package com.newrelic.agent.security.instrumentation.grpc1400;

import com.google.protobuf.Descriptors;
import com.newrelic.agent.deps.io.grpc.internal.GrpcUtil;
import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.instrumentation.helpers.GenericHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.GrpcHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ICsecApiConstants;
import com.newrelic.api.agent.security.instrumentation.helpers.LowSeverityHelper;
import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
import com.newrelic.api.agent.security.schema.AgentMetaData;
import com.newrelic.api.agent.security.schema.HttpRequest;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.exceptions.NewRelicSecurityException;
import com.newrelic.api.agent.security.schema.operation.RXSSOperation;
import com.newrelic.api.agent.security.schema.policy.AgentPolicy;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import io.grpc.Grpc;
import io.grpc.Metadata;
import io.grpc.ServerMethodDefinition;
import io.grpc.internal.ServerStream_Instrumentation;
import java.net.SocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:newrelic/newrelic-agent.jar:newrelic-security-agent.jar:instrumentation-security/csec-grpc-1.40.0-1.0.jar:com/newrelic/agent/security/instrumentation/grpc1400/GrpcServerUtils.class */
public class GrpcServerUtils {
    public static final String LIBRARY_NAME = "gRPC";
    private static final String X_FORWARDED_FOR = "x-forwarded-for";
    private static final String EMPTY = "";
    public static final String METHOD_NAME_START_CALL = "startCall";
    public static final String NR_SEC_CUSTOM_ATTRIB_NAME = "NR_CSEC_GRPC_SERVER_OPERATIONAL_LOCK_";
    private static Set<Descriptors.Descriptor> typeRegistries = new HashSet();

    public static <ReqT, ResT> void preprocessSecurityHook(ServerStream_Instrumentation serverStream_Instrumentation, ServerMethodDefinition<ReqT, ResT> serverMethodDefinition, Metadata metadata, String str) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
                HttpRequest request = securityMetaData.getRequest();
                if (request.isRequestParsed()) {
                    return;
                }
                URI uri = null;
                String authority = serverStream_Instrumentation.getAuthority();
                String fullMethodName = serverMethodDefinition.getMethodDescriptor().getFullMethodName();
                try {
                    uri = new URI("grpc", authority, "/" + fullMethodName, null, null);
                } catch (URISyntaxException e) {
                    NewRelicSecurity.getAgent().log(LogLevel.SEVERE, e.getMessage(), e, GrpcServerUtils.class.getName());
                    NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, e.getMessage(), e, GrpcServerUtils.class.getName());
                }
                AgentMetaData metaData = securityMetaData.getMetaData();
                request.setMethod(fullMethodName);
                String obj = ((SocketAddress) serverStream_Instrumentation.getAttributes().get(Grpc.TRANSPORT_ATTR_REMOTE_ADDR)).toString();
                String obj2 = ((SocketAddress) serverStream_Instrumentation.getAttributes().get(Grpc.TRANSPORT_ATTR_LOCAL_ADDR)).toString();
                request.setClientIP(GrpcHelper.getFormattedIp(obj));
                request.setServerPort(Integer.parseInt(GrpcHelper.getPort(obj2)));
                if (request.getClientIP() != null && !request.getClientIP().trim().isEmpty()) {
                    metaData.getIps().add(request.getClientIP());
                    request.setClientPort(GrpcHelper.getPort(obj));
                }
                processGRPCRequestMetadata(metadata, request);
                securityMetaData.setTracingHeaderValue(getTraceHeader(request.getHeaders()));
                if (serverStream_Instrumentation.getAttributes().get(Grpc.TRANSPORT_ATTR_SSL_SESSION) != null) {
                    request.setProtocol("https");
                } else {
                    request.setProtocol("http");
                }
                request.setUrl(String.valueOf(uri));
                request.setIsGrpc(true);
                request.setContentType((String) metadata.get(Metadata.Key.of("content-type", Metadata.ASCII_STRING_MARSHALLER)));
                request.setRequestParsed(true);
                NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().addReflectedMetaData(GrpcHelper.REQUEST_TYPE, String.valueOf(serverMethodDefinition.getMethodDescriptor().getType()));
            }
        } catch (Throwable th) {
            NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.ERROR_GENERATING_HTTP_REQUEST, GrpcUtils.GRPC_1_40_0, th.getMessage()), th, GrpcServerUtils.class.getName());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static void postProcessSecurityHook(Metadata metadata, int i, String str, String str2) {
        try {
            if (!NewRelicSecurity.getAgent().getIastDetectionCategory().getRxssEnabled().booleanValue() && NewRelicSecurity.isHookProcessingActive()) {
                NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseCode(i);
                ServletHelper.executeBeforeExitingTransaction();
                LowSeverityHelper.addRrequestUriToEventFilter(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest());
                Set<String> keys = metadata.keys();
                for (String str3 : keys) {
                    NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getHeaders().put(str3, metadata.get(Metadata.Key.of(str3, Metadata.ASCII_STRING_MARSHALLER)));
                }
                if (keys.contains("content-type")) {
                    NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType((String) metadata.get(Metadata.Key.of("content-type", Metadata.ASCII_STRING_MARSHALLER)));
                } else {
                    NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().setResponseContentType(GrpcUtil.CONTENT_TYPE_GRPC);
                }
                if (!ServletHelper.isResponseContentTypeExcluded(NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseContentType())) {
                    NewRelicSecurity.getAgent().registerOperation(new RXSSOperation(NewRelicSecurity.getAgent().getSecurityMetaData().getRequest(), NewRelicSecurity.getAgent().getSecurityMetaData().getResponse(), str, str2));
                }
                ServletHelper.tmpFileCleanUp(NewRelicSecurity.getAgent().getSecurityMetaData().getFuzzRequestIdentifier().getTempFiles());
            }
        } catch (Throwable th) {
            if (th instanceof NewRelicSecurityException) {
                NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format(GenericHelper.SECURITY_EXCEPTION_MESSAGE, GrpcUtils.GRPC_1_40_0, th.getMessage()), th, GrpcServerUtils.class.getName());
                throw th;
            }
            NewRelicSecurity.getAgent().log(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, GrpcUtils.GRPC_1_40_0, th.getMessage()), th, GrpcServerUtils.class.getName());
            NewRelicSecurity.getAgent().reportIncident(LogLevel.SEVERE, String.format(GenericHelper.REGISTER_OPERATION_EXCEPTION_MESSAGE, GrpcUtils.GRPC_1_40_0, th.getMessage()), th, GrpcServerUtils.class.getName());
        }
    }

    public static void releaseLock() {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttrName(), null);
            }
        } catch (Throwable th) {
        }
    }

    private static String getNrSecCustomAttrName() {
        return "NR_CSEC_GRPC_SERVER_OPERATIONAL_LOCK_" + Thread.currentThread().getId();
    }

    public static boolean acquireLockIfPossible() {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || isLockAcquired(getNrSecCustomAttrName())) {
                return false;
            }
            NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(getNrSecCustomAttrName(), true);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    private static boolean isLockAcquired(String str) {
        try {
            if (NewRelicSecurity.isHookProcessingActive()) {
                if (Boolean.TRUE.equals(NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute(str, Boolean.class))) {
                    return true;
                }
            }
            return false;
        } catch (Throwable th) {
            return false;
        }
    }

    public static String getTraceHeader(Map<String, String> map) {
        String str = "";
        if (map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER) || map.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase())) {
            str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER);
            if (str == null || str.trim().isEmpty()) {
                str = map.get(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase());
            }
        }
        return str;
    }

    public static void processGRPCRequestMetadata(Metadata metadata, HttpRequest httpRequest) {
        for (String str : metadata.keys()) {
            boolean z = false;
            AgentPolicy currentPolicy = NewRelicSecurity.getAgent().getCurrentPolicy();
            AgentMetaData metaData = NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData();
            if (currentPolicy != null && currentPolicy.getProtectionMode().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getEnabled().booleanValue() && currentPolicy.getProtectionMode().getIpBlocking().getIpDetectViaXFF().booleanValue() && X_FORWARDED_FOR.equals(str)) {
                z = true;
            } else if (ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().setFuzzRequestIdentifier(ServletHelper.parseFuzzRequestIdentifierHeader((String) metadata.get(Metadata.Key.of(str, Metadata.ASCII_STRING_MARSHALLER))));
            } else if (GenericHelper.CSEC_PARENT_ID.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(GenericHelper.CSEC_PARENT_ID, metadata.get(Metadata.Key.of(str, Metadata.ASCII_STRING_MARSHALLER)));
            } else if (ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST.equals(str)) {
                NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute(ICsecApiConstants.NR_CSEC_JAVA_HEAD_REQUEST, true);
            }
            String str2 = "";
            for (String str3 : ((String) metadata.get(Metadata.Key.of(str, Metadata.ASCII_STRING_MARSHALLER))).split(";")) {
                if (str3 != null && !str3.trim().isEmpty()) {
                    if (z) {
                        metaData.setClientDetectedFromXFF(true);
                        httpRequest.setClientIP(str3);
                        metaData.getIps().add(httpRequest.getClientIP());
                        httpRequest.setClientPort("");
                        z = false;
                    }
                    str2 = str2.trim().isEmpty() ? str3 : String.join(";", str2, str3);
                }
            }
            httpRequest.getHeaders().put(str, str2);
        }
    }

    public static Descriptors.Descriptor getMessageTypeDescriptor(String str) {
        for (Descriptors.Descriptor descriptor : typeRegistries) {
            if (descriptor != null && str.equals(descriptor.getFullName())) {
                return descriptor;
            }
        }
        return null;
    }

    public static void addToTypeRegistries(Descriptors.Descriptor descriptor) {
        typeRegistries.add(descriptor);
    }
}
