package io.mosip.authentication.common.service.filter;

import io.mosip.authentication.common.manager.IdAuthFraudAnalysisEventManager;
import io.mosip.authentication.common.service.transaction.manager.IdAuthSecurityManager;
import io.mosip.authentication.core.constant.DomainType;
import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants;
import io.mosip.authentication.core.exception.IdAuthenticationAppException;
import io.mosip.authentication.core.logger.IdaLogger;
import io.mosip.kernel.core.exception.ExceptionUtils;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.CryptoUtil;
import io.mosip.kernel.core.util.StringUtils;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Objects;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import org.apache.commons.io.IOUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

@Component
/* loaded from: input_file:io/mosip/authentication/common/service/filter/BaseAuthFilter.class */
public abstract class BaseAuthFilter extends BaseIDAFilter {
    private static final String BASE_AUTH_FILTER = "BaseAuthFilter";
    private static final String EVENT_FILTER = "Event_filter";
    private static Logger mosipLogger = IdaLogger.getLogger(BaseAuthFilter.class);

    @Autowired
    private IdAuthSecurityManager securityManager;

    @Autowired
    private IdAuthFraudAnalysisEventManager fraudEventManager;

    @Override // io.mosip.authentication.common.service.filter.BaseIDAFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig.getServletContext());
        this.securityManager = (IdAuthSecurityManager) requiredWebApplicationContext.getBean(IdAuthSecurityManager.class);
        this.fraudEventManager = (IdAuthFraudAnalysisEventManager) requiredWebApplicationContext.getBean(IdAuthFraudAnalysisEventManager.class);
    }

    @Override // io.mosip.authentication.common.service.filter.BaseIDAFilter
    protected void consumeRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) throws IdAuthenticationAppException {
        super.consumeRequest(resettableStreamHttpServletRequest, map);
        authenticateRequest(resettableStreamHttpServletRequest);
        decipherAndValidateRequest(resettableStreamHttpServletRequest, map);
    }

    protected void decipherAndValidateRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) throws IdAuthenticationAppException {
        try {
            resettableStreamHttpServletRequest.resetInputStream();
            Map<String, Object> processDecipheredReqeuest = processDecipheredReqeuest(decipherRequest(map));
            validateDecipheredRequest(resettableStreamHttpServletRequest, processDecipheredReqeuest);
            resettableStreamHttpServletRequest.replaceData(this.mapper.writeValueAsString(processDecipheredReqeuest).getBytes());
        } catch (IOException e) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_AUTH_FILTER, ExceptionUtils.getStackTrace(e));
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS);
        }
    }

    protected Map<String, Object> processDecipheredReqeuest(Map<String, Object> map) {
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void verifyBioDataSignature(String str) throws IdAuthenticationAppException {
        if (verifySignature(str, null, DomainType.JWT_DATA.getType())) {
            return;
        }
        mosipLogger.error("sessionId", BASE_AUTH_FILTER, "verifyJwsData", "Invalid certificate in biometrics>data");
        throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.INVALID_CERTIFICATE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPayloadFromJwsSingature(String str) {
        String[] split = str.split("\\.");
        return split.length >= 2 ? split[1] : str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifySignature(String str, String str2, String str3) {
        if (!isSignatureVerificationRequired()) {
            return true;
        }
        try {
            return this.securityManager.verifySignature(str, str3, str2, Boolean.valueOf(isTrustValidationRequired()));
        } catch (Exception e) {
            mosipLogger.error("sessionId", "verifySignature", BASE_AUTH_FILTER, "Invalid JWS data: " + e.getMessage());
            return false;
        }
    }

    protected abstract void validateDecipheredRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) throws IdAuthenticationAppException;

    @Override // io.mosip.authentication.common.service.filter.BaseIDAFilter
    protected void authenticateRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest) throws IdAuthenticationAppException {
        validateSignature(resettableStreamHttpServletRequest.getHeader("signature"), resettableStreamHttpServletRequest);
        if (StringUtils.isEmpty(resettableStreamHttpServletRequest.getHeader("Authorization"))) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_AUTH_FILTER, "consent token Auth is empty or null");
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorCode(), String.format(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorMessage(), "Authorization - header"));
        }
    }

    private void validateSignature(String str, ResettableStreamHttpServletRequest resettableStreamHttpServletRequest) throws IdAuthenticationAppException {
        try {
            if (isSignatureVerificationRequired()) {
                if (StringUtils.isEmpty(str)) {
                    mosipLogger.error("sessionId", EVENT_FILTER, BASE_AUTH_FILTER, "signature is empty or null");
                    throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorCode(), String.format(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorMessage(), "signature - header"));
                }
                String iOUtils = IOUtils.toString(resettableStreamHttpServletRequest.getInputStream(), Charset.defaultCharset());
                resettableStreamHttpServletRequest.resetInputStream();
                if (!verifySignature(str, iOUtils, DomainType.AUTH.getType())) {
                    mosipLogger.error("sessionId", EVENT_FILTER, BASE_AUTH_FILTER, "signature header verification failed");
                    this.fraudEventManager.analyseDigitalSignatureFailure(resettableStreamHttpServletRequest.getRequestURI(), iOUtils);
                    throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.DSIGN_FALIED);
                }
                resettableStreamHttpServletRequest.resetInputStream();
            }
        } catch (IOException e) {
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Object decode(String str) throws IdAuthenticationAppException {
        try {
            return Objects.nonNull(str) ? CryptoUtil.decodeBase64(str) : str;
        } catch (IllegalArgumentException e) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_AUTH_FILTER, e.getMessage());
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.DSIGN_FALIED, e);
        }
    }

    protected Map<String, Object> decipherRequest(Map<String, Object> map) throws IdAuthenticationAppException {
        return map;
    }

    protected Map<String, Object> encipherResponse(Map<String, Object> map) throws IdAuthenticationAppException {
        return map;
    }

    @Override // io.mosip.authentication.common.service.filter.BaseIDAFilter
    protected Map<String, Object> transformResponse(Map<String, Object> map) throws IdAuthenticationAppException {
        return encipherResponse(map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateRequestHMAC(String str, String str2) throws IdAuthenticationAppException {
        if (!str.contentEquals(calculateHash(str2))) {
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.HMAC_VALIDATION_FAILED);
        }
    }

    private static String calculateHash(String str) {
        return IdAuthSecurityManager.generateHashAndDigestAsPlainText(str.getBytes(StandardCharsets.UTF_8));
    }
}
