package datadog.trace.api.appsec;

import datadog.appsec.api.blocking.BlockingException;
import datadog.appsec.api.login.EventTrackerService;
import datadog.appsec.api.login.EventTrackerV2;
import datadog.appsec.api.user.User;
import datadog.appsec.api.user.UserService;
import datadog.trace.api.EventTracker;
import datadog.trace.api.GlobalTracer;
import datadog.trace.api.UserIdCollectionMode;
import datadog.trace.api.gateway.BlockResponseFunction;
import datadog.trace.api.gateway.CallbackProvider;
import datadog.trace.api.gateway.EventType;
import datadog.trace.api.gateway.Events;
import datadog.trace.api.gateway.Flow;
import datadog.trace.api.gateway.RequestContext;
import datadog.trace.api.gateway.RequestContextSlot;
import datadog.trace.api.internal.TraceSegment;
import datadog.trace.api.telemetry.LoginEvent;
import datadog.trace.api.telemetry.LoginVersion;
import datadog.trace.api.telemetry.WafMetricCollector;
import datadog.trace.bootstrap.ActiveSubsystems;
import datadog.trace.bootstrap.instrumentation.api.AgentSpan;
import datadog.trace.bootstrap.instrumentation.api.AgentTracer;
import datadog.trace.bootstrap.instrumentation.api.Tags;
import datadog.trace.util.Strings;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.BiFunction;

/* loaded from: input_file:datadog/trace/api/appsec/AppSecEventTracker.class */
public class AppSecEventTracker extends EventTracker implements UserService, EventTrackerService {
    private static final int HASH_SIZE_BYTES = 16;
    private static final String ANON_PREFIX = "anon_";
    private static final Map<String, LoginEvent> EVENT_MAPPING = new HashMap();
    private static final String LOGIN_SUCCESS_EVENT = "users.login.success";
    private static final String LOGIN_FAILURE_EVENT = "users.login.failure";
    private static final String SIGNUP_EVENT = "users.signup";
    private static final String COLLECTION_MODE = "_dd.appsec.user.collection_mode";

    public static void install() {
        AppSecEventTracker appSecEventTracker = new AppSecEventTracker();
        GlobalTracer.setEventTracker(appSecEventTracker);
        EventTrackerV2.setEventTrackerService(appSecEventTracker);
        User.setUserService(appSecEventTracker);
    }

    @Override // datadog.trace.api.EventTracker
    public final void trackLoginSuccessEvent(String str, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("userId is null or empty");
        }
        WafMetricCollector.get().appSecSdkEvent(LoginEvent.LOGIN_SUCCESS, LoginVersion.V1);
        if (handleLoginEvent(LoginVersion.V1, LOGIN_SUCCESS_EVENT, UserIdCollectionMode.SDK, str, str, null, map)) {
            throw new BlockingException("Blocked request (for login success)");
        }
    }

    @Override // datadog.trace.api.EventTracker
    public final void trackLoginFailureEvent(String str, boolean z, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("userId is null or empty");
        }
        WafMetricCollector.get().appSecSdkEvent(LoginEvent.LOGIN_FAILURE, LoginVersion.V1);
        if (handleLoginEvent(LoginVersion.V1, LOGIN_FAILURE_EVENT, UserIdCollectionMode.SDK, str, str, Boolean.valueOf(z), map)) {
            throw new BlockingException("Blocked request (for login failure)");
        }
    }

    @Override // datadog.appsec.api.login.EventTrackerService
    public void trackUserLoginSuccess(String str, String str2, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("login is null or empty");
        }
        WafMetricCollector.get().appSecSdkEvent(LoginEvent.LOGIN_SUCCESS, LoginVersion.V2);
        if (handleLoginEvent(LoginVersion.V2, LOGIN_SUCCESS_EVENT, UserIdCollectionMode.SDK, str, str2, null, map)) {
            throw new BlockingException("Blocked request (for login success)");
        }
    }

    @Override // datadog.appsec.api.login.EventTrackerService
    public void trackUserLoginFailure(String str, boolean z, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("login is null or empty");
        }
        WafMetricCollector.get().appSecSdkEvent(LoginEvent.LOGIN_FAILURE, LoginVersion.V2);
        if (handleLoginEvent(LoginVersion.V2, LOGIN_FAILURE_EVENT, UserIdCollectionMode.SDK, str, null, Boolean.valueOf(z), map)) {
            throw new BlockingException("Blocked request (for login failure)");
        }
    }

    @Override // datadog.trace.api.EventTracker, datadog.appsec.api.login.EventTrackerService
    public final void trackCustomEvent(String str, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("eventName is null or empty");
        }
        WafMetricCollector.get().appSecSdkEvent(LoginEvent.CUSTOM, LoginVersion.V2);
        if (handleLoginEvent(LoginVersion.V2, str, UserIdCollectionMode.SDK, null, null, null, map)) {
            throw new BlockingException("Blocked request (for custom event)");
        }
    }

    @Override // datadog.appsec.api.user.UserService
    public void trackUserEvent(String str, Map<String, String> map) {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("userId is null or empty");
        }
        if (handleUser(UserIdCollectionMode.SDK, str, map)) {
            throw new BlockingException("Blocked request (for user)");
        }
    }

    public void onUserEvent(UserIdCollectionMode userIdCollectionMode, String str) {
        onUserEvent(userIdCollectionMode, str, Collections.emptyMap());
    }

    public void onUserEvent(UserIdCollectionMode userIdCollectionMode, String str, Map<String, String> map) {
        if (handleUser(userIdCollectionMode, str, map)) {
            throw new BlockingException("Blocked request (for user)");
        }
    }

    public void onUserNotFound(UserIdCollectionMode userIdCollectionMode) {
        if (handleLoginEvent(LoginVersion.AUTO, LOGIN_FAILURE_EVENT, userIdCollectionMode, null, null, false, null)) {
            throw new BlockingException("Blocked request (for user not found)");
        }
    }

    public void onSignupEvent(UserIdCollectionMode userIdCollectionMode, String str, Map<String, String> map) {
        onSignupEvent(userIdCollectionMode, str, null, map);
    }

    public void onSignupEvent(UserIdCollectionMode userIdCollectionMode, String str, String str2, Map<String, String> map) {
        if (handleLoginEvent(LoginVersion.AUTO, SIGNUP_EVENT, userIdCollectionMode, str, str2, null, map)) {
            throw new BlockingException("Blocked request (for signup)");
        }
    }

    public void onLoginSuccessEvent(UserIdCollectionMode userIdCollectionMode, String str, Map<String, String> map) {
        onLoginSuccessEvent(userIdCollectionMode, str, null, map);
    }

    public void onLoginSuccessEvent(UserIdCollectionMode userIdCollectionMode, String str, String str2, Map<String, String> map) {
        if (handleLoginEvent(LoginVersion.AUTO, LOGIN_SUCCESS_EVENT, userIdCollectionMode, str, str2, null, map)) {
            throw new BlockingException("Blocked request (for login success)");
        }
    }

    public void onLoginFailureEvent(UserIdCollectionMode userIdCollectionMode, String str, Boolean bool, Map<String, String> map) {
        if (handleLoginEvent(LoginVersion.AUTO, LOGIN_FAILURE_EVENT, userIdCollectionMode, str, null, bool, map)) {
            throw new BlockingException("Blocked request (for login failure)");
        }
    }

    private boolean handleUser(UserIdCollectionMode userIdCollectionMode, String str, Map<String, String> map) {
        AgentTracer.TracerAPI tracer;
        TraceSegment traceSegment;
        String anonymize;
        if (!isEnabled(userIdCollectionMode) || (tracer = tracer()) == null || (traceSegment = tracer.getTraceSegment()) == null || (anonymize = anonymize(userIdCollectionMode, str)) == null) {
            return false;
        }
        if (userIdCollectionMode != UserIdCollectionMode.SDK) {
            traceSegment.setTagTop("_dd.appsec.usr.id", anonymize);
        }
        if (!isNewUser(userIdCollectionMode, traceSegment)) {
            return false;
        }
        traceSegment.setTagTop("usr.id", anonymize);
        if (map != null && !map.isEmpty()) {
            traceSegment.setTagTop("usr", map);
        }
        traceSegment.setTagTop(COLLECTION_MODE, userIdCollectionMode.fullName());
        traceSegment.setTagTop(Tags.ASM_KEEP, true);
        traceSegment.setTagTop(Tags.PROPAGATED_TRACE_SOURCE, 2);
        return dispatch(tracer, Events.EVENTS.user(), (requestContext, biFunction) -> {
            return (Flow) biFunction.apply(requestContext, anonymize);
        });
    }

    private boolean handleLoginEvent(LoginVersion loginVersion, String str, UserIdCollectionMode userIdCollectionMode, String str2, String str3, Boolean bool, Map<String, String> map) {
        AgentTracer.TracerAPI tracer;
        TraceSegment traceSegment;
        boolean dispatch;
        if (!isEnabled(userIdCollectionMode) || (tracer = tracer()) == null || (traceSegment = tracer.getTraceSegment()) == null) {
            return false;
        }
        boolean z = false;
        String anonymize = anonymize(userIdCollectionMode, str2);
        if (anonymize == null && str2 != null) {
            return false;
        }
        if (userIdCollectionMode == UserIdCollectionMode.SDK) {
            traceSegment.setTagTop("_dd.appsec.events." + str + ".sdk", true, true);
        } else {
            if (anonymize != null) {
                traceSegment.setTagTop("_dd.appsec.usr.login", anonymize);
            }
            traceSegment.setTagTop("_dd.appsec.events." + str + ".auto.mode", userIdCollectionMode.fullName(), true);
        }
        LoginEvent loginEvent = EVENT_MAPPING.get(str);
        if (isNewLoginEvent(userIdCollectionMode, traceSegment, str)) {
            if (anonymize != null) {
                traceSegment.setTagTop("appsec.events." + str + ".usr.login", anonymize, true);
            }
            if (map != null && !map.isEmpty()) {
                traceSegment.setTagTop("appsec.events." + str, map, true);
            }
            if (bool != null) {
                traceSegment.setTagTop("appsec.events." + str + ".usr.exists", bool, true);
            }
            traceSegment.setTagTop("appsec.events." + str + ".track", true, true);
            traceSegment.setTagTop(Tags.ASM_KEEP, true);
            traceSegment.setTagTop(Tags.PROPAGATED_TRACE_SOURCE, 2);
            if (anonymize != null && loginEvent != null) {
                z = dispatch(tracer, Events.EVENTS.loginEvent(), (requestContext, triFunction) -> {
                    return (Flow) triFunction.apply(requestContext, loginEvent, anonymize);
                });
            }
        }
        if (str3 != null) {
            if (loginVersion == LoginVersion.V2) {
                traceSegment.setTagTop("appsec.events." + str + ".usr.id", str3, true);
                if (map != null && !map.isEmpty()) {
                    traceSegment.setTagTop("appsec.events." + str + ".usr", map, true);
                }
                dispatch = handleUser(userIdCollectionMode, str3, map);
            } else {
                if (loginEvent == LoginEvent.LOGIN_SUCCESS) {
                    traceSegment.setTagTop("usr.id", str3);
                } else {
                    traceSegment.setTagTop("appsec.events." + str + ".usr.id", str3, true);
                }
                dispatch = dispatch(tracer, Events.EVENTS.user(), (requestContext2, biFunction) -> {
                    return (Flow) biFunction.apply(requestContext2, str3);
                });
            }
            z |= dispatch;
        }
        return z;
    }

    private boolean isNewLoginEvent(UserIdCollectionMode userIdCollectionMode, TraceSegment traceSegment, String str) {
        return userIdCollectionMode == UserIdCollectionMode.SDK || traceSegment.getTagTop(new StringBuilder().append("_dd.appsec.events.").append(str).append(".sdk").toString()) == null;
    }

    private boolean isNewUser(UserIdCollectionMode userIdCollectionMode, TraceSegment traceSegment) {
        Object tagTop;
        return userIdCollectionMode == UserIdCollectionMode.SDK || (tagTop = traceSegment.getTagTop(COLLECTION_MODE)) == null || !"sdk".equalsIgnoreCase(tagTop.toString());
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> boolean dispatch(AgentTracer.TracerAPI tracerAPI, EventType<T> eventType, BiFunction<RequestContext, T, Flow<Void>> biFunction) {
        CallbackProvider callbackProvider;
        AgentSpan activeSpan;
        RequestContext requestContext;
        Object callback;
        Flow flow;
        if (tracerAPI == null || (callbackProvider = tracerAPI.getCallbackProvider(RequestContextSlot.APPSEC)) == null || (activeSpan = tracerAPI.activeSpan()) == null || (requestContext = activeSpan.getRequestContext()) == null || (callback = callbackProvider.getCallback(eventType)) == null || (flow = (Flow) biFunction.apply(requestContext, callback)) == null) {
            return false;
        }
        Flow.Action action = flow.getAction();
        if (!(action instanceof Flow.Action.RequestBlockingAction)) {
            return false;
        }
        BlockResponseFunction blockResponseFunction = requestContext.getBlockResponseFunction();
        if (blockResponseFunction == null) {
            return true;
        }
        Flow.Action.RequestBlockingAction requestBlockingAction = (Flow.Action.RequestBlockingAction) action;
        blockResponseFunction.tryCommitBlockingResponse(requestContext.getTraceSegment(), requestBlockingAction.getStatusCode(), requestBlockingAction.getBlockingContentType(), requestBlockingAction.getExtraHeaders());
        return true;
    }

    protected static String anonymize(UserIdCollectionMode userIdCollectionMode, String str) {
        if (userIdCollectionMode != UserIdCollectionMode.ANONYMIZATION || str == null) {
            return str;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(str.getBytes());
            byte[] digest = messageDigest.digest();
            if (digest.length > 16) {
                byte[] bArr = new byte[16];
                System.arraycopy(digest, 0, bArr, 0, bArr.length);
                digest = bArr;
            }
            return ANON_PREFIX + Strings.toHexString(digest);
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }

    protected boolean isEnabled(UserIdCollectionMode userIdCollectionMode) {
        return userIdCollectionMode == UserIdCollectionMode.SDK || (ActiveSubsystems.APPSEC_ACTIVE && userIdCollectionMode != UserIdCollectionMode.DISABLED);
    }

    protected AgentTracer.TracerAPI tracer() {
        return AgentTracer.get();
    }

    static {
        EVENT_MAPPING.put(LOGIN_SUCCESS_EVENT, LoginEvent.LOGIN_SUCCESS);
        EVENT_MAPPING.put(LOGIN_FAILURE_EVENT, LoginEvent.LOGIN_FAILURE);
        EVENT_MAPPING.put(SIGNUP_EVENT, LoginEvent.SIGN_UP);
    }
}
