package org.owasp.esapi;

import java.util.Iterator;
import org.owasp.esapi.errors.EnterpriseSecurityException;
import org.owasp.esapi.errors.IntrusionException;
import org.owasp.esapi.interfaces.IIntrusionDetector;
import org.owasp.esapi.interfaces.ILogger;

/* JADX WARN: Classes with same name are omitted:
  input_file:ESAPI/build/classes/org/owasp/esapi/IntrusionDetector.class
 */
/* loaded from: input_file:ESAPI/esapi_1.0.jar:org/owasp/esapi/IntrusionDetector.class */
public class IntrusionDetector implements IIntrusionDetector {
    private static IntrusionDetector instance = new IntrusionDetector();
    private static final Logger logger = Logger.getLogger("ESAPI", "IntrusionDetector");

    private IntrusionDetector() {
    }

    public static IntrusionDetector getInstance() {
        return instance;
    }

    @Override // org.owasp.esapi.interfaces.IIntrusionDetector
    public void addException(Exception exc) {
        if (exc instanceof EnterpriseSecurityException) {
            logger.logWarning(ILogger.SECURITY, "Security exception: " + ((EnterpriseSecurityException) exc).getLogMessage());
        } else {
            logger.logWarning(ILogger.SECURITY, "Security exception: " + exc.getMessage());
        }
        User currentUser = Authenticator.getInstance().getCurrentUser();
        String name = exc.getClass().getName();
        if (exc instanceof IntrusionException) {
            return;
        }
        try {
            currentUser.addSecurityEvent(name);
        } catch (IntrusionException e) {
            Threshold quota = SecurityConfiguration.getInstance().getQuota(name);
            Iterator it = quota.actions.iterator();
            while (it.hasNext()) {
                takeSecurityAction((String) it.next(), "Security event detected. User exceeded the quota of " + quota.count + " per " + quota.interval + " seconds for exception " + name);
            }
        }
    }

    @Override // org.owasp.esapi.interfaces.IIntrusionDetector
    public void addEvent(String str) throws IntrusionException {
        logger.logWarning(ILogger.SECURITY, "Security event " + str + " received");
        try {
            Authenticator.getInstance().getCurrentUser().addSecurityEvent("event." + str);
        } catch (IntrusionException e) {
            Threshold quota = SecurityConfiguration.getInstance().getQuota("event." + str);
            Iterator it = quota.actions.iterator();
            while (it.hasNext()) {
                takeSecurityAction((String) it.next(), "Security event detected. User exceeded the quota of " + quota.count + " per " + quota.interval + " seconds for event " + str);
            }
        }
    }

    private void takeSecurityAction(String str, String str2) {
        if (str.equals("log")) {
            logger.logCritical(ILogger.SECURITY, "INTRUSION - " + str2);
        }
        if (str.equals("disable")) {
            Authenticator.getInstance().getCurrentUser().disable();
        }
        if (str.equals("logout")) {
            Authenticator.getInstance().logout();
        }
    }
}
