package com.cisco.argento.methodhandlers;

import com.cisco.argento.core.ArgentoSecurityException;
import com.cisco.argento.core.RuntimeInfo;
import com.cisco.argento.core.SecurityEvent;
import com.cisco.argento.events.InfrequentEvents;
import com.cisco.argento.events.process.EventProcessor;
import com.cisco.argento.events.reports.ReportEventBuilder;
import com.cisco.argento.loadhandlers.BootstrapLoadHandler;
import com.cisco.argento.management.AgentPolicy;
import com.cisco.argento.utils.EventUtils;
import com.cisco.argento.utils.HandlerUtils;
import com.cisco.argento.utils.ServletUtils;
import com.cisco.mtagent.tenant.MTAgentTenantAPI;
import java.lang.ref.WeakReference;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicInteger;
import lombok.Generated;
import org.picocontainer.Characteristics;

/* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/methodhandlers/ServletServiceMethodHandler.class */
public class ServletServiceMethodHandler extends MTAgentTenantAPI.TenantMethodHandler {
    public static final String HTTP_HEADER_CISCO_COMMAND_BLOCK = "block";
    private static final String HTTP_HEADER_APPDYNAMICS = "singularityheader";
    private static final String RECURSIVE_ENTRY_CONTEXT = "Recursive-Entry";
    private static boolean enableUnauthUserCheck = MTAgentTenantAPI.getPropertyOrEnv(AgentPolicy.ARGENTO_IGNORE_AUTH_USER_PROPERTY, Characteristics.FALSE).equalsIgnoreCase(Characteristics.TRUE);
    private static boolean enableUnencryptCheck = MTAgentTenantAPI.getPropertyOrEnv(AgentPolicy.ARGENTO_IGNORE_UNENCRYPT_PROPERTY, Characteristics.FALSE).equalsIgnoreCase(Characteristics.TRUE);
    private static final boolean immediateExitOnEntryHandler = MTAgentTenantAPI.getPropertyOrEnv(AgentPolicy.ARGENTO_IMMEDIATE_EXIT_ON_SERVLET_ENTRY_HANDLER_PROPERTY, Characteristics.FALSE).equalsIgnoreCase(Characteristics.TRUE);
    private static final boolean immediateExitOnExitHandler = MTAgentTenantAPI.getPropertyOrEnv(AgentPolicy.ARGENTO_IMMEDIATE_EXIT_ON_SERVLET_EXIT_HANDLER_PROPERTY, Characteristics.FALSE).equalsIgnoreCase(Characteristics.TRUE);
    private final HandlerUtils handlerUtils;
    private final ServletUtils servletUtils;
    private final MTAgentTenantAPI mtAgentTenantAPI;
    private final EventUtils eventUtils;
    private final EventProcessor eventProcessor;
    private final ReportEventBuilder reportEventBuilder;
    private final RuntimeInfo runtimeInfo;
    private final InfrequentEvents infrequentEvents;
    private long requestCount;
    private ServletUtils.ApplicationServerProfile applicationServerProfile;
    private boolean dumpRequests = false;
    private boolean setHeadersOnRequest = false;
    private String appServerType = null;
    private String appServerPath = null;
    private String appServerRootPath = null;
    private String appServerRootPathUpperCaseMatch = "NeverMatch";
    private final Map<Object, ServletStats> servletStatsHash = Collections.synchronizedMap(new WeakHashMap());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:oss-agent-mtagent-extension-deployment.jar:argentoDynamicService/argento-security-extension/tenants/argento/lib/argento-tenant.jar:com/cisco/argento/methodhandlers/ServletServiceMethodHandler$ServletStats.class */
    public static class ServletStats {
        final String name;
        String serverName;
        String appWebappsPath;
        String appPath;
        String appName;
        String appType;
        WeakReference<ClassLoader> appClassLoader;
        long requests;
        long unsafeCookies;
        long inSecureRequests;
        long unauthenticatedUser;
        final String stack;
        final Map<String, String> detailsMap = new ConcurrentHashMap();
        final boolean headersOnRequest;
        final String requestDump;

        ServletStats(String str, String str2, boolean z, String str3) {
            this.name = str;
            this.stack = str2;
            this.headersOnRequest = z;
            this.requestDump = str3;
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("<br>>>> Servlet Name: " + this.name + "<br>");
            sb.append("<br>Servlet Loader: " + MTAgentTenantAPI.getAPIInstance().getLoaderObjectString(this.appClassLoader.get()) + "<br>");
            sb.append("<br>Set headers in request: " + this.headersOnRequest + "<br>");
            sb.append("<br>Application Webapps Path: " + this.appWebappsPath + "<br>");
            sb.append("<br>Application Servlet Path: " + this.appPath + "<br>");
            sb.append("<br>Application Name: " + this.appName + "<br>");
            sb.append("<br>Application Type: " + this.appType + "<br>");
            sb.append("<br>Server Name: " + this.serverName + "<br>");
            sb.append("<br>Servlet Calls: " + this.requests + "<br>");
            sb.append("<br>Unsafe Cookie Calls: " + this.unsafeCookies + "<br>");
            sb.append("<br>Insecure Calls: " + this.inSecureRequests + "<br>");
            sb.append("<br>Unauthenticated User Calls: " + this.unauthenticatedUser + "<br>");
            sb.append("<br>First Servlet Request: <br>" + this.requestDump + ": <br>");
            sb.append("<br>Call Stack: <br>" + this.stack.replace("\n", "<br>") + ": <br>");
            return sb.toString();
        }
    }

    public ServletServiceMethodHandler(HandlerUtils handlerUtils, ServletUtils servletUtils, MTAgentTenantAPI mTAgentTenantAPI, EventUtils eventUtils, EventProcessor eventProcessor, ReportEventBuilder reportEventBuilder, RuntimeInfo runtimeInfo, InfrequentEvents infrequentEvents) {
        this.handlerUtils = handlerUtils;
        this.servletUtils = servletUtils;
        this.mtAgentTenantAPI = mTAgentTenantAPI;
        this.eventUtils = eventUtils;
        this.eventProcessor = eventProcessor;
        this.reportEventBuilder = reportEventBuilder;
        this.runtimeInfo = runtimeInfo;
        this.infrequentEvents = infrequentEvents;
    }

    private void setApplicationHome() {
        this.applicationServerProfile = this.servletUtils.getApplicationServerProfile();
        this.appServerPath = this.applicationServerProfile.getPath();
        this.appServerRootPath = this.applicationServerProfile.getPath();
        this.appServerRootPath = this.applicationServerProfile.getRootPath();
        if (this.appServerPath != null) {
            this.mtAgentTenantAPI.log("Web Application home discovered from property is " + this.appServerPath);
            this.appServerRootPathUpperCaseMatch = this.mtAgentTenantAPI.isDoUpperCaseMatch() ? this.appServerRootPath.toUpperCase() : this.appServerRootPath;
        } else {
            this.mtAgentTenantAPI.logError("Unable to get the My Application server home from properties...");
        }
        this.setHeadersOnRequest = this.servletUtils.doSetHeadersOnRequest();
        if (this.setHeadersOnRequest) {
            this.mtAgentTenantAPI.log("NOTE: Setting up to add headers in the handlerEntry...");
        }
    }

    private void processCiscoCommandOnEntry(Object[] objArr, SecurityEvent securityEvent) throws SecurityException {
        String str = (String) this.servletUtils.getInsertedHeaderOrParameter(objArr[0], AgentPolicy.getPolicy().getRequestControlHeader());
        if (str != null) {
            this.mtAgentTenantAPI.logWarning("Received Cisco Command in HTTP Header: " + str);
            if (str.equalsIgnoreCase(HTTP_HEADER_CISCO_COMMAND_BLOCK)) {
                this.servletUtils.executeBlockingAction();
            }
        }
    }

    private void addAppdPropertiesToMap(Map<String, String> map) {
        if (BootstrapLoadHandler.getAppdNodeName().equalsIgnoreCase("undefined")) {
            return;
        }
        map.put("tx.appd.node.name", BootstrapLoadHandler.getAppdNodeName());
        map.put("tx.appd.app.name", BootstrapLoadHandler.getAppdAppName());
        map.put("tx.appd.tier.name", BootstrapLoadHandler.getAppdTierName());
    }

    public String showApplicationStats() {
        StringBuilder sb = new StringBuilder();
        sb.append("<br>>>>>> Application Server Info >>>>>>");
        sb.append("<br><br>Application Server Type: " + this.appServerType);
        sb.append("<br><br>Application Server Path: " + this.appServerPath);
        sb.append("<br><br>Application Server Root Path: " + this.appServerRootPath);
        sb.append("<br><br>>>>>> Servlets >>>>>>");
        sb.append(showServletStats());
        return sb.toString();
    }

    private ServletStats getServletStats(Object obj, Object obj2) {
        ServletStats servletStats = this.servletStatsHash.get(obj);
        if (servletStats == null) {
            servletStats = new ServletStats(obj.getClass().getName(), this.mtAgentTenantAPI.getStackTrace(6), this.setHeadersOnRequest, this.servletUtils.dumpHttpRequest(obj2).replace("\n", "<br>"));
            this.servletStatsHash.put(obj, servletStats);
            updateServletDetails(obj, servletStats, obj2);
        }
        servletStats.requests++;
        return servletStats;
    }

    private void updateServletDetails(Object obj, ServletStats servletStats, Object obj2) {
        addAppdPropertiesToMap(servletStats.detailsMap);
        Object servletContext = this.servletUtils.getServletContext(obj2);
        Object servletContextName = this.servletUtils.getServletContextName(servletContext);
        String webPath = this.servletUtils.getWebPath(servletContext);
        String serverName = this.servletUtils.getServerName(servletContext);
        servletStats.detailsMap.put("tx.detail.appname", servletContextName != null ? servletContextName.toString() : "Unknown");
        servletStats.detailsMap.put("tx.detail.webapp.path", webPath != null ? webPath : "Unknown");
        servletStats.detailsMap.put("tx.detail.app.path", this.appServerPath != null ? this.appServerPath : "Unknown");
        servletStats.detailsMap.put("tx.detail.app.type", this.appServerType != null ? this.appServerType : "Unknown");
        servletStats.detailsMap.put("tx.detail.server.name", serverName != null ? serverName : "Unknown");
        servletStats.appWebappsPath = webPath != null ? webPath.toString() : "Unknown";
        servletStats.appClassLoader = new WeakReference<>(obj.getClass().getClassLoader());
        servletStats.appName = servletContextName != null ? servletContextName.toString() : null;
        servletStats.appPath = this.appServerPath;
        servletStats.appType = this.appServerType;
        servletStats.serverName = serverName;
        this.mtAgentTenantAPI.log("Setting the New Servlet Details: \n" + servletStats.toString().replace("<br>", "\n"));
    }

    private int incrementEntryCount() {
        AtomicInteger atomicInteger = (AtomicInteger) this.mtAgentTenantAPI.getThreadContext(RECURSIVE_ENTRY_CONTEXT);
        if (atomicInteger == null) {
            atomicInteger = new AtomicInteger();
            this.mtAgentTenantAPI.setThreadContext(RECURSIVE_ENTRY_CONTEXT, atomicInteger);
        }
        return atomicInteger.incrementAndGet();
    }

    private int decrementEntryCount() {
        AtomicInteger atomicInteger = (AtomicInteger) this.mtAgentTenantAPI.getThreadContext(RECURSIVE_ENTRY_CONTEXT);
        if (atomicInteger == null) {
            return -1;
        }
        return atomicInteger.decrementAndGet();
    }

    @Override // com.cisco.mtagent.boot.registry.MethodHandlerRegistry.LoadHandler, com.cisco.mtagent.boot.registry.MethodHandlerRegistry.MethodHandler
    public void handlerEntry(Object obj, Object[] objArr, String str, String str2, String str3, String str4) {
        if (incrementEntryCount() > 1) {
            return;
        }
        this.requestCount++;
        if (this.requestCount == 1) {
            setApplicationHome();
            if (AgentPolicy.getPolicy().isEventWaitFirstTransaction()) {
                this.eventUtils.enableEventsGlobal();
                this.mtAgentTenantAPI.log("Have the first transaction, now enabling events...");
            }
        }
        if (this.eventUtils.isThreadExcluded()) {
            return;
        }
        if ((str2.equals("doFilter") && AgentPolicy.getPolicy().isExcludeTransactionsServletFilter()) || this.eventUtils.isTransactionActive() || immediateExitOnEntryHandler) {
            return;
        }
        Object obj2 = objArr[0];
        this.eventUtils.disableEventsForThread();
        SecurityEvent securityEvent = new SecurityEvent();
        securityEvent.startSecurityEvent();
        securityEvent.setTransactionStartContext(obj, obj2);
        ServletStats servletStats = getServletStats(obj, obj2);
        securityEvent.setApplicationStaticDetails(servletStats.detailsMap);
        this.eventUtils.initTransactionSecurityEventCacheForThread(securityEvent);
        if (this.eventUtils.isDebug() || this.dumpRequests) {
            this.mtAgentTenantAPI.logDebug(this.servletUtils.dumpHttpRequest(obj2));
        }
        try {
            this.servletUtils.blockServletBasedOnClientPolicy(obj2);
            if (AgentPolicy.getPolicy().isRequestControlHeaderActive()) {
                processCiscoCommandOnEntry(objArr, securityEvent);
            }
            boolean isSecure = this.servletUtils.isSecure(obj2);
            if ((enableUnencryptCheck || !this.mtAgentTenantAPI.isProduction()) && !isSecure) {
                servletStats.inSecureRequests++;
                this.infrequentEvents.addUnencryptedHttpEvent(this.servletUtils.getFullURL(obj2));
            }
            if (this.setHeadersOnRequest) {
                String eventId = getEventId(obj2);
                securityEvent.setEventIdOnRequest(eventId);
                setEventIdHeader(objArr[1], eventId);
                setSecurityHeaders(objArr[1]);
            }
            this.eventUtils.enableEventsForThread();
        } catch (ArgentoSecurityException e) {
            if (AgentPolicy.getPolicy().isEventBlockEraseStack()) {
                this.mtAgentTenantAPI.eraseStackTrace(e);
            }
            handlerExit(e, obj, objArr, str, str2, str3, str4);
            throw e;
        }
    }

    @Override // com.cisco.mtagent.boot.registry.MethodHandlerRegistry.LoadHandler, com.cisco.mtagent.boot.registry.MethodHandlerRegistry.MethodHandler
    public void handlerExit(Object obj, Object obj2, Object[] objArr, String str, String str2, String str3, String str4) {
        if (decrementEntryCount() <= 1 && !this.eventUtils.isThreadExcluded()) {
            if (str2.equals("doFilter") && AgentPolicy.getPolicy().isExcludeTransactionsServletFilter()) {
                return;
            }
            if (!this.eventUtils.isTransactionActive()) {
                this.mtAgentTenantAPI.log("Warning - Servlet Service handlerExit with no transaction active for URL: " + this.servletUtils.getFullURL(objArr[0]));
                return;
            }
            SecurityEvent transactionSecurityEventCacheForThread = this.eventUtils.getTransactionSecurityEventCacheForThread();
            if (transactionSecurityEventCacheForThread.isThereTransactionStartContext(obj2) && !immediateExitOnExitHandler) {
                this.eventUtils.disableEventsForThread();
                try {
                    Object obj3 = objArr[0];
                    Object obj4 = objArr[1];
                    String contentType = this.servletUtils.getContentType(obj4);
                    String fullURL = this.servletUtils.getFullURL(obj3);
                    if (!this.mtAgentTenantAPI.doesMatchObjectWrapper(AgentPolicy.getPolicy().getExcludeTransactionUrls(), fullURL.toString()) && !this.mtAgentTenantAPI.doesMatchObjectWrapper(AgentPolicy.getPolicy().getExcludeTransactionTypes(), contentType)) {
                        String eventId = !this.setHeadersOnRequest ? getEventId(obj3) : transactionSecurityEventCacheForThread.getEventIdOnRequest();
                        ServletStats servletStats = getServletStats(obj2, obj3);
                        checkUnsafeCookies(fullURL, obj4, servletStats);
                        if ((enableUnauthUserCheck || !this.mtAgentTenantAPI.isProduction()) && this.servletUtils.isUnauthenticatedUser(obj3)) {
                            servletStats.unauthenticatedUser++;
                            this.infrequentEvents.addUnauthenticatedUserEvent(fullURL);
                        }
                        setTransactionDetails(obj2, fullURL.toString(), obj3, obj4, transactionSecurityEventCacheForThread);
                        this.servletUtils.checkSecurityHeaders(obj4);
                        boolean haveEventToSend = transactionSecurityEventCacheForThread.haveEventToSend();
                        if (!this.setHeadersOnRequest) {
                            setSecurityHeaders(obj4);
                        }
                        if (haveEventToSend) {
                            if (!this.setHeadersOnRequest) {
                                setEventIdHeader(obj4, eventId);
                            }
                            if (AgentPolicy.getPolicy().isSendEventAddHttpHeaders()) {
                                this.servletUtils.addHeadersToMap(obj3, transactionSecurityEventCacheForThread.getTransaction_details_map());
                            }
                            if (AgentPolicy.getPolicy().isSendEventAddHttpParams()) {
                                this.servletUtils.addParametersToMap(obj3, transactionSecurityEventCacheForThread.getTransaction_details_map());
                            }
                        }
                        if (this.eventUtils.isDebug()) {
                            this.mtAgentTenantAPI.logDebug(this.servletUtils.dumpHttpResponse(obj3, obj4));
                        }
                        transactionSecurityEventCacheForThread.endAndProcessSecurityEvent(eventId, haveEventToSend, true);
                    }
                } catch (Exception e) {
                    this.mtAgentTenantAPI.logError("Error with request..." + e + ", stack: " + this.mtAgentTenantAPI.getStackTrace(e));
                }
                this.mtAgentTenantAPI.clearThreadContext();
                this.eventUtils.clearTransactionSecurityEventCacheForThread();
                this.eventUtils.enableEventsForThread();
            }
        }
    }

    private void checkUnsafeCookies(String str, Object obj, ServletStats servletStats) {
        Collection<String> responseCookies = this.servletUtils.getResponseCookies(obj);
        if (responseCookies != null) {
            for (String str2 : responseCookies) {
                if (this.servletUtils.isUnsafeCookie(str2)) {
                    servletStats.unsafeCookies++;
                    this.infrequentEvents.addUnsafeCookieGenericEvent(str2, str);
                }
            }
        }
    }

    private String getEventId(Object obj) {
        String eventIdFromAPMAgent = getEventIdFromAPMAgent(obj);
        if (eventIdFromAPMAgent == null) {
            eventIdFromAPMAgent = this.eventUtils.getEventId();
        }
        return eventIdFromAPMAgent;
    }

    private String getEventIdFromAPMAgent(Object obj) {
        String[] altEventIdHeaders = AgentPolicy.getPolicy().getAltEventIdHeaders();
        if (altEventIdHeaders == null || altEventIdHeaders.length <= 0) {
            return null;
        }
        for (String str : altEventIdHeaders) {
            String str2 = (String) this.servletUtils.getInsertedHeaderOrParameter(obj, str);
            if (str2 != null) {
                return str2;
            }
        }
        return null;
    }

    private void setEventIdHeader(Object obj, String str) {
        if (AgentPolicy.getPolicy().isSendEventInHeader()) {
            this.servletUtils.setHeader(obj, "appdynamics.securityEventId", str);
        }
    }

    private void setSecurityHeaders(Object obj) {
        this.servletUtils.addSecurityHeaders(obj);
    }

    private void setTransactionDetails(Object obj, String str, Object obj2, Object obj3, SecurityEvent securityEvent) {
        securityEvent.initTransactionDetails();
        securityEvent.addTransactionDetail("tx.detail.url", str);
        securityEvent.addTransactionDetail("tx.detail.thread", Thread.currentThread().getName());
        setAppDynamicsTxInfo(obj2, obj3, securityEvent);
        String authType = this.servletUtils.getAuthType(obj2);
        if (authType != null) {
            securityEvent.addTransactionDetail("tx.detail.auth.type", authType);
        }
        Principal principal = (Principal) this.servletUtils.getUserPrincipal(obj2);
        if (principal != null) {
            securityEvent.addTransactionDetail("tx.detail.user", principal.getName());
            for (String str2 : AgentPolicy.getPolicy().getCheckRoles()) {
                if (this.servletUtils.isUserInRole(obj2, str2)) {
                    securityEvent.addTransactionDetail("tx.detail.role." + str2, Characteristics.TRUE);
                }
            }
            Object sessionObject = this.servletUtils.getSessionObject(obj2);
            if (sessionObject != null) {
                securityEvent.addTransactionDetail("tx.detail.session.id", this.mtAgentTenantAPI.getMethodValueNoException("getId", sessionObject).toString());
            }
        }
        String localAddress = this.servletUtils.getLocalAddress(obj2);
        int localPort = this.servletUtils.getLocalPort(obj2);
        securityEvent.addTransactionDetail("tx.detail.server.address", localAddress);
        securityEvent.addTransactionDetail("tx.detail.server.port", Integer.toString(localPort));
        securityEvent.addTransactionDetail("tx.detail.client.address", this.servletUtils.getClientAddressUsingHeaders(obj2));
        securityEvent.addTransactionDetail("tx.detail.local.client.address", this.servletUtils.getClientAddress(obj2));
        securityEvent.addTransactionDetail("tx.detail.client.port", Integer.toString(this.servletUtils.getRemotePort(obj2)));
        this.runtimeInfo.updateServerNameFromRequest(securityEvent.getTransaction_details_map().get("tx.detail.server.name"));
    }

    private void setAppDynamicsTxInfo(Object obj, Object obj2, SecurityEvent securityEvent) {
        String header = this.servletUtils.getHeader(obj, HTTP_HEADER_APPDYNAMICS);
        String header2 = this.servletUtils.getHeader(obj, HTTP_HEADER_APPDYNAMICS);
        if (header != null) {
            securityEvent.addTransactionDetail("tx.detail.in.correlation", header);
        }
        if (header2 != null) {
            securityEvent.addTransactionDetail("tx.detail.out.Correlation", header2);
        }
    }

    public String showServletStats() {
        StringBuilder sb = new StringBuilder();
        sb.append("<br><br>Servlet Details==><br>");
        Iterator<ServletStats> it = this.servletStatsHash.values().iterator();
        while (it.hasNext()) {
            sb.append(it.next().toString());
        }
        return sb.toString();
    }

    @Generated
    public void setDumpRequests(boolean z) {
        this.dumpRequests = z;
    }

    @Generated
    public boolean isDumpRequests() {
        return this.dumpRequests;
    }

    @Generated
    public void setSetHeadersOnRequest(boolean z) {
        this.setHeadersOnRequest = z;
    }

    @Generated
    public boolean isSetHeadersOnRequest() {
        return this.setHeadersOnRequest;
    }

    @Generated
    public Map<Object, ServletStats> getServletStatsHash() {
        return this.servletStatsHash;
    }

    @Generated
    public long getRequestCount() {
        return this.requestCount;
    }

    @Generated
    public String getAppServerType() {
        return this.appServerType;
    }

    @Generated
    public String getAppServerPath() {
        return this.appServerPath;
    }

    @Generated
    public String getAppServerRootPath() {
        return this.appServerRootPath;
    }

    @Generated
    public String getAppServerRootPathUpperCaseMatch() {
        return this.appServerRootPathUpperCaseMatch;
    }
}
