package org.wso2.choreo.connect.enforcer.throttle;

import io.opentelemetry.context.Scope;
import java.net.Inet4Address;
import java.net.Inet6Address;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.ThreadContext;
import org.json.JSONObject;
import org.wso2.choreo.connect.enforcer.commons.Filter;
import org.wso2.choreo.connect.enforcer.commons.model.APIConfig;
import org.wso2.choreo.connect.enforcer.commons.model.AuthenticationContext;
import org.wso2.choreo.connect.enforcer.commons.model.RequestContext;
import org.wso2.choreo.connect.enforcer.commons.model.ResourceConfig;
import org.wso2.choreo.connect.enforcer.config.ConfigHolder;
import org.wso2.choreo.connect.enforcer.config.dto.ThrottleConfigDto;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;
import org.wso2.choreo.connect.enforcer.throttle.databridge.agent.util.ThrottleEventConstants;
import org.wso2.choreo.connect.enforcer.throttle.dto.Decision;
import org.wso2.choreo.connect.enforcer.throttle.utils.ThrottleUtils;
import org.wso2.choreo.connect.enforcer.tracing.TracingConstants;
import org.wso2.choreo.connect.enforcer.tracing.TracingSpan;
import org.wso2.choreo.connect.enforcer.tracing.Utils;
import org.wso2.choreo.connect.enforcer.util.FilterUtils;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/throttle/ThrottleFilter.class */
public class ThrottleFilter implements Filter {
    private static final Logger log = LogManager.getLogger(ThrottleFilter.class);
    private final ThrottleDataHolder dataHolder = ThrottleDataHolder.getInstance();
    private final boolean isGlobalThrottlingEnabled = ConfigHolder.getInstance().getConfig().getThrottleConfig().isGlobalPublishingEnabled();

    @Override // org.wso2.choreo.connect.enforcer.commons.Filter
    public boolean handleRequest(RequestContext requestContext) {
        if (!ConfigHolder.getInstance().getConfig().getThrottleConfig().isGlobalPublishingEnabled()) {
            return true;
        }
        log.debug("Throttle filter received the request");
        if (doThrottle(requestContext)) {
            return false;
        }
        TracingSpan tracingSpan = null;
        Scope scope = null;
        try {
            if (Utils.tracingEnabled()) {
                tracingSpan = Utils.startSpan(TracingConstants.PUBLISH_THROTTLE_EVENT_SPAN, Utils.getGlobalTracer());
                scope = tracingSpan.getSpan().makeCurrent();
                Utils.setTag(tracingSpan, APIConstants.LOG_TRACE_ID, ThreadContext.get(APIConstants.LOG_TRACE_ID));
            }
            ThrottleAgent.publishNonThrottledEvent(getThrottleEventMap(requestContext));
            if (!Utils.tracingEnabled()) {
                return true;
            }
            scope.close();
            Utils.finishSpan(tracingSpan);
            return true;
        } catch (Throwable th) {
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            throw th;
        }
    }

    private boolean doThrottle(RequestContext requestContext) {
        int i;
        Object obj;
        TracingSpan tracingSpan = null;
        Scope scope = null;
        try {
            if (Utils.tracingEnabled()) {
                tracingSpan = Utils.startSpan(TracingConstants.DO_THROTTLE_SPAN, Utils.getGlobalTracer());
                scope = tracingSpan.getSpan().makeCurrent();
                Utils.setTag(tracingSpan, APIConstants.LOG_TRACE_ID, ThreadContext.get(APIConstants.LOG_TRACE_ID));
            }
            AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
            if (authenticationContext != null) {
                log.debug("Found AuthenticationContext for the request");
                APIConfig matchedAPI = requestContext.getMatchedAPI();
                String basePath = matchedAPI.getBasePath();
                String version = matchedAPI.getVersion();
                int applicationId = authenticationContext.getApplicationId();
                String apiTier = getApiTier(matchedAPI);
                String apiThrottleKey = getApiThrottleKey(basePath, version);
                String resourceTier = getResourceTier(requestContext.getMatchedResourcePath());
                String resourceThrottleKey = getResourceThrottleKey(requestContext, basePath, version);
                String tier = authenticationContext.getTier();
                String applicationTier = authenticationContext.getApplicationTier();
                String subscriberTenantDomain = authenticationContext.getSubscriberTenantDomain();
                String clientIp = requestContext.getClientIp();
                String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(basePath);
                String buildUsernameWithTenant = FilterUtils.buildUsernameWithTenant(authenticationContext.getUsername(), tenantDomainFromRequestURL);
                boolean z = false;
                if (!StringUtils.isEmpty(matchedAPI.getTier())) {
                    resourceThrottleKey = apiThrottleKey;
                    resourceTier = apiTier;
                    z = true;
                }
                if (tenantDomainFromRequestURL == null) {
                    tenantDomainFromRequestURL = "carbon.super";
                }
                if (this.dataHolder.isBlockingConditionsPresent()) {
                    String str = authenticationContext.getSubscriber() + ":" + authenticationContext.getApplicationName();
                    if (this.dataHolder.isRequestBlocked(basePath, str, buildUsernameWithTenant, requestContext.getClientIp(), basePath + ":" + version + ":" + authenticationContext.getSubscriber() + "-" + authenticationContext.getApplicationName() + ":" + authenticationContext.getKeyType(), tenantDomainFromRequestURL)) {
                        FilterUtils.setThrottleErrorToContext(requestContext, 900805, ThrottleConstants.BLOCKING_MESSAGE, ThrottleConstants.BLOCKING_DESCRIPTION);
                        requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_REQUEST_BLOCKED);
                        log.debug("Request blocked as it violates blocking conditions, for API: {}, application: {}, user: {}", basePath, str, buildUsernameWithTenant);
                        if (Utils.tracingEnabled()) {
                            scope.close();
                            Utils.finishSpan(tracingSpan);
                        }
                        return true;
                    }
                }
                Decision checkResourceThrottled = checkResourceThrottled(resourceThrottleKey, resourceTier, requestContext);
                if (checkResourceThrottled.isThrottled()) {
                    if (z) {
                        i = 900800;
                        obj = ThrottleConstants.THROTTLE_OUT_REASON_API_LIMIT_EXCEEDED;
                    } else {
                        i = 900802;
                        obj = ThrottleConstants.THROTTLE_OUT_REASON_RESOURCE_LIMIT_EXCEEDED;
                    }
                    FilterUtils.setThrottleErrorToContext(requestContext, i, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
                    requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, obj);
                    ThrottleUtils.setRetryAfterHeader(requestContext, Long.valueOf(checkResourceThrottled.getResetAt()));
                    if (Utils.tracingEnabled()) {
                        scope.close();
                        Utils.finishSpan(tracingSpan);
                    }
                    return true;
                }
                Decision checkSubscriptionLevelThrottled = checkSubscriptionLevelThrottled(getSubscriptionThrottleKey(applicationId, basePath, version), tier);
                if (checkSubscriptionLevelThrottled.isThrottled()) {
                    if (authenticationContext.isStopOnQuotaReach()) {
                        log.debug("Setting subscription throttle out response");
                        FilterUtils.setThrottleErrorToContext(requestContext, 900804, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
                        requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_SUBSCRIPTION_LIMIT_EXCEEDED);
                        ThrottleUtils.setRetryAfterHeader(requestContext, Long.valueOf(checkSubscriptionLevelThrottled.getResetAt()));
                        if (Utils.tracingEnabled()) {
                            scope.close();
                            Utils.finishSpan(tracingSpan);
                        }
                        return true;
                    }
                    log.debug("Proceeding since stopOnQuotaReach is false");
                }
                Decision checkAppLevelThrottled = checkAppLevelThrottled(applicationId + ":" + buildUsernameWithTenant, applicationTier);
                if (checkAppLevelThrottled.isThrottled()) {
                    log.debug("Setting application throttle out response");
                    FilterUtils.setThrottleErrorToContext(requestContext, 900803, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
                    requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_APPLICATION_LIMIT_EXCEEDED);
                    ThrottleUtils.setRetryAfterHeader(requestContext, Long.valueOf(checkAppLevelThrottled.getResetAt()));
                    if (Utils.tracingEnabled()) {
                        scope.close();
                        Utils.finishSpan(tracingSpan);
                    }
                    return true;
                }
                Decision isThrottledByCustomPolicy = this.dataHolder.isThrottledByCustomPolicy(buildUsernameWithTenant, resourceThrottleKey, basePath, version, subscriberTenantDomain, tenantDomainFromRequestURL, applicationId, clientIp);
                log.debug("Custom policy throttle decision is {}", Boolean.valueOf(isThrottledByCustomPolicy.isThrottled()));
                if (isThrottledByCustomPolicy.isThrottled()) {
                    log.debug("Setting custom policy throttle out response");
                    FilterUtils.setThrottleErrorToContext(requestContext, 900806, ThrottleConstants.THROTTLE_OUT_MESSAGE, ThrottleConstants.THROTTLE_OUT_DESCRIPTION);
                    requestContext.getProperties().put(ThrottleConstants.THROTTLE_OUT_REASON, ThrottleConstants.THROTTLE_OUT_REASON_CUSTOM_LIMIT_EXCEED);
                    ThrottleUtils.setRetryAfterHeader(requestContext, Long.valueOf(isThrottledByCustomPolicy.getResetAt()));
                    if (Utils.tracingEnabled()) {
                        scope.close();
                        Utils.finishSpan(tracingSpan);
                    }
                    return true;
                }
            }
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(tracingSpan);
            }
            return false;
        } catch (Throwable th) {
            if (Utils.tracingEnabled()) {
                scope.close();
                Utils.finishSpan(null);
            }
            throw th;
        }
    }

    private Decision checkSubscriptionLevelThrottled(String str, String str2) {
        Decision isThrottled = this.dataHolder.isThrottled(str);
        log.debug("Subscription Level throttle decision is {} for key:tier {}:{}", Boolean.valueOf(isThrottled.isThrottled()), str, str2);
        return isThrottled;
    }

    private Decision checkAppLevelThrottled(String str, String str2) {
        Decision isThrottled = this.dataHolder.isThrottled(str);
        log.debug("Application Level throttle decision is {} for key:tier {}:{}", Boolean.valueOf(isThrottled.isThrottled()), str, str2);
        return isThrottled;
    }

    private Decision checkResourceThrottled(String str, String str2, RequestContext requestContext) {
        log.debug("Checking if request is throttled at API/Resource level for tier: {}, key: {}", str2, str);
        Decision decision = new Decision();
        if (!"Unlimited".equals(str2) && this.isGlobalThrottlingEnabled) {
            Decision isAdvancedThrottled = this.dataHolder.isAdvancedThrottled(str, requestContext);
            log.debug("API/Resource Level throttle decision: {}", Boolean.valueOf(isAdvancedThrottled.isThrottled()));
            return isAdvancedThrottled;
        }
        return decision;
    }

    private Map<String, String> getThrottleEventMap(RequestContext requestContext) {
        String resourceTier;
        String resourceThrottleKey;
        AuthenticationContext authenticationContext = requestContext.getAuthenticationContext();
        HashMap hashMap = new HashMap();
        APIConfig matchedAPI = requestContext.getMatchedAPI();
        String basePath = matchedAPI.getBasePath();
        String version = matchedAPI.getVersion();
        String str = basePath + ":" + version;
        String name = matchedAPI.getName();
        String apiTier = getApiTier(matchedAPI);
        String tenantDomainFromRequestURL = FilterUtils.getTenantDomainFromRequestURL(str);
        authenticationContext.getSubscriberTenantDomain();
        String buildUsernameWithTenant = FilterUtils.buildUsernameWithTenant(authenticationContext.getUsername(), tenantDomainFromRequestURL);
        if (tenantDomainFromRequestURL == null) {
            tenantDomainFromRequestURL = "carbon.super";
        }
        if (StringUtils.isEmpty(matchedAPI.getTier())) {
            resourceTier = getResourceTier(requestContext.getMatchedResourcePath());
            resourceThrottleKey = getResourceThrottleKey(requestContext, basePath, version);
        } else {
            resourceTier = apiTier;
            resourceThrottleKey = str;
        }
        hashMap.put(ThrottleEventConstants.MESSAGE_ID, requestContext.getRequestID());
        hashMap.put(ThrottleEventConstants.APP_KEY, authenticationContext.getApplicationId() + ":" + buildUsernameWithTenant);
        hashMap.put(ThrottleEventConstants.APP_TIER, authenticationContext.getApplicationTier());
        hashMap.put("apiKey", str);
        hashMap.put("apiTier", apiTier);
        hashMap.put(ThrottleEventConstants.SUBSCRIPTION_KEY, authenticationContext.getApplicationId() + ":" + str);
        hashMap.put("subscriptionTier", authenticationContext.getTier());
        hashMap.put(ThrottleEventConstants.RESOURCE_KEY, resourceThrottleKey);
        hashMap.put(ThrottleEventConstants.RESOURCE_TIER, resourceTier);
        hashMap.put(ThrottleEventConstants.USER_ID, buildUsernameWithTenant);
        hashMap.put("apiContext", basePath);
        hashMap.put("apiVersion", version);
        hashMap.put(ThrottleEventConstants.APP_TENANT, authenticationContext.getSubscriberTenantDomain());
        hashMap.put(ThrottleEventConstants.API_TENANT, tenantDomainFromRequestURL);
        hashMap.put(ThrottleEventConstants.APP_ID, String.valueOf(authenticationContext.getApplicationId()));
        hashMap.put("apiName", name);
        hashMap.put(ThrottleEventConstants.PROPERTIES, getProperties(requestContext).toString());
        return hashMap;
    }

    private String getResourceThrottleKey(RequestContext requestContext, String str, String str2) {
        String str3 = str;
        if (!str2.isBlank()) {
            str3 = str3 + "/" + str2;
        }
        return str3 + requestContext.getMatchedResourcePath().getPath() + ":" + requestContext.getRequestMethod();
    }

    private String getApiThrottleKey(String str, String str2) {
        String str3 = str;
        if (!str2.isBlank()) {
            str3 = str3 + ":" + str2;
        }
        return str3;
    }

    private String getSubscriptionThrottleKey(int i, String str, String str2) {
        String str3 = i + ":" + str;
        if (!str2.isBlank()) {
            str3 = str3 + ":" + str2;
        }
        return str3;
    }

    private String getResourceTier(ResourceConfig resourceConfig) {
        return !resourceConfig.getTier().isBlank() ? resourceConfig.getTier() : "Unlimited";
    }

    private String getApiTier(APIConfig aPIConfig) {
        return !StringUtils.isEmpty(aPIConfig.getTier()) ? aPIConfig.getTier() : "Unlimited";
    }

    private JSONObject getProperties(RequestContext requestContext) {
        String clientIp = requestContext.getClientIp();
        JSONObject jSONObject = new JSONObject();
        ThrottleConfigDto throttleConfig = ConfigHolder.getInstance().getConfig().getThrottleConfig();
        if (clientIp != null && clientIp.length() > 0) {
            try {
                InetAddress byName = InetAddress.getByName(clientIp);
                if (byName instanceof Inet4Address) {
                    jSONObject.put("ip", FilterUtils.ipToLong(clientIp));
                    jSONObject.put(ThrottleConstants.IPV6, 0);
                } else if (byName instanceof Inet6Address) {
                    jSONObject.put(ThrottleConstants.IPV6, FilterUtils.ipToBigInteger(clientIp));
                    jSONObject.put("ip", 0);
                }
            } catch (UnknownHostException e) {
                log.error("Error while parsing host IP {}", clientIp, e);
                jSONObject.put(ThrottleConstants.IPV6, 0);
                jSONObject.put("ip", 0);
            }
        }
        if (throttleConfig.isHeaderConditionsEnabled()) {
            Map<String, String> headers = requestContext.getHeaders();
            for (String str : headers.keySet()) {
                if (!requestContext.getProtectedHeaders().contains(str) && !str.equals(":path")) {
                    jSONObject.put(str, headers.get(str));
                }
            }
        }
        if (throttleConfig.isQueryConditionsEnabled()) {
            Map<String, String> queryParameters = requestContext.getQueryParameters();
            for (String str2 : queryParameters.keySet()) {
                if (!requestContext.getQueryParamsToRemove().contains(str2)) {
                    jSONObject.put(str2, queryParameters.get(str2));
                }
            }
        }
        String callerToken = requestContext.getAuthenticationContext().getCallerToken();
        if (throttleConfig.isJwtClaimConditionsEnabled() && callerToken != null) {
            Map<String, String> jWTClaims = ThrottleUtils.getJWTClaims(callerToken);
            for (String str3 : jWTClaims.keySet()) {
                jSONObject.put(str3, jWTClaims.get(str3));
            }
        }
        return jSONObject;
    }
}
