package org.owasp.appsensor.intrusiondetection.reference;

import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.Message;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import org.owasp.appsensor.APPSENSOR;
import org.owasp.appsensor.ASLogger;
import org.owasp.appsensor.ASUser;
import org.owasp.appsensor.AppSensorIntrusion;
import org.owasp.appsensor.AppSensorSecurityConfiguration;
import org.owasp.appsensor.AppSensorServiceController;
import org.owasp.appsensor.AppSensorThreshold;
import org.owasp.appsensor.intrusiondetection.AppSensorIntrusionDetector;
import org.owasp.appsensor.intrusiondetection.ResponseAction;

/* loaded from: input_file:org/owasp/appsensor/intrusiondetection/reference/DefaultResponseAction.class */
public class DefaultResponseAction implements ResponseAction {
    private static volatile ResponseAction singletonInstance;
    private static final ASLogger logger = APPSENSOR.asUtilities().getLogger("DefaultResponseAction");
    private static int SMS_MESSAGE_LENGTH = 160;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/owasp/appsensor/intrusiondetection/reference/DefaultResponseAction$MailType.class */
    public enum MailType {
        EMAIL,
        SMS
    }

    public static ResponseAction getInstance() {
        if (singletonInstance == null) {
            synchronized (DefaultResponseAction.class) {
                if (singletonInstance == null) {
                    singletonInstance = new DefaultResponseAction();
                }
            }
        }
        return singletonInstance;
    }

    @Override // org.owasp.appsensor.intrusiondetection.ResponseAction
    public boolean handleResponse(String str, AppSensorIntrusion appSensorIntrusion) {
        if (str != null) {
            if (str.equalsIgnoreCase("log")) {
                return logEvent(appSensorIntrusion);
            }
            if (str.equalsIgnoreCase("disableComponent")) {
                return disableComponent(appSensorIntrusion);
            }
            if (str.equalsIgnoreCase("smsAdmin")) {
                return smsAdmin(appSensorIntrusion);
            }
            if (str.equalsIgnoreCase("emailAdmin")) {
                return emailAdmin(appSensorIntrusion);
            }
            if (APPSENSOR.asUtilities().getCurrentUser().isAnonymous()) {
                logger.debug("Can't process this action as there is an anonymous user.");
                return true;
            }
            if (str.equalsIgnoreCase("disable")) {
                return disable(appSensorIntrusion.getUser());
            }
            if (str.equalsIgnoreCase("logout")) {
                return logout(appSensorIntrusion.getUser());
            }
            if (str.equalsIgnoreCase("disableComponentForUser")) {
                return disableComponentForUser(appSensorIntrusion);
            }
        }
        throw new IllegalArgumentException("There has been a request for an action that is not supported by this response handler.  The requested action is: " + str);
    }

    private boolean logEvent(AppSensorIntrusion appSensorIntrusion) {
        ASUser user = appSensorIntrusion.getUser();
        logger.debug("Response Action: Logging issue performed by " + user.getAccountId());
        logger.fatal("INTRUSION - Multiple intrusions observed by AppSensorUser:" + user.getAccountName() + ", UserID:" + user.getAccountId() + ", Action: Logging Event with code: " + appSensorIntrusion.getEventCode());
        return true;
    }

    private boolean logout(ASUser aSUser) {
        logger.debug("Response Action: Logging Out User " + aSUser.getAccountId());
        logger.fatal("INTRUSION - Multiple intrusions observed by AppSensorUser:" + aSUser.getAccountName() + ", UserID:" + aSUser.getAccountId() + ", Action: Logging out malicious account");
        aSUser.logout();
        return true;
    }

    private boolean disable(ASUser aSUser) {
        logger.debug("Response Action: Disabling User " + aSUser.getAccountId());
        logger.fatal("INTRUSION - Multiple intrusions observed by AppSensorUser:" + aSUser.getAccountName() + ", UserID:" + aSUser.getAccountId() + ", Action: Disabling and logging out malicious account");
        aSUser.disable();
        aSUser.logout();
        return true;
    }

    private boolean disableComponent(AppSensorIntrusion appSensorIntrusion) {
        AppSensorThreshold appSensorThreshold = AppSensorIntrusionDetector.getAppSensorThreshold(appSensorIntrusion.getEventCode());
        String location = appSensorIntrusion.getLocation();
        if (appSensorThreshold == null) {
            logger.warning("Could not disabled service <" + location + "> because there is no configuration setup in the ESAPI.properties file");
            return false;
        }
        int i = appSensorThreshold.disableComponentDuration;
        String str = appSensorThreshold.disableComponentTimeScale;
        AppSensorServiceController.disableService(location, i, str);
        logger.warning("Successfully disabled service: Suspending Service <" + location + "> for <" + i + "> <" + str + ">");
        return true;
    }

    private boolean disableComponentForUser(AppSensorIntrusion appSensorIntrusion) {
        AppSensorThreshold appSensorThreshold = AppSensorIntrusionDetector.getAppSensorThreshold(appSensorIntrusion.getEventCode());
        String location = appSensorIntrusion.getLocation();
        ASUser user = appSensorIntrusion.getUser();
        String valueOf = String.valueOf(user.getAccountId());
        if (appSensorThreshold == null) {
            logger.warning("Could not disabled service <" + location + "> for userId/username <" + valueOf + "/" + user.getAccountName() + "> because there is no configuration setup in the ESAPI.properties file");
            return false;
        }
        int i = appSensorThreshold.disableComponentForUserDuration;
        String str = appSensorThreshold.disableComponentForUserTimeScale;
        AppSensorServiceController.disableServiceForUser(location, valueOf, i, str);
        logger.warning("Successfully disabled service: Suspending Service <" + location + "> for userId/username <" + valueOf + "/" + user.getAccountName() + "> for <" + i + "> <" + str + ">");
        return true;
    }

    private boolean smsAdmin(AppSensorIntrusion appSensorIntrusion) {
        ASUser user = appSensorIntrusion.getUser();
        logger.debug("Response Action: Sending SMS to Admin due to issue performed by " + user.getAccountId());
        logger.fatal("INTRUSION - Multiple intrusions observed by AppSensorUser:" + user.getAccountName() + ", UserID:" + user.getAccountId() + ", Action: Sending SMS to Admin with code: " + appSensorIntrusion.getEventCode());
        String str = "User:" + user.getAccountName() + " (ID:" + user.getAccountId() + ") / caused event code: " + appSensorIntrusion.getEventCode();
        int length = "AppSensor Issue Detection".length() + str.length();
        if (length > SMS_MESSAGE_LENGTH) {
            str = str.substring(0, (SMS_MESSAGE_LENGTH - length) - 1);
        }
        return sendEmail(MailType.SMS, "AppSensor Issue Detection", str);
    }

    private boolean emailAdmin(AppSensorIntrusion appSensorIntrusion) {
        ASUser user = appSensorIntrusion.getUser();
        logger.debug("Response Action: Sending email to Admin due to issue performed by " + user.getAccountId());
        logger.fatal("INTRUSION - Multiple intrusions observed by AppSensorUser:" + user.getAccountName() + ", UserID:" + user.getAccountId() + ", Action: Sending email to Admin with code: " + appSensorIntrusion.getEventCode());
        return sendEmail(MailType.EMAIL, "AppSensor Issue Detection", ("User:" + user.getAccountName() + " (ID:" + user.getAccountId() + ") / caused event code: " + appSensorIntrusion.getEventCode()) + "\r\nSee http://www.owasp.org/index.php/Category:OWASP_AppSensor_Project#tab=Detection_Points for more information.");
    }

    private boolean sendEmail(MailType mailType, String str, String str2) {
        String sMSEmailProtocol;
        String sMSEmailHost;
        int sMSEmailPort;
        boolean sMSEmailAuthenticationRequired;
        String sMSEmailAuthenticationUser;
        String sMSEmailAuthenticationPassword;
        String sMSEmailFromAccount;
        List<String> sMSEmailToAccounts;
        AppSensorSecurityConfiguration appSensorSecurityConfiguration = new AppSensorSecurityConfiguration();
        try {
            boolean z = false;
            if (MailType.EMAIL.equals(mailType)) {
                sMSEmailProtocol = appSensorSecurityConfiguration.getEmailProtocol();
                sMSEmailHost = appSensorSecurityConfiguration.getEmailHost();
                sMSEmailPort = appSensorSecurityConfiguration.getEmailPort();
                sMSEmailAuthenticationRequired = appSensorSecurityConfiguration.getEmailAuthenticationRequired();
                sMSEmailAuthenticationUser = appSensorSecurityConfiguration.getEmailAuthenticationUser();
                sMSEmailAuthenticationPassword = appSensorSecurityConfiguration.getEmailAuthenticationPassword();
                sMSEmailFromAccount = appSensorSecurityConfiguration.getEmailFromAccount();
                sMSEmailToAccounts = appSensorSecurityConfiguration.getEmailToAccounts();
            } else {
                if (!MailType.SMS.equals(mailType)) {
                    throw new IllegalArgumentException("Invalid MailType passed in");
                }
                sMSEmailProtocol = appSensorSecurityConfiguration.getSMSEmailProtocol();
                sMSEmailHost = appSensorSecurityConfiguration.getSMSEmailHost();
                sMSEmailPort = appSensorSecurityConfiguration.getSMSEmailPort();
                sMSEmailAuthenticationRequired = appSensorSecurityConfiguration.getSMSEmailAuthenticationRequired();
                sMSEmailAuthenticationUser = appSensorSecurityConfiguration.getSMSEmailAuthenticationUser();
                sMSEmailAuthenticationPassword = appSensorSecurityConfiguration.getSMSEmailAuthenticationPassword();
                sMSEmailFromAccount = appSensorSecurityConfiguration.getSMSEmailFromAccount();
                sMSEmailToAccounts = appSensorSecurityConfiguration.getSMSEmailToAccounts();
            }
            if ("smtps".equals(sMSEmailProtocol)) {
                z = true;
                sMSEmailProtocol = "smtp";
            }
            Properties properties = new Properties();
            if (z) {
                properties.put("mail.smtp.starttls.enable", "true");
                properties.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
            }
            properties.setProperty("mail.transport.protocol", sMSEmailProtocol);
            properties.setProperty("mail.host", sMSEmailHost);
            properties.setProperty("mail.port", String.valueOf(sMSEmailPort));
            if (sMSEmailAuthenticationRequired) {
                properties.setProperty("mail.smtp.auth", "true");
                properties.setProperty("mail.user", sMSEmailAuthenticationUser);
                properties.setProperty("mail.password", sMSEmailAuthenticationPassword);
            }
            Session defaultInstance = Session.getDefaultInstance(properties, (Authenticator) null);
            Transport transport = defaultInstance.getTransport(sMSEmailProtocol);
            if (sMSEmailAuthenticationRequired) {
                transport.connect(sMSEmailHost, sMSEmailPort, sMSEmailAuthenticationUser, sMSEmailAuthenticationPassword);
            }
            MimeMessage mimeMessage = new MimeMessage(defaultInstance);
            mimeMessage.setFrom(new InternetAddress(sMSEmailFromAccount));
            Iterator<String> it = sMSEmailToAccounts.iterator();
            while (it.hasNext()) {
                mimeMessage.addRecipient(Message.RecipientType.TO, new InternetAddress(it.next()));
            }
            mimeMessage.setSubject(str);
            mimeMessage.setText(str2);
            transport.sendMessage(mimeMessage, mimeMessage.getAllRecipients());
            return true;
        } catch (Exception e) {
            logger.fatal("Could not send email (type - " + (MailType.SMS.equals(mailType) ? "SMS" : "standard email") + ") to admin: ", e);
            return false;
        }
    }
}
