package com.appiancorp.ag.user.action;

import com.appiancorp.ag.user.form.MfaRequestVerificationCodeForm;
import com.appiancorp.common.I18nSettingCalculator;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.struts.BaseUpdateAction;
import com.appiancorp.common.struts.MessagingUtil;
import com.appiancorp.common.struts.SupportedHttpMethods;
import com.appiancorp.security.auth.mfa.MfaVerificationCodeManager;
import com.appiancorp.security.auth.mfa.exceptions.MfaVerificationCodeException;
import com.appiancorp.security.auth.mfa.metrics.MfaPerfomanceMetricsLogger;
import com.appiancorp.suiteapi.personalization.UserService;
import com.appiancorp.suiteapi.security.auth.UserDetailsAndSecurityContext;
import com.appiancorp.util.BundleUtils;
import java.util.ResourceBundle;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionRedirect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;

@SupportedHttpMethods({SupportedHttpMethods.Method.GET, SupportedHttpMethods.Method.POST})
/* loaded from: input_file:com/appiancorp/ag/user/action/MfaRequestVerificationCode.class */
public class MfaRequestVerificationCode extends BaseUpdateAction {
    private static final Logger LOG = LoggerFactory.getLogger(MfaRequestVerificationCode.class);
    private static final String MSG_INVALID_VERIFICATION_CODE = "error.login.invalidVerificationCode";
    private static final String MSG_INVALID_CREDENTIALS_CODE = "error.login.invalidCredentials";
    private static final String MSG_TOO_MANY_ATTEMPTS_CODE = "error.login.tooManyVerificationCodeAttempts";
    private static final String TEXT_BUNDLE = "text.java.com.appiancorp.ap2.application-i18n";
    private static final int MAX_VERIRIFCATION_CODE_ATTEMPT_PER_SESSION = 3;
    public static final String MFA_ERROR = "mfaError";
    protected static final String FORWARD_LOGIN = "login";
    private I18nSettingCalculator i18nSettingCalculator = new I18nSettingCalculator();

    @Override // com.appiancorp.common.struts.BaseViewAction
    public ActionForward main(ActionMapping actionMapping, ActionForm actionForm, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!httpServletRequest.getMethod().equalsIgnoreCase("POST")) {
            return actionMapping.findForward("error");
        }
        long currentTimeMillis = System.currentTimeMillis();
        MfaRequestVerificationCodeForm mfaRequestVerificationCodeForm = (MfaRequestVerificationCodeForm) actionForm;
        String normalizeSpace = StringUtils.normalizeSpace(httpServletRequest.getRemoteUser());
        String verificationCode = mfaRequestVerificationCodeForm.getVerificationCode();
        mfaRequestVerificationCodeForm.clearForm();
        try {
            UserService userService = (UserService) ApplicationContextHolder.getBean(UserService.class);
            HttpSession session = httpServletRequest.getSession();
            if (((MfaVerificationCodeManager) ApplicationContextHolder.getBean(MfaVerificationCodeManager.class)).isVerificationCodeValid((UserDetailsAndSecurityContext) SecurityContextHolder.getContext().getAuthentication().getPrincipal(), verificationCode)) {
                handleValidVerificationCode(httpServletRequest, session, normalizeSpace, userService);
                MfaPerfomanceMetricsLogger.logVerificationCodeValidationTimeForSuccess(System.currentTimeMillis() - currentTimeMillis);
                return getActionForwardForSuccessCodeValidation(session, actionMapping);
            }
            handleInvalidVerificationCode(httpServletRequest, normalizeSpace, userService);
            MfaPerfomanceMetricsLogger.logVerificationCodeValidationTimeForFailure(System.currentTimeMillis() - currentTimeMillis);
            incrementVerificationCodeAttempts(session);
            if (userService.getUser(normalizeSpace).isUserLocked()) {
                handleLockedUserAccount(httpServletRequest, httpServletResponse, normalizeSpace);
                return actionMapping.findForward("login");
            }
            if (isMaxVerificationCodeAttemptsReached(session)) {
                handleMaxVerificationCodeAttemptsReached(httpServletRequest, httpServletResponse, normalizeSpace);
                return actionMapping.findForward("login");
            }
            addErroMessageToSession(MSG_INVALID_VERIFICATION_CODE, session);
            return actionMapping.findForward("error");
        } catch (MfaVerificationCodeException | ClassCastException e) {
            LOG.error("Unexpected exception requesting verification code.", e);
            return actionMapping.findForward("error");
        }
    }

    @Override // com.appiancorp.common.struts.BaseUpdateAction
    protected boolean shouldSetSessionAttributes(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getSession(false) != null;
    }

    private void handleValidVerificationCode(HttpServletRequest httpServletRequest, HttpSession httpSession, String str, UserService userService) {
        httpSession.setAttribute("skip_verification_code_check", true);
        LOG.debug("authn_correct_verification_code, User {} entered correct verification code during login process from IP {}, MFA method: Email", str, httpServletRequest.getRemoteAddr());
        userService.loginAttempt(str, true);
    }

    private void handleInvalidVerificationCode(HttpServletRequest httpServletRequest, String str, UserService userService) {
        LOG.warn("authn_incorrect_verification_code, User {} entered incorrect verification code during login process from IP {}, MFA method: Email", str, httpServletRequest.getRemoteAddr());
        userService.loginAttempt(str, false);
    }

    private void addErroMessageToSession(String str, HttpSession httpSession) {
        MessagingUtil.addError(httpSession, new ActionMessage(str), "ap-app-i18n");
    }

    private ActionForward getActionForwardForSuccessCodeValidation(HttpSession httpSession, ActionMapping actionMapping) {
        String str = (String) httpSession.getAttribute("mfa_destination_url");
        if (StringUtils.isEmpty(str)) {
            LOG.debug("No redirect URL specified in the MFA request");
            return actionMapping.findForward("success");
        }
        LOG.debug("MFA: Received RedirectURL: {}", str);
        return new ActionRedirect(str);
    }

    private boolean isMaxVerificationCodeAttemptsReached(HttpSession httpSession) {
        Integer num = (Integer) httpSession.getAttribute("verification_code_attempts");
        return (num == null ? 0 : num).intValue() >= 3;
    }

    private void handleMaxVerificationCodeAttemptsReached(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        LOG.warn("Max verification code attempts reached for user {}.", str);
        httpServletRequest.getSession().invalidate();
        SecurityContextHolder.clearContext();
        httpServletRequest.setAttribute(MFA_ERROR, getErrorMessage(MSG_TOO_MANY_ATTEMPTS_CODE, str));
    }

    private void handleLockedUserAccount(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        LOG.warn("Max login attempts reached for user {}.", str);
        httpServletRequest.getSession().invalidate();
        SecurityContextHolder.clearContext();
        httpServletRequest.setAttribute(MFA_ERROR, getErrorMessage(MSG_INVALID_CREDENTIALS_CODE, str));
    }

    private void incrementVerificationCodeAttempts(HttpSession httpSession) {
        Integer num = (Integer) httpSession.getAttribute("verification_code_attempts");
        httpSession.setAttribute("verification_code_attempts", Integer.valueOf((num == null ? 0 : num).intValue() + 1));
    }

    private String getErrorMessage(String str, String str2) {
        return BundleUtils.getText(ResourceBundle.getBundle(TEXT_BUNDLE, this.i18nSettingCalculator.getPreferredLocale(str2)), str);
    }

    protected void setI18nSettingCalculator(I18nSettingCalculator i18nSettingCalculator) {
        this.i18nSettingCalculator = i18nSettingCalculator;
    }
}
