package com.appiancorp.security.auth.session;

import com.appiancorp.security.auth.LogoutSuccessHandler;
import com.appiancorp.suite.cfg.AdminSecurityConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.authentication.logout.CompositeLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.session.ConcurrentSessionFilter;
import org.springframework.security.web.session.SessionInformationExpiredEvent;
import org.springframework.security.web.session.SessionInformationExpiredStrategy;

/* loaded from: input_file:com/appiancorp/security/auth/session/AppianForcedLogoutSessionFilter.class */
public class AppianForcedLogoutSessionFilter extends ConcurrentSessionFilter {
    private static final Logger LOG = Logger.getLogger(AppianForcedLogoutSessionFilter.class);
    private AdminSecurityConfiguration adminSecurityConfiguration;
    private SessionInformationExpiredStrategy sessionInformationExpiredStrategy;
    private final LogoutSuccessHandler logoutSuccessHandler;
    private CompositeLogoutHandler logoutHandlers;

    public AppianForcedLogoutSessionFilter(SessionRegistry sessionRegistry, SessionInformationExpiredStrategy sessionInformationExpiredStrategy, AdminSecurityConfiguration adminSecurityConfiguration, LogoutSuccessHandler logoutSuccessHandler, List<LogoutHandler> list) {
        super(sessionRegistry, sessionInformationExpiredStrategy);
        this.adminSecurityConfiguration = adminSecurityConfiguration;
        this.sessionInformationExpiredStrategy = sessionInformationExpiredStrategy;
        this.logoutSuccessHandler = logoutSuccessHandler;
        this.logoutHandlers = new CompositeLogoutHandler(list);
        super.setLogoutHandlers(list);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityContext context;
        Authentication authentication;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (httpServletRequest.getSession(false) == null || (context = SecurityContextHolder.getContext()) == null || (authentication = context.getAuthentication()) == null || !this.adminSecurityConfiguration.isMaintWindowActive().booleanValue() || ((AppianUserDetails) authentication.getPrincipal()).isSysAdmin()) {
            super.doFilter(servletRequest, servletResponse, filterChain);
        } else {
            doLogout(httpServletRequest, (HttpServletResponse) servletResponse, authentication);
        }
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws ServletException, IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Requested session ID " + httpServletRequest.getRequestedSessionId() + " for " + authentication.getName() + " has been terminated due to an active maintenance window.");
        }
        httpServletRequest.getSession().setAttribute(LogoutReasonFilter.DELETION_REASON_ATTRIBUTE, SessionDeletionReason.MAINTENANCE_WINDOW);
        this.sessionInformationExpiredStrategy.onExpiredSessionDetected(new SessionInformationExpiredEvent(new SessionInformation(authentication.getPrincipal(), httpServletRequest.getRequestedSessionId(), new Date()), httpServletRequest, httpServletResponse));
        this.logoutHandlers.logout(httpServletRequest, httpServletResponse, authentication);
        this.logoutSuccessHandler.onLogoutSuccess(httpServletRequest, httpServletResponse, authentication);
    }
}
