package com.appiancorp.security.auth.rememberme;

import com.appiancorp.security.auth.mobile.BlockedMobileClientException;
import com.appiancorp.security.auth.mobile.MobileAuthContext;
import com.appiancorp.security.auth.mobile.MobileAuthContextUtils;
import com.appiancorp.security.auth.session.SessionLimitException;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import com.appiancorp.suiteapi.security.auth.AppianUserDetails;
import com.google.common.annotations.VisibleForTesting;
import java.util.Arrays;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
import org.springframework.security.web.authentication.rememberme.PersistentRememberMeToken;
import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;

/* loaded from: input_file:com/appiancorp/security/auth/rememberme/AppianPersistentTokenBasedRememberMeServices.class */
public class AppianPersistentTokenBasedRememberMeServices extends PersistentTokenBasedRememberMeServices {
    public static final String REMEMBER_ME_COOKIE_NAME = "SPRING_SECURITY_REMEMBER_ME_COOKIE";
    public static final String REMEMBER_ME_PARAMETER = "_spring_security_remember_me";
    public static final String REMEMBER_ME_REQUESTED = "REMEMBER_ME_REQUESTED";
    static final String COOKIE_THEFT_ATTRIBUTE = "cookieTheftAttribute";
    static final String COOKIE_THEFT_RETRY_KEY = "retry";
    static final String COOKIE_THEFT_KEY = "cookieTheft";
    private final RememberMeSettings rememberMeSettings;
    private final RememberMeScsHandler rememberMeScsHandler;
    private final SessionAuthenticationStrategy sessionAuthenticationStrategy;
    private AppianPersistentTokenRepository tokenRepository;
    RememberMeTokenValidator rememberMeTokenValidator;
    static final long REDIRECT_WINDOW_IN_MILLIS = TimeUnit.SECONDS.toMillis(10);
    private static final Logger LOG = Logger.getLogger(AppianPersistentTokenBasedRememberMeServices.class);
    static final ThreadLocal<Boolean> localAuth = new ThreadLocal<Boolean>() { // from class: com.appiancorp.security.auth.rememberme.AppianPersistentTokenBasedRememberMeServices.1
        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.lang.ThreadLocal
        public Boolean initialValue() {
            return false;
        }
    };

    public AppianPersistentTokenBasedRememberMeServices(RememberMeSettings rememberMeSettings, UserDetailsService userDetailsService, AppianPersistentTokenRepository appianPersistentTokenRepository, RememberMeTokenValidator rememberMeTokenValidator, RememberMeScsHandler rememberMeScsHandler, AuthenticationDetailsSource authenticationDetailsSource, SessionAuthenticationStrategy sessionAuthenticationStrategy) {
        super(rememberMeSettings.getKey(), userDetailsService, appianPersistentTokenRepository);
        this.tokenRepository = appianPersistentTokenRepository;
        this.rememberMeTokenValidator = rememberMeTokenValidator;
        this.rememberMeSettings = rememberMeSettings;
        this.rememberMeScsHandler = rememberMeScsHandler;
        this.sessionAuthenticationStrategy = sessionAuthenticationStrategy;
        setAuthenticationDetailsSource(authenticationDetailsSource);
        setUseSecureCookie(((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).isSchemeSecure());
        setCookieName(REMEMBER_ME_COOKIE_NAME);
        setParameter(REMEMBER_ME_PARAMETER);
    }

    protected boolean rememberMeRequested(HttpServletRequest httpServletRequest, String str) {
        if (Boolean.TRUE.equals(httpServletRequest.getAttribute(REMEMBER_ME_REQUESTED))) {
            return true;
        }
        return super.rememberMeRequested(httpServletRequest, str);
    }

    protected void onLoginSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        AppianUserDetails appianUserDetails = (AppianUserDetails) authentication.getPrincipal();
        if (this.rememberMeSettings.isEnabled(httpServletRequest, appianUserDetails.getUsername())) {
            if (appianUserDetails.isSysAdmin()) {
                LOG.warn("Remember-me is disabled for system administrators.");
                return;
            }
            MobileAuthContext mobileAuthContext = getMobileAuthContext(httpServletRequest.getSession());
            if (mobileAuthContext != null) {
                mobileAuthContext.setRememberMeRequested(true);
                return;
            }
            try {
                localAuth.set(Boolean.valueOf(appianUserDetails.isAuthenticatedByAppianInternalProvider()));
                deleteCookieIfPresent(httpServletRequest, httpServletResponse);
                super.onLoginSuccess(httpServletRequest, httpServletResponse, authentication);
                localAuth.remove();
                this.rememberMeScsHandler.addScsTokenCookieToResponse(appianUserDetails, httpServletRequest, httpServletResponse);
            } catch (Throwable th) {
                localAuth.remove();
                throw th;
            }
        }
    }

    protected Authentication createSuccessfulAuthentication(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        try {
            Authentication createSuccessfulAuthentication = super.createSuccessfulAuthentication(httpServletRequest, userDetails);
            ((AppianUserDetails) userDetails).setAuthenticatedByAppianInternalProvider(localAuth.get().booleanValue());
            localAuth.remove();
            return createSuccessfulAuthentication;
        } catch (Throwable th) {
            localAuth.remove();
            throw th;
        }
    }

    protected UserDetails processAutoLoginCookie(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AppianUserDetails processAutoLoginCookie0 = processAutoLoginCookie0(strArr, httpServletRequest, httpServletResponse);
        this.rememberMeScsHandler.loadScsTokenFromRequest(processAutoLoginCookie0, httpServletRequest);
        try {
            this.sessionAuthenticationStrategy.onAuthentication(createSuccessfulAuthentication(httpServletRequest, processAutoLoginCookie0), httpServletRequest, httpServletResponse);
            return processAutoLoginCookie0;
        } catch (BlockedMobileClientException e) {
            RememberMeAuthenticationException rememberMeAuthenticationException = new RememberMeAuthenticationException("Mobile app is blocked from using this server");
            rememberMeAuthenticationException.initCause(e);
            throw rememberMeAuthenticationException;
        } catch (SessionLimitException e2) {
            RememberMeAuthenticationException rememberMeAuthenticationException2 = new RememberMeAuthenticationException("User is at max session limit");
            rememberMeAuthenticationException2.initCause(e2);
            throw rememberMeAuthenticationException2;
        }
    }

    private AppianUserDetails processAutoLoginCookie0(String[] strArr, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (strArr.length != 2) {
            throw new InvalidCookieException("Cookie token did not contain 2 tokens, but contained '" + Arrays.asList(strArr) + "'");
        }
        String str = strArr[0];
        String str2 = strArr[1];
        AppianPersistentRememberMeToken appianPersistentRememberMeToken = (AppianPersistentRememberMeToken) this.tokenRepository.getTokenForSeries(str);
        this.rememberMeTokenValidator.validate(httpServletRequest, str, str2, appianPersistentRememberMeToken, this.messages);
        String username = appianPersistentRememberMeToken.getUsername();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Refreshing persistent login token for user '" + username + "', series '" + appianPersistentRememberMeToken.getSeries() + "'");
        }
        PersistentRememberMeToken persistentRememberMeToken = new PersistentRememberMeToken(username, appianPersistentRememberMeToken.getSeries(), generateTokenData(), new Date());
        if (!this.tokenRepository.updateExistingToken(appianPersistentRememberMeToken, persistentRememberMeToken)) {
            AppianPersistentRememberMeToken appianPersistentRememberMeToken2 = (AppianPersistentRememberMeToken) this.tokenRepository.getTokenForSeries(str);
            this.logger.debug("Failed to refresh persistent login token");
            this.rememberMeTokenValidator.processCookieTheft(httpServletRequest, appianPersistentRememberMeToken2.getUpdated().getTime(), null);
        }
        setCookieForUser(new String[]{persistentRememberMeToken.getSeries(), persistentRememberMeToken.getTokenValue()}, username, httpServletRequest, httpServletResponse);
        return getUserDetailsService().loadUserByUsername(username);
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) {
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Logout of user " + (authentication == null ? "Unknown" : authentication.getName()));
        }
        cancelCookie(httpServletRequest, httpServletResponse);
        this.rememberMeScsHandler.clearScsTokenCookieFromResponse(authentication == null ? null : (AppianUserDetails) authentication.getPrincipal(), httpServletRequest, httpServletResponse);
    }

    protected void cancelCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (COOKIE_THEFT_RETRY_KEY.equals(httpServletRequest.getAttribute(COOKIE_THEFT_ATTRIBUTE))) {
            this.logger.debug("Not cancelling cookie due to CookieTheftException");
        } else {
            deleteCookieIfPresent(httpServletRequest, httpServletResponse);
            super.cancelCookie(httpServletRequest, httpServletResponse);
        }
    }

    private void deleteCookieIfPresent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String extractRememberMeCookie = extractRememberMeCookie(httpServletRequest);
            if (extractRememberMeCookie != null) {
                this.tokenRepository.deleteForSeries(new RememberMeCookie(extractRememberMeCookie).getSeries());
            }
        } catch (Exception e) {
            this.logger.debug("Failed to delete token", e);
        }
    }

    protected void setCookie(String[] strArr, int i, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            this.logger.debug("Unable to set Remember Me cookie for unknown user");
        } else {
            setCookieForUser(strArr, authentication.getName(), httpServletRequest, httpServletResponse);
        }
    }

    private void setCookieForUser(String[] strArr, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super.setCookie(strArr, this.rememberMeSettings.getTokenLifespanSec(httpServletRequest, str), httpServletRequest, httpServletResponse);
    }

    @VisibleForTesting
    public String getRememberMeCookieName() {
        return getCookieName();
    }

    @VisibleForTesting
    public MobileAuthContext getMobileAuthContext(HttpSession httpSession) {
        return MobileAuthContextUtils.getMobileAuthContext(httpSession);
    }
}
