package com.appiancorp.security.auth;

import com.appiancorp.security.auth.mobile.AppianMobileAuthenticationSuccessEvent;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suite.cfg.FeatureToggleConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.annotations.VisibleForTesting;
import java.sql.Timestamp;
import java.util.UUID;
import org.apache.log4j.Logger;
import org.springframework.context.ApplicationListener;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;

/* loaded from: input_file:com/appiancorp/security/auth/AuthenticationEventLoggerListener.class */
public class AuthenticationEventLoggerListener implements ApplicationListener<AbstractAuthenticationEvent> {
    private static final String LOG_NAME = AuthenticationEventLoggerListener.class.getName();
    private static final Logger LOG = Logger.getLogger(LOG_NAME);
    public static final String LOGIN_AUDIT_LOG_NAME = "com.appian.login-audit";
    public static final Logger LOGIN_AUDIT_LOG = Logger.getLogger(LOGIN_AUDIT_LOG_NAME);
    public static final String LOGIN_AUDIT_UUID_LOG_NAME = "com.appian.login-audit-uuid";
    public static final Logger LOGIN_AUDIT_UUID_LOG = Logger.getLogger(LOGIN_AUDIT_UUID_LOG_NAME);
    private final SuiteConfiguration suiteConfiguration;

    public AuthenticationEventLoggerListener(SuiteConfiguration suiteConfiguration) {
        this.suiteConfiguration = suiteConfiguration;
    }

    public void onApplicationEvent(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        LoginStatus loginStatus = getLoginStatus(abstractAuthenticationEvent);
        if (loginStatus != null && LOGIN_AUDIT_LOG.isInfoEnabled()) {
            AuthenticationDetails authenticationDetails = getAuthenticationDetails(abstractAuthenticationEvent);
            LOGIN_AUDIT_LOG.info(new LoginAttemptMetadata(getUsername(abstractAuthenticationEvent), loginStatus, getTransactionId(abstractAuthenticationEvent), authenticationDetails, getSessionUuid(abstractAuthenticationEvent)));
            if (shouldLogInternal(abstractAuthenticationEvent)) {
                try {
                    LOGIN_AUDIT_UUID_LOG.info(new LoginAttemptInternalMetadata(((AppianUserDetails) ((AbstractAuthenticationToken) abstractAuthenticationEvent.getSource()).getPrincipal()).getUserUuid(), authenticationDetails));
                } catch (ClassCastException e) {
                    LOG.error(e);
                }
            }
        }
    }

    private boolean shouldLogInternal(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        if (this.suiteConfiguration.isCloud()) {
            return abstractAuthenticationEvent instanceof AppianMobileAuthenticationSuccessEvent ? !((AppianMobileAuthenticationSuccessEvent) abstractAuthenticationEvent).isTransient() : abstractAuthenticationEvent instanceof AppianAuthenticationSuccessEvent;
        }
        return false;
    }

    protected LoginStatus getLoginStatus(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        LoginStatus loginStatus = null;
        if (abstractAuthenticationEvent instanceof AppianMobileAuthenticationSuccessEvent) {
            loginStatus = ((AppianMobileAuthenticationSuccessEvent) abstractAuthenticationEvent).isTransient() ? LoginStatus.TRANSIENT : LoginStatus.SUCCESS;
        } else if (abstractAuthenticationEvent instanceof AppianAuthenticationSuccessEvent) {
            loginStatus = LoginStatus.SUCCESS;
        } else if (abstractAuthenticationEvent instanceof AppianSessionLimitExceededEvent) {
            loginStatus = LoginStatus.SESSION_LIMIT;
        } else if (abstractAuthenticationEvent instanceof AbstractAuthenticationFailureEvent) {
            loginStatus = LoginStatus.FAILURE;
        }
        return loginStatus;
    }

    protected String getUsername(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        return abstractAuthenticationEvent.getAuthentication().getName();
    }

    protected AuthenticationDetails getAuthenticationDetails(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        Object details = abstractAuthenticationEvent.getAuthentication().getDetails();
        if (details instanceof AuthenticationDetails) {
            return (AuthenticationDetails) details;
        }
        LOG.warn(AuthenticationDetails.getLogMessageForMisconfiguredAuthDetails(details));
        return new AuthenticationDetails(new Timestamp(abstractAuthenticationEvent.getTimestamp()), (LoginEntryPoint) null, (String) null, (String) null);
    }

    @VisibleForTesting
    public UUID getTransactionId(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        if (((FeatureToggleConfiguration) ConfigurationFactory.getConfiguration(FeatureToggleConfiguration.class)).isInAppBrowserAuthEnabled()) {
            return abstractAuthenticationEvent instanceof AppianMobileAuthenticationSuccessEvent ? ((AppianMobileAuthenticationSuccessEvent) abstractAuthenticationEvent).getTransactionId() : UUID.randomUUID();
        }
        return null;
    }

    private String getSessionUuid(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        if (abstractAuthenticationEvent instanceof AppianAuthenticationSuccessEvent) {
            return ((AppianAuthenticationSuccessEvent) abstractAuthenticationEvent).getSessionUuid();
        }
        return null;
    }
}
