package com.newrelic.agent.security.instrumentation.jersey2;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants;
import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.security.schema.AgentMetaData;
import com.newrelic.api.agent.security.schema.HttpRequest;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.StringUtils;
import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.glassfish.jersey.internal.PropertiesDelegate;
import org.glassfish.jersey.message.internal.OutboundMessageContext;
import org.glassfish.jersey.server.ContainerRequest;

/* JADX WARN: Classes with same name are omitted:
  input_file:newrelic-security-agent.jar:instrumentation-security/csec-jersey-2-1.0.jar:com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.class
  input_file:newrelic-security-agent.jar:instrumentation-security/csec-jersey-2.16-1.0.jar:com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.class
 */
/* loaded from: input_file:newrelic-security-agent.jar:instrumentation-security/csec-jersey-3-1.0.jar:com/newrelic/agent/security/instrumentation/jersey2/HttpRequestHelper.class */
public class HttpRequestHelper {
    private static final String X_FORWARDED_FOR = "x-forwarded-for";
    private static final String EMPTY = "";
    public static final String CONTAINER_RESPONSE_METHOD_NAME = "ContainerResponse";
    public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "SERVLET_LOCK-";
    private static final String NR_SEC_CUSTOM_ATTRIB_NAME_POST_PROCESSING = "JERSEY_LOCK_POST_PROCESSING-";
    public static final String HEADER_SEPARATOR = ";";
    public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE = "org.glassfish.jersey.grizzly2.httpserver.GrizzlyRequestPropertiesDelegate";
    public static final String FIELD_REQUEST = "request";
    public static final String METHOD_GET_REMOTE_ADDR = "getRemoteAddr";
    public static final String METHOD_GET_REMOTE_PORT = "getRemotePort";
    public static final String METHOD_GET_LOCAL_PORT = "getLocalPort";
    public static final String METHOD_GET_SCHEME = "getScheme";
    public static final String METHOD_GET_CONTENT_TYPE = "getContentType";
    public static final String ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE = "org.glassfish.jersey.message.internal.TracingAwarePropertiesDelegate";
    public static final String FIELD_PROPERTIES_DELEGATE = "propertiesDelegate";
    private static final String REQUEST_INPUTSTREAM_HASH = "REQUEST_INPUTSTREAM_HASH";
    public static final String JERSEY_3 = "JERSEY-3";

    public static void preprocessSecurityHook(ContainerRequest containerRequest) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
                HttpRequest request = securityMetaData.getRequest();
                if (request.isRequestParsed()) {
                    return;
                }
                AgentMetaData metaData = securityMetaData.getMetaData();
                request.setMethod(containerRequest.getMethod());
                processPropertiesDelegate(containerRequest.getPropertiesDelegate(), request);
                if (request.getClientIP() != null && !request.getClientIP().trim().isEmpty()) {
                    metaData.getIps().add(request.getClientIP());
                }
                processHttpRequestHeader(containerRequest, request);
                securityMetaData.setTracingHeaderValue(getTraceHeader(request.getHeaders()));
                request.setUrl(containerRequest.getRequestUri().toString());
                StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
                securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, 2, stackTrace.length));
                request.setRequestParsed(true);
            }
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, th.getMessage()), th, HttpRequestHelper.class.getName());
        }
    }

    public static void postProcessSecurityHook(String str, OutboundMessageContext outboundMessageContext) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                ServletHelper.executeBeforeExitingTransaction();
                NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setHeaders(getHeaders(outboundMessageContext));
                LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest());
                NewRelicSecurity.getAgent().registerOperation(new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), NewRelicSecurity.getAgent().getSecurityMetaData().getResponse(), str, CONTAINER_RESPONSE_METHOD_NAME));
                ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles());
            }
        } catch (Throwable th) {
            if (th instanceof NewRelicSecurityException) {
                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, JERSEY_3, th.getMessage()), th, HttpRequestHelper.class.getName());
                throw th;
            }
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, JERSEY_3, th.getMessage()), th, HttpRequestHelper.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, JERSEY_3, th.getMessage()), th, HttpRequestHelper.class.getName());
        }
    }

    private static Map<String, String> getHeaders(OutboundMessageContext outboundMessageContext) {
        HashMap hashMap = new HashMap();
        if (outboundMessageContext == null || outboundMessageContext.getHeaders() == null) {
            return hashMap;
        }
        for (String str : outboundMessageContext.getStringHeaders().keySet()) {
            hashMap.put(str, outboundMessageContext.getHeaderString(str));
            if (StringUtils.equalsAny(StringUtils.lowerCase(str), "content-type", "contenttype")) {
                NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(outboundMessageContext.getHeaderString(str));
            }
        }
        return hashMap;
    }

    public static void processHttpRequestHeader(ContainerRequest containerRequest, HttpRequest httpRequest) {
        for (Map.Entry entry : containerRequest.getHeaders().entrySet()) {
            boolean z = false;
            String str = (String) entry.getKey();
            String headerValue = getHeaderValue((List) entry.getValue());
            if (str != null) {
                str = str.toLowerCase();
            }
            AgentPolicy currentPolicy = NewRelicSecurity.getAgent().getCurrentPolicy();
            AgentMetaData metaData = NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData();
            if (currentPolicy != null && currentPolicy.getProtectionMode().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getIpDetectViaXFF().booleanValue() && X_FORWARDED_FOR.equals(str)) {
                z = true;
            } else if (ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().setFuzzRequestIdentifier(ServletHelper.parseFuzzRequestIdentifierHeader(headerValue));
            } else if (GenericHelper.CSEC_PARENT_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.CSEC_PARENT_ID, headerValue);
            } else if (ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST, true);
            }
            for (String str2 : (List) entry.getValue()) {
                if (str2 != null && !str2.trim().isEmpty() && z) {
                    metaData.setClientDetectedFromXFF(true);
                    httpRequest.setClientIP(str2);
                    metaData.getIps().add(httpRequest.getClientIP());
                    httpRequest.setClientPort("");
                    z = false;
                }
            }
            httpRequest.getHeaders().put(str, headerValue);
        }
    }

    private static String getHeaderValue(List<String> list) {
        StringBuilder sb = new StringBuilder();
        for (String str : list) {
            if (sb.length() > 0) {
                sb.append(";");
            }
            sb.append(str);
        }
        return sb.toString();
    }

    public static String getTraceHeader(Map<String, String> map) {
        String str = "";
        if (map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) {
            str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER);
            if (str == null || str.trim().isEmpty()) {
                str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase());
            }
        }
        return str;
    }

    public static boolean isRequestLockAcquired() {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(getNrSecCustomAttribName(), Boolean.class))) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            return false;
        }
    }

    public static boolean acquireRequestLockIfPossible() {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || isRequestLockAcquired()) {
                return false;
            }
            NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), true);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public static void releaseRequestLock() {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttribName(), null);
            }
        } catch (Throwable th) {
        }
    }

    private static String getNrSecCustomAttribName() {
        return "SERVLET_LOCK-" + Thread.currentThread().getId();
    }

    public static String getNrSecCustomAttribForPostProcessing() {
        return NR_SEC_CUSTOM_ATTRIB_NAME_POST_PROCESSING + Thread.currentThread().getId();
    }

    public static void processPropertiesDelegate(PropertiesDelegate propertiesDelegate, HttpRequest httpRequest) {
        if (!StringUtils.equals(propertiesDelegate.getClass().getName(), ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_GRIZZLY_REQUEST_PROPERTIES_DELEGATE)) {
            if (!StringUtils.equals(propertiesDelegate.getClass().getName(), ORG_GLASSFISH_JERSEY_GRIZZLY_2_HTTPSERVER_TRACING_AWARE_PROPERTIES_DELEGATE)) {
                NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, "This case is not covered."), HttpRequestHelper.class.getName());
                NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, "This case is not covered."), null, HttpRequestHelper.class.getName());
                return;
            }
            try {
                Field declaredField = propertiesDelegate.getClass().getDeclaredField(FIELD_PROPERTIES_DELEGATE);
                declaredField.setAccessible(true);
                processPropertiesDelegate((PropertiesDelegate) declaredField.get(propertiesDelegate), httpRequest);
                return;
            } catch (IllegalAccessException | NoSuchFieldException e) {
                NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, e.getMessage()), e, HttpRequestHelper.class.getName());
                NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, e.getMessage()), e, HttpRequestHelper.class.getName());
                return;
            }
        }
        try {
            Field declaredField2 = propertiesDelegate.getClass().getDeclaredField("request");
            declaredField2.setAccessible(true);
            Object obj = declaredField2.get(propertiesDelegate);
            Class<?> cls = obj.getClass();
            Method method = cls.getMethod(METHOD_GET_REMOTE_ADDR, new Class[0]);
            Method method2 = cls.getMethod(METHOD_GET_REMOTE_PORT, new Class[0]);
            Method method3 = cls.getMethod(METHOD_GET_LOCAL_PORT, new Class[0]);
            Method method4 = cls.getMethod(METHOD_GET_SCHEME, new Class[0]);
            Method method5 = cls.getMethod(METHOD_GET_CONTENT_TYPE, new Class[0]);
            httpRequest.setClientIP(String.valueOf(method.invoke(obj, new Object[0])));
            httpRequest.setClientPort(String.valueOf(method2.invoke(obj, new Object[0])));
            httpRequest.setServerPort(((Integer) method3.invoke(obj, new Object[0])).intValue());
            httpRequest.setProtocol((String) method4.invoke(obj, new Object[0]));
            httpRequest.setContentType((String) method5.invoke(obj, new Object[0]));
        } catch (IllegalAccessException | NoSuchFieldException | NoSuchMethodException | InvocationTargetException e2) {
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, e2.getMessage()), e2, HttpRequestHelper.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, JERSEY_3, e2.getMessage()), e2, HttpRequestHelper.class.getName());
        }
    }

    public static void registerInputStreamHashIfNeeded(int i) {
        try {
            Set set = (Set) NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("REQUEST_INPUTSTREAM_HASH", Set.class);
            if (set == null) {
                set = new HashSet();
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("REQUEST_INPUTSTREAM_HASH", set);
            }
            set.add(Integer.valueOf(i));
        } catch (Throwable th) {
        }
    }

    public static void registerUserLevelCode(String str) {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) {
                return;
            }
            SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
            if (!securityMetaData.getMetaData().isUserLevelServiceMethodEncountered(str)) {
                securityMetaData.getMetaData().setUserLevelServiceMethodEncountered(true);
                StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
                securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, 2, stackTrace.length));
            }
        } catch (Throwable th) {
        }
    }
}
