package com.tridion.ambientdata.web;

import com.sdl.web.ambient.api.BadRequestException;
import com.tridion.ambientdata.AmbientDataConfig;
import com.tridion.ambientdata.AmbientDataContext;
import com.tridion.ambientdata.AmbientDataException;
import com.tridion.ambientdata.CookieConfig;
import com.tridion.ambientdata.claimstore.ClaimStore;
import com.tridion.ambientdata.claimstore.ClaimStoreUtil;
import com.tridion.ambientdata.claimstore.ClaimType;
import com.tridion.ambientdata.claimstore.Constants;
import com.tridion.ambientdata.claimstore.DefaultClaimStore;
import com.tridion.ambientdata.claimstore.JavaClaimStore;
import com.tridion.ambientdata.claimstore.cookie.ClaimCookieDeserializer;
import com.tridion.ambientdata.claimstore.cookie.ClaimsCookie;
import com.tridion.ambientdata.claimstore.providers.ClaimStoreProvider;
import com.tridion.ambientdata.claimstore.providers.ClaimStoreProviderFactory;
import com.tridion.ambientdata.configuration.CartridgeCategory;
import com.tridion.ambientdata.processing.HTTPHeaderProcessor;
import com.tridion.ambientdata.web.filter.WhiteListFilter;
import com.tridion.ambientdata.web.filter.WhiteListFilterFactory;
import com.tridion.configuration.ConfigurationException;
import com.tridion.security.UnauthorizedException;
import com.tridion.util.StringUtils;
import com.tridion.util.TridionReflectionException;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/tridion/ambientdata/web/AbstractAmbientDataServletFilter.class */
public abstract class AbstractAmbientDataServletFilter implements Filter {
    private static final int INITIAL_CAPACITY = 12;
    private static final String FILTER_CARTRIDGE_CATEGORY_INIT_PARAM = "filterCartridgeCategory";
    private com.sdl.web.ambient.api.RequestValidator requestValidator;
    private WhiteListFilter whiteListFilter;
    private String instanceId;
    private CookieConfig sessionCookieConfig;
    private CookieConfig trackingCookieConfig;
    private String adfCookiePrefix;
    private boolean isADFCookieEnabled;
    private List<String> excludedPaths;
    private List<String> globallyAcceptedClaims;
    private Boolean cookieClaimDefaultValue;
    private URI cookieClaimName;
    private HTTPHeaderProcessor httpHeaderProcessor;
    private ClaimStoreProvider claimStoreProvider;
    private AmbientDataContext ambientDataContext;
    private static final Logger LOG = LoggerFactory.getLogger(AbstractAmbientDataServletFilter.class);
    private static final String SESSION_KEY_CLAIMSTORE = ClaimStore.class.getName();

    public void init(FilterConfig filterConfig) throws ServletException {
        LOG.debug("Initializing Ambient Data Framework filter");
        try {
            this.ambientDataContext = new WebContext(getFilterCartridgeCategory(filterConfig) ? CartridgeCategory.SYSTEM : CartridgeCategory.ALL);
            AmbientDataContext.setContext(this.ambientDataContext);
            AmbientDataConfig ambientDataConfig = AmbientDataContext.getAmbientDataConfig();
            if (ambientDataConfig == null) {
                throw new ConfigurationException("Ambient Data Framework configuration was not properly initialized!");
            }
            initializeEngine();
            this.requestValidator = getRequestValidator();
            this.whiteListFilter = WhiteListFilterFactory.newWhiteListFilter();
            this.claimStoreProvider = ClaimStoreProviderFactory.newClaimStoreProvider(ambientDataConfig, ClaimStoreProviderFactory.DEFAULT_JAVA_CLAIM_STORE_PROVIDER);
            this.sessionCookieConfig = ambientDataConfig.getCookieConfiguration(CookieConfig.CookieType.SESSION);
            this.trackingCookieConfig = ambientDataConfig.getCookieConfiguration(CookieConfig.CookieType.TRACKING);
            this.adfCookiePrefix = ambientDataConfig.getADFCookiePrefix();
            this.instanceId = ambientDataConfig.getInstanceID();
            this.excludedPaths = ambientDataConfig.getExcludedPaths();
            this.globallyAcceptedClaims = ambientDataConfig.getGloballyAcceptedClaims();
            this.isADFCookieEnabled = ambientDataConfig.isAcceptingForwardedClaims();
            this.cookieClaimDefaultValue = ambientDataConfig.getDefaultCookieClaimValue();
            this.cookieClaimName = ambientDataConfig.getCookieClaimName();
            this.httpHeaderProcessor = new HTTPHeaderProcessor();
        } catch (TridionReflectionException | ConfigurationException e) {
            throw new ServletException("Error while initialising ambient data framework", e);
        } catch (AmbientDataException e2) {
            throw new ServletException("Error while initializing ambient data framework", e2);
        }
    }

    protected boolean isRequestPathExcluded(String str) {
        Iterator<String> it = this.excludedPaths.iterator();
        while (it.hasNext()) {
            if (str.startsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    public void destroy() {
        LOG.debug("Destroying Ambient Data Framework filter");
        AmbientDataContext.setContext(null);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String generateCookieId;
        boolean z;
        String generateCookieId2;
        String createValidHttpHeader;
        AmbientDataContext.setContext(this.ambientDataContext);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpSession session = httpServletRequest.getSession();
        if (isRequestPathExcluded(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) {
            LOG.debug("Request path is on excluded path list, so Ambient Framework Filter will do nothing for this request!");
            filterChain.doFilter(servletRequest, httpServletResponse);
            return;
        }
        ClaimStore claimStore = null;
        try {
            try {
                try {
                    LOG.debug("doFilter: contextPath={}, sessionId={}", httpServletRequest.getContextPath(), session.getId());
                    ClaimStore processClaimStore = processClaimStore(session, (ClaimStore) session.getAttribute(SESSION_KEY_CLAIMSTORE));
                    HashSet hashSet = new HashSet(processClaimStore.getAllReadOnlyClaims());
                    HashSet hashSet2 = new HashSet(processClaimStore.getAllImmutableClaims());
                    processClaimStore.clearReadOnly();
                    processClaimStore.clearImmutable();
                    WebContext.setCurrentClaimStore(processClaimStore);
                    setWebRequestClaims(httpServletRequest, processClaimStore);
                    LOG.info("Requested by IP: " + ClaimStoreUtil.getClientIpAddressFromClaimStore(processClaimStore));
                    Cookie cookie = null;
                    Cookie cookie2 = null;
                    ArrayList arrayList = new ArrayList();
                    if (httpServletRequest.getCookies() != null) {
                        for (Cookie cookie3 : httpServletRequest.getCookies()) {
                            String name = cookie3.getName();
                            LOG.trace("Checking if the cookie name: {} matches configured cookies.", name);
                            if (this.sessionCookieConfig.getCookieName().equals(name)) {
                                cookie = processAndSetCookie(cookie3, httpServletResponse, this.sessionCookieConfig, processClaimStore);
                            } else if (this.trackingCookieConfig.getCookieName().equals(name)) {
                                cookie2 = processAndSetCookie(cookie3, httpServletResponse, this.trackingCookieConfig, processClaimStore);
                            } else if (name.startsWith(this.adfCookiePrefix)) {
                                arrayList.add(new ClaimsCookie(name, cookie3.getValue().getBytes("UTF-8")));
                            } else {
                                LOG.trace("Cookie {} has no match in Ambient Data Framework configuration.", name);
                            }
                        }
                    }
                    if (cookie != null) {
                        generateCookieId = this.httpHeaderProcessor.cleanContent(cookie.getValue());
                        z = false;
                    } else {
                        generateCookieId = generateCookieId();
                        setCookie(this.sessionCookieConfig, false, httpServletResponse, this.httpHeaderProcessor.createValidHttpHeader(generateCookieId));
                        z = true;
                    }
                    if (cookie2 != null) {
                        createValidHttpHeader = cookie2.getValue();
                        generateCookieId2 = this.httpHeaderProcessor.cleanContent(createValidHttpHeader);
                        LOG.trace("There is a tracking cookie in request: {}", generateCookieId2);
                    } else {
                        generateCookieId2 = generateCookieId();
                        createValidHttpHeader = this.httpHeaderProcessor.createValidHttpHeader(generateCookieId2);
                        LOG.trace("There is no tracking cookie in request, so generated a new one:{}", generateCookieId2);
                    }
                    setWebSessionClaims(session, generateCookieId, generateCookieId2, processClaimStore);
                    if (this.requestValidator != null) {
                        LOG.debug("Validating request.");
                        this.requestValidator.validate(processClaimStore);
                        LOG.debug("Request is validated.");
                    }
                    processClaimsCookies(arrayList, processClaimStore);
                    setReadOnlyClaims(processClaimStore, hashSet);
                    setImmutableClaims(processClaimStore, hashSet2);
                    ClaimStore processStartEvents = processStartEvents(processClaimStore, z);
                    setTrackingCookie(httpServletResponse, processStartEvents, cookie2, createValidHttpHeader);
                    filterChain.doFilter(servletRequest, httpServletResponse);
                    claimStore = processEndEvents(processStartEvents);
                    HttpSession session2 = httpServletRequest.getSession(false);
                    if (session2 != null) {
                        session2.setAttribute(SESSION_KEY_CLAIMSTORE, claimStore);
                    }
                    WebContext.setCurrentClaimStore(null);
                    if (claimStore != null) {
                        claimStore.removeRequestScopedClaims();
                    }
                } catch (BadRequestException e) {
                    LOG.debug("Bad request. " + e.getMessage());
                    if (this.requestValidator != null) {
                        this.requestValidator.handleBadRequestWithCode(httpServletResponse, 400);
                    }
                    WebContext.setCurrentClaimStore(null);
                    if (claimStore != null) {
                        claimStore.removeRequestScopedClaims();
                    }
                }
            } catch (UnauthorizedException e2) {
                LOG.debug("Unauthorized request. " + e2.getMessage());
                if (this.requestValidator != null) {
                    this.requestValidator.handleUnauthorizedRequest(httpServletResponse);
                } else {
                    httpServletResponse.setStatus(401);
                }
                WebContext.setCurrentClaimStore(null);
                if (claimStore != null) {
                    claimStore.removeRequestScopedClaims();
                }
            } catch (AmbientDataException e3) {
                LOG.debug("Ambient data exception. " + e3.getMessage());
                throw new ServletException("Ambient data exception", e3);
            }
        } catch (Throwable th) {
            WebContext.setCurrentClaimStore(null);
            if (claimStore != null) {
                claimStore.removeRequestScopedClaims();
            }
            throw th;
        }
    }

    private void setTrackingCookie(HttpServletResponse httpServletResponse, ClaimStore claimStore, Cookie cookie, String str) {
        if (cookie == null) {
            LOG.trace("There is no tracking cookie in the request!");
            Boolean bool = (Boolean) claimStore.get(this.cookieClaimName);
            LOG.trace("CookieClaim -> {}:{}", this.cookieClaimName, this.cookieClaimDefaultValue);
            if (bool == null || !bool.booleanValue()) {
                return;
            }
            LOG.trace("CookieClaim has value true, setting tracking cookie!");
            setCookie(this.trackingCookieConfig, true, httpServletResponse, str);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v8, types: [com.tridion.ambientdata.claimstore.ClaimStore] */
    private ClaimStore processClaimStore(HttpSession httpSession, ClaimStore claimStore) {
        DefaultClaimStore mo6clone;
        if (claimStore == null) {
            LOG.debug("Creating new ClaimStore for session: {}", httpSession.getId());
            mo6clone = this.claimStoreProvider.newClaimStore();
            if (mo6clone == null) {
                LOG.debug("ClaimStoreProvider {} provided a null ClaimStore; using a default created one instead", this.claimStoreProvider);
                mo6clone = new JavaClaimStore();
            }
            mo6clone.put(this.cookieClaimName, this.cookieClaimDefaultValue);
            LOG.trace("The cookie claim store was inserted!{}:{}", this.cookieClaimName, this.cookieClaimDefaultValue);
            httpSession.setAttribute(SESSION_KEY_CLAIMSTORE, mo6clone);
        } else {
            mo6clone = ((DefaultClaimStore) claimStore).mo6clone();
        }
        return mo6clone;
    }

    private Cookie processAndSetCookie(Cookie cookie, HttpServletResponse httpServletResponse, CookieConfig cookieConfig, ClaimStore claimStore) {
        if (isCookieValid(cookie)) {
            return cookie;
        }
        if (cookie.getValue() == null || this.httpHeaderProcessor.isValidationActive()) {
            LOG.warn("Received an invalid cookie ({}) from the IP address: {}", new Object[]{cookie.getName(), ClaimStoreUtil.getClientIpAddressFromClaimStore(claimStore)});
            return null;
        }
        String createValidHttpHeader = this.httpHeaderProcessor.createValidHttpHeader(cookie.getValue());
        cookie.setValue(createValidHttpHeader);
        setCookie(cookieConfig, false, httpServletResponse, createValidHttpHeader);
        LOG.debug("Digest is added because header validation is in the grace period!");
        return cookie;
    }

    private boolean isCookieValid(Cookie cookie) {
        boolean z = false;
        if (!this.httpHeaderProcessor.isProcessorEnabled()) {
            z = true;
        } else if (cookie.getValue() != null && this.httpHeaderProcessor.validateHttpHeader(cookie.getValue())) {
            z = true;
        }
        return z;
    }

    private void setImmutableClaims(ClaimStore claimStore, Set<URI> set) {
        claimStore.setImmutableClaims(set);
    }

    private void setReadOnlyClaims(ClaimStore claimStore, Set<URI> set) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(WebClaims.SESSION_ID);
        arrayList.add(WebClaims.TRACKING_ID);
        arrayList.add(WebClaims.SESSION_ATTRIBUTES);
        arrayList.add(WebClaims.REQUEST_URI);
        arrayList.add(WebClaims.REQUEST_FULL_URL);
        arrayList.add(WebClaims.REQUEST_HEADERS);
        arrayList.add(WebClaims.REQUEST_PARAMETERS);
        arrayList.add(WebClaims.SERVER_VARIABLES);
        arrayList.add(WebClaims.REQUEST_COOKIES);
        arrayList.addAll(set);
        claimStore.setReadOnlyClaims(arrayList);
    }

    private String generateCookieId() {
        return this.instanceId + UUID.randomUUID().toString();
    }

    private void setCookie(CookieConfig cookieConfig, boolean z, HttpServletResponse httpServletResponse, String str) {
        LOG.trace("setCookie -> name: {}, persistent: {}, id:{}", new Object[]{cookieConfig.getCookieName(), Boolean.valueOf(z), str});
        StringBuilder sb = new StringBuilder();
        sb.append(cookieConfig.getCookieName());
        sb.append('=');
        sb.append(str);
        if (z) {
            sb.append("; Expires=Fri, 01-Jan-2100 00:00:00 GMT");
        }
        if (StringUtils.isNotEmpty(new String[]{cookieConfig.getPath()})) {
            sb.append("; path=").append(cookieConfig.getPath());
        } else {
            sb.append("; path=").append("/");
        }
        sb.append("; HttpOnly");
        httpServletResponse.addHeader("Set-Cookie", sb.toString());
    }

    private static void setWebSessionClaims(HttpSession httpSession, String str, String str2, ClaimStore claimStore) {
        claimStore.put(WebClaims.SESSION_ID, str);
        claimStore.put(WebClaims.TRACKING_ID, str2);
        HashMap hashMap = new HashMap();
        Enumeration attributeNames = httpSession.getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            String str3 = (String) attributeNames.nextElement();
            if (!SESSION_KEY_CLAIMSTORE.equals(str3)) {
                hashMap.put(str3, httpSession.getAttribute(str3));
            }
        }
        claimStore.put(WebClaims.SESSION_ATTRIBUTES, Collections.unmodifiableMap(hashMap));
    }

    private static void setWebRequestClaims(HttpServletRequest httpServletRequest, ClaimStore claimStore) {
        claimStore.put(WebClaims.REQUEST_URI, httpServletRequest.getRequestURI());
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (requestURL != null) {
            claimStore.put(WebClaims.REQUEST_FULL_URL, requestURL.toString());
        }
        HashMap hashMap = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            ArrayList arrayList = new ArrayList();
            Enumeration headers = httpServletRequest.getHeaders(str);
            while (headers.hasMoreElements()) {
                arrayList.add((String) headers.nextElement());
            }
            hashMap.put(str.toLowerCase(), arrayList.toArray(new String[arrayList.size()]));
        }
        claimStore.put(WebClaims.REQUEST_HEADERS, Collections.unmodifiableMap(hashMap));
        HashMap hashMap2 = new HashMap();
        hashMap2.putAll(httpServletRequest.getParameterMap());
        hashMap2.put(Constants.CONTENT_LENGTH, new String[]{String.valueOf(httpServletRequest.getContentLength())});
        hashMap2.put(Constants.CONTENT_TYPE, new String[]{httpServletRequest.getContentType()});
        hashMap2.put(Constants.QUERY_STRING, new String[]{httpServletRequest.getQueryString()});
        hashMap2.put(Constants.PATH_INFO, new String[]{httpServletRequest.getPathInfo()});
        claimStore.put(WebClaims.REQUEST_PARAMETERS, Collections.unmodifiableMap(hashMap2));
        HashMap hashMap3 = new HashMap(INITIAL_CAPACITY);
        hashMap3.put(Constants.AUTH_TYPE, httpServletRequest.getAuthType());
        hashMap3.put(Constants.DOCUMENT_ROOT, httpServletRequest.getRealPath("/"));
        hashMap3.put(Constants.PATH_TRANSLATED, httpServletRequest.getPathTranslated());
        hashMap3.put(Constants.REMOTE_ADDR, httpServletRequest.getRemoteAddr());
        hashMap3.put(Constants.REMOTE_HOST, httpServletRequest.getRemoteHost());
        hashMap3.put(Constants.REMOTE_USER, httpServletRequest.getRemoteUser());
        hashMap3.put(Constants.REQUEST_METHOD, httpServletRequest.getMethod());
        hashMap3.put(Constants.SECURE, Boolean.toString(httpServletRequest.isSecure()));
        hashMap3.put(Constants.SCRIPT_NAME, httpServletRequest.getServletPath());
        hashMap3.put(Constants.SERVER_NAME, httpServletRequest.getServerName());
        hashMap3.put(Constants.SERVER_PORT, String.valueOf(httpServletRequest.getServerPort()));
        hashMap3.put(Constants.SERVER_PROTOCOL, httpServletRequest.getProtocol());
        claimStore.put(WebClaims.SERVER_VARIABLES, Collections.unmodifiableMap(hashMap3));
        HashMap hashMap4 = new HashMap();
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie : httpServletRequest.getCookies()) {
                hashMap4.put(cookie.getName(), cookie.getValue());
            }
        }
        claimStore.put(WebClaims.REQUEST_COOKIES, Collections.unmodifiableMap(hashMap4));
    }

    private void processClaimsCookies(List<ClaimsCookie> list, ClaimStore claimStore) {
        LOG.debug("Processing cookie claims.");
        LOG.debug("Cookie forwarding is enabled: " + this.isADFCookieEnabled);
        if (this.isADFCookieEnabled && isCookieForwardingAllowed(claimStore)) {
            addGloballyAcceptedClaimsToClaimstore(list, claimStore);
        }
    }

    private boolean isCookieForwardingAllowed(ClaimStore claimStore) {
        boolean z = false;
        boolean z2 = false;
        String str = (String) claimStore.get(WebClaims.COOKIE_FORWARDING_CLAIM);
        if (this.requestValidator != null) {
            z = Boolean.parseBoolean(str);
        }
        LOG.debug("Cookie forwarding for account is set to: " + str);
        if (!z) {
            z2 = this.whiteListFilter != null && this.whiteListFilter.isValid(claimStore);
            LOG.debug("IP address is in the white list: " + z2);
        }
        boolean z3 = z || z2;
        LOG.debug("Cookie forwarding for current request is allowed: " + z3);
        return z3;
    }

    private void addGloballyAcceptedClaimsToClaimstore(List<ClaimsCookie> list, ClaimStore claimStore) {
        LOG.debug("Deserializing claim cookies.");
        Map<URI, Object> deserializeClaims = ClaimCookieDeserializer.deserializeClaims(list);
        for (URI uri : deserializeClaims.keySet()) {
            LOG.trace("Checking if claim {} is on a globally accepted claims list.", uri.toString());
            if (this.globallyAcceptedClaims.contains(uri.toString())) {
                claimStore.put(uri, deserializeClaims.get(uri), ClaimType.IMMUTABLE);
                LOG.trace("Added globally accepted claim: {} to claimstore.", uri);
            } else {
                LOG.debug("Claim: {} is not on the globally accepted claims list.", uri.toString());
            }
        }
    }

    private boolean getFilterCartridgeCategory(FilterConfig filterConfig) {
        String initParameter;
        if (filterConfig == null || (initParameter = filterConfig.getInitParameter(FILTER_CARTRIDGE_CATEGORY_INIT_PARAM)) == null) {
            return false;
        }
        return Boolean.parseBoolean(initParameter);
    }

    protected abstract void initializeEngine() throws AmbientDataException;

    protected abstract ClaimStore processStartEvents(ClaimStore claimStore, boolean z) throws AmbientDataException;

    protected abstract ClaimStore processEndEvents(ClaimStore claimStore) throws AmbientDataException;

    protected abstract com.sdl.web.ambient.api.RequestValidator getRequestValidator() throws TridionReflectionException;
}
