package org.owasp.appsensor.intrusiondetection;

import java.util.List;
import org.owasp.appsensor.APPSENSOR;
import org.owasp.appsensor.ASLogger;
import org.owasp.appsensor.AppSensorIntrusion;
import org.owasp.appsensor.AppSensorSecurityConfiguration;
import org.owasp.appsensor.AppSensorThreshold;
import org.owasp.appsensor.errors.AppSensorException;
import org.owasp.appsensor.errors.AppSensorSystemException;
import org.owasp.esapi.IntrusionDetector;
import org.owasp.esapi.errors.EnterpriseSecurityException;
import org.owasp.esapi.errors.IntrusionException;

/* loaded from: input_file:org/owasp/appsensor/intrusiondetection/AppSensorIntrusionDetector.class */
public class AppSensorIntrusionDetector implements IntrusionDetector {
    private static volatile IntrusionDetector singletonInstance;
    private static final ASLogger logger = APPSENSOR.asUtilities().getLogger("AppSensorIntrusionDetector");
    private static IntrusionStore intrusionStore = null;
    private static ResponseAction responseAction = null;
    private static AppSensorSecurityConfiguration assc = AppSensorSecurityConfiguration.getInstance();

    public static IntrusionDetector getInstance() {
        if (singletonInstance == null) {
            synchronized (AppSensorIntrusionDetector.class) {
                if (singletonInstance == null) {
                    singletonInstance = new AppSensorIntrusionDetector();
                }
            }
        }
        return singletonInstance;
    }

    public AppSensorIntrusionDetector() {
        if (responseAction == null) {
            responseAction = APPSENSOR.responseAction();
        }
        if (intrusionStore == null) {
            intrusionStore = APPSENSOR.intrusionStore();
        }
    }

    public AppSensorIntrusionDetector(ResponseAction responseAction2, IntrusionStore intrusionStore2) {
        responseAction = responseAction2;
        intrusionStore = intrusionStore2;
    }

    public void addEvent(String str, String str2) throws IntrusionException {
        logger.warning("Security event " + str + " received with message: " + str2);
        logger.warning("Forwarding on Security event " + str + " as an AppSensorException");
        new AppSensorException(str, str2, str2);
    }

    public void addException(Exception exc) throws IntrusionException {
        if (exc instanceof IntrusionException) {
            return;
        }
        if (exc instanceof EnterpriseSecurityException) {
            logger.warning(((EnterpriseSecurityException) exc).getLogMessage(), exc);
        } else if (exc instanceof AppSensorException) {
            logger.warning(((AppSensorException) exc).getLogMessage(), exc);
        } else if (exc instanceof AppSensorSystemException) {
            logger.warning(((AppSensorSystemException) exc).getLogMessage(), exc);
        } else {
            logger.warning(exc.getMessage(), exc);
        }
        AppSensorIntrusion addExceptionToIntrusionStore = intrusionStore.addExceptionToIntrusionStore(exc);
        IntrusionRecord intrusionRecordForSystemUser = addExceptionToIntrusionStore.getSecurityException() instanceof AppSensorSystemException ? intrusionStore.getIntrusionRecordForSystemUser() : intrusionStore.getIntrusionRecordForCurrentUser();
        if (checkUserViolation(intrusionRecordForSystemUser, addExceptionToIntrusionStore.getEventCode())) {
            takeSecurityAction(intrusionRecordForSystemUser, addExceptionToIntrusionStore);
        } else if (checkUserViolation(intrusionRecordForSystemUser, IntrusionRecord.ALL_INTRUSIONS)) {
            takeSecurityAction(intrusionRecordForSystemUser, addExceptionToIntrusionStore);
        }
    }

    private boolean checkUserViolation(IntrusionRecord intrusionRecord, String str) {
        try {
            AppSensorThreshold appSensorThreshold = getAppSensorThreshold(str);
            Long valueOf = Long.valueOf(appSensorThreshold.interval);
            logger.info((("Checking for user violation: EventCode: " + str + ", ") + "Threshold: " + appSensorThreshold.name + ", Allowed Limit: " + appSensorThreshold.count + ", ") + "Total Events Recorded: " + (IntrusionRecord.ALL_INTRUSIONS.equalsIgnoreCase(str) ? intrusionRecord.getNumberOfAllIntrusions() : intrusionRecord.getNumberOfIntrusions(str)));
            int numberOfIntrusionsInInterval = intrusionRecord.getNumberOfIntrusionsInInterval(str, valueOf);
            int i = numberOfIntrusionsInInterval;
            if (i % appSensorThreshold.count != 0) {
                i %= appSensorThreshold.count;
            }
            logger.debug("Total Overall Events Qualifying " + numberOfIntrusionsInInterval);
            logger.debug("Total Events Qualifying For Threshold " + i);
            if (i < appSensorThreshold.count) {
                logger.info("No Violation for id <" + intrusionRecord.getUserID() + ">");
                return false;
            }
            logger.info("Violation Observed for id <" + intrusionRecord.getUserID() + ">");
            intrusionRecord.addViolation(str);
            return true;
        } catch (NullPointerException e) {
            return false;
        }
    }

    private void takeSecurityAction(IntrusionRecord intrusionRecord, AppSensorIntrusion appSensorIntrusion) {
        String lastViolation;
        AppSensorThreshold appSensorThreshold;
        synchronized (this) {
            if (intrusionRecord.getLastViolation() == null) {
                throw new IllegalArgumentException("The last Violation is null - this SHOULD NOT happen!  It should be set as part of determining the threshold has been crossed which occurs before taking security action");
            }
            lastViolation = intrusionRecord.getLastViolation();
        }
        try {
            appSensorThreshold = getAppSensorThreshold(lastViolation);
        } catch (Exception e) {
            logger.warning("No threshhold defined for" + lastViolation);
            appSensorThreshold = getAppSensorThreshold(IntrusionRecord.ALL_INTRUSIONS);
        }
        List list = appSensorThreshold.actions;
        logger.debug("Possible response actions for this event are: " + list);
        String lastResponseAction = intrusionRecord.getLastResponseAction(appSensorIntrusion.getEventCode());
        int i = 0;
        if (lastResponseAction != null) {
            i = list.indexOf(lastResponseAction) + 1;
            logger.debug("Last executed response was: " + lastResponseAction);
        }
        if (i >= list.size()) {
            i = list.size() - 1;
            logger.error("No further response actions defined. Repeating last action of '" + ((String) list.get(i)) + "'");
        }
        String str = (String) list.get(i);
        intrusionRecord.setLastResponseAction(str, appSensorIntrusion.getEventCode());
        responseAction.handleResponse(str, appSensorIntrusion);
    }

    public static AppSensorThreshold getAppSensorThreshold(String str) {
        return assc.getAppSensorQuota(str);
    }

    public IntrusionStore getIntrusionStore() {
        return intrusionStore;
    }

    public ResponseAction getResponseAction() {
        return responseAction;
    }
}
