package nl.comHuman.balanceGateway.authoriseTransactions;

import java.io.IOException;
import java.math.BigDecimal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nl.comHuman.balanceGateway.authoriseTransactions.OTP.TOTP;
import nl.comHuman.balanceGateway.authoriseTransactions.OTP.exceptions.InvalidKeyException;
import nl.comHuman.balanceGateway.authoriseTransactions.OTP.exceptions.InvalidResponseException;
import nl.comHuman.balanceGateway.authoriseTransactions.exceptions.AuthoriseTransactionFailedException;
import nl.comHuman.balanceGateway.authoriseTransactions.exceptions.TransactionOrUserNotFoundException;
import nl.knowledgeplaza.util.Log4jUtil;
import org.apache.log4j.Logger;

/* loaded from: input_file:nl/comHuman/balanceGateway/authoriseTransactions/AuthoriseByTOTPFilterPlus.class */
public class AuthoriseByTOTPFilterPlus implements Filter {
    public static final String SOURCECODE_VERSION = "$Revision: 1.1 $";
    private static Logger log4j = Log4jUtil.createLogger();

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        log4j.debug("AuthoriseByTOTPFilterPlus.doFilter called");
        if (shouldFilterBeApplied(servletRequest, servletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            List<String> sendListIds = getSendListIds(httpServletRequest);
            if (sendListIds.size() < 1) {
                throw new ServletException("zero P_SENDLIST_IDS");
            }
            populateSuccessAndFailList(httpServletRequest, sendListIds);
        }
        applyNextFilterInChain(filterChain, servletRequest, servletResponse);
        log4j.debug("AuthoriseByTOTPFilterPlus.doFilter returned");
    }

    private void populateSuccessAndFailList(HttpServletRequest httpServletRequest, List<String> list) throws ServletException {
        log4j.debug("AuthoriseByTOTPFilterPlus.populateSuccessAndFailList called");
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        UserDAO userDAO = new UserDAO();
        UserInfo initialUserInfo = getInitialUserInfo(list.get(0), userDAO);
        TransactionDAO transactionDAO = new TransactionDAO();
        Integer userId = initialUserInfo == null ? null : initialUserInfo.getUserId();
        boolean validateOTP = initialUserInfo == null ? false : validateOTP(getOTPFromRequest(httpServletRequest), initialUserInfo.getKey(), new Date().getTime());
        for (String str : list) {
            if (userId == null || !validateOTP) {
                log4j.info("Authenticating '" + (initialUserInfo == null ? "unknown user" : initialUserInfo.getUserName()) + "', incorrect password");
                arrayList2.add(str.toString());
            } else if (userId.equals(getInitialUserInfo(str, userDAO).getUserId())) {
                try {
                    arrayList.add(transactionDAO.authoriseTransaction(userId, BigDecimal.valueOf(Long.parseLong(str))).toString());
                } catch (AuthoriseTransactionFailedException e) {
                    arrayList2.add(str.toString());
                    log4j.error(e);
                }
            } else {
                log4j.info("transaction authorised by different authoriser: " + str);
                arrayList2.add(str.toString());
            }
        }
        addListsToParameters(httpServletRequest, arrayList, arrayList2);
        log4j.debug("AuthoriseByTOTPFilterPlus.populateSuccessAndFailList returned");
    }

    void addListsToParameters(HttpServletRequest httpServletRequest, List<String> list, List<String> list2) {
        log4j.debug("AuthoriseByTOTPFilterPlus.addListsToParameters called");
        httpServletRequest.setAttribute("P_SENDLIST_IDS_SUCCES", getStringFromList(list));
        httpServletRequest.setAttribute("P_SENDLIST_IDS_FAIL", getStringFromList(list2));
        log4j.debug("AuthoriseByTOTPFilterPlus.addListsToParameters returned");
    }

    boolean shouldFilterBeApplied(ServletRequest servletRequest, ServletResponse servletResponse) {
        log4j.debug("AuthoriseByTOTPFilterPlus.shouldFilterBeApplied called");
        boolean z = (servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse) && servletRequest.getParameter("AUTHORISE_BY_TOTP") != null;
        log4j.debug("AuthoriseByTOTPFilterPlus.shouldFilterBeApplied returned; return value: " + z);
        return z;
    }

    UserInfo getInitialUserInfo(String str, UserDAO userDAO) {
        log4j.debug("AuthoriseByTOTPFilterPlus.getInitialUserInfo called");
        try {
            UserInfo userInfoByTransaction = userDAO.getUserInfoByTransaction(str);
            log4j.debug("AuthoriseByTOTPFilterPlus.getInitialUserInfo returned; return value: " + userInfoByTransaction);
            return userInfoByTransaction;
        } catch (TransactionOrUserNotFoundException e) {
            log4j.error(e);
            log4j.debug("AuthoriseByTOTPFilterPlus.getInitialUserInfo returned in error");
            return null;
        } catch (Exception e2) {
            log4j.error(e2);
            log4j.debug("AuthoriseByTOTPFilterPlus.getInitialUserInfo returned in error");
            return null;
        }
    }

    public static String getStringFromList(List<String> list) {
        log4j.debug("AuthoriseByTOTPFilterPlus.getStringFromList called");
        int size = list.size() * ",".length();
        if (size == 0) {
            log4j.debug("AuthoriseByTOTPFilterPlus.getStringFromList returned; return value: <empty string>");
            return "";
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            size += it.next().length();
        }
        StringBuilder sb = new StringBuilder(size);
        Iterator<String> it2 = list.iterator();
        while (it2.hasNext()) {
            sb.append(",").append(it2.next());
        }
        String substring = sb.substring(",".length());
        log4j.debug("AuthoriseByTOTPFilterPlus.getStringFromList returned; return value: " + substring);
        return substring;
    }

    private boolean validateOTP(String str, String str2, long j) {
        log4j.debug("AuthoriseByTOTPFilterPlus.validateOTP called");
        if (str2 == null) {
            log4j.warn("No Key64 found");
            log4j.debug("AuthoriseByTOTPFilterPlus.validateOTP returned; return value: false");
            return false;
        }
        log4j.debug("key64: " + str2);
        log4j.debug("key64.getBytes: " + str2.getBytes());
        try {
            new TOTP(str2.getBytes(), 6, 30, 2, 1).validate(j, str);
            log4j.debug("AuthoriseByTOTPFilterPlus.validateOTP returned; return value: true");
            return true;
        } catch (InvalidKeyException e) {
            log4j.error(e.getMessage(), e);
            log4j.debug("AuthoriseByTOTPFilterPlus.validateOTP returned in error");
            return false;
        } catch (InvalidResponseException e2) {
            log4j.error(e2.getMessage(), e2);
            log4j.debug("AuthoriseByTOTPFilterPlus.validateOTP returned in error");
            return false;
        }
    }

    List<String> getSendListIds(HttpServletRequest httpServletRequest) throws ServletException {
        log4j.debug("AuthoriseByTOTPFilterPlus.getSendListIds called");
        if (httpServletRequest.getParameter("P_SENDLIST_IDS") == null) {
            log4j.debug("AuthoriseByTOTPFilterPlus.getSendListIds returned in error");
            throw new ServletException("no P_SENDLIST_IDS");
        }
        String str = new String(httpServletRequest.getParameter("P_SENDLIST_IDS"));
        if (log4j.isDebugEnabled()) {
            log4j.debug("P_SENDLIST_IDS=" + str);
        }
        List<String> asList = Arrays.asList(str.split("\\s*,\\s*"));
        log4j.debug("AuthoriseByTOTPFilterPlus.getSendListIds returned; return value: " + asList);
        return asList;
    }

    String getOTPFromRequest(HttpServletRequest httpServletRequest) throws ServletException {
        log4j.debug("AuthoriseByTOTPFilterPlus.getOTPFromRequest called");
        if (httpServletRequest.getParameter("P_OTP") == null) {
            log4j.debug("AuthoriseByTOTPFilterPlus.getOTPFromRequest returned in error");
            throw new ServletException("no P_OTP");
        }
        String str = new String(httpServletRequest.getParameter("P_OTP"));
        if (log4j.isDebugEnabled()) {
            log4j.debug("P_OTP=" + str);
        }
        log4j.debug("AuthoriseByTOTPFilterPlus.getOTPFromRequest returned; return value: " + str);
        return str;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        log4j.info("AuthoriseByTOTPFilterPlus.init called");
        log4j.info("AuthoriseByTOTPFilterPlus.init returns");
    }

    void applyNextFilterInChain(FilterChain filterChain, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
