package io.bitsensor.plugins.java.http.filter.handler;

import io.bitsensor.lib.entity.proto.Error;
import io.bitsensor.lib.entity.proto.GeneratedBy;
import io.bitsensor.plugins.java.core.BitSensor;
import io.bitsensor.plugins.java.core.handler.Handler;
import java.util.ArrayList;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/bitsensor-http-2.3.0-RC2.jar:io/bitsensor/plugins/java/http/filter/handler/CookieHandler.class
 */
@Component
/* loaded from: input_file:WEB-INF/lib/bitsensor-servlet-plugin-2.3.0-RC2.jar:io/bitsensor/plugins/java/http/filter/handler/CookieHandler.class */
public class CookieHandler implements RequestHandler {
    public static final String SECURE_ATTRIBUTE_NAME = "Secure";
    public static final String HTTP_ONLY_ATTRIBUTE_NAME = "HttpOnly";

    @Override // io.bitsensor.plugins.java.http.filter.handler.RequestHandler
    public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest.getCookies() == null) {
            return;
        }
        for (Cookie cookie : httpServletRequest.getCookies()) {
            String str = "cookie." + cookie.getName();
            BitSensor.addInput(str, cookie.getValue());
            ArrayList arrayList = new ArrayList();
            if (!cookie.getSecure()) {
                arrayList.add("Secure");
            }
            if (!cookie.isHttpOnly()) {
                arrayList.add(HTTP_ONLY_ATTRIBUTE_NAME);
            }
            if (arrayList.isEmpty()) {
                return;
            }
            BitSensor.addError(Error.newBuilder().setGeneratedby(GeneratedBy.PLUGIN).setCode(1).setDescription("Non-Compliance for " + str + ": " + String.join(", ", arrayList) + " flag(s) not set.").setType("compliance").build());
        }
    }

    @Override // io.bitsensor.plugins.java.core.handler.Handler
    public Handler.ExecutionMoment getExecutionMoment() {
        return Handler.ExecutionMoment.PRE_HANDLE;
    }
}
