package sqsaml.org.owasp.esapi.waf.configuration;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;
import sqsaml.bsh.EvalError;
import sqsaml.nu.xom.Builder;
import sqsaml.nu.xom.Element;
import sqsaml.nu.xom.Elements;
import sqsaml.nu.xom.ParsingException;
import sqsaml.nu.xom.ValidityException;
import sqsaml.org.apache.commons.configuration.tree.DefaultExpressionEngine;
import sqsaml.org.apache.velocity.runtime.parser.LogContext;
import sqsaml.org.apache.xalan.templates.Constants;
import sqsaml.org.apache.xpath.compiler.Keywords;
import sqsaml.org.owasp.esapi.ESAPI;
import sqsaml.org.owasp.esapi.waf.ConfigurationException;
import sqsaml.org.owasp.esapi.waf.rules.AddHTTPOnlyFlagRule;
import sqsaml.org.owasp.esapi.waf.rules.AddHeaderRule;
import sqsaml.org.owasp.esapi.waf.rules.AddSecureFlagRule;
import sqsaml.org.owasp.esapi.waf.rules.AuthenticatedRule;
import sqsaml.org.owasp.esapi.waf.rules.BeanShellRule;
import sqsaml.org.owasp.esapi.waf.rules.DetectOutboundContentRule;
import sqsaml.org.owasp.esapi.waf.rules.EnforceHTTPSRule;
import sqsaml.org.owasp.esapi.waf.rules.HTTPMethodRule;
import sqsaml.org.owasp.esapi.waf.rules.IPRule;
import sqsaml.org.owasp.esapi.waf.rules.MustMatchRule;
import sqsaml.org.owasp.esapi.waf.rules.PathExtensionRule;
import sqsaml.org.owasp.esapi.waf.rules.ReplaceContentRule;
import sqsaml.org.owasp.esapi.waf.rules.RestrictContentTypeRule;
import sqsaml.org.owasp.esapi.waf.rules.RestrictUserAgentRule;
import sqsaml.org.owasp.esapi.waf.rules.SimpleVirtualPatchRule;

/* loaded from: input_file:sqsaml/org/owasp/esapi/waf/configuration/ConfigurationParser.class */
public class ConfigurationParser {
    private static final String REGEX = "regex";
    private static final String DEFAULT_PATH_APPLY_ALL = ".*";
    private static final int DEFAULT_RESPONSE_CODE = 403;
    private static final String DEFAULT_SESSION_COOKIE;
    private static final String[] STAGES;

    public static AppGuardianConfiguration readConfigurationFile(InputStream inputStream, String str) throws ConfigurationException {
        AppGuardianConfiguration appGuardianConfiguration = new AppGuardianConfiguration();
        try {
            Element rootElement = new Builder().build(inputStream).getRootElement();
            Element firstChildElement = rootElement.getFirstChildElement("settings");
            Element firstChildElement2 = rootElement.getFirstChildElement("authentication-rules");
            Element firstChildElement3 = rootElement.getFirstChildElement("authorization-rules");
            Element firstChildElement4 = rootElement.getFirstChildElement("url-rules");
            Element firstChildElement5 = rootElement.getFirstChildElement("header-rules");
            rootElement.getFirstChildElement("custom-rules");
            Element firstChildElement6 = rootElement.getFirstChildElement("virtual-patches");
            Element firstChildElement7 = rootElement.getFirstChildElement("outbound-rules");
            Element firstChildElement8 = rootElement.getFirstChildElement("bean-shell-rules");
            if (firstChildElement == null) {
                throw new ConfigurationException("", "The <settings> section is required");
            }
            if (firstChildElement != null) {
                try {
                    String value = firstChildElement.getFirstChildElement("session-cookie-name").getValue();
                    if (!"".equals(value)) {
                        appGuardianConfiguration.setSessionCookieName(value);
                    }
                } catch (NullPointerException e) {
                    appGuardianConfiguration.setSessionCookieName(DEFAULT_SESSION_COOKIE);
                }
                String value2 = firstChildElement.getFirstChildElement(Constants.ATTRNAME_MODE).getValue();
                if ("block".equals(value2.toLowerCase())) {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 2;
                } else if ("redirect".equals(value2.toLowerCase())) {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 1;
                } else {
                    AppGuardianConfiguration.DEFAULT_FAIL_ACTION = 0;
                }
                Element firstChildElement9 = firstChildElement.getFirstChildElement("error-handling");
                appGuardianConfiguration.setDefaultErrorPage(firstChildElement9.getFirstChildElement("default-redirect-page").getValue());
                try {
                    appGuardianConfiguration.setDefaultResponseCode(Integer.parseInt(firstChildElement9.getFirstChildElement("block-status").getValue()));
                } catch (Exception e2) {
                    appGuardianConfiguration.setDefaultResponseCode(403);
                }
            }
            if (firstChildElement2 != null) {
                String attributeValue = firstChildElement2.getAttributeValue("key");
                String attributeValue2 = firstChildElement2.getAttributeValue("path");
                String attributeValue3 = firstChildElement2.getAttributeValue("id");
                if (attributeValue2 == null || attributeValue == null) {
                    if (attributeValue == null) {
                        throw new ConfigurationException("", "The <authentication-rules> rule requires a 'key' attribute");
                    }
                    appGuardianConfiguration.addBeforeBodyRule(new AuthenticatedRule(attributeValue3, attributeValue, null, getExceptionsFromElement(firstChildElement2)));
                } else {
                    appGuardianConfiguration.addBeforeBodyRule(new AuthenticatedRule(attributeValue3, attributeValue, Pattern.compile(attributeValue2), getExceptionsFromElement(firstChildElement2)));
                }
            }
            if (firstChildElement3 != null) {
                Elements childElements = firstChildElement3.getChildElements("restrict-source-ip");
                for (int i = 0; i < childElements.size(); i++) {
                    Element element = childElements.get(i);
                    String attributeValue4 = element.getAttributeValue("id");
                    Pattern compile = Pattern.compile(element.getAttributeValue("ip-regex"));
                    String attributeValue5 = element.getAttributeValue("ip-header");
                    if (REGEX.equalsIgnoreCase(element.getAttributeValue("type"))) {
                        appGuardianConfiguration.addBeforeBodyRule(new IPRule(attributeValue4, compile, Pattern.compile(element.getValue()), attributeValue5));
                    } else {
                        appGuardianConfiguration.addBeforeBodyRule(new IPRule(attributeValue4, compile, element.getValue()));
                    }
                }
                Elements childElements2 = firstChildElement3.getChildElements("must-match");
                for (int i2 = 0; i2 < childElements2.size(); i2++) {
                    Element element2 = childElements2.get(i2);
                    Pattern compile2 = Pattern.compile(element2.getAttributeValue("path"));
                    String attributeValue6 = element2.getAttributeValue(Constants.ELEMNAME_VARIABLE_STRING);
                    String attributeValue7 = element2.getAttributeValue(Constants.ATTRNAME_VALUE);
                    String attributeValue8 = element2.getAttributeValue("operator");
                    String attributeValue9 = element2.getAttributeValue("id");
                    int i3 = 0;
                    if ("exists".equalsIgnoreCase(attributeValue8)) {
                        i3 = 3;
                    } else if ("inList".equalsIgnoreCase(attributeValue8)) {
                        i3 = 2;
                    } else if (Keywords.FUNC_CONTAINS_STRING.equalsIgnoreCase(attributeValue8)) {
                        i3 = 1;
                    }
                    appGuardianConfiguration.addAfterBodyRule(new MustMatchRule(attributeValue9, compile2, attributeValue6, i3, attributeValue7));
                }
            }
            if (firstChildElement4 != null) {
                Elements childElements3 = firstChildElement4.getChildElements("restrict-extension");
                Elements childElements4 = firstChildElement4.getChildElements("restrict-method");
                Elements childElements5 = firstChildElement4.getChildElements("enforce-https");
                for (int i4 = 0; i4 < childElements3.size(); i4++) {
                    Element element3 = childElements3.get(i4);
                    String attributeValue10 = element3.getAttributeValue("allow");
                    String attributeValue11 = element3.getAttributeValue("deny");
                    String attributeValue12 = element3.getAttributeValue("id");
                    if (attributeValue10 != null && attributeValue11 != null) {
                        throw new ConfigurationException("", "restrict-extension rules can't have both 'allow' and 'deny'");
                    }
                    if (attributeValue10 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new PathExtensionRule(attributeValue12, Pattern.compile(".*\\" + attributeValue10 + "$"), null));
                    } else {
                        if (attributeValue11 == null) {
                            throw new ConfigurationException("", "restrict extension rule should have either a 'deny' or 'allow' attribute");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new PathExtensionRule(attributeValue12, null, Pattern.compile(".*\\" + attributeValue11 + "$")));
                    }
                }
                for (int i5 = 0; i5 < childElements4.size(); i5++) {
                    Element element4 = childElements4.get(i5);
                    String attributeValue13 = element4.getAttributeValue("allow");
                    String attributeValue14 = element4.getAttributeValue("deny");
                    String attributeValue15 = element4.getAttributeValue("path");
                    String attributeValue16 = element4.getAttributeValue("id");
                    if (attributeValue15 == null) {
                        attributeValue15 = DEFAULT_PATH_APPLY_ALL;
                    }
                    if (attributeValue13 != null && attributeValue14 != null) {
                        throw new ConfigurationException("", "restrict-method rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue13 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new HTTPMethodRule(attributeValue16, Pattern.compile(attributeValue13), null, Pattern.compile(attributeValue15)));
                    } else {
                        if (attributeValue14 == null) {
                            throw new ConfigurationException("", "restrict-method rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new HTTPMethodRule(attributeValue16, null, Pattern.compile(attributeValue14), Pattern.compile(attributeValue15)));
                    }
                }
                for (int i6 = 0; i6 < childElements5.size(); i6++) {
                    Element element5 = childElements5.get(i6);
                    appGuardianConfiguration.addBeforeBodyRule(new EnforceHTTPSRule(element5.getAttributeValue("id"), Pattern.compile(element5.getAttributeValue("path")), getExceptionsFromElement(element5), element5.getAttributeValue("action")));
                }
            }
            if (firstChildElement5 != null) {
                Elements childElements6 = firstChildElement5.getChildElements("restrict-content-type");
                Elements childElements7 = firstChildElement5.getChildElements("restrict-user-agent");
                for (int i7 = 0; i7 < childElements6.size(); i7++) {
                    Element element6 = childElements6.get(i7);
                    String attributeValue17 = element6.getAttributeValue("allow");
                    String attributeValue18 = element6.getAttributeValue("deny");
                    String attributeValue19 = element6.getAttributeValue("id");
                    if (attributeValue17 != null && attributeValue18 != null) {
                        throw new ConfigurationException("", "restrict-content-type rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue17 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictContentTypeRule(attributeValue19, Pattern.compile(attributeValue17), null));
                    } else {
                        if (attributeValue18 == null) {
                            throw new ConfigurationException("", "restrict-content-type rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictContentTypeRule(attributeValue19, null, Pattern.compile(attributeValue18)));
                    }
                }
                for (int i8 = 0; i8 < childElements7.size(); i8++) {
                    Element element7 = childElements7.get(i8);
                    String attributeValue20 = element7.getAttributeValue("id");
                    String attributeValue21 = element7.getAttributeValue("allow");
                    String attributeValue22 = element7.getAttributeValue("deny");
                    if (attributeValue21 != null && attributeValue22 != null) {
                        throw new ConfigurationException("", "restrict-user-agent rule should not have both 'allow' and 'deny' values");
                    }
                    if (attributeValue21 != null) {
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictUserAgentRule(attributeValue20, Pattern.compile(attributeValue21), null));
                    } else {
                        if (attributeValue22 == null) {
                            throw new ConfigurationException("", "restrict-user-agent rule should have either an 'allow' or 'deny' value");
                        }
                        appGuardianConfiguration.addBeforeBodyRule(new RestrictUserAgentRule(attributeValue20, null, Pattern.compile(attributeValue22)));
                    }
                }
            }
            if (firstChildElement6 != null) {
                Elements childElements8 = firstChildElement6.getChildElements("virtual-patch");
                for (int i9 = 0; i9 < childElements8.size(); i9++) {
                    Element element8 = childElements8.get(i9);
                    appGuardianConfiguration.addAfterBodyRule(new SimpleVirtualPatchRule(element8.getAttributeValue("id"), Pattern.compile(element8.getAttributeValue("path")), element8.getAttributeValue(Constants.ELEMNAME_VARIABLE_STRING), Pattern.compile(element8.getAttributeValue("pattern")), element8.getAttributeValue(Constants.ELEMNAME_MESSAGE_STRING)));
                }
            }
            if (firstChildElement7 != null) {
                Elements childElements9 = firstChildElement7.getChildElements("add-header");
                for (int i10 = 0; i10 < childElements9.size(); i10++) {
                    Element element9 = childElements9.get(i10);
                    String attributeValue23 = element9.getAttributeValue("name");
                    String attributeValue24 = element9.getAttributeValue(Constants.ATTRNAME_VALUE);
                    String attributeValue25 = element9.getAttributeValue("path");
                    String attributeValue26 = element9.getAttributeValue("id");
                    if (attributeValue25 == null) {
                        attributeValue25 = DEFAULT_PATH_APPLY_ALL;
                    }
                    appGuardianConfiguration.addBeforeResponseRule(new AddHeaderRule(attributeValue26, attributeValue23, attributeValue24, Pattern.compile(attributeValue25), getExceptionsFromElement(element9)));
                }
                Elements childElements10 = firstChildElement7.getChildElements("add-http-only-flag");
                for (int i11 = 0; i11 < childElements10.size(); i11++) {
                    Element element10 = childElements10.get(i11);
                    Elements childElements11 = element10.getChildElements("cookie");
                    String attributeValue27 = element10.getAttributeValue("id");
                    ArrayList arrayList = new ArrayList();
                    for (int i12 = 0; i12 < childElements11.size(); i12++) {
                        arrayList.add(Pattern.compile(childElements11.get(i12).getAttributeValue("name")));
                    }
                    AddHTTPOnlyFlagRule addHTTPOnlyFlagRule = new AddHTTPOnlyFlagRule(attributeValue27, arrayList);
                    appGuardianConfiguration.addCookieRule(addHTTPOnlyFlagRule);
                    if (addHTTPOnlyFlagRule.doesCookieMatch(appGuardianConfiguration.getSessionCookieName())) {
                        appGuardianConfiguration.setApplyHTTPOnlyFlagToSessionCookie(true);
                    }
                }
                Elements childElements12 = firstChildElement7.getChildElements("add-secure-flag");
                for (int i13 = 0; i13 < childElements12.size(); i13++) {
                    Element element11 = childElements12.get(i13);
                    String attributeValue28 = element11.getAttributeValue("id");
                    Elements childElements13 = element11.getChildElements("cookie");
                    ArrayList arrayList2 = new ArrayList();
                    for (int i14 = 0; i14 < childElements13.size(); i14++) {
                        arrayList2.add(Pattern.compile(childElements13.get(i14).getAttributeValue("name")));
                    }
                    AddSecureFlagRule addSecureFlagRule = new AddSecureFlagRule(attributeValue28, arrayList2);
                    appGuardianConfiguration.addCookieRule(addSecureFlagRule);
                    if (addSecureFlagRule.doesCookieMatch(appGuardianConfiguration.getSessionCookieName())) {
                        appGuardianConfiguration.setApplySecureFlagToSessionCookie(true);
                    }
                }
                Elements childElements14 = firstChildElement7.getChildElements("dynamic-insertion");
                for (int i15 = 0; i15 < childElements14.size(); i15++) {
                    Element element12 = childElements14.get(i15);
                    String attributeValue29 = element12.getAttributeValue("pattern");
                    String attributeValue30 = element12.getAttributeValue("id");
                    String attributeValue31 = element12.getAttributeValue("content-type");
                    String attributeValue32 = element12.getAttributeValue("path");
                    appGuardianConfiguration.addBeforeResponseRule(new ReplaceContentRule(attributeValue30, Pattern.compile(attributeValue29, 32), element12.getFirstChildElement("replacement").getValue(), attributeValue31 != null ? Pattern.compile(attributeValue31) : null, attributeValue32 != null ? Pattern.compile(attributeValue32) : null));
                }
                Elements childElements15 = firstChildElement7.getChildElements("detect-content");
                for (int i16 = 0; i16 < childElements15.size(); i16++) {
                    Element element13 = childElements15.get(i16);
                    String attributeValue33 = element13.getAttributeValue("pattern");
                    String attributeValue34 = element13.getAttributeValue("content-type");
                    String attributeValue35 = element13.getAttributeValue("id");
                    String attributeValue36 = element13.getAttributeValue("path");
                    if (attributeValue33 == null) {
                        throw new ConfigurationException("", "<detect-content> rules must contain a 'pattern' attribute");
                    }
                    if (attributeValue34 == null) {
                        throw new ConfigurationException("", "<detect-content> rules must contain a 'content-type' attribute");
                    }
                    appGuardianConfiguration.addBeforeResponseRule(new DetectOutboundContentRule(attributeValue35, Pattern.compile(attributeValue34), Pattern.compile(attributeValue33, 32), attributeValue36 != null ? Pattern.compile(attributeValue36) : null));
                }
            }
            if (firstChildElement8 != null) {
                Elements childElements16 = firstChildElement8.getChildElements("bean-shell-script");
                for (int i17 = 0; i17 < childElements16.size(); i17++) {
                    Element element14 = childElements16.get(i17);
                    String attributeValue37 = element14.getAttributeValue("id");
                    String attributeValue38 = element14.getAttributeValue(LogContext.MDC_FILE);
                    String attributeValue39 = element14.getAttributeValue("stage");
                    String attributeValue40 = element14.getAttributeValue("path");
                    if (attributeValue37 == null) {
                        throw new ConfigurationException("", "bean shell rules all require a unique 'id' attribute");
                    }
                    if (attributeValue38 == null) {
                        throw new ConfigurationException("", "bean shell rules all require a unique 'file' attribute that has the location of the .bsh script");
                    }
                    try {
                        BeanShellRule beanShellRule = new BeanShellRule(str + attributeValue38, attributeValue37, attributeValue40 != null ? Pattern.compile(attributeValue40) : null);
                        if (STAGES[0].equals(attributeValue39)) {
                            appGuardianConfiguration.addBeforeBodyRule(beanShellRule);
                        } else if (STAGES[1].equals(attributeValue39)) {
                            appGuardianConfiguration.addAfterBodyRule(beanShellRule);
                        } else {
                            if (!STAGES[2].equals(attributeValue39)) {
                                throw new ConfigurationException("", "bean shell rules all require a 'stage' attribute when the rule should be fired (valid values are " + STAGES[0] + ", " + STAGES[1] + ", or " + STAGES[2] + DefaultExpressionEngine.DEFAULT_INDEX_END);
                            }
                            appGuardianConfiguration.addBeforeResponseRule(beanShellRule);
                        }
                    } catch (EvalError e3) {
                        throw new ConfigurationException("", "bean shell rule '" + attributeValue37 + "' contained an error (" + e3.getErrorText() + "): " + e3.getScriptStackTrace());
                    } catch (FileNotFoundException e4) {
                        throw new ConfigurationException("", "bean shell rule '" + attributeValue37 + "' had a source file that could not be found (" + attributeValue38 + "), web directory = " + str);
                    }
                }
            }
            return appGuardianConfiguration;
        } catch (IOException e5) {
            throw new ConfigurationException("", "I/O problem reading WAF XML file", e5);
        } catch (ValidityException e6) {
            throw new ConfigurationException("", "Problem validating WAF XML file", e6);
        } catch (ParsingException e7) {
            throw new ConfigurationException("", "Problem parsing WAF XML file", e7);
        }
    }

    private static List<Object> getExceptionsFromElement(Element element) {
        Elements childElements = element.getChildElements("path-exception");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < childElements.size(); i++) {
            Element element2 = childElements.get(i);
            if (REGEX.equalsIgnoreCase(element2.getAttributeValue("type"))) {
                arrayList.add(Pattern.compile(element2.getValue()));
            } else {
                arrayList.add(element2.getValue());
            }
        }
        return arrayList;
    }

    static {
        String str;
        try {
            str = ESAPI.securityConfiguration().getHttpSessionIdName();
        } catch (Throwable th) {
            str = "JSESSIONID";
        }
        DEFAULT_SESSION_COOKIE = str;
        STAGES = new String[]{"before-request-body", "after-request-body", "before-response"};
    }
}
