package com.datadog.appsec.powerwaf;

import com.datadog.appsec.AppSecModule;
import com.datadog.appsec.AppSecSystem;
import com.datadog.appsec.event.ChangeableFlow;
import com.datadog.appsec.event.OrderedCallback;
import com.datadog.appsec.event.data.Address;
import com.datadog.appsec.event.data.DataBundle;
import com.datadog.appsec.event.data.KnownAddresses;
import com.datadog.appsec.gateway.AppSecRequestContext;
import com.google.auto.service.AutoService;
import datadog.slf4j.Logger;
import datadog.slf4j.LoggerFactory;
import datadog.trace.api.gateway.Flow;
import io.sqreen.powerwaf.Powerwaf;
import io.sqreen.powerwaf.PowerwafContext;
import io.sqreen.powerwaf.exception.AbstractPowerwafException;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Constructor;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.lang.reflect.UndeclaredThrowableException;
import java.nio.charset.Charset;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Set;
import java.util.UUID;

@AutoService({AppSecModule.class})
/* loaded from: input_file:appsec/com/datadog/appsec/powerwaf/PowerWAFModule.classdata */
public class PowerWAFModule implements AppSecModule {
    private static final int MAX_DEPTH = 10;
    private static final int MAX_ELEMENTS = 150;
    private static final int MAX_STRING_SIZE = 4096;
    private static final String RULE_NAME = "waf";
    private static final Constructor<?> PROXY_CLASS_CONSTRUCTOR;
    private static final Set<Address<?>> ADDRESSES_OF_INTEREST;
    private final PowerwafContext ctx;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AppSecSystem.class);
    private static final Powerwaf.Limits LIMITS = new Powerwaf.Limits(10, 150, 4096, 2147483647000L, 2147483647000L);
    private static final Class<?> PROXY_CLASS = Proxy.getProxyClass(PowerWAFModule.class.getClassLoader(), Set.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:appsec/com/datadog/appsec/powerwaf/PowerWAFModule$DataBundleMapWrapper.classdata */
    public static final class DataBundleMapWrapper implements Map<String, Object> {
        private final DataBundle dataBundle;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:appsec/com/datadog/appsec/powerwaf/PowerWAFModule$DataBundleMapWrapper$SetIteratorInvocationHandler.classdata */
        public class SetIteratorInvocationHandler implements InvocationHandler {
            private SetIteratorInvocationHandler() {
            }

            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) {
                if (!method.getName().equals("iterator")) {
                    throw new UnsupportedOperationException("Only supported method is 'iterator'; got " + method.getName());
                }
                final Iterator<Address<?>> it = DataBundleMapWrapper.this.dataBundle.getAllAddresses().iterator();
                final MutableEntry mutableEntry = new MutableEntry();
                return new Iterator<Map.Entry<String, Object>>() { // from class: com.datadog.appsec.powerwaf.PowerWAFModule.DataBundleMapWrapper.SetIteratorInvocationHandler.1
                    private Address<?> next = computeNextAddress();

                    private Address<?> computeNextAddress() {
                        if (it.hasNext()) {
                            return (Address) it.next();
                        }
                        return null;
                    }

                    @Override // java.util.Iterator
                    public boolean hasNext() {
                        return this.next != null;
                    }

                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // java.util.Iterator
                    public Map.Entry<String, Object> next() {
                        if (this.next == null) {
                            throw new NoSuchElementException();
                        }
                        mutableEntry.key = this.next.getKey();
                        mutableEntry.value = PowerWAFModule.ADDRESSES_OF_INTEREST.contains(this.next) ? DataBundleMapWrapper.this.dataBundle.get(this.next) : Collections.emptyMap();
                        this.next = computeNextAddress();
                        return mutableEntry;
                    }
                };
            }
        }

        private DataBundleMapWrapper(DataBundle dataBundle) {
            this.dataBundle = dataBundle;
        }

        @Override // java.util.Map
        public Set<Map.Entry<String, Object>> entrySet() {
            try {
                return (Set) PowerWAFModule.PROXY_CLASS_CONSTRUCTOR.newInstance(new SetIteratorInvocationHandler());
            } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
                throw new UndeclaredThrowableException(e);
            }
        }

        @Override // java.util.Map
        public int size() {
            return this.dataBundle.size();
        }

        @Override // java.util.Map
        public boolean isEmpty() {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public boolean containsKey(Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public boolean containsValue(Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public Object get(Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public Object put(String str, Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public Object remove(Object obj) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public void putAll(Map<? extends String, ? extends Object> map) {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public void clear() {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public Set<String> keySet() {
            throw new UnsupportedOperationException();
        }

        @Override // java.util.Map
        public Collection<Object> values() {
            throw new UnsupportedOperationException();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:appsec/com/datadog/appsec/powerwaf/PowerWAFModule$MutableEntry.classdata */
    public static final class MutableEntry implements Map.Entry<String, Object> {
        String key;
        Object value;

        private MutableEntry() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.Map.Entry
        public String getKey() {
            return this.key;
        }

        @Override // java.util.Map.Entry
        public Object getValue() {
            return this.value;
        }

        @Override // java.util.Map.Entry
        public Object setValue(Object obj) {
            throw new UnsupportedOperationException();
        }
    }

    /* loaded from: input_file:appsec/com/datadog/appsec/powerwaf/PowerWAFModule$PowerWAFDataCallback.classdata */
    private class PowerWAFDataCallback extends AppSecModule.DataSubscription {
        public PowerWAFDataCallback() {
            super(PowerWAFModule.ADDRESSES_OF_INTEREST, OrderedCallback.Priority.DEFAULT);
        }

        @Override // com.datadog.appsec.event.DataListener
        public void onDataAvailable(ChangeableFlow changeableFlow, AppSecRequestContext appSecRequestContext, DataBundle dataBundle) {
            try {
                Powerwaf.ActionWithData runRule = PowerWAFModule.this.ctx.runRule(PowerWAFModule.RULE_NAME, new DataBundleMapWrapper(dataBundle), PowerWAFModule.LIMITS);
                if (runRule.action != Powerwaf.Action.OK) {
                    PowerWAFModule.log.warn("WAF signalled action {}: {}", runRule.action, runRule.data);
                    changeableFlow.setAction(new Flow.Action.Throw(new RuntimeException("WAF wants to block")));
                }
            } catch (AbstractPowerwafException e) {
                PowerWAFModule.log.error("Error calling WAF", (Throwable) e);
            }
        }
    }

    public PowerWAFModule() {
        this("waf.json");
    }

    public PowerWAFModule(String str) {
        PowerwafContext powerwafContext = null;
        if (LibSqreenInitialization.ONLINE) {
            try {
                powerwafContext = Powerwaf.createContext(UUID.randomUUID().toString(), Collections.singletonMap(RULE_NAME, loadWAFJson(str)));
            } catch (AbstractPowerwafException e) {
                log.error("Error creating WAF atom", (Throwable) e);
            } catch (IOException e2) {
                log.error("Error reading WAF atom", (Throwable) e2);
            }
        } else {
            log.warn("In-app WAF initialization failed");
        }
        this.ctx = powerwafContext;
    }

    @Override // com.datadog.appsec.AppSecModule
    public String getName() {
        return "powerwaf";
    }

    @Override // com.datadog.appsec.AppSecModule
    public Collection<AppSecModule.EventSubscription> getEventSubscriptions() {
        return Collections.emptyList();
    }

    @Override // com.datadog.appsec.AppSecModule
    public Collection<AppSecModule.DataSubscription> getDataSubscriptions() {
        return this.ctx == null ? Collections.emptyList() : Collections.singletonList(new PowerWAFDataCallback());
    }

    private String loadWAFJson(String str) throws IOException {
        InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(str);
        Throwable th = null;
        try {
            if (resourceAsStream == null) {
                throw new IOException("Resource " + str + " not found");
            }
            InputStreamReader inputStreamReader = new InputStreamReader(resourceAsStream, Charset.forName("UTF-8"));
            Throwable th2 = null;
            try {
                try {
                    StringBuilder sb = new StringBuilder();
                    char[] cArr = new char[8192];
                    while (true) {
                        int read = inputStreamReader.read(cArr);
                        if (read <= 0) {
                            break;
                        }
                        sb.append(cArr, 0, read);
                    }
                    String sb2 = sb.toString();
                    if (inputStreamReader != null) {
                        if (0 != 0) {
                            try {
                                inputStreamReader.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            inputStreamReader.close();
                        }
                    }
                    return sb2;
                } finally {
                }
            } catch (Throwable th4) {
                if (inputStreamReader != null) {
                    if (th2 != null) {
                        try {
                            inputStreamReader.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        inputStreamReader.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (resourceAsStream != null) {
                if (0 != 0) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    resourceAsStream.close();
                }
            }
        }
    }

    static {
        try {
            PROXY_CLASS_CONSTRUCTOR = PROXY_CLASS.getConstructor(InvocationHandler.class);
            ADDRESSES_OF_INTEREST = new HashSet();
            ADDRESSES_OF_INTEREST.add(KnownAddresses.REQUEST_URI_RAW);
            ADDRESSES_OF_INTEREST.add(KnownAddresses.REQUEST_QUERY);
            ADDRESSES_OF_INTEREST.add(KnownAddresses.HEADERS_NO_COOKIES);
            ADDRESSES_OF_INTEREST.add(KnownAddresses.REQUEST_COOKIES);
            ADDRESSES_OF_INTEREST.add(KnownAddresses.REQUEST_PATH_PARAMS);
            ADDRESSES_OF_INTEREST.add(KnownAddresses.REQUEST_BODY_RAW);
        } catch (NoSuchMethodException e) {
            throw new UndeclaredThrowableException(e);
        }
    }
}
