package com.appiancorp.security.auth;

import com.appiancorp.common.struts.MessagingUtil;
import com.appiancorp.security.auth.maintwindow.exceptions.MaintWindowActiveException;
import com.appiancorp.security.auth.session.SessionLimitException;
import com.appiancorp.security.cors.CorsUtil;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.common.spring.security.TemporaryCredentialsExpiredException;
import com.appiancorp.suiteapi.security.auth.TerminateAuthenticationChainException;
import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.Objects;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.apache.struts.action.ActionMessage;
import org.elasticsearch.common.Strings;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;

/* loaded from: input_file:com/appiancorp/security/auth/AppianAuthenticationFailureHandler.class */
public class AppianAuthenticationFailureHandler implements AuthenticationFailureHandler {
    protected static final String LOGIN_JSP_URL = "/portal/login.jsp";
    private static final Logger LOG = Logger.getLogger(AppianAuthenticationFailureHandler.class);
    private static final String MSG_BUNDLE_KEY = "ap-app-i18n";
    private final RedirectStrategy redirectStrategy;
    private SamlConfiguration samlConfig;

    public AppianAuthenticationFailureHandler(RedirectStrategy redirectStrategy, SamlConfiguration samlConfiguration) {
        this.redirectStrategy = redirectStrategy;
        this.samlConfig = samlConfiguration;
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        AuthenticationException m4487getCause = authenticationException instanceof TerminateAuthenticationChainException ? ((TerminateAuthenticationChainException) authenticationException).m4487getCause() : authenticationException;
        String str = authenticationException.getMessage() == null ? "" : " username=" + authenticationException.getMessage();
        if (!(m4487getCause instanceof BadCredentialsException) && !(m4487getCause instanceof LockedException) && !(m4487getCause instanceof TemporaryCredentialsExpiredException) && !(m4487getCause instanceof MaintWindowActiveException)) {
            LOG.error("Authentication failed." + str, authenticationException);
        } else if (LOG.isInfoEnabled()) {
            LOG.info("Authentication failed." + str, authenticationException);
        }
        MessagingUtil.addError(httpServletRequest.getSession(), new ActionMessage(m4487getCause instanceof BadCredentialsException ? "error.login.invalidCredentials" : m4487getCause instanceof LockedException ? "error.login.lockedAccount" : m4487getCause instanceof TemporaryCredentialsExpiredException ? "error.login.tempPasswordExpired" : m4487getCause instanceof SessionLimitException ? "error.login.maxSessionLimit" : m4487getCause instanceof MaintWindowActiveException ? "error.login.activeMaintWindow" : "error.login.invalidCredentials"), MSG_BUNDLE_KEY);
        String targetUrl = getTargetUrl(httpServletRequest, httpServletResponse, new HttpSessionRequestCache());
        LOG.debug("Redirecting to cached request URL: " + targetUrl);
        this.redirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, targetUrl);
    }

    @VisibleForTesting
    String getTargetUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpSessionRequestCache httpSessionRequestCache) {
        String embeddedRedirect = CorsUtil.getEmbeddedRedirect(httpServletRequest);
        if (!Strings.isNullOrEmpty(embeddedRedirect)) {
            return embeddedRedirect;
        }
        SavedRequest request = httpSessionRequestCache.getRequest(httpServletRequest, httpServletResponse);
        return Objects.isNull(request) ? getDefaultUrl() : request.getRedirectUrl();
    }

    private String getDefaultUrl() {
        return this.samlConfig.isEnabled() ? "/portal/login.jsp" : "/";
    }
}
