package io.mosip.authentication.common.service.filter;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.mosip.authentication.common.manager.IdAuthFraudAnalysisEventManager;
import io.mosip.authentication.common.service.exception.IdAuthExceptionHandler;
import io.mosip.authentication.common.service.integration.KeyManager;
import io.mosip.authentication.common.service.util.EnvUtil;
import io.mosip.authentication.common.service.util.IdaRequestResponsConsumerUtil;
import io.mosip.authentication.core.constant.IdAuthenticationErrorConstants;
import io.mosip.authentication.core.exception.IdAuthenticationAppException;
import io.mosip.authentication.core.exception.IdAuthenticationBaseException;
import io.mosip.authentication.core.exception.IdAuthenticationBusinessException;
import io.mosip.authentication.core.indauth.dto.AuthError;
import io.mosip.authentication.core.logger.IdaLogger;
import io.mosip.authentication.core.partner.dto.MispPolicyDTO;
import io.mosip.kernel.core.exception.ExceptionUtils;
import io.mosip.kernel.core.exception.ParseException;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.core.util.StringUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.time.temporal.Temporal;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:io/mosip/authentication/common/service/filter/BaseIDAFilter.class */
public abstract class BaseIDAFilter implements Filter {
    private static final String BASE_IDA_FILTER = "BaseIDAFilter";
    private static final String EVENT_FILTER = "Event_filter";
    protected EnvUtil env;
    protected ObjectMapper mapper;
    protected KeyManager keyManager;
    private IdAuthFraudAnalysisEventManager fraudEventManager;
    private IdaRequestResponsConsumerUtil requestResponsConsumerUtil;
    private static final String VERSION_REGEX = "\\d\\.\\d(\\.\\d)?";
    private static final Pattern VERSION_PATTERN = Pattern.compile(VERSION_REGEX);
    private static Logger mosipLogger = IdaLogger.getLogger(BaseIDAFilter.class);

    public void init(FilterConfig filterConfig) throws ServletException {
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(filterConfig.getServletContext());
        this.env = (EnvUtil) requiredWebApplicationContext.getBean(EnvUtil.class);
        this.mapper = (ObjectMapper) requiredWebApplicationContext.getBean(ObjectMapper.class);
        this.keyManager = (KeyManager) requiredWebApplicationContext.getBean(KeyManager.class);
        this.fraudEventManager = (IdAuthFraudAnalysisEventManager) requiredWebApplicationContext.getBean(IdAuthFraudAnalysisEventManager.class);
        this.requestResponsConsumerUtil = (IdaRequestResponsConsumerUtil) requiredWebApplicationContext.getBean(IdaRequestResponsConsumerUtil.class);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String stringBuffer = ((HttpServletRequest) servletRequest).getRequestURL().toString();
        if (stringBuffer.contains("swagger") || stringBuffer.contains("api-docs") || stringBuffer.contains("actuator") || stringBuffer.contains("callback")) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        mosipLogger.debug("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "Request URL: " + stringBuffer);
        LocalDateTime uTCCurrentDateTime = DateUtils.getUTCCurrentDateTime();
        mosipLogger.info("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "request at : " + uTCCurrentDateTime);
        ResettableStreamHttpServletRequest resettableStreamHttpServletRequest = new ResettableStreamHttpServletRequest((HttpServletRequest) servletRequest);
        CharResponseWrapper charResponseWrapper = new CharResponseWrapper((HttpServletResponse) servletResponse) { // from class: io.mosip.authentication.common.service.filter.BaseIDAFilter.1
            public void flushBuffer() throws IOException {
            }
        };
        try {
            try {
                Map<String, Object> requestBody = getRequestBody(resettableStreamHttpServletRequest.getInputStream());
                if (requestBody == null) {
                    addIdAndVersionToRequestMetadata(resettableStreamHttpServletRequest);
                    filterChain.doFilter(resettableStreamHttpServletRequest, charResponseWrapper);
                    String charResponseWrapper2 = charResponseWrapper.toString();
                    consumeResponse(resettableStreamHttpServletRequest, charResponseWrapper, charResponseWrapper2, uTCCurrentDateTime, requestBody);
                    servletResponse.getWriter().write(charResponseWrapper2);
                    logDataSize(charResponseWrapper.toString(), "response");
                    return;
                }
                addIdAndVersionToRequestMetadata(resettableStreamHttpServletRequest);
                addTransactionIdToRequestMetadata(resettableStreamHttpServletRequest, requestBody);
                resettableStreamHttpServletRequest.resetInputStream();
                consumeRequest(resettableStreamHttpServletRequest, requestBody);
                resettableStreamHttpServletRequest.resetInputStream();
                filterChain.doFilter(resettableStreamHttpServletRequest, charResponseWrapper);
                String charResponseWrapper3 = charResponseWrapper.toString();
                consumeResponse(resettableStreamHttpServletRequest, charResponseWrapper, charResponseWrapper3, uTCCurrentDateTime, requestBody);
                servletResponse.getWriter().write(charResponseWrapper3);
                logDataSize(charResponseWrapper.toString(), "response");
            } catch (IdAuthenticationAppException e) {
                mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "\n" + ExceptionUtils.getStackTrace(e));
                if (0 != 0 && e.getErrorCode().equals(IdAuthenticationErrorConstants.DSIGN_FALIED.getErrorCode())) {
                    this.fraudEventManager.analyseDigitalSignatureFailure(resettableStreamHttpServletRequest.getRequestURI(), null, e.getErrorText());
                }
                resettableStreamHttpServletRequest.resetInputStream();
                sendErrorResponse(servletResponse, charResponseWrapper, resettableStreamHttpServletRequest, uTCCurrentDateTime, e, null);
                logDataSize(charResponseWrapper.toString(), "response");
            }
        } catch (Throwable th) {
            logDataSize(charResponseWrapper.toString(), "response");
            throw th;
        }
    }

    private void addIdAndVersionToRequestMetadata(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest) {
        resettableStreamHttpServletRequest.putMetadata("version", this.env.getProperty(fetchId(resettableStreamHttpServletRequest, "ida.api.version.")));
        resettableStreamHttpServletRequest.resetInputStream();
        resettableStreamHttpServletRequest.putMetadata("id", this.env.getProperty(fetchId(resettableStreamHttpServletRequest, "ida.api.id.")));
    }

    private void addTransactionIdToRequestMetadata(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) {
        resettableStreamHttpServletRequest.putMetadata("transactionID", map.get("transactionID"));
    }

    private CharResponseWrapper sendErrorResponse(ServletResponse servletResponse, CharResponseWrapper charResponseWrapper, ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Temporal temporal, IdAuthenticationBaseException idAuthenticationBaseException, Map<String, Object> map) throws IOException {
        IdaRequestResponsConsumerUtil.setIdVersionToObjectWithMetadata(resettableStreamHttpServletRequest, idAuthenticationBaseException);
        List<AuthError> authErrors = IdAuthExceptionHandler.getAuthErrors(idAuthenticationBaseException);
        IdAuthenticationBaseException idAuthenticationBaseException2 = idAuthenticationBaseException;
        if (!authErrors.stream().anyMatch(authError -> {
            return authError.getErrorCode().equals(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS.getErrorCode());
        })) {
            idAuthenticationBaseException2 = new IdAuthenticationBusinessException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS.getErrorCode(), IdAuthenticationErrorConstants.UNABLE_TO_PROCESS.getErrorMessage(), idAuthenticationBaseException);
        }
        idAuthenticationBaseException2.putMetadata("transactionID", map.get("transactionID"));
        String writeValueAsString = this.mapper.writeValueAsString(IdAuthExceptionHandler.buildExceptionResponse(idAuthenticationBaseException2, resettableStreamHttpServletRequest));
        String str = null;
        try {
            if (isSigningRequired()) {
                str = this.keyManager.signResponse(writeValueAsString);
                charResponseWrapper.setHeader(EnvUtil.getSignResponse(), str);
            }
        } catch (IdAuthenticationAppException e) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "\n" + ExceptionUtils.getStackTrace(e));
        }
        if (needStoreAuthTransaction()) {
            try {
                this.requestResponsConsumerUtil.storeAuthTransaction((Map) map.get("metadata"), resettableStreamHttpServletRequest.getHeader("signature"), str);
            } catch (IdAuthenticationAppException e2) {
                mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "\n" + ExceptionUtils.getStackTrace(e2));
            }
        }
        if (needStoreAnonymousProfile()) {
            this.requestResponsConsumerUtil.storeAnonymousProfile(map, (Map) map.get("metadata"), idAuthenticationBaseException2.getMetadata(), false, authErrors);
        }
        servletResponse.getWriter().write(writeValueAsString);
        charResponseWrapper.setResponse(servletResponse);
        charResponseWrapper.setContentType("application/json;charset=UTF-8");
        logTime(null, "response", temporal);
        return charResponseWrapper;
    }

    protected Map<String, Object> removeNullOrEmptyFieldsInResponse(Map<String, Object> map) {
        return (Map) map.entrySet().stream().filter(entry -> {
            return Objects.nonNull(entry.getValue());
        }).filter(entry2 -> {
            return ((entry2.getValue() instanceof List) && ((List) entry2.getValue()).isEmpty()) ? false : true;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }, (obj, obj2) -> {
            return obj;
        }, LinkedHashMap::new));
    }

    private void logDataSize(String str, String str2) {
        double length = str.length() / 1024.0d;
        mosipLogger.info("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "Data size of " + str2 + " : " + (length > 0.0d ? length : 1.0d) + " kb");
    }

    private void logTime(String str, String str2, Temporal temporal) {
        String dateTimePattern = EnvUtil.getDateTimePattern();
        if (str == null || str.isEmpty()) {
            str = IdaRequestResponsConsumerUtil.getResponseTime(null, dateTimePattern);
        }
        mosipLogger.info("sessionId", EVENT_FILTER, BASE_IDA_FILTER, str2 + " at : " + str);
        long millis = Duration.between(temporal, LocalDateTime.parse(str, DateTimeFormatter.ofPattern(dateTimePattern))).toMillis();
        Logger logger = mosipLogger;
        double d = millis / 1000.0d;
        logger.info("sessionId", EVENT_FILTER, BASE_IDA_FILTER, "Time difference between request and response in millis:" + millis + ".  Time difference between request and response in Seconds: " + logger);
    }

    protected boolean needStoreAuthTransaction() {
        return false;
    }

    protected boolean needStoreAnonymousProfile() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void consumeRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) throws IdAuthenticationAppException {
        try {
            logDataSize(new String(IOUtils.toByteArray(resettableStreamHttpServletRequest.getInputStream())), "request");
            resettableStreamHttpServletRequest.resetInputStream();
            validateRequest(resettableStreamHttpServletRequest, map);
        } catch (IOException e) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, ExceptionUtils.getStackTrace(e));
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS, e);
        }
    }

    protected void validateRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, Map<String, Object> map) throws IdAuthenticationAppException {
        String fetchId = fetchId(resettableStreamHttpServletRequest, "ida.api.id.");
        resettableStreamHttpServletRequest.resetInputStream();
        if (!Objects.nonNull(map) || map.isEmpty()) {
            return;
        }
        validateId(map, fetchId);
        validateVersion(map);
    }

    protected abstract String fetchId(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, String str);

    private void validateVersion(Map<String, Object> map) throws IdAuthenticationAppException {
        String str = map.containsKey("version") ? (String) map.get("version") : null;
        if (StringUtils.isEmpty(str)) {
            handleException("version", false);
        }
        if (VERSION_PATTERN.matcher(str).matches()) {
            return;
        }
        handleException("version", true);
    }

    protected void validateId(Map<String, Object> map, String str) throws IdAuthenticationAppException {
        String str2 = map.containsKey("id") ? (String) map.get("id") : null;
        String property = this.env.getProperty(str);
        if (StringUtils.isEmpty(str2)) {
            handleException("id", false);
        }
        if (!Objects.nonNull(property) || property.equals(str2)) {
            return;
        }
        handleException("id", true);
    }

    private void handleException(String str, boolean z) throws IdAuthenticationAppException {
        if (z) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, IdAuthenticationErrorConstants.INVALID_INPUT_PARAMETER.getErrorMessage());
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.INVALID_INPUT_PARAMETER.getErrorCode(), String.format(IdAuthenticationErrorConstants.INVALID_INPUT_PARAMETER.getErrorMessage(), str));
        }
        mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorMessage());
        throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorCode(), String.format(IdAuthenticationErrorConstants.MISSING_INPUT_PARAMETER.getErrorMessage(), str));
    }

    protected String consumeResponse(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest, CharResponseWrapper charResponseWrapper, String str, Temporal temporal, Map<String, Object> map) throws IdAuthenticationAppException {
        try {
            Map<String, Object> metadata = resettableStreamHttpServletRequest.getMetadata();
            resettableStreamHttpServletRequest.resetInputStream();
            String header = resettableStreamHttpServletRequest.getHeader("signature");
            String str2 = null;
            if (isSigningRequired()) {
                str2 = this.keyManager.signResponse(str);
                charResponseWrapper.setHeader(EnvUtil.getSignResponse(), str2);
            }
            if (needStoreAuthTransaction()) {
                this.requestResponsConsumerUtil.storeAuthTransaction(metadata, header, str2);
            }
            if (needStoreAnonymousProfile() && map != null) {
                this.requestResponsConsumerUtil.storeAnonymousProfile(map, (Map) map.get("metadata"), metadata, Boolean.valueOf(String.valueOf(metadata.get("status"))).booleanValue(), metadata.get("errors") instanceof List ? (List) metadata.get("errors") : List.of());
            }
            Object obj = map == null ? null : map.get("requestTime");
            logTime(obj instanceof String ? (String) obj : null, "response", temporal);
            return str;
        } catch (IdAuthenticationAppException e) {
            mosipLogger.error("sessionId", EVENT_FILTER, BASE_IDA_FILTER, e.getMessage());
            return str;
        }
    }

    protected Map<String, Object> getRequestBody(InputStream inputStream) throws IdAuthenticationAppException {
        try {
            String iOUtils = IOUtils.toString(inputStream, Charset.defaultCharset());
            if (iOUtils.isEmpty()) {
                return null;
            }
            return (Map) this.mapper.readValue(iOUtils, new TypeReference<Map<String, Object>>() { // from class: io.mosip.authentication.common.service.filter.BaseIDAFilter.2
            });
        } catch (IOException | ClassCastException e) {
            throw new IdAuthenticationAppException(IdAuthenticationErrorConstants.UNABLE_TO_PROCESS.getErrorCode(), IdAuthenticationErrorConstants.UNABLE_TO_PROCESS.getErrorMessage(), e);
        }
    }

    protected boolean isDate(String str) {
        try {
            DateUtils.parseToDate(str, EnvUtil.getDateTimePattern());
            return true;
        } catch (ParseException e) {
            mosipLogger.warn("sessionId", BASE_IDA_FILTER, "validateDate", "\n" + ExceptionUtils.getStackTrace(e));
            return false;
        }
    }

    protected abstract void authenticateRequest(ResettableStreamHttpServletRequest resettableStreamHttpServletRequest) throws IdAuthenticationAppException;

    protected abstract boolean isSigningRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean isSignatureVerificationRequired();

    protected abstract boolean isThumbprintValidationRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean isTrustValidationRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean isMispPolicyValidationRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean isCertificateValidationRequired();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract boolean isAMRValidationRequired();

    protected abstract void checkAllowedAMRForKBT(Map<String, Object> map, Set<String> set) throws IdAuthenticationAppException;

    protected abstract void checkMispPolicyAllowed(MispPolicyDTO mispPolicyDTO) throws IdAuthenticationAppException;

    public void destroy() {
    }
}
