package com.trend.iwss.jscan.runtime;

import com.trend.iwss.jscan.runtime.MethodRefMatcher;
import com.trend.iwss.jscan.runtime.PolicyRuntime;
import java.io.File;
import java.net.DatagramPacket;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.net.UnknownHostException;
import java.util.StringTokenizer;

/* loaded from: input_file:com/trend/iwss/jscan/runtime/NetworkPolicyRuntime.class */
public final class NetworkPolicyRuntime extends PolicyRuntime {
    public static final String FULLCLASSPATH;
    public static final String NAME = "Network";
    public static final String PROP_PREFIX = "net";
    public static final Factory FACT;
    public static final String CFG_NETWORK_CONNECT_SOURCE_BOOL = "connect_src";
    public static final String CFG_NETWORK_CONNECT_OTHER_BOOL = "connect_other";
    public static final String CFG_NETWORK_CONNECT_EXCLUDED_DOMAINS_LIST = "connect_ex_dom_list";
    public static final String CFG_NETWORK_CONNECT_INCLUDED_DOMAINS_LIST = "connect_in_dom_list";
    public static final String CFG_NETWORK_BIND_ENABLE = "bind_enable";
    public static final MethodRefMatcher.Set MATCHERS;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_INIT;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_INIT_I;
    public static final MethodRefMatcher MATCH_SERVER_SOCKET_BIND;
    public static final MethodRefMatcher MATCH_SOCKET_INIT_INETADDR;
    public static final MethodRefMatcher MATCH_SOCKET_INIT_STRING;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_INIT_I;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_SEND;
    public static final MethodRefMatcher MATCH_DATAGRAM_SOCKET_RECEIVE;
    public static final MethodRefMatcher MATCH_URL_CONNECTION_INIT;
    public static final MethodRefMatcher MATCH_URL_CONNECTION_CONNECT;
    public static final MethodRefMatcher MATCH_URL_INIT;
    public static final MethodRefMatcher MATCH_URL_OPEN;
    public static final String CLASS_INETADDRESS = "java.net.InetAddress";
    public static final String CLASS_INETSOCKETADDRESS = "java.net.InetSocketAddress";
    public static final String METH_INETSOCKETADDRESS_GETHOSTNAME = "getHostName";
    public static final String METH_INETSOCKETADDRESS_GETADDRESS = "getAddress";
    public static final String URL_PROTOCOL_FILE = "file";
    public static final String URL_PROTOCOL_JAR = "jar";
    public static final String URL_PROTOCOL_FTP = "ftp";
    public static final String LOCALHOST_NAME = "localhost";
    public static final String LOOPBACK_IPADDR = "127.0.0.1";
    private String m_originURI;
    private String m_originHost;
    private InetAddress m_originInetAddress;
    private boolean m_localBindEnabled;
    private boolean m_connectToOriginEnabled;
    private boolean m_connectToOtherEnabled;
    private String m_otherDomainsExceptions;
    static Class class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/trend/iwss/jscan/runtime/NetworkPolicyRuntime$Factory.class */
    public static class Factory extends PolicyRuntime.Factory {
        Factory(String str) {
            super(str);
        }

        @Override // com.trend.iwss.jscan.runtime.PolicyRuntime.Factory
        PolicyRuntime make(Session session) {
            return new NetworkPolicyRuntime(session);
        }
    }

    NetworkPolicyRuntime(Session session) {
        super(NAME, PROP_PREFIX, session);
        this.m_originURI = getStrProp(PolicyRuntime.CFG_JSCAN_SESSION_ORIGIN_URI, null);
        this.m_originHost = getHostFromURI(this.m_originURI);
        this.m_originInetAddress = getInetAddr(this.m_originHost);
        this.m_localBindEnabled = getBoolPolicyProp(CFG_NETWORK_BIND_ENABLE, false);
        this.m_connectToOriginEnabled = getBoolPolicyProp(CFG_NETWORK_CONNECT_SOURCE_BOOL, true);
        this.m_connectToOtherEnabled = getBoolPolicyProp(CFG_NETWORK_CONNECT_OTHER_BOOL, false);
        this.m_otherDomainsExceptions = getStrPolicyProp(this.m_connectToOtherEnabled ? CFG_NETWORK_CONNECT_EXCLUDED_DOMAINS_LIST : CFG_NETWORK_CONNECT_INCLUDED_DOMAINS_LIST, "");
    }

    public static void preFilter(CallContext callContext) {
        PolicyRuntime.preFilter(callContext, FACT);
    }

    public static void postFilter(CallContext callContext) {
        PolicyRuntime.postFilter(callContext, FACT);
    }

    @Override // com.trend.iwss.jscan.runtime.PolicyRuntime
    void _preFilter(CallContext callContext) {
        if (MATCH_SERVER_SOCKET_INIT_I.match(callContext)) {
            int intValue = callContext.getArg(0).getIntValue();
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL, new StringBuffer().append("").append(intValue).toString());
            return;
        }
        if (MATCH_SERVER_SOCKET_INIT.match(callContext)) {
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL_UNSPEC);
            return;
        }
        if (MATCH_SOCKET_INIT_INETADDR.match(callContext)) {
            InetAddress inetAddress = (InetAddress) callContext.getArg(0).getObjectValue();
            if (allowInetAddr(inetAddress)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, inetAddress.getHostName());
            return;
        }
        if (MATCH_SOCKET_INIT_STRING.match(callContext)) {
            String str = (String) callContext.getArg(0).getObjectValue();
            if (allowHostName(str)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, str);
            return;
        }
        if (MATCH_DATAGRAM_SOCKET_INIT_I.match(callContext)) {
            int intValue2 = callContext.getArg(0).getIntValue();
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL, new StringBuffer().append("").append(intValue2).toString());
            return;
        }
        if (MATCH_DATAGRAM_SOCKET_SEND.match(callContext)) {
            InetAddress address = ((DatagramPacket) callContext.getArg(0).getObjectValue()).getAddress();
            if (allowInetAddr(address)) {
                return;
            }
            stopAction(Msgs.A_SENDDATA, address.toString());
            return;
        }
        if (MATCH_SERVER_SOCKET_BIND.match(callContext)) {
            checkInetSocketAddr(callContext.getArg(0).getObjectValue());
            return;
        }
        if (MATCH_URL_CONNECTION_INIT.match(callContext)) {
            checkURL((URL) callContext.getArg(0).getObjectValue(), callContext);
        } else if (MATCH_URL_CONNECTION_CONNECT.match(callContext)) {
            checkURL(((URLConnection) callContext.getTarget()).getURL(), callContext);
        } else if (MATCH_URL_OPEN.match(callContext)) {
            checkURL((URL) callContext.getTarget(), callContext);
        }
    }

    @Override // com.trend.iwss.jscan.runtime.PolicyRuntime
    void _postFilter(CallContext callContext) {
        if (!MATCH_DATAGRAM_SOCKET_RECEIVE.match(callContext)) {
            if (MATCH_URL_INIT.match(callContext)) {
                checkURL((URL) callContext.getTarget(), callContext);
            }
        } else {
            InetAddress address = ((DatagramPacket) callContext.getArg(0).getObjectValue()).getAddress();
            if (allowInetAddr(address)) {
                return;
            }
            stopAction(Msgs.A_RECEIVEDATA, address.toString());
        }
    }

    public static boolean isFileProtocol(URL url) {
        return null != getFileProtocolFilename(url);
    }

    public static String getFileProtocolFilename(URL url) {
        URL fileUrlFromJarUrl;
        if (null == url) {
            return null;
        }
        String protocol = url.getProtocol();
        if (!"file".equalsIgnoreCase(protocol) && !URL_PROTOCOL_FTP.equalsIgnoreCase(protocol)) {
            if (URL_PROTOCOL_JAR.equalsIgnoreCase(protocol) && null != (fileUrlFromJarUrl = fileUrlFromJarUrl(url)) && "file".equalsIgnoreCase(fileUrlFromJarUrl.getProtocol())) {
                return toNormalFilePath(fileUrlFromJarUrl.getFile());
            }
            return null;
        }
        return toNormalFilePath(url.getFile());
    }

    public static String toNormalFilePath(String str) {
        String str2 = str;
        if (File.separatorChar != '/') {
            str2 = str2.replace('/', File.separatorChar);
        }
        if (str2.length() >= 3) {
            if (str2.charAt(2) == '|') {
                str2 = new StringBuffer().append(str2.substring(0, 2)).append(":").append(str2.substring(3, str2.length())).toString();
            }
            if (str2.charAt(0) == File.separatorChar && str2.charAt(2) == ':') {
                str2 = str2.substring(1);
            }
        }
        return str2;
    }

    public static boolean isLocalFileProtocol(URL url) {
        if (null != url && isFileProtocol(url)) {
            return isLocal(url);
        }
        return false;
    }

    public static boolean isLocal(URL url) {
        if (null == url) {
            return false;
        }
        URL url2 = url;
        if (URL_PROTOCOL_JAR.equalsIgnoreCase(url2.getProtocol())) {
            url2 = fileUrlFromJarUrl(url2);
            if (null == url2) {
                return false;
            }
        }
        String host = url2.getHost();
        if (null == host || LOCALHOST_NAME.equalsIgnoreCase(host) || LOOPBACK_IPADDR.equalsIgnoreCase(host)) {
            return true;
        }
        InetAddress localhostInetAddr = getLocalhostInetAddr();
        if (null == localhostInetAddr) {
            return false;
        }
        return host.equals(localhostInetAddr.getHostName());
    }

    private static URL fileUrlFromJarUrl(URL url) {
        String file = url.getFile();
        int indexOf = file.indexOf("!/");
        try {
            return new URL(-1 != indexOf ? file.substring(0, indexOf) : file);
        } catch (MalformedURLException e) {
            return null;
        }
    }

    private void checkURL(URL url, CallContext callContext) {
        if (isLocalFileProtocol(url)) {
            PolicyRuntime.preFilter(callContext, FileIOPolicyRuntime.FACT);
        } else {
            if (allowHostName(url.getHost())) {
                return;
            }
            stopAction(Msgs.A_CONNECT, url.toString());
        }
    }

    private void checkInetSocketAddr(Object obj) {
        String invokeStringGetter = PolicyRuntime.invokeStringGetter(obj, CLASS_INETSOCKETADDRESS, METH_INETSOCKETADDRESS_GETHOSTNAME);
        Object invokeZeroArgMethod = PolicyRuntime.invokeZeroArgMethod(obj, CLASS_INETSOCKETADDRESS, METH_INETSOCKETADDRESS_GETADDRESS, CLASS_INETADDRESS);
        if (null == invokeStringGetter && null == invokeZeroArgMethod) {
            if (this.m_localBindEnabled) {
                return;
            }
            stopAction(Msgs.A_BINDLOCAL_UNSPEC);
        } else {
            if (allow(invokeStringGetter, (InetAddress) invokeZeroArgMethod)) {
                return;
            }
            stopAction(Msgs.A_CONNECT, obj.toString());
        }
    }

    private boolean allowInetAddr(InetAddress inetAddress) {
        return allow(getHostNameFromInetAddr(inetAddress), inetAddress);
    }

    private boolean allowHostName(String str) {
        return allow(str, getInetAddr(str));
    }

    private boolean allow(String str, InetAddress inetAddress) {
        return matchOrigin(str, inetAddress) ? this.m_connectToOriginEnabled : this.m_connectToOtherEnabled ? !matchList(str, inetAddress, this.m_otherDomainsExceptions) : matchList(str, inetAddress, this.m_otherDomainsExceptions);
    }

    private boolean matchOrigin(String str, InetAddress inetAddress) {
        if (null == this.m_originURI) {
            return false;
        }
        if (null == str || !str.equals(this.m_originHost)) {
            return null != inetAddress && inetAddress.equals(this.m_originInetAddress);
        }
        return true;
    }

    private boolean matchList(String str, InetAddress inetAddress, String str2) {
        String hostAddrFromInetAddr = getHostAddrFromInetAddr(inetAddress);
        StringTokenizer stringTokenizer = new StringTokenizer(str2, ";");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.equals("*") || matchToken(nextToken, str) || matchToken(nextToken, hostAddrFromInetAddr)) {
                return true;
            }
        }
        return false;
    }

    private static boolean matchToken(String str, String str2) {
        if (null == str2) {
            return false;
        }
        return str.startsWith("*.") ? str2.equals(str.substring(2, str.length())) || str2.endsWith(str.substring(1, str.length())) : str.equals(str2);
    }

    private static String getHostFromURI(String str) {
        if (null == str) {
            return null;
        }
        try {
            return new URL(str).getHost();
        } catch (Exception e) {
            return null;
        }
    }

    private static InetAddress getLocalhostInetAddr() {
        try {
            return InetAddress.getLocalHost();
        } catch (SecurityException | UnknownHostException e) {
            return null;
        }
    }

    private static InetAddress getInetAddr(String str) {
        if (null == str) {
            return null;
        }
        try {
            return InetAddress.getByName(str);
        } catch (SecurityException | UnknownHostException e) {
            return null;
        }
    }

    private static String getHostAddrFromInetAddr(InetAddress inetAddress) {
        if (null == inetAddress) {
            return null;
        }
        try {
            return inetAddress.getHostAddress();
        } catch (SecurityException e) {
            return null;
        }
    }

    private static String getHostNameFromInetAddr(InetAddress inetAddress) {
        if (null == inetAddress) {
            return null;
        }
        try {
            return inetAddress.getHostName();
        } catch (SecurityException e) {
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime == null) {
            cls = class$("com.trend.iwss.jscan.runtime.NetworkPolicyRuntime");
            class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime = cls;
        } else {
            cls = class$com$trend$iwss$jscan$runtime$NetworkPolicyRuntime;
        }
        FULLCLASSPATH = PolicyRuntime.classNameSlashNotation(cls);
        FACT = new Factory(NAME);
        MATCHERS = new MethodRefMatcher.Set("java/net/");
        MATCH_SERVER_SOCKET_INIT = MATCHERS.make("java/net/ServerSocket", "<init>");
        MATCH_SERVER_SOCKET_INIT_I = MATCHERS.make("java/net/ServerSocket", "<init>", "(I*");
        MATCH_SERVER_SOCKET_BIND = MATCHERS.make("java/net/ServerSocket", "bind", "(Ljava/net/SocketAddress;*");
        MATCH_SOCKET_INIT_INETADDR = MATCHERS.make("java/net/Socket", "<init>", "(Ljava/net/InetAddress;*");
        MATCH_SOCKET_INIT_STRING = MATCHERS.make("java/net/Socket", "<init>", "(Ljava/lang/String;*");
        MATCH_DATAGRAM_SOCKET_INIT_I = MATCHERS.make("java/net/DatagramSocket", "<init>", "(I*");
        MATCH_DATAGRAM_SOCKET_SEND = MATCHERS.make("java/net/DatagramSocket", "send");
        MATCH_DATAGRAM_SOCKET_RECEIVE = MATCHERS.make("java/net/DatagramSocket", "receive");
        MATCH_URL_CONNECTION_INIT = MATCHERS.make("java/net/URLConnection", "<init>");
        MATCH_URL_CONNECTION_CONNECT = MATCHERS.make("java/net/URLConnection", "connect");
        MATCH_URL_INIT = MATCHERS.make("java/net/URL", "<init>");
        MATCH_URL_OPEN = MATCHERS.make("java/net/URL", new String[]{"openConnection", "openStream", "getContent"});
    }
}
