package com.perimeterx.api;

import com.google.gson.Gson;
import com.perimeterx.api.activities.ActivityHandler;
import com.perimeterx.api.activities.BufferedActivityHandler;
import com.perimeterx.api.additionalContext.credentialsIntelligence.loginresponse.LoginResponseValidatorFactory;
import com.perimeterx.api.providers.CombinedIPProvider;
import com.perimeterx.api.providers.DefaultHostnameProvider;
import com.perimeterx.api.providers.HostnameProvider;
import com.perimeterx.api.providers.IPProvider;
import com.perimeterx.api.proxy.ReverseProxy;
import com.perimeterx.api.remoteconfigurations.DefaultRemoteConfigManager;
import com.perimeterx.api.remoteconfigurations.TimerConfigUpdater;
import com.perimeterx.api.verificationhandler.DefaultVerificationHandler;
import com.perimeterx.api.verificationhandler.TestVerificationHandler;
import com.perimeterx.api.verificationhandler.VerificationHandler;
import com.perimeterx.http.PXClient;
import com.perimeterx.http.RequestWrapper;
import com.perimeterx.http.ResponseWrapper;
import com.perimeterx.internals.PXCookieValidator;
import com.perimeterx.internals.PXS2SValidator;
import com.perimeterx.models.PXContext;
import com.perimeterx.models.activities.UpdateReason;
import com.perimeterx.models.configuration.PXConfiguration;
import com.perimeterx.models.configuration.PXDynamicConfiguration;
import com.perimeterx.models.exceptions.PXException;
import com.perimeterx.utils.Constants;
import com.perimeterx.utils.EnforcerErrorUtils;
import com.perimeterx.utils.HMACUtils;
import com.perimeterx.utils.StringUtils;
import com.perimeterx.utils.logger.IPXLogger;
import com.perimeterx.utils.logger.LogReason;
import com.perimeterx.utils.logger.LoggerFactory;
import java.io.Closeable;
import java.io.IOException;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponseWrapper;

/* loaded from: input_file:com/perimeterx/api/PerimeterX.class */
public class PerimeterX implements Closeable {
    public static IPXLogger globalLogger = LoggerFactory.getGlobalLogger();
    private PXConfiguration configuration;
    private PXS2SValidator serverValidator;
    private PXCookieValidator cookieValidator;
    private ActivityHandler activityHandler;
    private IPProvider ipProvider;
    private HostnameProvider hostnameProvider;
    private VerificationHandler verificationHandler;
    private ReverseProxy reverseProxy;
    private PXClient pxClient = null;
    private RequestFilter requestFilter;

    private void init(PXConfiguration pXConfiguration) throws PXException {
        globalLogger.debug(LogReason.DEBUG_INITIALIZING_MODULE, new Object[0]);
        pXConfiguration.mergeConfigurations();
        this.configuration = pXConfiguration;
        this.hostnameProvider = new DefaultHostnameProvider();
        this.ipProvider = new CombinedIPProvider(pXConfiguration);
        setPxClient(pXConfiguration);
        this.activityHandler = new BufferedActivityHandler(this.pxClient, this.configuration);
        this.requestFilter = new RequestFilter(pXConfiguration);
        if (pXConfiguration.isRemoteConfigurationEnabled()) {
            DefaultRemoteConfigManager defaultRemoteConfigManager = new DefaultRemoteConfigManager(pXConfiguration, this.pxClient);
            PXDynamicConfiguration configuration = defaultRemoteConfigManager.getConfiguration();
            if (configuration == null) {
                defaultRemoteConfigManager.disableModuleOnError();
            } else {
                defaultRemoteConfigManager.updateConfiguration(configuration);
            }
            new TimerConfigUpdater(defaultRemoteConfigManager, pXConfiguration, this.activityHandler).schedule();
        }
        this.serverValidator = new PXS2SValidator(this.pxClient, this.configuration);
        this.cookieValidator = new PXCookieValidator(this.configuration);
        setVerificationHandler();
        setReverseProxy(pXConfiguration);
    }

    private void setReverseProxy(PXConfiguration pXConfiguration) {
        this.reverseProxy = pXConfiguration.getReverseProxyInstance();
    }

    private void setPxClient(PXConfiguration pXConfiguration) throws PXException {
        this.pxClient = pXConfiguration.getPxClientInstance();
    }

    private void setVerificationHandler() {
        if (this.configuration.isTestingMode()) {
            this.verificationHandler = new TestVerificationHandler(this.configuration, this.activityHandler);
        } else {
            this.verificationHandler = new DefaultVerificationHandler(this.configuration, this.activityHandler);
        }
    }

    public PerimeterX(PXConfiguration pXConfiguration) throws PXException {
        init(pXConfiguration);
    }

    public PerimeterX(PXConfiguration pXConfiguration, IPProvider iPProvider, HostnameProvider hostnameProvider) throws PXException {
        init(pXConfiguration);
        this.ipProvider = iPProvider;
        this.hostnameProvider = hostnameProvider;
    }

    public PerimeterX(PXConfiguration pXConfiguration, IPProvider iPProvider) throws PXException {
        init(pXConfiguration);
        this.ipProvider = iPProvider;
    }

    public PerimeterX(PXConfiguration pXConfiguration, HostnameProvider hostnameProvider) throws PXException {
        init(pXConfiguration);
        this.hostnameProvider = hostnameProvider;
    }

    public PXContext pxVerify(HttpServletRequest httpServletRequest, HttpServletResponseWrapper httpServletResponseWrapper) throws PXException {
        PXContext pXContext = null;
        globalLogger.debug(LogReason.DEBUG_STARTING_REQUEST_VERIFICATION, new Object[0]);
        try {
        } catch (Exception e) {
            if (0 != 0) {
                if (!pXContext.getS2sErrorReasonInfo().isErrorSet()) {
                    EnforcerErrorUtils.handleEnforcerError(null, "Unexpected error", e);
                }
                this.activityHandler.handlePageRequestedActivity(null);
                pXContext.setVerified(true);
            }
        }
        if (!moduleEnabled()) {
            globalLogger.debug(LogReason.DEBUG_MODULE_DISABLED, new Object[0]);
            return null;
        }
        pXContext = new PXContext(httpServletRequest, this.ipProvider, this.hostnameProvider, this.configuration);
        if (shouldReverseRequest(httpServletRequest, httpServletResponseWrapper, pXContext)) {
            pXContext.setFirstPartyRequest(true);
            return pXContext;
        }
        if (this.requestFilter.isFilteredRequest(httpServletRequest, pXContext)) {
            return pXContext;
        }
        if (isValidTelemetryRequest(httpServletRequest, pXContext)) {
            this.activityHandler.handleEnforcerTelemetryActivity(this.configuration, UpdateReason.COMMAND, pXContext);
            return pXContext;
        }
        handleCookies(pXContext);
        addCustomHeadersToRequest(httpServletRequest, pXContext);
        pXContext.setVerified(this.verificationHandler.handleVerification(pXContext, httpServletResponseWrapper));
        return pXContext;
    }

    private boolean moduleEnabled() {
        return this.configuration.isModuleEnabled();
    }

    private boolean shouldReverseRequest(HttpServletRequest httpServletRequest, HttpServletResponseWrapper httpServletResponseWrapper, PXContext pXContext) throws IOException, URISyntaxException {
        return this.reverseProxy.reversePxClient(httpServletRequest, httpServletResponseWrapper, pXContext) || this.reverseProxy.reversePxXhr(httpServletRequest, httpServletResponseWrapper, pXContext) || this.reverseProxy.reverseCaptcha(httpServletRequest, httpServletResponseWrapper, pXContext);
    }

    private void handleCookies(PXContext pXContext) {
        if (this.cookieValidator.verify(pXContext)) {
            pXContext.logger.debug(LogReason.DEBUG_COOKIE_EVALUATION_FINISHED, Integer.valueOf(pXContext.getRiskScore()));
            return;
        }
        pXContext.logger.debug(LogReason.DEBUG_COOKIE_MISSING, new Object[0]);
        if (this.serverValidator.verify(pXContext)) {
            pXContext.logger.debug(LogReason.DEBUG_COOKIE_VERSION_FOUND, pXContext.getCookieVersion());
        }
    }

    private void addCustomHeadersToRequest(HttpServletRequest httpServletRequest, PXContext pXContext) {
        if (pXContext.getLoginData() == null || pXContext.getLoginData().getLoginCredentials() == null) {
            return;
        }
        setBreachedAccount(httpServletRequest, pXContext);
        setAdditionalS2SActivityHeaders(httpServletRequest, pXContext);
    }

    private void setBreachedAccount(HttpServletRequest httpServletRequest, PXContext pXContext) {
        if (this.configuration.isLoginCredentialsExtractionEnabled() && pXContext.isBreachedAccount()) {
            ((RequestWrapper) httpServletRequest).addHeader(this.configuration.getPxCompromisedCredentialsHeader(), String.valueOf(pXContext.getPxde().get(Constants.BREACHED_ACCOUNT_KEY_NAME)));
        }
    }

    private void setAdditionalS2SActivityHeaders(HttpServletRequest httpServletRequest, PXContext pXContext) {
        if (this.configuration.isAdditionalS2SActivityHeaderEnabled()) {
            String json = new Gson().toJson(((BufferedActivityHandler) this.activityHandler).createAdditionalS2SActivity(pXContext));
            String str = this.configuration.getServerURL() + Constants.API_ACTIVITIES;
            ((RequestWrapper) httpServletRequest).addHeader(Constants.ADDITIONAL_ACTIVITY_HEADER, json);
            ((RequestWrapper) httpServletRequest).addHeader(Constants.ADDITIONAL_ACTIVITY_URL_HEADER, str);
        }
    }

    public void pxPostVerify(ResponseWrapper responseWrapper, PXContext pXContext) throws PXException {
        if (pXContext != null) {
            if (responseWrapper != null) {
                try {
                    if (!this.configuration.isAdditionalS2SActivityHeaderEnabled() && pXContext.isContainCredentialsIntelligence()) {
                        handleAdditionalS2SActivityWithCI(responseWrapper, pXContext);
                    }
                } catch (Exception e) {
                    pXContext.logger.error("Failed to post verify response. Error :: ", e.getMessage());
                    return;
                }
            }
            pXContext.logger.sendMemoryLogs(this.configuration, pXContext);
        }
    }

    private void handleAdditionalS2SActivityWithCI(ResponseWrapper responseWrapper, PXContext pXContext) throws PXException {
        pXContext.getLoginData().setLoginSuccessful(Boolean.valueOf(LoginResponseValidatorFactory.create(this.configuration, pXContext).isSuccessfulLogin(responseWrapper)));
        pXContext.getLoginData().setResponseStatusCode(Integer.valueOf(responseWrapper.getStatus()));
        this.activityHandler.handleAdditionalS2SActivity(pXContext);
    }

    public boolean isValidTelemetryRequest(HttpServletRequest httpServletRequest, PXContext pXContext) {
        String header = httpServletRequest.getHeader(Constants.DEFAULT_TELEMETRY_REQUEST_HEADER_NAME);
        if (Objects.isNull(header)) {
            return false;
        }
        try {
            pXContext.logger.debug("Received command to send enforcer telemetry", new Object[0]);
            String[] split = new String(Base64.getDecoder().decode(header)).split(":");
            if (split.length != 2) {
                return false;
            }
            String str = split[0];
            String str2 = split[1];
            if (Long.parseLong(str) < System.currentTimeMillis()) {
                pXContext.logger.error("Telemetry command has expired.", new Object[0]);
                return false;
            }
            String lowerCase = StringUtils.byteArrayToHexString(HMACUtils.HMACString(str, this.configuration.getCookieKey())).toLowerCase();
            if (MessageDigest.isEqual(lowerCase.getBytes(), str2.getBytes())) {
                return true;
            }
            pXContext.logger.error("Telemetry validation failed - invalid hmac, original=" + str2 + ", generated=" + lowerCase, new Object[0]);
            return false;
        } catch (IllegalArgumentException | InvalidKeyException | NoSuchAlgorithmException e) {
            pXContext.logger.error("Telemetry validation failed.", new Object[0]);
            return false;
        }
    }

    public void setActivityHandler(ActivityHandler activityHandler) {
        this.activityHandler = activityHandler;
        setVerificationHandler();
    }

    public void setIpProvider(IPProvider iPProvider) {
        this.ipProvider = iPProvider;
    }

    public void setHostnameProvider(HostnameProvider hostnameProvider) {
        this.hostnameProvider = hostnameProvider;
    }

    public void setVerificationHandler(VerificationHandler verificationHandler) {
        this.verificationHandler = verificationHandler;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.pxClient != null) {
            this.pxClient.close();
        }
    }
}
