package com.appiancorp.security.auth.rememberme;

import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.crypto.CryptoSpringConfig;
import com.appiancorp.common.crypto.KeyStoreConfig;
import com.appiancorp.core.crypto.Cryptographer;
import com.appiancorp.core.crypto.KeyAlias;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Supplier;
import java.security.SecureRandom;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;

/* loaded from: input_file:com/appiancorp/security/auth/rememberme/RememberMeScsHandler.class */
public class RememberMeScsHandler {
    public static final String SCS_TOKEN_COOKIE = "SCS_REMEMBER_ME_COOKIE";
    private static final String MISSING_OR_INVALID_TOKEN = "Missing or invalid SCS cookie token";
    private static Cryptographer cryptographer;
    private final RememberMeSettings rememberMeSettings;
    private static final int SALT_LENGTH = 8;
    private static final Logger LOG = Logger.getLogger(RememberMeScsHandler.class);
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();

    public RememberMeScsHandler(RememberMeSettings rememberMeSettings) {
        this.rememberMeSettings = rememberMeSettings;
    }

    public void addScsTokenCookieToResponse(AppianUserDetails appianUserDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String username = appianUserDetails.getUsername();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Adding scs token to response for " + username);
        }
        char[] scsKey = appianUserDetails.getScsKey();
        if (scsKey != null && scsKey.length > 0) {
            addCookieToResponse(httpServletRequest, httpServletResponse, encrypt(scsKey), this.rememberMeSettings.getTokenLifespanSec(httpServletRequest, username));
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("Not adding SCS token to response - SCS token is empty for " + username);
        }
    }

    public void clearScsTokenCookieFromResponse(AppianUserDetails appianUserDetails, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Clearing scs token from response for " + (appianUserDetails == null ? "" : appianUserDetails.getUsername()));
        }
        addCookieToResponse(httpServletRequest, httpServletResponse, null, 0);
    }

    private static void addCookieToResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, int i) {
        Cookie cookie = new Cookie(SCS_TOKEN_COOKIE, str);
        cookie.setPath(httpServletRequest.getContextPath());
        cookie.setMaxAge(i);
        cookie.setHttpOnly(true);
        cookie.setSecure(((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).isSchemeSecure());
        httpServletResponse.addCookie(cookie);
    }

    public void loadScsTokenFromRequest(AppianUserDetails appianUserDetails, HttpServletRequest httpServletRequest) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Loading SCS token from request for " + appianUserDetails.getUsername());
        }
        Cookie cookie = null;
        if (httpServletRequest.getCookies() != null) {
            for (Cookie cookie2 : httpServletRequest.getCookies()) {
                if (SCS_TOKEN_COOKIE.equals(cookie2.getName())) {
                    cookie = cookie2;
                }
            }
        }
        if (cookie == null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Remember me cookie exists but no remember me SCS cookie found. " + appianUserDetails.getUsername() + " will not be able to access SCS.");
            }
        } else {
            char[] decrypt = decrypt(cookie.getValue());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Successully loaded SCS token from request for " + appianUserDetails.getUsername());
            }
            appianUserDetails.setScsKey(decrypt);
        }
    }

    @VisibleForTesting
    public static String encrypt(char[] cArr) {
        try {
            byte[] bArr = new byte[16];
            SECURE_RANDOM.nextBytes(bArr);
            return getCryptographer().encrypt(Base64.encodeBase64String(bArr).substring(0, 8) + new String(cArr));
        } catch (Exception e) {
            LOG.error("Unable to encrypt scs token", e);
            throw new RememberMeAuthenticationException(MISSING_OR_INVALID_TOKEN);
        }
    }

    private static char[] decrypt(String str) {
        try {
            return getCryptographer().decrypt(str).substring(8).toCharArray();
        } catch (Exception e) {
            LOG.error("Unable to decrypt scs token", e);
            throw new RememberMeAuthenticationException(MISSING_OR_INVALID_TOKEN);
        }
    }

    private static Cryptographer getCryptographer() {
        if (cryptographer == null) {
            cryptographer = ((KeyStoreConfig) ((Supplier) ApplicationContextHolder.getBean(CryptoSpringConfig.BEAN_NAME_KEY_STORE_CONFIG_SUPPLIER, Supplier.class)).get()).getCryptographer(KeyAlias.REMEMBER_ME_SCS_TOKEN);
        }
        return cryptographer;
    }
}
