package ch.usp.core.waap.autolearn;

import ch.usp.core.waap.autolearn.log.LogData;
import ch.usp.core.waap.autolearn.log.LogDataRule;
import ch.usp.core.waap.spec.v1.render.crs.rule.except.RequestPartType;
import ch.usp.core.waap.spec.v1.spec.crs.WaapCrs;
import ch.usp.core.waap.spec.v1.spec.crs.WaapCrsRuleException;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.annotations.VisibleForTesting;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.function.Predicate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:ch/usp/core/waap/autolearn/Autolearn.class */
public class Autolearn {
    private static final int RESTRICTED_FILE_EXTENSIONS_RULE_ID = 920440;
    private static final int RESTRICTED_HTTP_HEADERS_RULE_ID = 920450;
    private final AutolearnContext autoCtx;
    private static final Pattern TRIGGERED_RULE_PATTERN = Pattern.compile("\\] wasm log .+? coraza-vm: (\\{\"request\\.path\":.+)$");
    static final DateTimeFormatter LOG_DATE_TIME_FORMATTER = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss");
    private static final ObjectMapper JSON_MAPPER = new ObjectMapper(new JsonFactory());
    private static final Pattern RESTRICTED_HTTP_HEADERS_RULE_NAME_MATCHER = Pattern.compile("Restricted header detected: /(.+?)/");
    private static final Set<RequestPartType> POST_PART_TYPES_TO_SKIP = Set.of(RequestPartType.ARGS_POST, RequestPartType.ARGS_POST_NAMES);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ch/usp/core/waap/autolearn/Autolearn$RuleDirection.class */
    public enum RuleDirection {
        REQUEST,
        RESPONSE
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/usp/core/waap/autolearn/Autolearn$RuleExceptionContext.class */
    public static class RuleExceptionContext {
        private final LogData data;
        private final String dateString;
        private RequestPartType requestPartType;
        private String requestPartName;
        private String location;

        /* loaded from: input_file:ch/usp/core/waap/autolearn/Autolearn$RuleExceptionContext$RuleExceptionContextBuilder.class */
        public static class RuleExceptionContextBuilder {
            private LogData data;
            private String dateString;
            private boolean requestPartType$set;
            private RequestPartType requestPartType$value;
            private boolean requestPartName$set;
            private String requestPartName$value;
            private boolean location$set;
            private String location$value;

            RuleExceptionContextBuilder() {
            }

            public RuleExceptionContextBuilder data(LogData logData) {
                this.data = logData;
                return this;
            }

            public RuleExceptionContextBuilder dateString(String str) {
                this.dateString = str;
                return this;
            }

            public RuleExceptionContextBuilder requestPartType(RequestPartType requestPartType) {
                this.requestPartType$value = requestPartType;
                this.requestPartType$set = true;
                return this;
            }

            public RuleExceptionContextBuilder requestPartName(String str) {
                this.requestPartName$value = str;
                this.requestPartName$set = true;
                return this;
            }

            public RuleExceptionContextBuilder location(String str) {
                this.location$value = str;
                this.location$set = true;
                return this;
            }

            public RuleExceptionContext build() {
                RequestPartType requestPartType = this.requestPartType$value;
                if (!this.requestPartType$set) {
                    requestPartType = RuleExceptionContext.$default$requestPartType();
                }
                String str = this.requestPartName$value;
                if (!this.requestPartName$set) {
                    str = RuleExceptionContext.$default$requestPartName();
                }
                String str2 = this.location$value;
                if (!this.location$set) {
                    str2 = RuleExceptionContext.$default$location();
                }
                return new RuleExceptionContext(this.data, this.dateString, requestPartType, str, str2);
            }

            public String toString() {
                return "Autolearn.RuleExceptionContext.RuleExceptionContextBuilder(data=" + this.data + ", dateString=" + this.dateString + ", requestPartType$value=" + this.requestPartType$value + ", requestPartName$value=" + this.requestPartName$value + ", location$value=" + this.location$value + ")";
            }
        }

        private static RequestPartType $default$requestPartType() {
            return null;
        }

        private static String $default$requestPartName() {
            return "";
        }

        private static String $default$location() {
            return "";
        }

        RuleExceptionContext(LogData logData, String str, RequestPartType requestPartType, String str2, String str3) {
            this.data = logData;
            this.dateString = str;
            this.requestPartType = requestPartType;
            this.requestPartName = str2;
            this.location = str3;
        }

        public static RuleExceptionContextBuilder builder() {
            return new RuleExceptionContextBuilder();
        }

        public LogData getData() {
            return this.data;
        }

        public String getDateString() {
            return this.dateString;
        }

        public RequestPartType getRequestPartType() {
            return this.requestPartType;
        }

        public String getRequestPartName() {
            return this.requestPartName;
        }

        public String getLocation() {
            return this.location;
        }

        public void setRequestPartType(RequestPartType requestPartType) {
            this.requestPartType = requestPartType;
        }

        public void setRequestPartName(String str) {
            this.requestPartName = str;
        }

        public void setLocation(String str) {
            this.location = str;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof RuleExceptionContext)) {
                return false;
            }
            RuleExceptionContext ruleExceptionContext = (RuleExceptionContext) obj;
            if (!ruleExceptionContext.canEqual(this)) {
                return false;
            }
            LogData data = getData();
            LogData data2 = ruleExceptionContext.getData();
            if (data == null) {
                if (data2 != null) {
                    return false;
                }
            } else if (!data.equals(data2)) {
                return false;
            }
            String dateString = getDateString();
            String dateString2 = ruleExceptionContext.getDateString();
            if (dateString == null) {
                if (dateString2 != null) {
                    return false;
                }
            } else if (!dateString.equals(dateString2)) {
                return false;
            }
            RequestPartType requestPartType = getRequestPartType();
            RequestPartType requestPartType2 = ruleExceptionContext.getRequestPartType();
            if (requestPartType == null) {
                if (requestPartType2 != null) {
                    return false;
                }
            } else if (!requestPartType.equals(requestPartType2)) {
                return false;
            }
            String requestPartName = getRequestPartName();
            String requestPartName2 = ruleExceptionContext.getRequestPartName();
            if (requestPartName == null) {
                if (requestPartName2 != null) {
                    return false;
                }
            } else if (!requestPartName.equals(requestPartName2)) {
                return false;
            }
            String location = getLocation();
            String location2 = ruleExceptionContext.getLocation();
            return location == null ? location2 == null : location.equals(location2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof RuleExceptionContext;
        }

        public int hashCode() {
            LogData data = getData();
            int hashCode = (1 * 59) + (data == null ? 43 : data.hashCode());
            String dateString = getDateString();
            int hashCode2 = (hashCode * 59) + (dateString == null ? 43 : dateString.hashCode());
            RequestPartType requestPartType = getRequestPartType();
            int hashCode3 = (hashCode2 * 59) + (requestPartType == null ? 43 : requestPartType.hashCode());
            String requestPartName = getRequestPartName();
            int hashCode4 = (hashCode3 * 59) + (requestPartName == null ? 43 : requestPartName.hashCode());
            String location = getLocation();
            return (hashCode4 * 59) + (location == null ? 43 : location.hashCode());
        }

        public String toString() {
            return "Autolearn.RuleExceptionContext(data=" + getData() + ", dateString=" + getDateString() + ", requestPartType=" + getRequestPartType() + ", requestPartName=" + getRequestPartName() + ", location=" + getLocation() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:ch/usp/core/waap/autolearn/Autolearn$SourceWithJson.class */
    public static final class SourceWithJson extends Record {
        private final String source;
        private final String jsonStr;

        SourceWithJson(String str, String str2) {
            this.source = str;
            this.jsonStr = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, SourceWithJson.class), SourceWithJson.class, "source;jsonStr", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->source:Ljava/lang/String;", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->jsonStr:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, SourceWithJson.class), SourceWithJson.class, "source;jsonStr", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->source:Ljava/lang/String;", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->jsonStr:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, SourceWithJson.class, Object.class), SourceWithJson.class, "source;jsonStr", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->source:Ljava/lang/String;", "FIELD:Lch/usp/core/waap/autolearn/Autolearn$SourceWithJson;->jsonStr:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String source() {
            return this.source;
        }

        public String jsonStr() {
            return this.jsonStr;
        }
    }

    public Autolearn(AutolearnContext autolearnContext) {
        this.autoCtx = autolearnContext;
    }

    public static void autolearn(AutolearnContext autolearnContext, Stream<String> stream) {
        new Autolearn(autolearnContext).execute(stream);
    }

    private void execute(Stream<String> stream) {
        List<LogData> list = stream.map(this::maybeExtractJson).filter(sourceWithJson -> {
            return sourceWithJson.jsonStr() != null;
        }).filter(sourceWithJson2 -> {
            return isInTimeRange(sourceWithJson2.source());
        }).map(sourceWithJson3 -> {
            return sourceWithJson3.jsonStr();
        }).map(this::parseCheckRegularize).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toList();
        addRuleExceptions(list, RuleDirection.REQUEST);
        addRuleExceptions(list, RuleDirection.RESPONSE);
    }

    private SourceWithJson maybeExtractJson(String str) {
        return new SourceWithJson(str, getFirstGroupOfPatternFind(TRIGGERED_RULE_PATTERN, str));
    }

    private boolean isInTimeRange(String str) {
        try {
            LocalDateTime parse = LocalDateTime.parse(str.substring(1, 20), LOG_DATE_TIME_FORMATTER);
            return parse.isAfter(this.autoCtx.timeRange.from()) && parse.isBefore(this.autoCtx.timeRange.to());
        } catch (DateTimeParseException e) {
            this.autoCtx.nErrors++;
            this.autoCtx.errors.add("Failed to parse date of log line: " + e + ". Line: '" + str + "'.");
            return false;
        }
    }

    @VisibleForTesting
    LogData parseCheckRegularize(String str) {
        try {
            LogData logData = (LogData) JSON_MAPPER.readValue(str, LogData.class);
            logData.setRequestPath(StringUtils.trimToEmpty(logData.getRequestPath()));
            if (logData.getRequestPath().isEmpty()) {
                addError("Missing request path", str);
                return null;
            }
            LogDataRule crsViolatedRule = logData.getCrsViolatedRule();
            if (crsViolatedRule == null) {
                addError("Missing rule", str);
                return null;
            }
            if (crsViolatedRule.getId() == null) {
                addError("Missing rule id", str);
                return null;
            }
            crsViolatedRule.setCategory(StringUtils.trimToEmpty(crsViolatedRule.getCategory()));
            crsViolatedRule.setSeverity(StringUtils.trimToEmpty(crsViolatedRule.getSeverity()));
            crsViolatedRule.setData(StringUtils.trimToEmpty(crsViolatedRule.getData()));
            crsViolatedRule.setMessage(StringUtils.trimToEmpty(crsViolatedRule.getMessage()));
            crsViolatedRule.setMatchedData(StringUtils.trimToEmpty(crsViolatedRule.getMatchedData()));
            crsViolatedRule.setMatchedDataName(StringUtils.trimToEmpty(crsViolatedRule.getMatchedDataName()));
            if (crsViolatedRule.getTags() == null) {
                crsViolatedRule.setTags(new LinkedList());
            }
            logData.setClientAddress(StringUtils.trimToEmpty(logData.getClientAddress()));
            logData.setTransactionId(StringUtils.trimToEmpty(logData.getTransactionId()));
            logData.setCrsVersion(StringUtils.trimToEmpty(logData.getCrsVersion()));
            logData.setRequestId(StringUtils.trimToEmpty(logData.getRequestId()));
            logData.setJson(str);
            return logData;
        } catch (JsonProcessingException e) {
            addError("Failed to parse: " + e, str);
            return null;
        }
    }

    @VisibleForTesting
    void addRuleExceptions(List<LogData> list, RuleDirection ruleDirection) {
        Set<WaapCrsRuleException> ruleExceptions = getRuleExceptions(list, ruleDirection);
        WaapCrs crs = this.autoCtx.waapSpec.getCrs();
        List requestRuleExceptions = ruleDirection == RuleDirection.REQUEST ? crs.getRequestRuleExceptions() : crs.getResponseRuleExceptions();
        RuleExceptionsReducingContainer addAll = new RuleExceptionsReducingContainer().addAll(requestRuleExceptions);
        Set<WaapCrsRuleException> all = new RuleExceptionsReducingContainer().addAll(ruleExceptions).removeAll(addAll.getAll()).getAll();
        if (ruleDirection == RuleDirection.REQUEST) {
            this.autoCtx.nRequestRuleExceptionsAdded = all.size();
        } else {
            this.autoCtx.nResponseRuleExceptionsAdded = all.size();
        }
        if (!this.autoCtx.options.isReduceConfiguredExceptions()) {
            requestRuleExceptions.addAll(all);
        } else {
            requestRuleExceptions.clear();
            requestRuleExceptions.addAll(addAll.addAll(all).getAll());
        }
    }

    @VisibleForTesting
    Set<WaapCrsRuleException> getRuleExceptions(List<LogData> list, RuleDirection ruleDirection) {
        String dateStringToday = getDateStringToday();
        return (Set) list.stream().filter(logData -> {
            return isRuleDirectionMatches(logData.getCrsViolatedRule(), ruleDirection);
        }).filter(logData2 -> {
            return !isEvaluationRule(logData2.getCrsViolatedRule());
        }).map(logData3 -> {
            return RuleExceptionContext.builder().data(logData3).dateString(dateStringToday).build();
        }).map(this::populateRequestPartType).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(this::populatePartAndLocation).map(this::composeRuleException).collect(Collectors.toCollection(LinkedHashSet::new));
    }

    private boolean isRuleDirectionMatches(LogDataRule logDataRule, RuleDirection ruleDirection) {
        return logDataRule.getCategory().startsWith(ruleDirection.name());
    }

    private boolean isEvaluationRule(LogDataRule logDataRule) {
        return logDataRule.getId().intValue() / 1000 == 949 || logDataRule.getId().intValue() / 1000 == 959;
    }

    private RuleExceptionContext populateRequestPartType(RuleExceptionContext ruleExceptionContext) {
        String matchedData = ruleExceptionContext.getData().getCrsViolatedRule().getMatchedData();
        if (matchedData.isEmpty()) {
            return ruleExceptionContext;
        }
        try {
            ruleExceptionContext.setRequestPartType(RequestPartType.valueOf(matchedData));
            return ruleExceptionContext;
        } catch (IllegalArgumentException e) {
            addError("Unknown/unsupported request part type '" + matchedData + "'", ruleExceptionContext.getData().getJson());
            return null;
        }
    }

    private RuleExceptionContext populatePartAndLocation(RuleExceptionContext ruleExceptionContext) {
        if (ruleExceptionContext.getData().getCrsViolatedRule().getId().intValue() == RESTRICTED_HTTP_HEADERS_RULE_ID) {
            extractRestrictedHttpHeaderRule(ruleExceptionContext);
            return ruleExceptionContext;
        }
        extractStandardRule(ruleExceptionContext);
        return ruleExceptionContext;
    }

    private void extractRestrictedHttpHeaderRule(RuleExceptionContext ruleExceptionContext) {
        ruleExceptionContext.setLocation(ruleExceptionContext.getData().getRequestPath());
        String firstGroupOfPatternMatch = getFirstGroupOfPatternMatch(RESTRICTED_HTTP_HEADERS_RULE_NAME_MATCHER, ruleExceptionContext.getData().getCrsViolatedRule().getData());
        if (firstGroupOfPatternMatch != null) {
            ruleExceptionContext.setRequestPartType(RequestPartType.REQUEST_HEADERS);
            ruleExceptionContext.setRequestPartName(firstGroupOfPatternMatch);
        } else {
            ruleExceptionContext.setRequestPartType(null);
            ruleExceptionContext.setRequestPartName("");
        }
    }

    private void extractStandardRule(RuleExceptionContext ruleExceptionContext) {
        RequestPartType requestPartType = ruleExceptionContext.getRequestPartType();
        String str = "";
        if (requestPartType != null && requestPartType.isNameAllowed()) {
            str = ruleExceptionContext.getData().getCrsViolatedRule().getMatchedDataName();
            if (skipPostParts(requestPartType)) {
                requestPartType = null;
                str = "";
            }
        }
        String decode = (requestPartType == null || requestPartType.isLocationAllowed()) ? URLDecoder.decode(removeQuery(ruleExceptionContext.getData().getRequestPath()), StandardCharsets.UTF_8) : "";
        if (ruleExceptionContext.getData().getCrsViolatedRule().getId().intValue() == RESTRICTED_FILE_EXTENSIONS_RULE_ID) {
            requestPartType = null;
            str = "";
            if (!decode.isEmpty() && decode.lastIndexOf(WaapCrsRuleException.ROOT_LOCATION) > decode.indexOf(WaapCrsRuleException.ROOT_LOCATION)) {
                decode = decode.substring(0, decode.lastIndexOf(WaapCrsRuleException.ROOT_LOCATION));
            }
        }
        ruleExceptionContext.setRequestPartType(requestPartType);
        ruleExceptionContext.setRequestPartName(str);
        ruleExceptionContext.setLocation(decode);
    }

    private boolean skipPostParts(RequestPartType requestPartType) {
        return this.autoCtx.options.isSkipPostParts() && POST_PART_TYPES_TO_SKIP.contains(requestPartType);
    }

    private String removeQuery(String str) {
        int indexOf = str.indexOf("?");
        return indexOf < 0 ? str : str.substring(0, indexOf);
    }

    private WaapCrsRuleException composeRuleException(RuleExceptionContext ruleExceptionContext) {
        return WaapCrsRuleException.builder().ruleId(ruleExceptionContext.getData().getCrsViolatedRule().getId().intValue()).requestPartType(ruleExceptionContext.getRequestPartType()).requestPartName(ruleExceptionContext.getRequestPartName()).location(ruleExceptionContext.getLocation()).regEx(false).metadata(WaapCrsRuleException.Metadata.builder().comment(ruleExceptionContext.getData().getCrsViolatedRule().getMessage()).date(ruleExceptionContext.getDateString()).createdBy("autolearning").build()).build();
    }

    private String getFirstGroupOfPatternFind(Pattern pattern, String str) {
        return getFirstGroupOfPattern((v0) -> {
            return v0.find();
        }, pattern, str);
    }

    private String getFirstGroupOfPatternMatch(Pattern pattern, String str) {
        return getFirstGroupOfPattern((v0) -> {
            return v0.matches();
        }, pattern, str);
    }

    private String getFirstGroupOfPattern(Predicate<Matcher> predicate, Pattern pattern, String str) {
        String group;
        Matcher matcher = pattern.matcher(str);
        if (!predicate.test(matcher) || matcher.groupCount() != 1 || (group = matcher.group(1)) == null || group.isEmpty()) {
            return null;
        }
        return group;
    }

    @VisibleForTesting
    static String getDateStringToday() {
        return DateTimeFormatter.ofPattern("yyyy-MM-dd", Locale.ENGLISH).format(LocalDateTime.now());
    }

    private void addError(String str, String str2) {
        this.autoCtx.nErrors++;
        this.autoCtx.errors.add("Could not learn from log line. Reason: '" + str + "'. JSON: '" + str2 + "'.");
    }
}
