package org.wso2.choreo.connect.enforcer.websocket;

import io.opentelemetry.context.Scope;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.ThreadContext;
import org.json.JSONObject;
import org.wso2.choreo.connect.enforcer.commons.Filter;
import org.wso2.choreo.connect.enforcer.commons.model.APIConfig;
import org.wso2.choreo.connect.enforcer.commons.model.AuthenticationContext;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.dto.ThrottleConfigDto;
import org.wso2.choreo.connect.enforcer.throttle.ThrottleAgent;
import org.wso2.choreo.connect.enforcer.throttle.ThrottleConstants;
import org.wso2.choreo.connect.enforcer.throttle.ThrottleDataHolder;
import org.wso2.choreo.connect.enforcer.throttle.databridge.agent.util.ThrottleEventConstants;
import org.wso2.choreo.connect.enforcer.throttle.dto.Decision;
import org.wso2.choreo.connect.enforcer.throttle.utils.ThrottleUtils;
import org.wso2.choreo.connect.enforcer.tracing.TracingConstants;
import org.wso2.choreo.connect.enforcer.tracing.TracingSpan;
import org.wso2.choreo.connect.enforcer.tracing.Utils;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/websocket/WebSocketThrottleFilter.class */
public class WebSocketThrottleFilter implements Filter {
    private static final Logger log = LogManager.getLogger(WebSocketThrottleFilter.class);
    private final ThrottleDataHolder dataHolder = ThrottleDataHolder.getInstance();
    private final boolean isGlobalThrottlingEnabled = ConfigHolder.getInstance().getConfig().getThrottleConfig().isGlobalPublishingEnabled();

    @Override // org.wso2.choreo.connect.enforcer.commons.Filter
    public boolean handleRequest(RequestContext requestContext) {
        TracingSpan tracingSpan = null;
        Scope scope = null;
        try {
            if (Utils.tracingEnabled()) {
                tracingSpan = Utils.startSpan(TracingConstants.WS_THROTTLE_SPAN, Utils.getGlobalTracer());
                scope = tracingSpan.getSpan().makeCurrent();
                Utils.setTag(tracingSpan, "traceId", ThreadContext.get("traceId"));
            }
            if (doThrottle(requestContext)) {
                if (Utils.tracingEnabled()) {
                    scope.close();
                    Utils.finishSpan(tracingSpan);
                }
                return false;
            }
            ThrottleAgent.publishNonThrottledEvent(getThrottleEventMap(requestContext));
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            return true;
        } catch (Throwable th) {
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(null);
            }
            throw th;
        }
    }

    private boolean doThrottle(RequestContext requestContext) {
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        if (authenticationContext == null) {
            return false;
        }
        APIConfig matchedAPI = requestContext.getMatchedAPI();
        String basePath = matchedAPI.getBasePath();
        String version = matchedAPI.getVersion();
        int applicationId = authenticationContext.getApplicationId();
        String apiTier = getApiTier(matchedAPI);
        getApiTier(matchedAPI);
        String apiThrottleKey = getApiThrottleKey(basePath, version);
        String tier = authenticationContext.getTier();
        String applicationTier = authenticationContext.getApplicationTier();
        String subscriberTenantDomain = authenticationContext.getSubscriberTenantDomain();
        String remoteIp = requestContext.getWebSocketFrameContext().getRemoteIp();
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(basePath);
        String buildUsernameWithTenant = FilterUtils.buildUsernameWithTenant(authenticationContext.getUsername(), subscriberTenantDomain);
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        if (this.dataHolder.isBlockingConditionsPresent()) {
            String str = authenticationContext.getSubscriber() + ":" + authenticationContext.getApplicationName();
            if (this.dataHolder.isRequestBlocked(basePath, str, buildUsernameWithTenant, remoteIp, basePath + ":" + version + ":" + authenticationContext.getSubscriber() + "-" + authenticationContext.getApplicationName() + ":" + authenticationContext.getKeyType(), tenantDomainFromRequestURL)) {
                FilterUtils.setThrottleErrorToContext(requestContext, 900805, ThrottleConstants.BLOCKING_MESSAGE, ThrottleConstants.BLOCKING_DESCRIPTION);
                requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_REQUEST_BLOCKED);
                log.debug("Request blocked as it violates blocking conditions, for API: {}, application: {}, user: {}", basePath, str, buildUsernameWithTenant);
                return true;
            }
        }
        Decision checkApiThrottled = checkApiThrottled(apiThrottleKey, apiTier, requestContext);
        if (checkApiThrottled.isThrottled()) {
            log.debug("Setting api throttle out response");
            FilterUtils.setThrottleErrorToContext(requestContext, 900800, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
            requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_API_LIMIT_EXCEEDED);
            ThrottleUtils.setRetryAfterWebsocket(requestContext, Long.valueOf(checkApiThrottled.getResetAt()));
            return true;
        }
        Decision checkSubscriptionLevelThrottled = checkSubscriptionLevelThrottled(getSubscriptionThrottleKey(applicationId, basePath, version), tier);
        if (checkSubscriptionLevelThrottled.isThrottled()) {
            if (authenticationContext.isStopOnQuotaReach()) {
                log.debug("Setting subscription throttle out response");
                FilterUtils.setThrottleErrorToContext(requestContext, 900804, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
                requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_SUBSCRIPTION_LIMIT_EXCEEDED);
                ThrottleUtils.setRetryAfterWebsocket(requestContext, Long.valueOf(checkSubscriptionLevelThrottled.getResetAt()));
                return true;
            }
            log.debug("Proceeding since stopOnQuotaReach is false");
        }
        Decision checkAppLevelThrottled = checkAppLevelThrottled(applicationId + ":" + buildUsernameWithTenant, applicationTier);
        if (!checkAppLevelThrottled.isThrottled()) {
            return false;
        }
        log.debug("Setting application throttle out response");
        FilterUtils.setThrottleErrorToContext(requestContext, 900803, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
        requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_APPLICATION_LIMIT_EXCEEDED);
        ThrottleUtils.setRetryAfterWebsocket(requestContext, Long.valueOf(checkAppLevelThrottled.getResetAt()));
        return true;
    }

    private String getApiTier(APIConfig aPIConfig) {
        return !aPIConfig.getTier().isBlank() ? aPIConfig.getTier() : "Unlimited";
    }

    private String getApiThrottleKey(String str, String str2) {
        String str3 = str;
        if (!str2.isBlank()) {
            str3 = str3 + ":" + str2;
        }
        return str3;
    }

    private String getSubscriptionThrottleKey(int i, String str, String str2) {
        String str3 = i + ":" + str;
        if (!str2.isBlank()) {
            str3 = str3 + ":" + str2;
        }
        return str3;
    }

    private Decision checkSubscriptionLevelThrottled(String str, String str2) {
        Decision isThrottled = this.dataHolder.isThrottled(str);
        log.debug("Subscription Level throttle decision is {} for key:tier {}:{}", Boolean.valueOf(isThrottled.isThrottled()), str, str2);
        return isThrottled;
    }

    private Decision checkAppLevelThrottled(String str, String str2) {
        Decision isThrottled = this.dataHolder.isThrottled(str);
        log.debug("Application Level throttle decision is {} for key:tier {}:{}", Boolean.valueOf(isThrottled.isThrottled()), str, str2);
        return isThrottled;
    }

    private Map<String, String> getThrottleEventMap(RequestContext requestContext) {
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        HashMap hashMap = new HashMap();
        APIConfig matchedAPI = requestContext.getMatchedAPI();
        String basePath = matchedAPI.getBasePath();
        String version = matchedAPI.getVersion();
        String str = basePath + ":" + version;
        String name = matchedAPI.getName();
        String apiTier = getApiTier(matchedAPI);
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(str);
        String buildUsernameWithTenant = FilterUtils.buildUsernameWithTenant(authenticationContext.getUsername(), authenticationContext.getSubscriberTenantDomain());
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        hashMap.put(ThrottleEventConstants.MESSAGE_ID, requestContext.getRequestID());
        hashMap.put(ThrottleEventConstants.APP_KEY, authenticationContext.getApplicationId() + ":" + buildUsernameWithTenant);
        hashMap.put(ThrottleEventConstants.APP_TIER, authenticationContext.getApplicationTier());
        hashMap.put("apiKey", str);
        hashMap.put("apiTier", apiTier);
        hashMap.put(ThrottleEventConstants.RESOURCE_TIER, apiTier);
        hashMap.put(ThrottleEventConstants.RESOURCE_KEY, str);
        hashMap.put(ThrottleEventConstants.SUBSCRIPTION_KEY, authenticationContext.getApplicationId() + ":" + str);
        hashMap.put("subscriptionTier", authenticationContext.getTier());
        hashMap.put(ThrottleEventConstants.USER_ID, buildUsernameWithTenant);
        hashMap.put("apiContext", basePath);
        hashMap.put("apiVersion", version);
        hashMap.put(ThrottleEventConstants.APP_TENANT, authenticationContext.getSubscriberTenantDomain());
        hashMap.put(ThrottleEventConstants.API_TENANT, tenantDomainFromRequestURL);
        hashMap.put(ThrottleEventConstants.APP_ID, String.valueOf(authenticationContext.getApplicationId()));
        hashMap.put("apiName", name);
        hashMap.put(ThrottleEventConstants.PROPERTIES, getProperties(requestContext).toString());
        return hashMap;
    }

    private JSONObject getProperties(RequestContext requestContext) {
        String clientIp = requestContext.getClientIp();
        JSONObject jSONObject = new JSONObject();
        ThrottleConfigDto throttleConfig = ConfigHolder.getInstance().getConfig().getThrottleConfig();
        if (clientIp != null && clientIp.length() > 0) {
            try {
                InetAddress byName = InetAddress.getByName(clientIp);
                if (byName instanceof Inet4Address) {
                    jSONObject.put("ip", FilterUtils.ipToLong(clientIp));
                    jSONObject.put(ThrottleConstants.IPV6, 0);
                } else if (byName instanceof Inet6Address) {
                    jSONObject.put(ThrottleConstants.IPV6, FilterUtils.ipToBigInteger(clientIp));
                    jSONObject.put("ip", 0);
                }
            } catch (UnknownHostException e) {
                log.error("Error while parsing host IP {}", clientIp, e);
                jSONObject.put(ThrottleConstants.IPV6, 0);
                jSONObject.put("ip", 0);
            }
        }
        String callerToken = requestContext.getAuthenticationContext().getCallerToken();
        if (throttleConfig.isJwtClaimConditionsEnabled() && callerToken != null) {
            Map<String, String> jWTClaims = ThrottleUtils.getJWTClaims(callerToken);
            for (String str : jWTClaims.keySet()) {
                jSONObject.put(str, jWTClaims.get(str));
            }
        }
        jSONObject.put(MetadataConstants.MESSAGE_SIZE, requestContext.getWebSocketFrameContext().getFrameLength());
        return jSONObject;
    }

    private Decision checkApiThrottled(String str, String str2, RequestContext requestContext) {
        log.debug("Checking if request is throttled at API level for tier: {}, key: {}", str2, str);
        Decision decision = new Decision();
        if (!"Unlimited".equals(str2) && this.isGlobalThrottlingEnabled) {
            Decision isAdvancedThrottled = this.dataHolder.isAdvancedThrottled(str, requestContext);
            log.debug("API Level throttle decision: {}", Boolean.valueOf(isAdvancedThrottled.isThrottled()));
            return isAdvancedThrottled;
        }
        return decision;
    }
}
