package org.owasp.esapi.waf.configuration;

import bsh.EvalError;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import nu.xom.Builder;
import nu.xom.Element;
import nu.xom.Elements;
import nu.xom.ParsingException;
import nu.xom.ValidityException;
import org.apache.batik.util.SVGConstants;
import org.apache.log4j.Level;
import org.apache.xpath.compiler.Keywords;
import org.owasp.esapi.ESAPI;
import org.owasp.esapi.waf.ConfigurationException;
import org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
import org.owasp.esapi.waf.rules.AddHeaderRule;
import org.owasp.esapi.waf.rules.AddSecureFlagRule;
import org.owasp.esapi.waf.rules.AuthenticatedRule;
import org.owasp.esapi.waf.rules.BeanShellRule;
import org.owasp.esapi.waf.rules.DetectOutboundContentRule;
import org.owasp.esapi.waf.rules.EnforceHTTPSRule;
import org.owasp.esapi.waf.rules.HTTPMethodRule;
import org.owasp.esapi.waf.rules.IPRule;
import org.owasp.esapi.waf.rules.MustMatchRule;
import org.owasp.esapi.waf.rules.PathExtensionRule;
import org.owasp.esapi.waf.rules.ReplaceContentRule;
import org.owasp.esapi.waf.rules.RestrictContentTypeRule;
import org.owasp.esapi.waf.rules.RestrictUserAgentRule;
import org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;

/* loaded from: input_file:WEB-INF/lib/esapi-2.0.1.jar:org/owasp/esapi/waf/configuration/ConfigurationParser.class */
public class ConfigurationParser {
    private static final String REGEX = "regex";
    private static final String DEFAULT_PATH_APPLY_ALL = ".*";
    private static final int DEFAULT_RESPONSE_CODE = 403;
    private static final String DEFAULT_SESSION_COOKIE;
    private static final String[] STAGES;

    public static AppGuardianConfiguration readConfigurationFile(InputStream inputStream, String str) throws ConfigurationException {
        AppGuardianConfiguration appGuardianConfiguration = new AppGuardianConfiguration();
        try {
            Element rootElement = new Builder().build(inputStream).getRootElement();
            Element firstChildElement = rootElement.getFirstChildElement("aliases");
            Element firstChildElement2 = rootElement.getFirstChildElement("settings");
            Element firstChildElement3 = rootElement.getFirstChildElement("authentication-rules");
            Element firstChildElement4 = rootElement.getFirstChildElement("authorization-rules");
            Element firstChildElement5 = rootElement.getFirstChildElement("url-rules");
            Element firstChildElement6 = rootElement.getFirstChildElement("header-rules");
            rootElement.getFirstChildElement("custom-rules");
            Element firstChildElement7 = rootElement.getFirstChildElement("virtual-patches");
            Element firstChildElement8 = rootElement.getFirstChildElement("outbound-rules");
            Element firstChildElement9 = rootElement.getFirstChildElement("bean-shell-rules");
            if (firstChildElement != null) {
                Elements childElements = firstChildElement.getChildElements("alias");
                for (int i = 0; i < childElements.size(); i++) {
                    Element element = childElements.get(i);
                    String attributeValue = element.getAttributeValue("name");
                    String attributeValue2 = element.getAttributeValue("type");
                    String value = element.getValue();
                    if ("regex".equals(attributeValue2)) {
                        appGuardianConfiguration.addAlias(attributeValue, Pattern.compile(value));
                    } else {
                        appGuardianConfiguration.addAlias(attributeValue, value);
                    }
                }
            }
            if (firstChildElement2 == null) {
                throw new ConfigurationException("", "The <settings> section is required");
            }
            if (firstChildElement2 != null) {
                try {
                    String value2 = firstChildElement2.getFirstChildElement("session-cookie-name").getValue();
                    if (!"".equals(value2)) {
                        appGuardianConfiguration.setSessionCookieName(value2);
                    }
                } catch (NullPointerException e) {
                    appGuardianConfiguration.setSessionCookieName(DEFAULT_SESSION_COOKIE);
                }
                String value3 = firstChildElement2.getFirstChildElement("mode").getValue();
                if ("block".equals(value3.toLowerCase())) {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 2;
                } else if ("redirect".equals(value3.toLowerCase())) {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 1;
                } else {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 0;
                }
                Element firstChildElement10 = firstChildElement2.getFirstChildElement("error-handling");
                appGuardianConfiguration.setDefaultErrorPage(firstChildElement10.getFirstChildElement("default-redirect-page").getValue());
                try {
                    appGuardianConfiguration.setDefaultResponseCode(Integer.parseInt(firstChildElement10.getFirstChildElement("block-status").getValue()));
                } catch (Exception e2) {
                    appGuardianConfiguration.setDefaultResponseCode(403);
                }
            }
            Element firstChildElement11 = firstChildElement2.getFirstChildElement("logging");
            if (firstChildElement11 != null) {
                appGuardianConfiguration.setLogDirectory(firstChildElement11.getFirstChildElement("log-directory").getValue());
                appGuardianConfiguration.setLogLevel(Level.toLevel(firstChildElement11.getFirstChildElement("log-level").getValue()));
            }
            if (firstChildElement3 != null) {
                String attributeValue3 = firstChildElement3.getAttributeValue("key");
                String attributeValue4 = firstChildElement3.getAttributeValue("path");
                String attributeValue5 = firstChildElement3.getAttributeValue("id");
                if (attributeValue4 == null || attributeValue3 == null) {
                    if (attributeValue3 == null) {
                        throw new ConfigurationException("", "The <authentication-rules> rule requires a 'key' attribute");
                    }
                    appGuardianConfiguration.addBeforeBodyRule(new AuthenticatedRule(attributeValue5, attributeValue3, null, getExceptionsFromElement(firstChildElement3)));
                } else {
                    appGuardianConfiguration.addBeforeBodyRule(new AuthenticatedRule(attributeValue5, attributeValue3, Pattern.compile(attributeValue4), getExceptionsFromElement(firstChildElement3)));
                }
            }
            if (firstChildElement4 != null) {
                Elements childElements2 = firstChildElement4.getChildElements("restrict-source-ip");
                for (int i2 = 0; i2 < childElements2.size(); i2++) {
                    Element element2 = childElements2.get(i2);
                    String attributeValue6 = element2.getAttributeValue("id");
                    Pattern compile = Pattern.compile(element2.getAttributeValue("ip-regex"));
                    String attributeValue7 = element2.getAttributeValue("ip-header");
                    if ("regex".equalsIgnoreCase(element2.getAttributeValue("type"))) {
                        appGuardianConfiguration.addBeforeBodyRule(new IPRule(attributeValue6, compile, Pattern.compile(element2.getValue()), attributeValue7));
                    } else {
                        appGuardianConfiguration.addBeforeBodyRule(new IPRule(attributeValue6, compile, element2.getValue()));
                    }
                }
                Elements childElements3 = firstChildElement4.getChildElements("must-match");
                for (int i3 = 0; i3 < childElements3.size(); i3++) {
                    Element element3 = childElements3.get(i3);
                    Pattern compile2 = Pattern.compile(element3.getAttributeValue("path"));
                    String attributeValue8 = element3.getAttributeValue("variable");
                    String attributeValue9 = element3.getAttributeValue("value");
                    String attributeValue10 = element3.getAttributeValue(SVGConstants.SVG_OPERATOR_ATTRIBUTE);
                    String attributeValue11 = element3.getAttributeValue("id");
                    int i4 = 0;
                    if ("exists".equalsIgnoreCase(attributeValue10)) {
                        i4 = 3;
                    } else if ("inList".equalsIgnoreCase(attributeValue10)) {
                        i4 = 2;
                    } else if (Keywords.FUNC_CONTAINS_STRING.equalsIgnoreCase(attributeValue10)) {
                        i4 = 1;
                    }
                    appGuardianConfiguration.addAfterBodyRule(new MustMatchRule(attributeValue11, compile2, attributeValue8, i4, attributeValue9));
                }
            }
            if (firstChildElement5 != null) {
                Elements childElements4 = firstChildElement5.getChildElements("restrict-extension");
                Elements childElements5 = firstChildElement5.getChildElements("restrict-method");
                Elements childElements6 = firstChildElement5.getChildElements("enforce-https");
                for (int i5 = 0; i5 < childElements4.size(); i5++) {
                    Element element4 = childElements4.get(i5);
                    String attributeValue12 = element4.getAttributeValue("allow");
                    String attributeValue13 = element4.getAttributeValue("deny");
                    String attributeValue14 = element4.getAttributeValue("id");
                    if (attributeValue12 != null && attributeValue13 != null) {
                        throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'");
                    }
                    if (attributeValue12 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new PathExtensionRule(attributeValue14, Pattern.compile(".*\\" + attributeValue12 + "$"), null));
                    } else {
                        if (attributeValue13 == null) {
                            throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new PathExtensionRule(attributeValue14, null, Pattern.compile(".*\\" + attributeValue13 + "$")));
                    }
                }
                for (int i6 = 0; i6 < childElements5.size(); i6++) {
                    Element element5 = childElements5.get(i6);
                    String attributeValue15 = element5.getAttributeValue("allow");
                    String attributeValue16 = element5.getAttributeValue("deny");
                    String attributeValue17 = element5.getAttributeValue("path");
                    String attributeValue18 = element5.getAttributeValue("id");
                    if (attributeValue17 == null) {
                        attributeValue17 = DEFAULT_PATH_APPLY_ALL;
                    }
                    if (attributeValue15 != null && attributeValue16 != null) {
                        throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue15 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new HTTPMethodRule(attributeValue18, Pattern.compile(attributeValue15), null, Pattern.compile(attributeValue17)));
                    } else {
                        if (attributeValue16 == null) {
                            throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new HTTPMethodRule(attributeValue18, null, Pattern.compile(attributeValue16), Pattern.compile(attributeValue17)));
                    }
                }
                for (int i7 = 0; i7 < childElements6.size(); i7++) {
                    Element element6 = childElements6.get(i7);
                    appGuardianConfiguration.addBeforeBodyRule(new EnforceHTTPSRule(element6.getAttributeValue("id"), Pattern.compile(element6.getAttributeValue("path")), getExceptionsFromElement(element6), element6.getAttributeValue("action")));
                }
            }
            if (firstChildElement6 != null) {
                Elements childElements7 = firstChildElement6.getChildElements("restrict-content-type");
                Elements childElements8 = firstChildElement6.getChildElements("restrict-user-agent");
                for (int i8 = 0; i8 < childElements7.size(); i8++) {
                    Element element7 = childElements7.get(i8);
                    String attributeValue19 = element7.getAttributeValue("allow");
                    String attributeValue20 = element7.getAttributeValue("deny");
                    String attributeValue21 = element7.getAttributeValue("id");
                    if (attributeValue19 != null && attributeValue20 != null) {
                        throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue19 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictContentTypeRule(attributeValue21, Pattern.compile(attributeValue19), null));
                    } else {
                        if (attributeValue20 == null) {
                            throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictContentTypeRule(attributeValue21, null, Pattern.compile(attributeValue20)));
                    }
                }
                for (int i9 = 0; i9 < childElements8.size(); i9++) {
                    Element element8 = childElements8.get(i9);
                    String attributeValue22 = element8.getAttributeValue("id");
                    String attributeValue23 = element8.getAttributeValue("allow");
                    String attributeValue24 = element8.getAttributeValue("deny");
                    if (attributeValue23 != null && attributeValue24 != null) {
                        throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue23 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictUserAgentRule(attributeValue22, Pattern.compile(attributeValue23), null));
                    } else {
                        if (attributeValue24 == null) {
                            throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictUserAgentRule(attributeValue22, null, Pattern.compile(attributeValue24)));
                    }
                }
            }
            if (firstChildElement7 != null) {
                Elements childElements9 = firstChildElement7.getChildElements("virtual-patch");
                for (int i10 = 0; i10 < childElements9.size(); i10++) {
                    Element element9 = childElements9.get(i10);
                    appGuardianConfiguration.addAfterBodyRule(new SimpleVirtualPatchRule(element9.getAttributeValue("id"), Pattern.compile(element9.getAttributeValue("path")), element9.getAttributeValue("variable"), Pattern.compile(element9.getAttributeValue("pattern")), element9.getAttributeValue("message")));
                }
            }
            if (firstChildElement8 != null) {
                Elements childElements10 = firstChildElement8.getChildElements("add-header");
                for (int i11 = 0; i11 < childElements10.size(); i11++) {
                    Element element10 = childElements10.get(i11);
                    String attributeValue25 = element10.getAttributeValue("name");
                    String attributeValue26 = element10.getAttributeValue("value");
                    String attributeValue27 = element10.getAttributeValue("path");
                    String attributeValue28 = element10.getAttributeValue("id");
                    if (attributeValue27 == null) {
                        attributeValue27 = DEFAULT_PATH_APPLY_ALL;
                    }
                    appGuardianConfiguration.addBeforeResponseRule(new AddHeaderRule(attributeValue28, attributeValue25, attributeValue26, Pattern.compile(attributeValue27), getExceptionsFromElement(element10)));
                }
                Elements childElements11 = firstChildElement8.getChildElements("add-http-only-flag");
                for (int i12 = 0; i12 < childElements11.size(); i12++) {
                    Element element11 = childElements11.get(i12);
                    Elements childElements12 = element11.getChildElements("cookie");
                    String attributeValue29 = element11.getAttributeValue("id");
                    ArrayList arrayList = new ArrayList();
                    for (int i13 = 0; i13 < childElements12.size(); i13++) {
                        arrayList.add(Pattern.compile(childElements12.get(i13).getAttributeValue("name")));
                    }
                    AddHTTPOnlyFlagRule addHTTPOnlyFlagRule = new AddHTTPOnlyFlagRule(attributeValue29, arrayList);
                    appGuardianConfiguration.addCookieRule(addHTTPOnlyFlagRule);
                    if (addHTTPOnlyFlagRule.doesCookieMatch(appGuardianConfiguration.getSessionCookieName())) {
                        appGuardianConfiguration.setApplyHTTPOnlyFlagToSessionCookie(true);
                    }
                }
                Elements childElements13 = firstChildElement8.getChildElements("add-secure-flag");
                for (int i14 = 0; i14 < childElements13.size(); i14++) {
                    Element element12 = childElements13.get(i14);
                    String attributeValue30 = element12.getAttributeValue("id");
                    Elements childElements14 = element12.getChildElements("cookie");
                    ArrayList arrayList2 = new ArrayList();
                    for (int i15 = 0; i15 < childElements14.size(); i15++) {
                        arrayList2.add(Pattern.compile(childElements14.get(i15).getAttributeValue("name")));
                    }
                    AddSecureFlagRule addSecureFlagRule = new AddSecureFlagRule(attributeValue30, arrayList2);
                    appGuardianConfiguration.addCookieRule(addSecureFlagRule);
                    if (addSecureFlagRule.doesCookieMatch(appGuardianConfiguration.getSessionCookieName())) {
                        appGuardianConfiguration.setApplySecureFlagToSessionCookie(true);
                    }
                }
                Elements childElements15 = firstChildElement8.getChildElements("dynamic-insertion");
                for (int i16 = 0; i16 < childElements15.size(); i16++) {
                    Element element13 = childElements15.get(i16);
                    String attributeValue31 = element13.getAttributeValue("pattern");
                    String attributeValue32 = element13.getAttributeValue("id");
                    String attributeValue33 = element13.getAttributeValue("content-type");
                    String attributeValue34 = element13.getAttributeValue("path");
                    appGuardianConfiguration.addBeforeResponseRule(new ReplaceContentRule(attributeValue32, Pattern.compile(attributeValue31, 32), element13.getFirstChildElement("replacement").getValue(), attributeValue33 != null ? Pattern.compile(attributeValue33) : null, attributeValue34 != null ? Pattern.compile(attributeValue34) : null));
                }
                Elements childElements16 = firstChildElement8.getChildElements("detect-content");
                for (int i17 = 0; i17 < childElements16.size(); i17++) {
                    Element element14 = childElements16.get(i17);
                    String attributeValue35 = element14.getAttributeValue("pattern");
                    String attributeValue36 = element14.getAttributeValue("content-type");
                    String attributeValue37 = element14.getAttributeValue("id");
                    String attributeValue38 = element14.getAttributeValue("path");
                    if (attributeValue35 == null) {
                        throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
                    }
                    if (attributeValue36 == null) {
                        throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
                    }
                    appGuardianConfiguration.addBeforeResponseRule(new DetectOutboundContentRule(attributeValue37, Pattern.compile(attributeValue36), Pattern.compile(attributeValue35, 32), attributeValue38 != null ? Pattern.compile(attributeValue38) : null));
                }
            }
            if (firstChildElement9 != null) {
                Elements childElements17 = firstChildElement9.getChildElements("bean-shell-script");
                for (int i18 = 0; i18 < childElements17.size(); i18++) {
                    Element element15 = childElements17.get(i18);
                    String attributeValue39 = element15.getAttributeValue("id");
                    String attributeValue40 = element15.getAttributeValue("file");
                    String attributeValue41 = element15.getAttributeValue("stage");
                    String attributeValue42 = element15.getAttributeValue("path");
                    if (attributeValue39 == null) {
                        throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
                    }
                    if (attributeValue40 == null) {
                        throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script");
                    }
                    try {
                        BeanShellRule beanShellRule = new BeanShellRule(str + attributeValue40, attributeValue39, attributeValue42 != null ? Pattern.compile(attributeValue42) : null);
                        if (STAGES[0].equals(attributeValue41)) {
                            appGuardianConfiguration.addBeforeBodyRule(beanShellRule);
                        } else if (STAGES[1].equals(attributeValue41)) {
                            appGuardianConfiguration.addAfterBodyRule(beanShellRule);
                        } else {
                            if (!STAGES[2].equals(attributeValue41)) {
                                throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + ")");
                            }
                            appGuardianConfiguration.addBeforeResponseRule(beanShellRule);
                        }
                    } catch (FileNotFoundException e3) {
                        throw new ConfigurationException("", "bean shell rule '" + attributeValue39 + "' had a source file that could not be found (" + attributeValue40 + "), web directory = " + str);
                    } catch (EvalError e4) {
                        throw new ConfigurationException("", "bean shell rule '" + attributeValue39 + "' contained an error (" + e4.getErrorText() + "): " + e4.getScriptStackTrace());
                    }
                }
            }
            return appGuardianConfiguration;
        } catch (IOException e5) {
            throw new ConfigurationException("", "I/O problem reading WAF XML file", e5);
        } catch (ParsingException e6) {
            throw new ConfigurationException("", "Problem parsing WAF XML file", e6);
        } catch (ValidityException e7) {
            throw new ConfigurationException("", "Problem validating WAF XML file", e7);
        }
    }

    private static List<Object> getExceptionsFromElement(Element element) {
        Elements childElements = element.getChildElements("path-exception");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < childElements.size(); i++) {
            Element element2 = childElements.get(i);
            if ("regex".equalsIgnoreCase(element2.getAttributeValue("type"))) {
                arrayList.add(Pattern.compile(element2.getValue()));
            } else {
                arrayList.add(element2.getValue());
            }
        }
        return arrayList;
    }

    static {
        String str;
        try {
            str = ESAPI.securityConfiguration().getHttpSessionIdName();
        } catch (Throwable th) {
            str = "JSESSIONID";
        }
        DEFAULT_SESSION_COOKIE = str;
        STAGES = new String[]{"before-request-body", "after-request-body", "before-response"};
    }
}
