package com.newrelic.api.agent.security.instrumentation.helpers;

import com.newrelic.api.agent.security.NewRelicSecurity;
import com.newrelic.api.agent.security.schema.APIRecordStatus;
import com.newrelic.api.agent.security.schema.K2RequestIdentifier;
import com.newrelic.api.agent.security.schema.SecurityMetaData;
import com.newrelic.api.agent.security.schema.StringUtils;
import com.newrelic.api.agent.security.schema.operation.SecureCookieOperationSet;
import com.newrelic.api.agent.security.utils.logging.LogLevel;
import java.io.File;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.InvalidPathException;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.kuali.kfs.sys.KFSConstants;

/* JADX WARN: Classes with same name are omitted:
  input_file:newrelic/newrelic-agent.jar:newrelic-security-api.jar:com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.class
 */
/* loaded from: input_file:newrelic/newrelic-agent.jar:newrelic-security-agent.jar:com/newrelic/api/agent/security/instrumentation/helpers/ServletHelper.class */
public class ServletHelper {
    public static final String SEPARATOR_SEMICOLON = ":IAST:";
    public static final String NR_CSEC_VALIDATOR_HOME_TMP_URL_ENCODED = "%7B%7BNR_CSEC_VALIDATOR_HOME_TMP%7D%7D";
    public static final String NR_CSEC_VALIDATOR_HOME_TMP = "/{{NR_CSEC_VALIDATOR_HOME_TMP}}";
    public static final String CSEC_IAST_FUZZ_REQUEST_ID = "nr-csec-fuzz-request-id";
    public static final String CSEC_DISTRIBUTED_TRACING_HEADER = "NR-CSEC-TRACING-DATA";
    public static final String SERVLET_GET_IS_OPERATION_LOCK = "SERVLET_GET_IS_OPERATION_LOCK-";
    public static final String SERVLET_GET_READER_OPERATION_LOCK = "SERVLET_GET_READER_OPERATION_LOCK-";
    public static final String SERVLET_GET_OS_OPERATION_LOCK = "SERVLET_GET_OS_OPERATION_LOCK-";
    public static final String SERVLET_GET_WRITER_OPERATION_LOCK = "SERVLET_GET_WRITER_OPERATION_LOCK-";
    public static final String NR_SEC_HTTP_SESSION_ATTRIB_NAME = "NR-CSEC-HTTP-SESSION-";
    public static final String NR_SEC_HTTP_SERVLET_RESPONSE_ATTRIB_NAME = "NR-CSEC-HTTP-SERVLET-RESPONSE-";
    private static Set<String> filesToRemove = ConcurrentHashMap.newKeySet();
    private static final Set<String> unsupportedContentType = new HashSet<String>() { // from class: com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper.1
        {
            add(KFSConstants.ReportGeneration.ZIP_MIME_TYPE);
            add("application/epub+zip");
            add("application/gzip");
            add("application/java-archive");
            add("application/msword");
            add("application/octet-stream");
            add("application/ogg");
            add("application/pdf");
            add("application/rtf");
            add("application/vnd.amazon.ebook");
            add("application/vnd.apple.installer+xml");
            add("application/vnd.ms-excel");
            add("application/vnd.ms-fontobject");
            add("application/vnd.ms-powerpoint");
            add("application/vnd.oasis.opendocument.presentation");
            add("application/vnd.oasis.opendocument.spreadsheet");
            add("application/vnd.oasis.opendocument.text");
            add("application/vnd.openxmlformats-officedocument.presentationml.presentation");
            add("application/vnd.openxmlformats-officedocument.spreadsheetml.sheet");
            add("application/vnd.openxmlformats-officedocument.wordprocessingml.document");
            add("application/vnd.rar");
            add("application/vnd.visio");
            add("application/x-7z-compressed");
            add("application/x-abiword");
            add("application/x-bzip");
            add("application/x-bzip2");
            add("application/x-cdf");
            add("application/x-freearc");
            add("application/x-tar");
            add("text/calendar");
        }
    };

    public static K2RequestIdentifier parseFuzzRequestIdentifierHeader(String str) {
        K2RequestIdentifier k2RequestIdentifier = new K2RequestIdentifier();
        if (StringUtils.isBlank(str)) {
            k2RequestIdentifier.setRaw("");
            return k2RequestIdentifier;
        }
        if (StringUtils.isNotBlank(str)) {
            k2RequestIdentifier.setRaw(str);
            if (!NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getEnabled().booleanValue() || !NewRelicSecurity.getAgent().getCurrentPolicy().getVulnerabilityScan().getIastScan().getEnabled().booleanValue()) {
                return k2RequestIdentifier;
            }
            String[] splitByWholeSeparatorWorker = StringUtils.splitByWholeSeparatorWorker(str, SEPARATOR_SEMICOLON, -1, true);
            if (splitByWholeSeparatorWorker.length >= 8) {
                k2RequestIdentifier.setApiRecordId(splitByWholeSeparatorWorker[0].trim());
                k2RequestIdentifier.setRefId(splitByWholeSeparatorWorker[1].trim());
                k2RequestIdentifier.setRefValue(splitByWholeSeparatorWorker[2].trim());
                k2RequestIdentifier.setNextStage(APIRecordStatus.valueOf(splitByWholeSeparatorWorker[3].trim()));
                k2RequestIdentifier.setRecordIndex(Integer.valueOf(Integer.parseInt(splitByWholeSeparatorWorker[4].trim())));
                k2RequestIdentifier.setK2Request(true);
                k2RequestIdentifier.setRefKey(splitByWholeSeparatorWorker[5].trim());
                if (!StringUtils.isAnyBlank(splitByWholeSeparatorWorker[6], splitByWholeSeparatorWorker[7])) {
                    String trim = splitByWholeSeparatorWorker[6].trim();
                    String trim2 = splitByWholeSeparatorWorker[7].trim();
                    String decryptAndVerify = NewRelicSecurity.getAgent().decryptAndVerify(trim, trim2);
                    if (StringUtils.isBlank(decryptAndVerify)) {
                        NewRelicSecurity.getAgent().log(LogLevel.WARNING, String.format("Request Identifier decryption of files failed : %s hash : %s", trim, trim2), ServletHelper.class.getName());
                        return k2RequestIdentifier;
                    }
                    fileCreationForReplayRequest(decryptAndVerify, k2RequestIdentifier);
                }
            }
        }
        return k2RequestIdentifier;
    }

    private static void fileCreationForReplayRequest(String str, K2RequestIdentifier k2RequestIdentifier) {
        for (String str2 : StringUtils.splitByWholeSeparatorWorker(str, ",", -1, false)) {
            String trim = str2.trim();
            if (StringUtils.contains(trim, NR_CSEC_VALIDATOR_HOME_TMP_URL_ENCODED)) {
                trim = urlDecode(trim);
            }
            String replace = StringUtils.replace(trim, "/{{NR_CSEC_VALIDATOR_HOME_TMP}}", NewRelicSecurity.getAgent().getAgentTempDir());
            if (ThreadLocalLockHelper.acquireLock()) {
                try {
                    try {
                        try {
                            File file = new File(replace);
                            if (file.getParentFile() != null) {
                                File file2 = file;
                                while (file2 != null && file2.getParentFile() != null && !file2.getParentFile().exists()) {
                                    file2 = file2.getParentFile();
                                }
                                filesToRemove.add(file2.getAbsolutePath());
                                file.getParentFile().mkdirs();
                            }
                            if (!file.exists()) {
                                Files.createFile(file.toPath(), new FileAttribute[0]);
                                k2RequestIdentifier.getTempFiles().add(replace);
                            }
                        } catch (IOException | InvalidPathException e) {
                            ThreadLocalLockHelper.releaseLock();
                        }
                    } catch (Throwable th) {
                        NewRelicSecurity.getAgent().log(LogLevel.INFO, String.format("Error while parsing fuzz request : %s", th.getMessage()), th, ServletHelper.class.getName());
                        ThreadLocalLockHelper.releaseLock();
                    }
                } catch (Throwable th2) {
                    ThreadLocalLockHelper.releaseLock();
                    throw th2;
                }
            }
            ThreadLocalLockHelper.releaseLock();
        }
    }

    public static String urlDecode(String str) {
        String str2;
        try {
            str2 = URLDecoder.decode(str, StandardCharsets.UTF_8.name());
        } catch (Throwable th) {
            str2 = str;
        }
        return str2;
    }

    public static boolean registerUserLevelCode(String str) {
        return registerUserLevelCode(str, false);
    }

    public static boolean registerUserLevelCode(String str, boolean z) {
        try {
            if (!NewRelicSecurity.isHookProcessingActive()) {
                return false;
            }
            if (NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty() && !z) {
                return false;
            }
            SecurityMetaData securityMetaData = NewRelicSecurity.getAgent().getSecurityMetaData();
            if (securityMetaData.getMetaData().isFoundAnnotedUserLevelServiceMethod()) {
                return false;
            }
            securityMetaData.getMetaData().setUserLevelServiceMethodEncountered(true);
            securityMetaData.getMetaData().setUserLevelServiceMethodEncounteredFramework(str);
            StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
            securityMetaData.getMetaData().setServiceTrace((StackTraceElement[]) Arrays.copyOfRange(stackTrace, z ? 2 : 3, stackTrace.length));
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public static boolean setFoundAnnotedUserLevelServiceMethod() {
        try {
            if (!NewRelicSecurity.isHookProcessingActive() || NewRelicSecurity.getAgent().getSecurityMetaData().getRequest().isEmpty()) {
                return false;
            }
            NewRelicSecurity.getAgent().getSecurityMetaData().getMetaData().setFoundAnnotedUserLevelServiceMethod(true);
            return true;
        } catch (Throwable th) {
            return false;
        }
    }

    public static Set<String> getFilesToRemove() {
        return filesToRemove;
    }

    public static void tmpFileCleanUp(List<String> list) {
        if (ThreadLocalLockHelper.acquireLock()) {
            try {
                Iterator<String> it = list.iterator();
                while (it.hasNext()) {
                    try {
                        Files.deleteIfExists(Paths.get(it.next(), new String[0]));
                    } catch (IOException | InvalidPathException e) {
                    }
                }
            } finally {
                ThreadLocalLockHelper.releaseLock();
            }
        }
    }

    public static boolean isResponseContentTypeExcluded(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        if (StringUtils.startsWithAny(lowerCase, "audio/", "video/", "image/", "font/")) {
            return true;
        }
        return unsupportedContentType.contains(lowerCase);
    }

    public static void executeBeforeExitingTransaction() {
        if (Boolean.TRUE.equals((Boolean) NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("EXIT_RECORDED", Boolean.class)) || !NewRelicSecurity.isHookProcessingActive()) {
            return;
        }
        if (NewRelicSecurity.getAgent().getSecurityMetaData().getResponse().getResponseCode() >= 500) {
            NewRelicSecurity.getAgent().recordExceptions(NewRelicSecurity.getAgent().getSecurityMetaData(), (Exception) NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("ENDMOST_EXCEPTION", Exception.class));
        }
        SecureCookieOperationSet secureCookieOperationSet = (SecureCookieOperationSet) NewRelicSecurity.getAgent().getSecurityMetaData().getCustomAttribute("SECURE_COOKIE_OPERATION", SecureCookieOperationSet.class);
        if (secureCookieOperationSet != null) {
            NewRelicSecurity.getAgent().registerOperation(secureCookieOperationSet);
            NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("SECURE_COOKIE_OPERATION", null);
        }
        NewRelicSecurity.getAgent().getSecurityMetaData().addCustomAttribute("EXIT_RECORDED", true);
    }
}
