package com.appiancorp.security.auth.mobile;

import com.appiancorp.common.monitoring.ProductMetricsAggregatedDataCollector;
import com.appiancorp.common.net.URI;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.appiancorp.type.cdt.SiteLink;
import com.appiancorp.type.cdt.SitePageLink;
import com.appiancorp.uritemplates.UriTemplateScanner;
import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

@SuppressFBWarnings({"SE_BAD_FIELD"})
/* loaded from: input_file:com/appiancorp/security/auth/mobile/MobileAuthRedirectServlet.class */
public class MobileAuthRedirectServlet extends HttpServlet {
    SuiteConfiguration config = (SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class);
    private MobileAuthTokenService tokenService;
    private UriTemplateScanner uriTemplateScanner;
    private static final String FORWARD_SLASH = Pattern.quote("/");
    static final String MOBILE_AUTH_SUCCESS_HANDLER_SERVLET = "/mobileAuthSuccessHandler";

    public MobileAuthRedirectServlet() {
    }

    @VisibleForTesting
    public MobileAuthRedirectServlet(MobileAuthTokenService mobileAuthTokenService, UriTemplateScanner uriTemplateScanner) {
        this.tokenService = mobileAuthTokenService;
        this.uriTemplateScanner = uriTemplateScanner;
    }

    public void init() {
        WebApplicationContext requiredWebApplicationContext = WebApplicationContextUtils.getRequiredWebApplicationContext(getServletContext());
        this.tokenService = (MobileAuthTokenService) requiredWebApplicationContext.getBean("mobileAuthTokenService", MobileAuthTokenService.class);
        this.uriTemplateScanner = (UriTemplateScanner) requiredWebApplicationContext.getBean("uriTemplateScanner", UriTemplateScanner.class);
    }

    protected void service(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        FeatureToggleConfiguration featureToggleConfiguration = (FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class);
        MobileAuthContext mobileAuthContext = MobileAuthContextUtils.getMobileAuthContext(httpServletRequest.getSession(false));
        if (!featureToggleConfiguration.isInAppBrowserAuthEnabled() || mobileAuthContext == null) {
            httpServletResponse.setStatus(400);
            return;
        }
        String path = getPath(httpServletRequest, httpServletResponse);
        String uri = generateRedirect(mobileAuthContext).toString();
        if (MobileAuthConstants.MOBILE_AUTH_RETURN_TO_APP.equals(path)) {
            httpServletResponse.sendRedirect(uri);
            httpServletRequest.getSession().invalidate();
        } else {
            httpServletRequest.setAttribute(MobileAuthConstants.MOBILE_AUTH_SUCCESS_FINAL_REDIRECT, uri);
            httpServletRequest.setAttribute(MobileAuthConstants.MOBILE_AUTH_SUCCESS_INTERMEDIATE_REDIRECT, this.config.getBaseUri() + MOBILE_AUTH_SUCCESS_HANDLER_SERVLET + "/" + MobileAuthConstants.MOBILE_AUTH_RETURN_TO_APP);
            httpServletRequest.getRequestDispatcher(MobileAuthConstants.MOBILE_AUTHENTICATION_SUCCESS_REDIRECT_JSP).forward(httpServletRequest, httpServletResponse);
        }
    }

    private String getPath(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String[] splitPath = splitPath(httpServletRequest.getPathInfo());
        if (splitPath.length == 1) {
            return splitPath[0];
        }
        httpServletResponse.sendError(400, "Invalid path");
        return null;
    }

    protected String[] splitPath(String str) {
        if (str.startsWith("/")) {
            str = str.substring(1);
        }
        return str.split(FORWARD_SLASH, 2);
    }

    private URI generateRedirect(MobileAuthContext mobileAuthContext) throws ServletException {
        try {
            URI uri = new URI(this.config.getBaseUri());
            uri.addQueryParameter("result", MobileAuthConstants.LOGIN_RESULT);
            uri.addQueryParameter("token", generateToken(mobileAuthContext));
            uri.setScheme(mobileAuthContext.getScheme());
            ProductMetricsAggregatedDataCollector.recordData("token.generation.status.success");
            return uri;
        } catch (Exception e) {
            ProductMetricsAggregatedDataCollector.recordData("token.generation.status.failure");
            throw new ServletException("Unable to generate mobile auth token URI", e);
        }
    }

    private String generateToken(MobileAuthContext mobileAuthContext) throws MobileAuthTokenException {
        AppianUserDetails currentSecurityContext = SpringSecurityContextHelper.getCurrentSecurityContext();
        return this.tokenService.generateEncryptedToken(currentSecurityContext.getUsername(), new String(currentSecurityContext.getScsKey()), mobileAuthContext.getCodeChallenge(), mobileAuthContext.isRememberMeRequested(), mobileAuthContext.isLoggedInThroughSaml(), mobileAuthContext.getAppianLoginContext(), parseSiteUrlStub(mobileAuthContext.getRequestUrl()), mobileAuthContext.getSigninParameter(), mobileAuthContext.getTransactionId());
    }

    private String parseSiteUrlStub(String str) {
        SiteLink matchUriToCdt = this.uriTemplateScanner.matchUriToCdt(str);
        if (matchUriToCdt instanceof SiteLink) {
            return matchUriToCdt.getUrlStub();
        }
        if (matchUriToCdt instanceof SitePageLink) {
            return ((SitePageLink) matchUriToCdt).getSiteUrlStub();
        }
        return null;
    }
}
