package com.appiancorp.security.auth;

import com.appiancorp.ac.Constants;
import com.appiancorp.ag.ExtendedGroupService;
import com.appiancorp.ag.GroupServiceJavaImpl;
import com.appiancorp.ag.InitializePersonalizationSession;
import com.appiancorp.ag.security.MfaUtils;
import com.appiancorp.ag.util.Utilities;
import com.appiancorp.ap2.DateTimeConfig;
import com.appiancorp.ap2.PortalActionsUtil;
import com.appiancorp.ap2.ServletScopesKeys;
import com.appiancorp.common.I18nSettingCalculator;
import com.appiancorp.common.I18nUtils;
import com.appiancorp.common.config.ApplicationContextHolder;
import com.appiancorp.common.config.ConfigObjectRepository;
import com.appiancorp.common.event.UserEvent;
import com.appiancorp.common.event.UserEventSource;
import com.appiancorp.globalization.CalendarUtils;
import com.appiancorp.ix.binding.UnresolvedException;
import com.appiancorp.process.common.presentation.JSONClientFunctionsConfig;
import com.appiancorp.process.common.presentation.JSONFunction;
import com.appiancorp.process.common.presentation.JSONSerializerUtil;
import com.appiancorp.security.auth.mobile.AppianMobileAuthenticationSuccessEvent;
import com.appiancorp.security.auth.mobile.MobileAuthContext;
import com.appiancorp.security.auth.mobile.MobileAuthContextUtils;
import com.appiancorp.security.auth.saml.SamlFilter;
import com.appiancorp.security.authz.SystemRoleAeImpl;
import com.appiancorp.security.csrf.CsrfConstants;
import com.appiancorp.security.csrf.CsrfToken;
import com.appiancorp.security.csrf.CsrfTokenManager;
import com.appiancorp.security.jsonrpc.SaferJSONRPCBridge;
import com.appiancorp.services.ServiceContext;
import com.appiancorp.services.WebServiceContextFactory;
import com.appiancorp.suiteapi.administration.AdministrationService;
import com.appiancorp.suiteapi.common.Identity;
import com.appiancorp.suiteapi.common.ServiceLocator;
import com.appiancorp.suiteapi.common.exceptions.InvalidUserException;
import com.appiancorp.suiteapi.forums.DiscussionMetadataCoreService;
import com.appiancorp.suiteapi.personalization.GroupService;
import com.appiancorp.suiteapi.personalization.UserProfile;
import com.appiancorp.suiteapi.personalization.UserService;
import com.appiancorp.suiteapi.portal.LoginData;
import com.appiancorp.suiteapi.portal.PageInfo;
import com.appiancorp.suiteapi.portal.PageNavigationService;
import com.appiancorp.suiteapi.portal.portlets.links.LinkType;
import com.appiancorp.suiteapi.portal.portlets.links.LinksService;
import com.appiancorp.suiteapi.process.ProcessDesignService;
import com.appiancorp.suiteapi.process.security.ProcessApplicationPermissions;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.annotations.VisibleForTesting;
import java.lang.reflect.InvocationTargetException;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.TimeZone;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.jsp.jstl.core.Config;
import org.apache.commons.lang.ArrayUtils;
import org.apache.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.session.SessionAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

/* loaded from: input_file:com/appiancorp/security/auth/AppianPortalSessionAuthenticationStrategy.class */
public class AppianPortalSessionAuthenticationStrategy implements SessionAuthenticationStrategy {
    public static final int BOOKMARK_BATCH_SIZE = 1000;
    public static final String LOW_BANDWIDTH = "lbw";
    public static final String LOW_BANDWIDTH_ON = "on";
    private final AppianAuthenticationEventPublisher eventPublisher;
    private static final Logger LOG = Logger.getLogger(AppianPortalSessionAuthenticationStrategy.class);
    public static final Long NO_HOMEPAGE_PERMISSIONS = -1L;

    public AppianPortalSessionAuthenticationStrategy(AppianAuthenticationEventPublisher appianAuthenticationEventPublisher) {
        this.eventPublisher = (AppianAuthenticationEventPublisher) Objects.requireNonNull(appianAuthenticationEventPublisher);
    }

    public AppianPortalSessionAuthenticationStrategy() {
        this(new AppianAuthenticationEventPublisher());
    }

    public void onAuthentication(Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SessionAuthenticationException {
        if (!initializeAppianSession(((AppianUserDetails) authentication.getPrincipal()).getUserProfile(), httpServletRequest, httpServletResponse)) {
            throw new SessionAuthenticationException("An error occurred while trying to initialize the session for " + authentication.getName());
        }
        publishSuccess(authentication, httpServletRequest);
    }

    private void publishSuccess(Authentication authentication, HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        MobileAuthContext mobileAuthContext = MobileAuthContextUtils.getMobileAuthContext(session);
        if (mobileAuthContext == null) {
            this.eventPublisher.publishApplicationEvent(new AppianAuthenticationSuccessEvent(authentication, (String) session.getAttribute(ServletScopesKeys.KEY_SESSION_UUID)), httpServletRequest);
            return;
        }
        UUID transactionId = getTransactionId();
        this.eventPublisher.publishApplicationEvent(new AppianMobileAuthenticationSuccessEvent(authentication, (String) session.getAttribute(ServletScopesKeys.KEY_SESSION_UUID), transactionId, true), httpServletRequest);
        mobileAuthContext.setTransactionId(transactionId);
    }

    @VisibleForTesting
    public UUID getTransactionId() {
        return UUID.randomUUID();
    }

    private void addCsrfTokenCookies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession(false);
        if (httpServletResponse.containsHeader(CsrfConstants.CSRF_TOKEN_COOKIE) && httpServletResponse.containsHeader(CsrfConstants.CSRF_TOKEN_MULTIPART_COOKIE)) {
            return;
        }
        CsrfTokenManager.resetTokens(session);
        CsrfToken generateToken = CsrfTokenManager.get(session).generateToken(httpServletRequest);
        CsrfToken generateMultipartToken = CsrfTokenManager.get(session).generateMultipartToken(httpServletRequest);
        CsrfTokenManager.storeCsrfTokenInResponse(httpServletRequest, httpServletResponse, CsrfConstants.CSRF_TOKEN_COOKIE, generateToken.toString());
        CsrfTokenManager.storeCsrfTokenInResponse(httpServletRequest, httpServletResponse, CsrfConstants.CSRF_TOKEN_MULTIPART_COOKIE, generateMultipartToken.toString());
    }

    public boolean initializeAppianSession(UserProfile userProfile, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpSession session = httpServletRequest.getSession();
        session.setAttribute("upfs", userProfile);
        SessionUuidAttributeSetter.setSessionUuidAttribute(session);
        boolean initializeAppianSession = initializeAppianSession(httpServletRequest);
        if (initializeAppianSession) {
            if (!((MfaUtils) ApplicationContextHolder.getBean(MfaUtils.class)).isMfaUser(userProfile.getUsername())) {
                recordSuccessfulLoginAttempt(userProfile.getUsername());
            }
            addCsrfTokenCookies(httpServletRequest, httpServletResponse);
        }
        return initializeAppianSession;
    }

    protected void recordSuccessfulLoginAttempt(String str) {
        ServiceLocator.getUserService(ServiceLocator.getAdministratorServiceContext()).loginAttempt(str, true);
    }

    private boolean initializeAppianSession(HttpServletRequest httpServletRequest) {
        try {
            HttpSession session = httpServletRequest.getSession();
            UserProfile userProfile = (UserProfile) session.getAttribute("upfs");
            String username = userProfile.getUsername();
            GroupServiceJavaImpl.clearCacheEntry(username);
            initI18n(httpServletRequest);
            ServiceContext serviceContext = WebServiceContextFactory.getServiceContext(httpServletRequest);
            PageNavigationService pageNavigationService = ServiceLocator.getPageNavigationService(serviceContext);
            UserService userService = ServiceLocator.getUserService(serviceContext);
            GroupService groupService = ServiceLocator.getGroupService(serviceContext);
            DiscussionMetadataCoreService discussionMetadataCoreService = ServiceLocator.getDiscussionMetadataCoreService(serviceContext);
            LinksService linksService = ServiceLocator.getLinksService(serviceContext);
            AdministrationService administrationConsoleService = ServiceLocator.getAdministrationConsoleService(serviceContext);
            getProcessApplicationPermissions(session, serviceContext);
            setLinkTypes(session, linksService);
            Utilities.ActivatedGroups activateUserSessionsInProcessServers = Utilities.activateUserSessionsInProcessServers(serviceContext, userProfile);
            initForumApplicationPermissions(session, username, discussionMetadataCoreService);
            Long adminGroup = getAdminGroup(session);
            Long[] memGroupIds = activateUserSessionsInProcessServers.getMemGroupIds();
            Long[] adminGroupIds = activateUserSessionsInProcessServers.getAdminGroupIds();
            decideIfUsersCanSharePortlets(session, serviceContext, memGroupIds);
            checkIfUserIsAdmin(session, userProfile);
            checkAndRecordIfUserIsDesigner(session, memGroupIds);
            checkAndRecordIfUserIsQuickAppCreator(session, memGroupIds);
            checkAndRecordIfUserIsDatabaseAdmin(session, memGroupIds);
            checkIfUserIsPortalAdmin(session, memGroupIds, adminGroupIds, adminGroup);
            clearPortalCache(session);
            InitializePersonalizationSession.initialize(httpServletRequest, userService);
            checkIfUserIsCollabAdmin(session, serviceContext);
            initializeBookmarks(session, pageNavigationService);
            session.setAttribute(com.appiancorp.ag.ServletScopesKeys.KEY_FAVORITE_GROUPS, getFavGroups(groupService));
            setLowBandwidthOption(session, httpServletRequest);
            setAdminConsoleAccess(session, administrationConsoleService);
            setupHomePage(session, pageNavigationService);
            setupJsonRpcBridge(session, serviceContext);
            userEventOnLogin(session, serviceContext);
            setSamlSessionIndex(session, httpServletRequest);
            setSamlNameId(session, httpServletRequest);
            return true;
        } catch (Exception e) {
            LOG.error(e, e);
            return false;
        }
    }

    private void checkAndRecordIfUserIsDesigner(HttpSession httpSession, Long[] lArr) throws UnresolvedException {
        httpSession.setAttribute("designer", Boolean.valueOf(Arrays.asList(lArr).contains(SystemRoleAeImpl.DESIGNER.getGroupId())));
    }

    private void checkAndRecordIfUserIsQuickAppCreator(HttpSession httpSession, Long[] lArr) throws UnresolvedException {
        httpSession.setAttribute(com.appiancorp.ag.ServletScopesKeys.KEY_QUICK_APPS_CREATOR, Boolean.valueOf(Arrays.asList(lArr).contains(SystemRoleAeImpl.QUICK_APP_CREATOR.getGroupId())));
    }

    private void checkAndRecordIfUserIsDatabaseAdmin(HttpSession httpSession, Long[] lArr) {
        httpSession.setAttribute(com.appiancorp.ag.ServletScopesKeys.KEY_DATABASE_ADMIN, Boolean.valueOf(SystemRoleAeImpl.DATABASE_ADMINISTRATOR.isEnabled() ? Arrays.asList(lArr).contains(SystemRoleAeImpl.DATABASE_ADMINISTRATOR.getGroupId()) : false));
    }

    @VisibleForTesting
    protected void clearPortalCache(HttpSession httpSession) {
        PortalActionsUtil.getPortalCache(httpSession).clear();
    }

    @VisibleForTesting
    protected void checkIfUserIsPortalAdmin(HttpSession httpSession, Long[] lArr, Long[] lArr2, Long l) {
        httpSession.setAttribute(ServletScopesKeys.KEY_IS_PORTAL_ADMIN, Boolean.valueOf(ArrayUtils.contains(lArr, l) || ArrayUtils.contains(lArr2, l)));
    }

    @VisibleForTesting
    protected void userEventOnLogin(HttpSession httpSession, ServiceContext serviceContext) {
        UserEventSource.getInstance().onLogin(new UserEvent(serviceContext, (String) httpSession.getAttribute(ServletScopesKeys.KEY_SESSION_UUID)));
    }

    @VisibleForTesting
    protected void checkIfUserIsCollabAdmin(HttpSession httpSession, ServiceContext serviceContext) {
        boolean isUserCollabAdmin = ((ExtendedGroupService) ServiceLocator.getService(serviceContext, ExtendedGroupService.SERVICE_NAME)).isUserCollabAdmin();
        httpSession.setAttribute(Constants.IS_COLLABORATION_ADMIN, new Boolean(isUserCollabAdmin));
        httpSession.setAttribute(com.appiancorp.km.ServletScopesKeys.KEY_IS_DOC_ADMIN, new Boolean(isUserCollabAdmin));
    }

    @VisibleForTesting
    protected void setupJsonRpcBridge(HttpSession httpSession, ServiceContext serviceContext) throws NoSuchMethodException, InstantiationException, IllegalAccessException, InvocationTargetException {
        SaferJSONRPCBridge saferJSONRPCBridge = new SaferJSONRPCBridge(false);
        JSONSerializerUtil.registerSerializers(saferJSONRPCBridge, serviceContext);
        saferJSONRPCBridge.getSerializer().setMarshallNullAttributes(false);
        saferJSONRPCBridge.setDebug(false);
        for (JSONFunction jSONFunction : ((JSONClientFunctionsConfig) ConfigObjectRepository.getConfigObject(JSONClientFunctionsConfig.class)).getFunctions()) {
            saferJSONRPCBridge.registerObject(jSONFunction.getName(), jSONFunction.getJavaClass().getConstructor(HttpSession.class).newInstance(httpSession));
        }
        httpSession.setAttribute(JSONSerializerUtil.JSONRPCBridge_KEY, saferJSONRPCBridge);
    }

    @VisibleForTesting
    protected void setupHomePage(HttpSession httpSession, PageNavigationService pageNavigationService) {
        try {
            httpSession.setAttribute(ServletScopesKeys.KEY_PORTAL_HOME, Integer.toString(pageNavigationService.getHomePage().getId().intValue()));
        } catch (Exception e) {
            httpSession.setAttribute(ServletScopesKeys.KEY_PORTAL_HOME, NO_HOMEPAGE_PERMISSIONS.toString());
        }
    }

    @VisibleForTesting
    protected void setAdminConsoleAccess(HttpSession httpSession, AdministrationService administrationService) {
        httpSession.setAttribute(ServletScopesKeys.KEY_ADMIN_CONSOLE_ACCESS, new Boolean(administrationService.getPermissionsForAdminConsole().isView()));
    }

    @VisibleForTesting
    protected void setLowBandwidthOption(HttpSession httpSession, HttpServletRequest httpServletRequest) {
        if ("on".equals(httpServletRequest.getParameter(LOW_BANDWIDTH))) {
            httpSession.setAttribute(ServletScopesKeys.KEY_LOW_BANDWIDTH, "on");
        }
    }

    @VisibleForTesting
    protected Map getFavGroups(GroupService groupService) {
        HashMap hashMap = new HashMap();
        for (Long l : groupService.getMyGroupIds()) {
            hashMap.put(l, Boolean.TRUE);
        }
        return hashMap;
    }

    @VisibleForTesting
    protected void initializeBookmarks(HttpSession httpSession, PageNavigationService pageNavigationService) {
        LoginData loginData = pageNavigationService.getLoginData(0, 1000, PageInfo.SORT_BY_DATE_CREATED, com.appiancorp.suiteapi.common.Constants.SORT_ORDER_ASCENDING);
        if (loginData.getInvalidPageReferencesExist()) {
            pageNavigationService.cleanUpPageReferences();
        }
        PageInfo[] pageInfoArr = (PageInfo[]) loginData.getBookmarks().getResults();
        ArrayList arrayList = new ArrayList();
        for (PageInfo pageInfo : pageInfoArr) {
            Identity identity = new Identity();
            identity.setId(pageInfo.getId());
            identity.setName(pageInfo.getName());
            arrayList.add(identity);
        }
        httpSession.setAttribute(ServletScopesKeys.KEY_BOOKMARKS, arrayList);
    }

    @VisibleForTesting
    protected void checkIfUserIsAdmin(HttpSession httpSession, UserProfile userProfile) {
        httpSession.setAttribute(com.appiancorp.ag.ServletScopesKeys.IS_SYSTEM_ADMIN_KEY, new Boolean(UserProfile.USER_TYPE_SYS_ADMIN.intValue() == userProfile.getUserTypeId().intValue()));
    }

    @VisibleForTesting
    protected void decideIfUsersCanSharePortlets(HttpSession httpSession, ServiceContext serviceContext, Long[] lArr) throws UnresolvedException {
        httpSession.setAttribute(ServletScopesKeys.KEY_CAN_SHARE_PORTLETS, Boolean.valueOf(ArrayUtils.contains(lArr, SystemRoleAeImpl.DESIGNER.getGroupId())));
    }

    @VisibleForTesting
    protected Long getAdminGroup(HttpSession httpSession) {
        Long l = (Long) httpSession.getServletContext().getAttribute(ServletScopesKeys.KEY_ADMIN_GROUP);
        if (l == null) {
            l = 1L;
        }
        return l;
    }

    @VisibleForTesting
    protected void getProcessApplicationPermissions(HttpSession httpSession, ServiceContext serviceContext) {
        ProcessApplicationPermissions permissionsForProcessApplication;
        ProcessDesignService processDesignService = ServiceLocator.getProcessDesignService(serviceContext);
        if (processDesignService == null || (permissionsForProcessApplication = processDesignService.getPermissionsForProcessApplication()) == null) {
            return;
        }
        httpSession.setAttribute(com.appiancorp.process.common.util.ServletScopesKeys.KEY_PROCESS_APP_PERMS, permissionsForProcessApplication);
    }

    @VisibleForTesting
    protected void setLinkTypes(HttpSession httpSession, LinksService linksService) {
        if (((LinkType[]) httpSession.getAttribute(com.appiancorp.ap2.Constants.KEY_LINK_TYPES)) == null) {
            httpSession.setAttribute(com.appiancorp.ap2.Constants.KEY_LINK_TYPES, linksService.getLinkTypes());
        }
    }

    @VisibleForTesting
    protected void initForumApplicationPermissions(HttpSession httpSession, String str, DiscussionMetadataCoreService discussionMetadataCoreService) {
        boolean[] applicationPermissions;
        try {
            applicationPermissions = discussionMetadataCoreService.getApplicationPermissions();
        } catch (InvalidUserException e) {
            applicationPermissions = discussionMetadataCoreService.getApplicationPermissions();
        }
        httpSession.setAttribute("forumperm", applicationPermissions);
    }

    @VisibleForTesting
    protected void initI18n(HttpServletRequest httpServletRequest) throws Exception {
        HttpSession session = httpServletRequest.getSession();
        I18nSettingCalculator i18nSettingCalculator = new I18nSettingCalculator();
        Locale preferredLocale = i18nSettingCalculator.getPreferredLocale(httpServletRequest);
        Config.set(session, "javax.servlet.jsp.jstl.fmt.locale", preferredLocale);
        I18nUtils.addRtlInfoToSession(session, preferredLocale);
        if (session.getAttribute(com.appiancorp.ap2.Constants.SITE_LOCALE_SETTINGS) == null || session.getAttribute(com.appiancorp.ap2.Constants.ENABLED_LOCALES_STRINGS) == null || session.getAttribute(com.appiancorp.ap2.Constants.ENABLED_LOCALES) == null) {
            I18nUtils.addEnabledLocalesToSession(session);
        }
        I18nUtils.addDisplayFormatsToSession(session);
        TimeZone preferredTimeZone = i18nSettingCalculator.getPreferredTimeZone(httpServletRequest);
        Config.set(session, "javax.servlet.jsp.jstl.fmt.timeZone", preferredTimeZone);
        if (DateTimeConfig.DISPLAY_TIMEZONE_LABEL) {
            String timeZoneLabel = CalendarUtils.getTimeZoneLabel(preferredTimeZone, preferredLocale, new Timestamp(System.currentTimeMillis()), 0);
            session.setAttribute(ServletScopesKeys.KEY_TIMEZONE_DISPLAY, timeZoneLabel);
            session.setAttribute(ServletScopesKeys.KEY_GRID_TIMEZONE_DISPLAY, timeZoneLabel);
        }
        session.setAttribute(com.appiancorp.ap2.Constants.CURRENT_ENABLED_CALENDAR_ID, i18nSettingCalculator.getPreferredCalendarID(httpServletRequest));
        I18nUtils.setTimePickerOptionsInSession(session);
    }

    @VisibleForTesting
    protected void setSamlSessionIndex(HttpSession httpSession, HttpServletRequest httpServletRequest) {
        httpSession.setAttribute(SamlFilter.SAML_SESSION_INDEX_KEY, httpServletRequest.getAttribute(SamlFilter.SAML_SESSION_INDEX_KEY));
    }

    @VisibleForTesting
    protected void setSamlNameId(HttpSession httpSession, HttpServletRequest httpServletRequest) {
        httpSession.setAttribute(SamlFilter.SAML_NAME_ID_KEY, httpServletRequest.getAttribute(SamlFilter.SAML_NAME_ID_KEY));
    }
}
