package com.appiancorp.security.auth.phpmyadmin;

import com.appiancorp.common.monitoring.WebApiAggregatedData;
import com.appiancorp.security.auth.token.UserTokenService;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.services.WebServiceContextFactory;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.google.common.annotations.VisibleForTesting;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import io.prometheus.client.Counter;
import java.io.IOException;
import java.util.Optional;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Import;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;

@SuppressFBWarnings({"SE_BAD_FIELD"})
@Import({PhpMyAdminSpringConfig.class})
/* loaded from: input_file:com/appiancorp/security/auth/phpmyadmin/PhpMyAdminLoginServlet.class */
public class PhpMyAdminLoginServlet extends HttpServlet {
    public static final String APPIAN_NAMESPACE = "appian";
    private static final long serialVersionUID = 1;
    private static final String SSO_SESSION_ID_KEY = "A2_PHPMYADMIN_SESSION_KEY";

    @VisibleForTesting
    static final String SESSION_KEY_PREFIX = "a2isMemberOf";
    private static final String TRUE_AS_STRING = "1";
    private static final String FALSE_AS_STRING = "0";
    private PhpMyAdminAuthConfiguration phpMyAdminAuthConfig;
    private PhpMyAdminSessionUtils phpMyAdminSessionUtils;
    private PhpMyAdminUserGroupResolver phpMyAdminUserGroupResolver;
    private UserTokenService phpMyAdminUserTokenService;
    private static final Logger LOG = Logger.getLogger(PhpMyAdminLoginServlet.class);
    public static final String PHPMYADMIN_SUBSYSTEM = "phpmyadmin";
    private static final Counter dbloginSuccessCount = Counter.build().namespace("appian").subsystem(PHPMYADMIN_SUBSYSTEM).name("dblogin_success_count").help("Successful logins to the /dblogin servlet").register();
    private static final Counter dbloginFailureCount = Counter.build().namespace("appian").subsystem(PHPMYADMIN_SUBSYSTEM).name("dblogin_failure_count").help("Failed login attempts to phpMyAdmin").register();
    private static final Counter dbAccessUnauthorizedCount = Counter.build().namespace("appian").subsystem(PHPMYADMIN_SUBSYSTEM).name("dblogin_unauthorized_count").help("Attempts to access phpMyAdmin by users without db access").register();

    public PhpMyAdminLoginServlet() {
    }

    @VisibleForTesting
    public PhpMyAdminLoginServlet(PhpMyAdminSessionUtils phpMyAdminSessionUtils) {
        this.phpMyAdminAuthConfig = (PhpMyAdminAuthConfiguration) ConfigurationFactory.getConfiguration(PhpMyAdminAuthConfiguration.class);
        this.phpMyAdminSessionUtils = phpMyAdminSessionUtils;
    }

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, servletConfig.getServletContext());
        this.phpMyAdminAuthConfig = (PhpMyAdminAuthConfiguration) ConfigurationFactory.getConfiguration(PhpMyAdminAuthConfiguration.class);
        this.phpMyAdminSessionUtils = PhpMyAdminSessionUtils.getInstance();
    }

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!this.phpMyAdminAuthConfig.isEnabled()) {
            dbAccessUnauthorizedCount.inc();
            httpServletResponse.sendError(403);
            return;
        }
        if (!(this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid() == null || isDatabaseUserSession(httpServletRequest.getSession()))) {
            httpServletResponse.sendError(403);
            dbloginFailureCount.inc();
            return;
        }
        try {
            ServiceContext serviceContext = WebServiceContextFactory.getServiceContext(httpServletRequest.getSession());
            if (serviceContext == null) {
                throw new RuntimeException("Unable to get username from service context.");
            }
            String generateEncryptedToken = this.phpMyAdminUserTokenService.generateEncryptedToken(serviceContext.getName());
            httpServletRequest.getSession().setAttribute(SSO_SESSION_ID_KEY, generateEncryptedToken);
            Cookie cookie = new Cookie(PhpMyAdminSessionUtils.MY_SSO_COOKIE, generateEncryptedToken);
            cookie.setPath(PhpMyAdminSessionUtils.MY_SSO_COOKIE_PATH);
            cookie.setSecure(true);
            httpServletResponse.addCookie(cookie);
            String sanitizeParameter = sanitizeParameter(httpServletRequest.getParameter("schema"));
            if (!StringUtils.isEmpty(sanitizeParameter)) {
                Cookie cookie2 = new Cookie("schema", sanitizeParameter);
                cookie2.setPath(PhpMyAdminSessionUtils.MY_SSO_COOKIE_PATH);
                cookie2.setSecure(true);
                httpServletResponse.addCookie(cookie2);
            }
            httpServletResponse.sendRedirect(this.phpMyAdminAuthConfig.getPhpMyAdminEndpoint());
            dbloginSuccessCount.inc();
        } catch (Exception e) {
            LOG.warn("Unable to set PhpMyAdmin session cookie.", e);
            httpServletResponse.sendError(WebApiAggregatedData.STATUS_CODE_RANGE_5XX_KEY);
            dbloginFailureCount.inc();
        }
    }

    private static String sanitizeParameter(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceAll("\\s+", "");
    }

    @Autowired
    void setPhpMyAdminUserTokenService(UserTokenService userTokenService) {
        this.phpMyAdminUserTokenService = userTokenService;
    }

    @Autowired
    void setPhpMyAdminUserGroupResolver(PhpMyAdminUserGroupResolver phpMyAdminUserGroupResolver) {
        this.phpMyAdminUserGroupResolver = phpMyAdminUserGroupResolver;
    }

    @VisibleForTesting
    boolean isDatabaseUserSession(HttpSession httpSession) {
        return getPhpSessionHeaderValue(httpSession, SESSION_KEY_PREFIX + this.phpMyAdminAuthConfig.getDatabaseAdminGroupUuid()).orElseGet(() -> {
            return Boolean.valueOf(this.phpMyAdminUserGroupResolver.doesUserHaveDatabaseAccess(WebServiceContextFactory.getServiceContext(httpSession).getName()));
        }).booleanValue();
    }

    @VisibleForTesting
    Optional<Boolean> getPhpSessionHeaderValue(HttpSession httpSession, String str) {
        Object attribute = httpSession.getAttribute(str);
        return "1".equals(attribute) ? Optional.of(true) : "0".equals(attribute) ? Optional.of(false) : Optional.empty();
    }

    double getDbLoginSuccessCount() {
        return dbloginSuccessCount.get();
    }

    double getDbLoginFailureCount() {
        return dbloginFailureCount.get();
    }

    double getDbAccessUnauthorizedCount() {
        return dbAccessUnauthorizedCount.get();
    }

    void resetMetrics() {
        dbloginSuccessCount.clear();
        dbloginFailureCount.clear();
        dbAccessUnauthorizedCount.clear();
    }
}
