paths.get(str, new String[0]), new OpenOption[0]);
        } else {
            this.noticeErrorCustomParameters.put("ca_bundle_path", "internal-pem");
            resourceStreamFromAgentJar = ResourceUtils.getResourceStreamFromAgentJar("nr-custom-ca.pem");
        }
        return resourceStreamFromAgentJar;
    }

    private WSClient() throws URISyntaxException {
        super(new URI(AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), new Draft_6455(), null, (int) TimeUnit.SECONDS.toMillis(15L));
        this.connection = null;
        this.noticeErrorCustomParameters = new HashMap();
        setTcpNoDelay(true);
        setConnectionLostTimeout(30);
        addHeader("NR-CSEC-CONNECTION-TYPE", "LANGUAGE_COLLECTOR");
        addHeader("NR-AGENT-RUN-TOKEN", AgentInfo.getInstance().getLinkingMetadata().getOrDefault(INRSettingsKey.AGENT_RUN_ID_LINKING_METADATA, ""));
        addHeader("NR-CSEC-ENTITY-GUID", AgentInfo.getInstance().getLinkingMetadata().getOrDefault("entity.guid", ""));
        addHeader("NR-CSEC-ENTITY-NAME", AgentInfo.getInstance().getLinkingMetadata().getOrDefault("entity.name", ""));
        addHeader("NR-LICENSE-KEY", AgentConfig.getInstance().getConfig().getCustomerInfo().getApiAccessorToken());
        addHeader("NR-CSEC-VERSION", AgentInfo.getInstance().getBuildInfo().getCollectorVersion());
        addHeader("NR-CSEC-COLLECTOR-TYPE", "JAVA");
        addHeader("NR-CSEC-BUILD-NUMBER", AgentInfo.getInstance().getBuildInfo().getBuildNumber());
        addHeader("NR-CSEC-MODE", AgentConfig.getInstance().getGroupName());
        addHeader("NR-CSEC-APP-UUID", AgentInfo.getInstance().getApplicationUUID());
        addHeader("NR-CSEC-JSON-VERSION", AgentInfo.getInstance().getBuildInfo().getJsonVersion());
        addHeader("NR-ACCOUNT-ID", AgentConfig.getInstance().getConfig().getCustomerInfo().getAccountId());
        addHeader("NR-CSEC-IAST-DATA-TRANSFER-MODE", "PULL");
        addHeader("NR-CSEC-IGNORED-VUL-CATEGORIES", AgentConfig.getInstance().getAgentMode().getSkipScan().getIastDetectionCategory().getDisabledCategoriesCSV());
        addHeader("NR-CSEC-PROCESS-START-TIME", String.valueOf(ManagementFactory.getRuntimeMXBean().getStartTime()));
        addHeader("NR-CSEC-IAST-TEST-IDENTIFIER", AgentConfig.getInstance().getScanControllers().getIastTestIdentifier());
        addHeader("NR-CSEC-IAST-SCAN-INSTANCE-COUNT", String.valueOf(AgentConfig.getInstance().getScanControllers().getScanInstanceCount()));
        Proxy proxyManager = proxyManager();
        if (proxyManager != null) {
            setProxy(proxyManager);
            this.noticeErrorCustomParameters.put("proxy_host", proxyManager.address().toString());
        }
        if (StringUtils.startsWithIgnoreCase(AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL(), "wss:")) {
            try {
                setSocketFactory(createSSLContext().getSocketFactory());
            } catch (Exception e) {
                logger.log(LogLevel.SEVERE, String.format("Error creating socket factory message : %s , cause : %s", e.getMessage(), e.getCause()), WSClient.class.getName());
                logger.log(LogLevel.FINER, "Error creating socket factory", e, WSClient.class.getName());
            }
        }
        this.noticeErrorCustomParameters.put("csec_ws_url", AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL());
        logger.log(LogLevel.INFO, String.format("Connecting to WS client %s", AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), WSClient.class.getName());
    }

    private static Proxy proxyManager() {
        try {
            String str = (String) NewRelic.getAgent().getConfig().getValue("proxy_host", null);
            Integer num = (Integer) NewRelic.getAgent().getConfig().getValue("proxy_port", Integer.valueOf(AgentConfigImpl.DEFAULT_PROXY_PORT));
            String str2 = (String) NewRelic.getAgent().getConfig().getValue("proxy_scheme", "https");
            final String str3 = (String) NewRelic.getAgent().getConfig().getValue("proxy_user", null);
            final String str4 = (String) NewRelic.getAgent().getConfig().getValue("proxy_password", null);
            if (str == null || num == null || str2 == null) {
                return null;
            }
            Proxy proxy = new Proxy(getProxyScheme(str2), new InetSocketAddress(str, num.intValue()));
            if (str3 != null && str4 != null) {
                System.setProperty("jdk.http.auth.tunneling.disabledSchemes", "");
                System.setProperty("jdk.http.auth.proxying.disabledSchemes", "");
                Authenticator.setDefault(new Authenticator() { // from class: com.newrelic.agent.security.intcodeagent.websocket.WSClient.1
                    @Override // java.net.Authenticator
                    protected PasswordAuthentication getPasswordAuthentication() {
                        return new PasswordAuthentication(str3, str4.toCharArray());
                    }
                });
                logger.log(LogLevel.FINER, "Authenticated proxy using username and password", WSClient.class.getName());
            }
            logger.log(LogLevel.FINER, String.format("Proxy being used to connect with WSS %s", proxy), WSClient.class.getName());
            return proxy;
        } catch (Exception e) {
            logger.log(LogLevel.SEVERE, String.format("Error creating proxy %s", e.getMessage()), WSClient.class.getName());
            return null;
        }
    }

    private static Proxy.Type getProxyScheme(String str) {
        return (str == null || str.equalsIgnoreCase("http") || str.equalsIgnoreCase("https")) ? Proxy.Type.HTTP : Proxy.Type.SOCKS;
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void addHeader(String str, String str2) {
        String str3 = str2;
        if (StringUtils.equals(str, "NR-LICENSE-KEY")) {
            str3 = StringUtils.substring(str2, 0, 4) + "-******-" + StringUtils.substring(str2, str2.length() - 7);
        }
        logger.log(LogLevel.INFO, String.format("Adding WS connection header: %s -> %s", str, str3), WSClient.class.getName());
        super.addHeader(str, str2);
    }

    public void openConnection() throws InterruptedException {
        connectBlocking(30L, TimeUnit.SECONDS);
        WebSocket connection = getConnection();
        if (connection instanceof WebSocketImpl) {
            this.connection = (WebSocketImpl) connection;
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onOpen(ServerHandshake serverHandshake) {
        AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementConnectionReconnected();
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.INIT_WS_CONNECTION, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), WSClient.class.getName());
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.SENDING_APPLICATION_INFO_ON_WS_CONNECT, AgentInfo.getInstance().getApplicationInfo()), WSClient.class.getName());
        cleanIASTState();
        super.send(JsonConverter.toJSON(AgentInfo.getInstance().getApplicationInfo()));
        WSUtils.getInstance().setReconnecting(false);
        synchronized (WSUtils.getInstance()) {
            WSUtils.getInstance().notifyAll();
        }
        WSUtils.getInstance().setConnected(true);
        logger.logInit(LogLevel.INFO, String.format(IAgentConstants.APPLICATION_INFO_SENT_ON_WS_CONNECT, AgentInfo.getInstance().getApplicationInfo()), WSClient.class.getName());
    }

    private static void cleanIASTState() {
        RestRequestThreadPool.getInstance().resetIASTProcessing();
        GrpcClientRequestReplayHelper.getInstance().resetIASTProcessing();
        RestRequestThreadPool.getInstance().getRejectedIds().clear();
        GrpcClientRequestReplayHelper.getInstance().getRejectedIds().clear();
        DispatcherPool.getInstance().reset();
        EventSendPool.getInstance().reset();
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onMessage(String str) {
        try {
            AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementMessagesReceived();
            if (logger.isLogLevelEnabled(LogLevel.FINEST)) {
                logger.log(LogLevel.FINEST, String.format(INCOMING_CONTROL_COMMAND_S, str), getClass().getName());
            }
            ControlCommandProcessor.processControlCommand(str, System.currentTimeMillis());
        } catch (Throwable th) {
            logger.log(LogLevel.SEVERE, UNABLE_TO_PROCESS_INCOMING_MESSAGE + str + DUE_TO_ERROR, th, WSClient.class.getName());
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onClose(int i, String str, boolean z) {
        String str2 = CONNECTION_CLOSED_BY + (z ? REMOTE_PEER : LOCAL) + CODE + i + REASON + str;
        logger.log(LogLevel.WARNING, str2, WSClient.class.getName());
        NewRelic.noticeError((Throwable) new SecurityNoticeError(str2), (Map<String, ?>) this.noticeErrorCustomParameters, true);
        if (i == -1) {
            return;
        }
        ControlCommandProcessorThreadPool.getInstance().getQueue().clear();
        cleanIASTState();
        WSUtils.getInstance().setConnected(false);
        if (i == 1008) {
            WSReconnectionST.cancelTask(true);
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient
    public void onError(Exception exc) {
        AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementConnectionFailure();
        NewRelic.noticeError((Throwable) new SecurityNoticeError(CONNECTION_CLOSED_BY + exc.getClass().getSimpleName(), exc), (Map<String, ?>) this.noticeErrorCustomParameters, true);
        logger.logInit(LogLevel.SEVERE, String.format(IAgentConstants.WS_CONNECTION_UNSUCCESSFUL_INFO, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL(), exc.toString(), exc.getCause()), WSClient.class.getName());
        logger.log(LogLevel.FINER, String.format(IAgentConstants.WS_CONNECTION_UNSUCCESSFUL, AgentConfig.getInstance().getConfig().getK2ServiceInfo().getValidatorServiceEndpointURL()), exc, WSClient.class.getName());
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.client.WebSocketClient, com.newrelic.agent.security.deps.org.java_websocket.WebSocket
    public void send(String str) {
        if (StringUtils.isBlank(str)) {
            return;
        }
        if (!isOpen()) {
            logger.log(LogLevel.FINER, UNABLE_TO_SEND_EVENT + str, WSClient.class.getName());
            AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementSendFailure();
        } else {
            logger.log(LogLevel.FINER, SENDING_EVENT + str, WSClient.class.getName());
            super.send(str);
            AgentInfo.getInstance().getJaHealthCheck().getWebSocketConnectionStats().incrementMessagesSent();
        }
    }

    @Override // com.newrelic.agent.security.deps.org.java_websocket.WebSocketAdapter, com.newrelic.agent.security.deps.org.java_websocket.WebSocketListener
    public void onWebsocketPing(WebSocket webSocket, Framedata framedata) {
        logger.log(LogLevel.FINER, String.format(RECEIVED_PING_AT_S_SENDING_PONG, Instant.now().atZone(ZoneId.of("UTC")).toLocalTime()), WSClient.class.getName());
        if (this.connection != null) {
            this.connection.updateLastPong();
        }
        super.onWebsocketPing(webSocket, framedata);
    }

    public static WSClient getInstance() throws URISyntaxException, InterruptedException {
        if (instance == null) {
            instance = new WSClient();
        }
        return instance;
    }

    public static WSClient reconnectWSClient() throws URISyntaxException, InterruptedException {
        logger.log(LogLevel.INFO, RECONNECTING_TO_IC, WSClient.class.getName());
        if (instance != null && instance.isOpen()) {
            instance.closeBlocking();
        }
        instance = new WSClient();
        instance.openConnection();
        return instance;
    }

    public static void shutDownWSClientAbnormal(boolean z) {
        logger.log(LogLevel.WARNING, "Disconnecting WS client forced by APM", WSClient.class.getName());
        shutDownWSClient(z, 1006, "Client disconnecting forced by APM");
    }

    public static void shutDownWSClient(boolean z, int i, String str) {
        logger.log(LogLevel.WARNING, String.format("WebSocket Shutdown initiated with %s", Integer.valueOf(i)), WSClient.class.getName());
        WSUtils.getInstance().setConnected(false);
        if (z) {
            RestRequestThreadPool.getInstance().resetIASTProcessing();
            GrpcClientRequestReplayHelper.getInstance().resetIASTProcessing();
        }
        if (instance != null) {
            instance.close(i, str);
        }
    }
}
