package io.gravitee.policy.threatprotection.regex;

import io.gravitee.common.util.MultiValueMap;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.Response;
import io.gravitee.gateway.api.buffer.Buffer;
import io.gravitee.gateway.api.http.HttpHeaders;
import io.gravitee.gateway.api.stream.BufferedReadWriteStream;
import io.gravitee.gateway.api.stream.ReadWriteStream;
import io.gravitee.gateway.api.stream.SimpleReadWriteStream;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequest;
import io.gravitee.policy.api.annotations.OnRequestContent;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.util.List;
import java.util.Objects;
import java.util.regex.Pattern;

/* loaded from: input_file:io/gravitee/policy/threatprotection/regex/RegexThreatProtectionPolicy.class */
public class RegexThreatProtectionPolicy {
    private static final String BAD_REQUEST = "Bad Request";
    private static final String REGEX_THREAT_HEADER_DETECTED_KEY = "REGEX_THREAT_HEADER_DETECTED";
    private static final String REGEX_THREAT_PATH_DETECTED_KEY = "REGEX_THREAT_PATH_DETECTED";
    private static final String REGEX_THREAT_BODY_DETECTED_KEY = "REGEX_THREAT_BODY_DETECTED";
    private RegexThreatProtectionPolicyConfiguration configuration;

    public RegexThreatProtectionPolicy(RegexThreatProtectionPolicyConfiguration regexThreatProtectionPolicyConfiguration) {
        this.configuration = regexThreatProtectionPolicyConfiguration;
    }

    @OnRequest
    public void onRequest(Request request, Response response, PolicyChain policyChain) {
        if (this.configuration.isCheckHeaders() && matches(request.headers())) {
            policyChain.failWith(PolicyResult.failure(REGEX_THREAT_HEADER_DETECTED_KEY, 400, BAD_REQUEST, "text/plain"));
        } else if (this.configuration.isCheckPath() && (this.configuration.getPattern().matcher(decode(request.pathInfo())).matches() || matches(request.parameters(), true))) {
            policyChain.failWith(PolicyResult.failure(REGEX_THREAT_PATH_DETECTED_KEY, 400, BAD_REQUEST, "text/plain"));
        } else {
            policyChain.doNext(request, response);
        }
    }

    @OnRequestContent
    public ReadWriteStream<Buffer> onRequestContent(Request request, final PolicyChain policyChain) {
        if (this.configuration.isCheckBody()) {
            return new BufferedReadWriteStream() { // from class: io.gravitee.policy.threatprotection.regex.RegexThreatProtectionPolicy.1
                final Buffer buffer = Buffer.buffer();

                /* renamed from: write, reason: merged with bridge method [inline-methods] */
                public SimpleReadWriteStream<Buffer> m0write(Buffer buffer) {
                    this.buffer.appendBuffer(buffer);
                    return this;
                }

                public void end() {
                    if (RegexThreatProtectionPolicy.this.configuration.getPattern().matcher(this.buffer.toString()).matches()) {
                        policyChain.streamFailWith(PolicyResult.failure(RegexThreatProtectionPolicy.REGEX_THREAT_BODY_DETECTED_KEY, 400, RegexThreatProtectionPolicy.BAD_REQUEST, "text/plain"));
                        return;
                    }
                    if (this.buffer.length() > 0) {
                        super.write(this.buffer);
                    }
                    super.end();
                }
            };
        }
        return null;
    }

    private boolean matches(HttpHeaders httpHeaders) {
        return matches(httpHeaders, false);
    }

    private boolean matches(HttpHeaders httpHeaders, boolean z) {
        Pattern pattern = this.configuration.getPattern();
        boolean z2 = false;
        for (String str : httpHeaders.names()) {
            z2 = pattern.matcher(str).matches() || httpHeaders.getAll(str).stream().anyMatch(str2 -> {
                return pattern.matcher(z ? decode(str2) : str2).matches();
            });
            if (z2) {
                break;
            }
        }
        return z2;
    }

    private boolean matches(MultiValueMap<String, String> multiValueMap) {
        return matches(multiValueMap, false);
    }

    private boolean matches(MultiValueMap<String, String> multiValueMap, boolean z) {
        Pattern pattern = this.configuration.getPattern();
        return multiValueMap.entrySet().stream().anyMatch(entry -> {
            return pattern.matcher((CharSequence) entry.getKey()).matches() || ((List) entry.getValue()).stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).anyMatch(str -> {
                return pattern.matcher(z ? decode(str) : str).matches();
            });
        });
    }

    private String decode(String str) {
        try {
            return URLDecoder.decode(str, Charset.defaultCharset().name());
        } catch (UnsupportedEncodingException e) {
            return str;
        }
    }
}
