package com.appiancorp.security.auth.saml.rememberidp;

import com.appian.logging.AppianLogger;
import com.appiancorp.security.auth.saml.SamlConstants;
import com.appiancorp.security.auth.saml.SamlSettingsSelector;
import com.appiancorp.security.auth.saml.service.SamlSettings;
import com.appiancorp.security.auth.token.UserTokenService;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.SamlConfiguration;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.primitives.Ints;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/appiancorp/security/auth/saml/rememberidp/RememberIdpService.class */
public class RememberIdpService {
    public static final String REMEMBER_IDP_COOKIE = "REMEMBER_IDP_COOKIE";
    public static final String APPIAN_AUTH_SUFFIX = "-appian";
    static final int MAX_REMEMBER_IDP_AGE = Ints.saturatedCast(TimeUnit.DAYS.toSeconds(3650));
    private static final AppianLogger LOG = AppianLogger.getLogger(RememberIdpService.class);
    private final SamlConfiguration samlConfiguration;
    private final UserTokenService userTokenService;
    private final SamlSettingsSelector samlSettingsSelector;
    private final SuiteConfiguration suiteConfiguration;

    public RememberIdpService(SamlConfiguration samlConfiguration, UserTokenService userTokenService, SamlSettingsSelector samlSettingsSelector, SuiteConfiguration suiteConfiguration) {
        this.samlConfiguration = (SamlConfiguration) Preconditions.checkNotNull(samlConfiguration);
        this.userTokenService = (UserTokenService) Preconditions.checkNotNull(userTokenService);
        this.samlSettingsSelector = (SamlSettingsSelector) Preconditions.checkNotNull(samlSettingsSelector);
        this.suiteConfiguration = (SuiteConfiguration) Preconditions.checkNotNull(suiteConfiguration);
    }

    public void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AppianUserDetails appianUserDetails) {
        if (!appianUserDetails.isLoggedInThroughSaml()) {
            if (this.samlConfiguration.isRememberAppianIdpEnabled().booleanValue()) {
                setCookie(httpServletResponse, appianUserDetails, APPIAN_AUTH_SUFFIX);
            }
        } else if (this.samlConfiguration.isRememberIdp()) {
            setCookie(httpServletResponse, appianUserDetails, "");
        } else {
            LOG.debug("%s's current IDP does not support Remember IDP, clearing any existing cookies", appianUserDetails);
            cancelRememberIdpCookie(httpServletRequest, httpServletResponse);
        }
    }

    private void setCookie(HttpServletResponse httpServletResponse, AppianUserDetails appianUserDetails, String str) {
        try {
            httpServletResponse.addCookie(createRememberIdpCookie(this.userTokenService.generateEncryptedToken(appianUserDetails.getUsername()) + str));
        } catch (Exception e) {
            LOG.error(e, "Failed to create remember idp cookie");
        }
    }

    public String retrieveSavedIdp(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie rememberIdpCookieFromRequest = getRememberIdpCookieFromRequest(httpServletRequest);
        if (rememberIdpCookieFromRequest == null) {
            LOG.debug("No %s found in request", REMEMBER_IDP_COOKIE);
            return null;
        }
        String value = rememberIdpCookieFromRequest.getValue();
        if (Strings.isNullOrEmpty(value)) {
            LOG.debug("%s found in request contained no value", REMEMBER_IDP_COOKIE);
            return null;
        }
        if (value.endsWith(APPIAN_AUTH_SUFFIX)) {
            if (this.samlConfiguration.isRememberAppianIdpEnabled().booleanValue()) {
                return SamlConstants.AUTH_PROVIDER_NATIVE;
            }
            LOG.debug("User has an remember Appian IDP cookie, but it is no longer enabled, clearing cookie");
            cancelRememberIdpCookie(httpServletResponse, rememberIdpCookieFromRequest);
            return null;
        }
        try {
            String validateEncryptedTokenAndGetUsername = this.userTokenService.validateEncryptedTokenAndGetUsername(value);
            Optional<SamlSettings> selectSettingsForUser = this.samlSettingsSelector.selectSettingsForUser(validateEncryptedTokenAndGetUsername);
            if (selectSettingsForUser.isPresent()) {
                SamlSettings samlSettings = (SamlSettings) selectSettingsForUser.get();
                if (samlSettings.isRememberIdp()) {
                    return samlSettings.getIdpEntityId();
                }
                LOG.debug("%s is not configured to use a SamlSetting which support Remember IDP", validateEncryptedTokenAndGetUsername);
            } else {
                LOG.debug("%s is not a SAML user", validateEncryptedTokenAndGetUsername);
            }
        } catch (Exception e) {
            LOG.error(e, "Failed to process Remember Idp Cookie value");
        }
        cancelRememberIdpCookie(httpServletResponse, rememberIdpCookieFromRequest);
        return null;
    }

    private void cancelRememberIdpCookie(HttpServletResponse httpServletResponse, Cookie cookie) {
        LOG.debug("Cancelling existing %s cookie", REMEMBER_IDP_COOKIE);
        cookie.setMaxAge(0);
        cookie.setValue((String) null);
        cookie.setPath("/" + this.suiteConfiguration.getContextPath());
        cookie.setSecure(this.suiteConfiguration.isSchemeSecure());
        cookie.setHttpOnly(true);
        httpServletResponse.addCookie(cookie);
    }

    private void cancelRememberIdpCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie rememberIdpCookieFromRequest = getRememberIdpCookieFromRequest(httpServletRequest);
        if (rememberIdpCookieFromRequest == null) {
            LOG.debug("No existing cookie to cancel");
        } else {
            cancelRememberIdpCookie(httpServletResponse, rememberIdpCookieFromRequest);
        }
    }

    private Cookie createRememberIdpCookie(String str) {
        Cookie cookie = new Cookie(REMEMBER_IDP_COOKIE, str);
        cookie.setPath("/" + this.suiteConfiguration.getContextPath());
        cookie.setMaxAge(MAX_REMEMBER_IDP_AGE);
        cookie.setSecure(this.suiteConfiguration.isSchemeSecure());
        cookie.setHttpOnly(true);
        return cookie;
    }

    private Cookie getRememberIdpCookieFromRequest(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (REMEMBER_IDP_COOKIE.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }
}
