package com.appiancorp.security.auth;

import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.net.URI;
import com.appiancorp.process.rdbms.ActivitySqlFactory;
import com.appiancorp.suite.SuiteConfiguration;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.stream.Collectors;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;

/* loaded from: input_file:com/appiancorp/security/auth/AuthProviderFilter.class */
public class AuthProviderFilter implements Filter {
    public static final String EQUALS = "=";
    private static final Logger LOG = Logger.getLogger(AuthProviderFilter.class);
    public static final String QUERY_STRING_SEPARATOR = "&";
    private AppianRedirectStrategy appianRedirectStrategy;
    private SuiteConfiguration suiteConfiguration;
    private String baseUriPath = null;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.appianRedirectStrategy = (AppianRedirectStrategy) ApplicationContextHolder.getBean(AppianRedirectStrategy.class);
        this.suiteConfiguration = (SuiteConfiguration) ApplicationContextHolder.getBean(SuiteConfiguration.class);
    }

    void init(AppianRedirectStrategy appianRedirectStrategy, SuiteConfiguration suiteConfiguration) {
        this.appianRedirectStrategy = appianRedirectStrategy;
        this.suiteConfiguration = suiteConfiguration;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if ((servletRequest instanceof HttpServletRequest) && (servletResponse instanceof HttpServletResponse)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            if (hasAuthParameter(httpServletRequest) && isAuthenticated(httpServletRequest) && !isWebApiRequest(httpServletRequest) && !isLogoutRequest(httpServletRequest) && !isMobileRequest(httpServletRequest)) {
                LOG.debug("Stripping query parameters because the current user is authenticated");
                try {
                    this.appianRedirectStrategy.sendRedirect(httpServletRequest, httpServletResponse, ((Object) httpServletRequest.getRequestURL()) + removeAuthParameter(httpServletRequest));
                    return;
                } catch (IOException e) {
                    LOG.error("Error stripping Auth Provider query parameter", e);
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean isMobileRequest(HttpServletRequest httpServletRequest) {
        return new UserAgent(httpServletRequest.getHeader("User-Agent")).isMobile();
    }

    private String removeAuthParameter(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null) {
            String str = (String) Lists.newArrayList(queryString.split(QUERY_STRING_SEPARATOR)).stream().filter(str2 -> {
                return !str2.startsWith("signin=");
            }).collect(Collectors.joining(QUERY_STRING_SEPARATOR));
            queryString = Strings.isNullOrEmpty(str) ? str : ActivitySqlFactory.AC_SUBSTITUTE_CONST + str;
        }
        return queryString;
    }

    private boolean hasAuthParameter(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        return queryString != null && Lists.newArrayList(queryString.split(QUERY_STRING_SEPARATOR)).stream().anyMatch(str -> {
            return str.startsWith("signin=");
        });
    }

    private boolean isWebApiRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().startsWith(getBaseUriPath() + "/webapi/");
    }

    private boolean isLogoutRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getRequestURI().equalsIgnoreCase(getBaseUriPath() + "/logout");
    }

    private String getBaseUriPath() {
        if (this.baseUriPath == null) {
            String baseUri = this.suiteConfiguration.getBaseUri();
            try {
                this.baseUriPath = new URI(baseUri).getPath();
            } catch (URISyntaxException e) {
                throw new RuntimeException("Appserver URI was invalid: " + baseUri);
            }
        }
        return this.baseUriPath;
    }

    private boolean isAuthenticated(HttpServletRequest httpServletRequest) {
        Authentication authentication = null;
        Object attribute = httpServletRequest.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
        if (attribute != null) {
            authentication = ((SecurityContext) attribute).getAuthentication();
        }
        return authentication != null && authentication.isAuthenticated();
    }

    public void destroy() {
    }
}
