package org.owasp.appsensor.handler;

import java.util.Collection;
import javax.inject.Inject;
import javax.inject.Named;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import org.owasp.appsensor.core.AppSensorServer;
import org.owasp.appsensor.core.Attack;
import org.owasp.appsensor.core.ClientApplication;
import org.owasp.appsensor.core.DetectionSystem;
import org.owasp.appsensor.core.Event;
import org.owasp.appsensor.core.IPAddress;
import org.owasp.appsensor.core.RequestHandler;
import org.owasp.appsensor.core.Response;
import org.owasp.appsensor.core.accesscontrol.Action;
import org.owasp.appsensor.core.criteria.SearchCriteria;
import org.owasp.appsensor.core.exceptions.NotAuthorizedException;
import org.owasp.appsensor.core.util.StringUtils;
import org.owasp.appsensor.rest.AccessControlUtils;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.ResponseStatus;

@Path("/api/v1.0")
@Consumes({"application/json"})
@Named
@Produces({"application/json"})
/* loaded from: input_file:org/owasp/appsensor/handler/RestRequestHandler.class */
public class RestRequestHandler implements RequestHandler {

    @Inject
    private AppSensorServer appSensorServer;

    @Inject
    private AccessControlUtils accessControlUtils;

    @Context
    private ContainerRequestContext requestContext;

    @POST
    @Path("/events")
    @ResponseStatus(HttpStatus.CREATED)
    public void addEvent(Event event) throws NotAuthorizedException {
        this.accessControlUtils.checkAuthorization(Action.ADD_EVENT, this.requestContext);
        event.setDetectionSystem(new DetectionSystem(getClientApplicationName(), getDetectionSystemIpAddress(event.getDetectionSystem())));
        this.appSensorServer.getEventStore().addEvent(event);
    }

    @POST
    @Path("/attacks")
    @ResponseStatus(HttpStatus.CREATED)
    public void addAttack(Attack attack) throws NotAuthorizedException {
        this.accessControlUtils.checkAuthorization(Action.ADD_ATTACK, this.requestContext);
        attack.setDetectionSystem(new DetectionSystem(getClientApplicationName(), getDetectionSystemIpAddress(attack.getDetectionSystem())));
        this.appSensorServer.getAttackStore().addAttack(attack);
    }

    @GET
    @Path("/responses")
    public Collection<Response> getResponses(@QueryParam("earliest") String str) throws NotAuthorizedException {
        this.accessControlUtils.checkAuthorization(Action.GET_RESPONSES, this.requestContext);
        return this.appSensorServer.getResponseStore().findResponses(new SearchCriteria().setDetectionSystemIds(StringUtils.toCollection(getClientApplicationName())).setEarliest(str));
    }

    private String getClientApplicationName() {
        return (String) this.requestContext.getProperty("APPSENSOR_CLIENT_APPLICATION_IDENTIFIER_ATTR");
    }

    private IPAddress getDetectionSystemIpAddress(DetectionSystem detectionSystem) {
        ClientApplication findClientApplication;
        IPAddress iPAddress = null;
        if (detectionSystem != null) {
            iPAddress = detectionSystem.getIPAddress();
        }
        if (iPAddress == null && (findClientApplication = this.appSensorServer.getConfiguration().findClientApplication(getClientApplicationName())) != null) {
            iPAddress = findClientApplication.getIpAddress();
        }
        return iPAddress;
    }
}
